Tracker & guard acts like a copilot for finance and ops. It watches budgets per office, user, tool, vendor, model, and time window, and it logs every call with enough metadata to satisfy auditors.
Preflight → Postflight loop
Every MCP call starts with a policy read. Tracker & guard checks counters scoped to office, user, tool, vendor, model, and time window. It also confirms consent scopes remain valid. Only then does the tool execute.
After execution, the postflight service signs the event, updates counters, and streams alerts if thresholds are crossed. Finance teams can trust the ledger because each step is deterministic.
- read policy & counters
- check consent scopes
- decide pass/queue/deny
Budgets, alerts, and backoff
Budgets layer by layer: daily, monthly, per-call maxima, burst buffers, and vendor-aware backoff. Ops can raise or lower any budget mid-month, and the new limits apply immediately across every client.
- daily caps
- monthly caps
- per-call max
- burst buffers
- vendor-aware backoff
- soft at 80%
- hard at 100% with admin override
- spike on throttle/error/latency
Live dashboard
The dashboard shows usage by office and tool, vendor health, cost trends, hot users, failures, queued calls, and controls to edit limits or add credit. Because the MCP server feeds the same ledger, you never reconcile multiple reports.
- live usage by office & tool
- vendor health & headroom
- cost trend
- hot tools/users
- failed/queued calls
- edit limits/add credit/pause tool/export for billing
Usage event schema
These fields land in your warehouse or SIEM. They power compliance (prove who ran which tool), operations (watch latency + cost spikes), and product (spot hot tools).
{
"event_id": "evt_98f4",
"ts_utc": "2025-01-12T19:22:04Z",
"actor_id": "agent_447",
"role": "Agent",
"office_id": "austin_downtown",
"tool_name": "generate_sales_comps_pdf",
"vendor_name": "atlas_default",
"model_name": "gpt-4o-mini",
"subject_ref": "txn_A123",
"input_tokens": 1200,
"output_tokens": 1850,
"input_bytes": 34210,
"output_bytes": 57210,
"api_cost_usd": 0.74,
"atlas_fee_usd": 0.21,
"total_cost_usd": 0.95,
"rate_bucket": "office.daily",
"rl_allowed": true,
"rl_action": "pass",
"latency_ms": 2410,
"cache_hit": false,
"success": true,
"artifact_uri": "atlas://artifacts/txn_A123/comps_240112.pdf",
"consent_scopes": [
"mls.read",
"atlas.data"
],
"signature": "0xb2f1...c9"
}| Field | Description |
|---|---|
| event_id | Signed UUID per call |
| ts_utc | Timestamp the call completed |
| actor_id | User or bot that triggered the tool |
| role | Actor role (Owner/Admin/Client) |
| office_id | Office or team identifier for budgets |
| tool_name | Canonical tool name |
| vendor_name | Downstream vendor (Atlas default or partner) |
| model_name | LLM or automation model invoked |
| subject_ref | Transaction/Item/File reference |
| input_tokens | Number of model input tokens |
| output_tokens | Number of model output tokens |
| input_bytes | Bytes sent to the vendor |
| output_bytes | Bytes returned |
| api_cost_usd | Raw vendor cost |
| atlas_fee_usd | Atlas markup or hosting fee |
| total_cost_usd | Combined cost (api + fee) |
| rate_bucket | Which rate limit bucket counted the call |
| rl_allowed | Boolean showing if the call passed preflight |
| rl_action | Action taken (pass, queue, deny) |
| latency_ms | Round-trip latency |
| cache_hit | True when cache satisfied request |
| success | True if call completed without error |
| artifact_uri | Pointer to resulting artifact |
| consent_scopes | Scopes used during the call |
| signature | Cryptographic signature of the event |