Every token counts.

When the CFO asks about AI, you already have the answer.

Visionality is the AI commit ledger for the four people who pay attention to the bill — your CFO, CHRO, PMO, and CISO. Every token reconciles to a person, a project, and a task, against a row no application can change.

Request a DemoSee vs Others

Open-foundation · Apache 2.0 gateway · 30-minute deploy · Self-host free or $99/mo Hosted

What changes Monday morning

Four awkward moments. Four better answers.

Monday morning, the CFO Slacks you.

"What did we spend on AI last month, by team?" Four days of CSVs.

You send a link. The number is signed, by person, by project. It reconciles to the GL.

A senior engineer resigns Friday.

Hope someone remembers to revoke the keys. Hope nobody else picked up the file.

HRIS leaver feed fires. Every key bound to her SSO identity revokes itself. Zero meetings.

The project review asks: did the redesign spend make sense?

Engineering estimates from memory. Finance shrugs. PMO opens a spreadsheet from January.

Filter by task. $4,812 across 184 commits, tagged PROJ-128. Every row links to a PR.

A key leaks in a public repo.

Surprise invoice. Frantic vendor calls. "Will they prorate?"

The budget was the second factor. Cap hit, 402, no LLM call. The bill never moved.

How it works

Three moves. Then your AI spend defends itself.

01

Drop in.

Same SDK. Swap the base URL. Your existing Anthropic, OpenAI, Gemini code keeps working — 30-minute deploy, no migration project.

02

Bind every key.

Issue a key with a person, a project, a task, a memo, a URL — at the moment of issuance. The binding is signed into the token envelope itself.

03

Read the same row.

Finance, HR, PMO, Security each see the same append-only commit. Real-time, joinable to your GL, exportable in two clicks.

Governance reaches every model in your stack

Native to the providers below. Pass-through to 300+ models via OpenRouter and 1,600+ via LiteLLM — with the same envelope, the same audit, the same chargeback row.

Anthropic ClaudeOpenAI GPT-4oGoogle GeminiAWS BedrockAzure OpenAIOpenRouter · 300+LiteLLM · 1,600+

Continue reading for your seat

The same row answers four different questions.

For Finance

What did we spend?

Read →

For People / HR

Who did it?

Read →

For Projects

What was it for?

Read →

For Security

How is it kept in line?

Read →

Every token counts.

Four stakeholders. Four better Mondays.

Pick the seat you sit in. The same row in our ledger answers all four — but the story that lands is different in every meeting.

Real-time attribution to GL codes. Hard budgets that block at the threshold. Chargeback CSVs that drop straight into FP&A. The CFO stops asking and starts forwarding.

For Finance

Defend the bill, line by line.

Reena closes the month in an afternoon, not a week.

Real-time attribution to GL codes. Hard budgets that block at the threshold. Chargeback CSVs that drop straight into FP&A. The CFO stops asking and starts forwarding.

  • Live ledger keyed to project, team, cost center, agent, and owner
  • Hard budget caps — gateway returns 402 before the LLM call
  • Chargeback CSV with per-agent attribution + GL-ready owner column
  • Anomaly inbox — runaway tool spend flagged at 10× baseline

Sound familiar?

Four seats. Four asks.
Same ledger row answers them all.

The question is different. The data isn't.

CFO

Show me what we spent on AI last quarter, by team, by autonomous agent, joinable to our GL.

Every commit is signed by SSO sub, tagged to a task, attributed to its autonomous-agent identity, and lands on a GL code. CSV out — by team, by agent, by owner — GL ready.

How AI cost chargeback works →

CHRO

Who has access to AI right now — and what happens when someone leaves Friday?

SSO identity is signed into every token. The leaver feed revokes them on their last day, automatically.

Identity-bound AI access →

PMO

How much did the redesign sprint actually cost us in tokens?

Filter by task ID. Every commit on that key carries it — with the PR link, the model, and the spend.

Project-level AI attribution →

CISO

How do we keep a leaked key from being replayed — and how do I prove that to the auditor?

Spend tokens carry a binding-key second factor (AES-GCM, AAD-bound). A leaked token without the key fails with a structured 401. Six SOC 2 controls fire live evidence on every download.

Binding-key v2 + 6 SOC 2 controls →

Three moves

Then the AI bill defends itself.

Deploy in 30 minutes. Bind at issuance. Read by role.

01

Drop in.

One environment variable. Your existing Anthropic, OpenAI, Gemini SDK code keeps working — same wire format, same request shape, just our base URL. 30-minute deploy, no migration project.

02

Bind every key.

Each session starts with a virtual key bound to a person, a project, a task, and a budget — at issuance. The bindings ride the token envelope, signed and verified offline.

03

Read the same row.

