Panopticon
Panopticon is an AI behavior control room that sits on top of logi. See in real time how a personalized MCP server or agent RP accesses your data, and step in to control it the moment you need to.
Why you need it
In the LLM era, the number of "AIs that handle my data" grows exponentially. For each AI:
- which tools did it call?
- with what permissions (scope), and what did it do?
- is it behaving differently from usual?
— all of this easily ends up locked in a black box. Panopticon lets the user look directly inside and control where the OAuth tokens that logi already issued are being used.
Panopticon × AI Guard
Panopticon is made of two modules.
| Module | Role |
|---|---|
| Panopticon | The place you watch — activity timeline, usage aggregates, anomaly detection |
| AI Guard | The hand that stops — Rate Limit, Kill Switch, HITL approval, Scope Drift blocking |
The two always work as a pair. When Panopticon detects an anomaly, AI Guard enforces the policy.
Data sovereignty
logi's core principle is "a risk-averse, minimal-retention IdP." Panopticon follows the same principle:
- The AI call history (trace) is an asset of the application the user themselves operates.
- logi only indexes and aggregates it; the meaning of the data is the RP's responsibility.
- After 90 days, raw traces are deleted automatically (aggregates are retained permanently).
It gives you visibility that stays inside your own IdP — without sending telemetry to an external SaaS (Datadog, New Relic, etc.).
Beta notice
Panopticon is currently in beta.
| Feature | Beta | After GA |
|---|---|---|
| Trace ingestion (100% capture) | ✅ | ✅ |
| Per-application usage aggregates | ✅ | ✅ |
| Live Trace + Activity Timeline | ✅ | ✅ |
| The 4 AI Guard policies (Rate / Kill / HITL / Drift) | ✅ | ✅ |
| Anomaly rules (Burst / Off-hour / Failed-auth) | ✅ | ✅ |
| Quota Enforcement | ❌ | ✅ |
| Tier differentiation / billing | ❌ | ✅ |
| LLM-based Intent Analysis | ❌ | 🔬 under review |
During the beta, you can freely use everything up to usage aggregates and policy configuration, and quota hard-blocking does not apply.
Next steps
- Getting Started — enable Panopticon in the console + send your first trace
- Trace API — the
POST /panopticon/tracespec - Policy Configuration — a guide to enabling AI Guard policies