> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getovra.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Intelligence

> Spend analytics, risk scoring, anomaly detection, and audit trails.

Intelligence is the observability pillar. Real-time visibility over every agent and every transaction, with append-only audit storage and optional AI insight on every signal.

## What you get

<CardGroup cols={2}>
  <Card title="Spend analytics" icon="chart-line">
    Daily, weekly, monthly rollups by agent, card, merchant. Recharts-powered dashboard plus a CSV export.
  </Card>

  <Card title="Anomaly engine" icon="radar">
    Statistical drift detection on spend patterns. Background loop runs at API startup; surfaces unusual deltas before they compound.
  </Card>

  <Card title="Forecaster" icon="trending-up">
    Naive linear projection per agent and card. Useful for budgeting, not pricing.
  </Card>

  <Card title="In-house narrative" icon="sparkles">
    Every anomaly and forecast is paired with a template-driven explanation generated in-process. No external LLM, no API key, deterministic.
  </Card>
</CardGroup>

## Audit log — append-only at the DB layer

Every state change writes to `audit_events`. The table has `PG RULES` rewriting `UPDATE` and `DELETE` to `NOTHING` — there is no path, application or DBA, to mutate history.

A runtime sanitizer scrubs values that match Luhn (PAN), Bearer/API-key patterns, or other key heuristics before persisting. Logs of card data are physically impossible to write.

### Query the audit log

```bash theme={}
curl "https://api.getovra.com/audit?actorType=agent&action=card.issue&from=2026-01-01" \
  -H "Authorization: Bearer $OVRA_API_KEY"
```

Filter by `actorType`, `resourceType`, `action` (`a.b` or `a.*`), `range`, `correlationId`, free-text `q`. Cursor-paginated.

### Export to CSV

```bash theme={}
curl "https://api.getovra.com/audit/export?from=2026-01-01" \
  -H "Authorization: Bearer $OVRA_API_KEY" \
  -o audit.csv
```

Streaming, 500-row batches, hard cap 50,000 rows per request.

## Decision logs

Every policy and risk evaluation writes a row to `decision_logs` with the full input snapshot, signal scores, reason, and action. Inspect via `/audit` or `/risk/violations`. This is what auditors care about — not "what did the agent do" but "what did the system decide and why".

## Access events

Sensitive operations (card PAN reveal, GDPR delete, secret reveal) write to `access_events` separately. This is the surface your security team subscribes to.

## Correlation across systems

Every response carries:

* `X-Request-Id` — UUIDv7, also stamped on intents, transactions, transfers, ledger entries
* `X-Ovra-Run` — workflow correlation across multiple agent calls

Use these to trace a customer-support ticket from the user message all the way down to the ledger entry that moved the money.

## PDF reports

`pdfkit`-generated monthly statements with charts. Useful for finance close. Available on Business and Enterprise tiers.

## Dashboard surfaces

| Page                       | What it shows                                             |
| -------------------------- | --------------------------------------------------------- |
| `/dashboard/overview`      | 30-day spend, active agents, recent activity              |
| `/dashboard/analytics`     | Daily trend, cost-per-agent, top merchants                |
| `/dashboard/activity`      | Consolidated spend + audit + risk + disputes with filters |
| `/dashboard/audit`         | Production-grade audit log with row drawer + CSV export   |
| `/dashboard/risk`          | Decision logs filtered to denied + review                 |
| `/dashboard/access-events` | Sensitive-data access trail                               |

## Plan-tier matrix

| Capability           | Free    | Starter | Business           | Enterprise  |
| -------------------- | ------- | ------- | ------------------ | ----------- |
| TX history retention | 30 days | 90 days | 365 days           | 5 years     |
| Audit log            | –       | –       | –                  | ✓           |
| Spend intelligence   | basic   | basic   | spend-intelligence | custom      |
| Disputes management  | –       | view    | full               | full + auto |

See [Pricing](/pricing) for the full matrix.

## Next

<CardGroup cols={2}>
  <Card title="Compliance" icon="scale-balanced" href="/concepts/compliance">
    GDPR posture, data residency, what we delete vs anonymize.
  </Card>

  <Card title="Webhooks" icon="bell" href="/concepts/webhooks">
    Push the same signals into your own observability stack.
  </Card>

  <Card title="Control" icon="shield-check" href="/concepts/control">
    The engines that produce the decisions Intelligence records.
  </Card>

  <Card title="Disputes" icon="gavel" href="/concepts/disputes">
    Where audit history meets chargeback evidence.
  </Card>
</CardGroup>