Finance pulls the chargeback. HR exports the offboarding evidence. PMO filters by ticket. Security browses the append-only audit. One row in our ledger answers four meetings.

Built for shops like yours

Two preview case studies from customers we're shipping with right now. Names are real; quotes and logos sit behind “awaiting approval” placeholders until each customer signs off. The technical flows are live.

Software services

ArcTradePreview — pending customer sign-off

Every AI dollar tagged to a Jira epic, a Bitbucket repo, and an end-customer.

ArcTradelogo pending

An electricity-brokerage software shop billing time-and-materials needed AI cost attribution that would survive a client audit. Visionality plugs into Jira + Bitbucket, tags every gateway call with the right project_id, and outputs a chargeback CSV that drops straight into the invoice as an evidence appendix.

  • Jira + Bitbucket connectors. One-time mapping wires repo → project. From then on, every Cursor/Copilot/Claude call from the IDE is auto-tagged.
  • Per-engineer + per-epic chargeback CSV. Monthly export with cost_usd, agent_owner, model_used, task_class. The client's procurement team reads it without re-interpretation.
  • Soft caps that surface early. When a project hits 60% burn by day 12, the operator sees it before the client does. Most over-runs are a model-variant choice.
  • Continuous-evidence pack per client engagement. Signed JSON + SHA-256 fingerprint. The auditor runs vis-verify offline. Pre-audit prep dropped from a week to under an hour.
See the integration flow

Setup is operator-only — a Tuesday afternoon. The lead points the Jira connector at ArcTrade's workspace; Visionality pulls the project list (HPC, SOCE, CAISO-Q3) and the active epics. The Bitbucket connector pulls the repo list, and a one-time YAML maps each repo to its Jira project. The agent-identity table gets a row per engineer (alice@arctrade → Alice K., etc.). The engineers' IDEs are pointed at the Visionality gateway instead of directly at OpenAI/Anthropic.

From that moment, every Cursor or Copilot call from an ArcTrade engineer lands in request_logs with project_id resolved through repo → Jira project, agent_sub + agent_owner resolved through the identity table, and cost_usd normalized at the gateway. No SDK change, no engineer behavior change.

At month-end, the controller filters by project_id, downloads the chargeback CSV (created_at, project_id, model_family, model_used, task_class, agent_sub, agent_owner, currency, cost_usd), and drops it into the invoice as an evidence appendix. For SOC 2-adjacent client asks, the same operator generates a continuous-evidence pack scoped to the engagement and hands over both the signed JSON and the standalone vis-verify CLI. The auditor runs the verifier offline and confirms the fingerprint without ever touching Visionality.

Read the full case studyBook a call
Multi-tenant SaaS

AestheticIQ.aiPreview — pending customer sign-off

Per-client AI rebill where a stolen dashboard can't drain a single account.

AestheticIQ.ailogo pending

An AI-aesthetics platform reselling AI to its medical-spa and dermatology customers needed per-end-client cost attribution accurate to the cent — and a token model where a full compromise of the app layer does not equal a financial bleed. Visionality's Token Authority v2 binding-key envelope answered both at once.

  • Per-end-client tags + multipliers. Every API call carries the paying customer's project_id; allocation rules encode each customer's contractual markup at the gateway.
  • Binding-key second factor. A leaked spend-token without the binding key is rejected with a structured 401. The binding key never leaves AestheticIQ's backend memory.
  • Hard quota = a 402 the app handles gracefully. When a customer hits their cap, the gateway returns spend_token_blocked. The customer sees an upgrade banner; the operator sees no incident.
  • Per-customer evidence pack. Generate a scoped pack per end-client. Customers in regulated programs (HIPAA, SOC 2) run vis-verify offline. The bundle either checks out or it doesn't.
See the security & rebill flow

Setup runs through one onboarding week. The platform team creates a project_id per end-customer (client_drpatel, client_glow, etc.) and sets per-client allocation-rule multipliers to encode the markup their commercial team has already negotiated. The binding DEK is provisioned on AestheticIQ's own production cluster — never copied to a workstation. Their AI-call-issuing backend wires to the Visionality Token Authority and stores the binding key in per-request memory only.

On each end-user call, AestheticIQ's session middleware resolves the paying customer, mints a short-TTL spend-token scoped to that project_id, and sends the request to Visionality's gateway with three headers: Authorization (the token), X-Acc-Binding (a per-request HMAC keyed on the binding key, binding the request body's SHA-256), and X-Acc-Caller. The gateway validates the proof, checks the replay cache, and only then routes to Anthropic/OpenAI. The cost lands on the right customer's invoice line.

The security story falls out of this for free. Suppose an attacker compromises the entire AestheticIQ web app, the admin dashboard, and an internal API — exfiltrating every token in transit, every cookie, every operator credential. None of those grant access. Every request demands X-Acc-Binding, and the binding key lives only inside AestheticIQ's backend memory. Every rejected request lands on request_logs.binding_status for the SOC 2 auditor to inspect as data, not as an incident report. At month-end, the chargeback CSV grouped by project_id feeds a templated Stripe invoice with the per-customer marked-up cost. Customers pay without disputing because the line items match the usage card they've been watching all month.

Read the full case studyBook a call

Either pattern look like your shop? Book a 30-minute walkthrough.

Three products, one gateway

Built for the team that called the meeting.

The same proxy serves Finance, Security, and the MCP surface — same data, three views, no integration project required.

For Finance

AI Cost Management →

Real-time cost attribution, chargeback CSVs to GL codes, hard budget limits per project. No more end-of-month surprise invoices.

  • · Live ledger, not lagging reports
  • · Per-agent chargeback with owner column
  • · Spend Tokens block at the threshold

For Security & Compliance

LLM Governance →

Binding-key second factor, PII detection, immutable audit log. Enforced at the network layer, not in a wiki page.

  • · Binding-key v2 (AES-GCM, AAD-bound)
  • · 12 PII detectors, fail-closed
  • · Six SOC 2 controls with live evidence

For MCP Operators

MCP Gateway →

Billed per tool. PKCE for per-user clients (Claude Desktop) + ID-JAG for enterprise. Full audit timeline, 10× anomaly detector, RFC 6749 client registry.

  • · OAuth 2.1 + PKCE + ID-JAG enterprise lane
  • · Per-tool cost catalog with hard debits
  • · /mcp/audit timeline for SOC 2 evidence
See the full architecture →Why each team needs it →

A note from the team

We're not going to fake testimonials. Here's why we're building this.

In April 2026, attackers worked their way through four of our own AI keys — CLARA, saskia, MyCloudExpert, and cindyzody-testkey— over five days. They were the same kind of keys every engineering team has scattered around: provisioned for a prototype, never rotated, scoped to whatever the provider's default was.

We had no single audit log to consult, no hard budget cap at the gateway, no inventory that would have told us those four keys had ever been used together. We caught it from a credit-card alert — then had to reconstruct what happened key-by-key from provider dashboards.

Visionality is the system we wish had been in place before that week. Eight anomaly detectors, append-only audit at the SQL layer, virtual keys that put the real sk-ant-* in one place where every app can be scoped, rotated, and revoked from.

— Chris Therriault, Founder · ServiceVision

Built after the April 2026 incident on AICostCentral. Read the full story on the About page.

We'll add customer attestations once we have signed permission to publish them. Until then, the story above is the only one we're comfortable putting on this page.

From the Visionality blog

Read before you decide.

MCP Gateway

MCP, Billed Per Tool: A Gateway Built for the New Agent Surface

MCP servers expose tools. Tools have cost. We metered them, capped them, audited them, and built a 10× anomaly detector — without asking the operator to write SQL.

Read →

Security

Token Authority v2: A Second Factor for AI API Keys

Spend tokens with a binding-key second factor (AES-GCM, AAD-bound). A leaked token without the key can't be replayed. Here's how it works — and what it means for the audit.

Read →

Compliance

Audit at the role, not the app: why structural enforcement beats application-level audit

Every AI control plane claims an audit log. Most are enforced at the application layer — the code that writes the row is the same code that could rewrite it. Visionality enforces at the SQL role: the application database role has REVOKE on UPDATE and DELETE. Here's what that means for the auditor.

Read →

See all articles →

In the Industry

What the market is reading

All headlines →
EE Times Asia

AI Factories and the Rise of Token Economics in the Next Phase of Data Center Computing - EE Times Asia

EE Times Asia

AI Factories and the Rise of Token Economics in the Next Phase of Data Center Computing - EE Times Asia

Mshale

Laurent Gil, Cast AI | FinOps X 2026 Affordable Housing (2zRWPJTgUO) - Mshale

Tech Times

Enterprise AI Budgets: 5-Driver Audit Finds Up to 65% of Spend Recoverable - Tech Times

The European Business Review

Best Enterprise Headless CMS Comparisons for 2026 - The European Business Review

Startup Fortune

Uber burned through its 2026 AI budget in four months and now every CTO is paying attention - Startup Fortune

Every token counts.

In 30 minutes, your CFO has the answer.

Bring your existing AI keys. Bring one of your real budget questions. We'll show you the ledger row that answers it.

Request a DemoExplore the live app →

One business day, every time. No SDR handoff. No sequence.

Every token counts.

Governance isn't the paid add-on.

Audit trail, PII protection, hard budgets, signed identity — every tier, by default. You pay for scale and chargeback ergonomics, not for safety.

Self-Hosted

Run the whole gateway in your own cloud. No vendor lock-in, no telemetry phone-home. The same product Hosted runs — just on your servers.

Free

  • Full gateway — OpenAI, Anthropic, Gemini, Bedrock, Azure OpenAI
  • Pass-through to 300+ via OpenRouter and 1,600+ via LiteLLM
  • Spend Tokens — binding-key second factor (envelope v2)
  • SQL-layer append-only audit (REVOKE on 5 tables)
  • PII pre-flight — 12 detectors, fail-closed
  • Six SOC 2 controls + ISO 27001 + ISO 42001 + NIST AI RMF
  • MCP gateway + PKCE consent + continuous-evidence pack
  • Single Clerk org · BYO infra · BYO LLM keys
  • Community support
Read the deploy guide

Hosted

We host the gateway and the dashboard. Same product, no infra. Defend the bill in front of Finance — chargeback CSV, GL allocation, HRIS auto-revoke, all wired.

$99/mo

  • Everything in Self-Hosted, managed for you
  • Chargeback CSV — month, quarter, or custom range
  • GL allocation rules + per-task / per-Jira-epic attribution
  • SaaS connectors — Copilot, Cursor, M365, ServiceNow, AgentForce
  • HRIS connectors — BambooHR / Workday / Rippling auto-revoke
  • Multi-org support (up to 10 Clerk orgs)
  • MCP audit timeline + anomaly inbox + audit-CSV export
  • Bearer-token API for Drata / Vanta integration
  • Email support · onboarding call
Start Hosted — $99/mo

Enterprise

Audit-grade reconciliation across four stakeholders. Regulated industries, BYOC Helm chart, SAML/SCIM, KMS-of-your-choice, SOC 2 Type II evidence on demand.

Custom

  • Everything in Hosted
  • KMS-backed envelope — AWS KMS, Azure Key Vault, GCP Cloud KMS
  • SAML/SCIM via Clerk Enterprise
  • BYOC Helm chart — EKS / GKE / AKS / k3s
  • Unlimited orgs / business units
  • Direct GL push — NetSuite + QuickBooks + Workday Financials
  • SOC 2 Type II evidence pack + auditor support
  • Dedicated Slack channel + named CSM
  • Custom MSA + SLA + BAA available
Talk to us

Self-Hosted is genuinely free — Apache-style license, no telemetry. Hosted is $99/mo flat with no per-seat math below Enterprise.

Every token counts.

The questions you'd ask before you'd schedule a call.

Can't find yours? Email us — Chris (founder) replies within a business day.

    • How do I sell this to my CFO?

      Show them one ledger row. It's signed by the SSO sub, tagged to a Jira ticket, allocated to a GL code, and immutable at the database layer. That row answers the four questions a CFO asks at month-end close — without a four-day reconciliation project. Most CFOs say yes after the live demo, not after a deck.

    • What if my CFO hasn't asked yet?

      They will. AI spend grows 3–5× per year and the invoice doesn't reconcile to anything. The cheapest moment to put governance in place is before the bill is large enough to require an answer. Visionality deploys in 30 minutes — by the time the question lands, you already have the row.

    • Do I need to pay for every seat?

      No. Starter and Team are priced by infrastructure, not by user. Everyone on your team can access the dashboard on one deployment. Enterprise has seat-based options if procurement requires it.

    • Is the audit trail really append-only?

      Yes — at the SQL layer, not in application logic. The application database role has UPDATE and DELETE revoked on the five audit tables. A deploy-time smoke check fails the rollout if that privilege was somehow restored.

    • What providers are supported?

      Anthropic, OpenAI, Amazon Bedrock, and Azure OpenAI. The gateway speaks each provider's wire format natively — your client code doesn't change, just the base URL.

    • Can I use my own KMS?

      Yes on Enterprise. The KeyProvider interface is designed to be swapped — AWS KMS, Azure Key Vault, or GCP Cloud KMS. Starter and Team use a master key you supply via environment variable.

    • What happens when I hit Neon or Render limits?

      Visionality uses standard managed infrastructure. If you outgrow a tier, you upgrade the underlying service. We document the upgrade path in the deploy guide.

    • Is there a free trial?

      Starter is effectively a free tier — the underlying infrastructure is either free (Neon free tier, Vercel Hobby) or very cheap (Render Starter at $7/mo). Deploy it and use it. Nothing to trial.

    • How do Spend Tokens work?

      A Spend Token is a budget envelope with a hard dollar limit. When the balance is exhausted, the gateway blocks further requests — it doesn't just alert. You can set per-project, per-team, or per-task-class limits.

    • What PII does the engine detect?

      Names, email addresses, phone numbers, SSNs, IP addresses, credit card numbers, health data (ICD codes, medication names), and several domain-specific patterns. Twelve detectors in total, tuned for low false-positive rates.