Advanced
The guardrails around routing: the org-cap overlay, allowed-model lists, ZDR enforcement, per-repo key selection, dollar and reviewed-commit caps, and the dashboard that controls them.
The org-cap overlay
Your pura.md rules are soft: they shape routing within an envelope the org controls. After the Engine picks a model, the org-cap overlay runs as a hard guardrail. It only ever downgrades — never upgrades — in this order:
- Allowed-model check. Not on the allowed list → downgrade to the most powerful allowed model (same provider first, else any).
- ZDR check. ZDR on and model not ZDR-eligible → downgrade to the most powerful ZDR-eligible allowed model.
- BYO key check. No working per-repo selection for the provider → downgrade to a provider that has one.
- Budget pre-dispatch. Projected cost exceeds a hard cap → downgrade to the cheapest allowed model that fits.
- Hard-cap floor. A hard cap already breached → force the cheapest allowed model.
# Example downgrade chain on the review header:
**pura Review** • routed to `claude-sonnet` (medium thinking) (downgraded from `claude-opus`) • matched rule `payments-critical`No silent compliance violations. Each downgrade step records its reason and sets cap_downgrade_applied. If every overlay path is exhausted, PURA posts the manual-review-needed comment rather than ever calling a non-allowed, non-ZDR, or unkeyed model.
Allowed models & ZDR enforcement
PURA maintains a versioned Provider & Model Catalog(customers can't edit it; current providers are anthropic and openai). Org admins pick the subset allowed for the org from the Setup tab; models off the list can't be selected. A repo override may only narrow the org list — widening is rejected.
Zero Data Retention is on by default. While ZDR is on:
- Only ZDR-eligible models may be added to the allowed list.
- Existing non-ZDR models can't be selected for new runs.
- New orgs default to all ZDR-eligible catalog models being allowed.
Disabling ZDR is explicit and audited. It requires a confirmation dialog, is recorded in the audit log with actor and prior/new value, and emails all org admins. ZDR is never a pura.md setting — only a dashboard toggle.
Per-repo provider key selection
PURA keeps an org-level key pool with zero or more keys per provider. Each repository makes an explicit per-(repo, provider) selectionfrom that pool — PURA never uses a pool key for a repo that hasn't selected it. An admin may flag a pool key as the org default, but that is a UI hint only, never runtime fallback.
- Encrypted at rest with per-org KEKs in a managed KMS; plaintext never written to disk or logged.
- Write-only — after creation the UI shows only label and
••••last-4. - Validated weekly; auto-disabled after two consecutive failures ≥ 24h apart, which then downgrades affected repos via overlay step 3.
- Org admins only may create, rotate, delete, or assign keys — all on the dashboard, no CLI.
The Translator never uses your keys. Compiling pura.md → rules.yaml runs on PURA-owned keys. Your BYO keys are used only by the Reviewer Agent, and every cost-meter row records the key_id used.
Dollar budget caps
Two dollar caps per calendar month, both managed by org admins: an org cap across all projects, and optional per-project caps(which can't exceed the org cap). A run dispatches only if both have headroom for its projected cost.
| Threshold | Default | Behavior |
|---|---|---|
| Soft (alert) | 80% (50–95%) | Dashboard banner + email to all org admins |
| Hard (downgrade) | 100% (fixed) | All later runs that month use the cheapest allowed model |
A breached dollar cap downgrades — it never skips. Hard-cap-crossed runs use the cheapest allowed model and record cap_downgrade_applied: true. Customers always get a review. (Contrast this with the reviewed-commit cap below, which does skip.)
The reviewed-commit cap
Separately from the dollar caps, org admins can set a hard monthly reviewed-commit cap to prevent plan overage. The two kinds of cap are enforced independently — whichever binds first applies.
A reviewed-commit cap skips, not downgrades. When it is reached, subsequent PRs are skipped with the manual-review-needed comment until the next billing period or the cap is raised. Dollar caps downgrade the model; the commit cap stops new reviews.
The dashboard
Everything that isn't a routing rule lives in the dashboard (GitHub OAuth, scoped to one org). Three tabs:
- Setup — BYO keys (org pool + per-repo selection), allowed models (org and per-repo override), the ZDR toggle, and read-only repository status.
- Budgets — org cap and per-project caps, soft-threshold overrides, and alert recipients.
- Reports — cost by repo, PR review counts, average cost per PR, model-usage breakdown, the routing-decisions audit, and a per-PR audit view. Filterable by date / repo / model / matched rule and exportable to CSV / JSON.
Cost-meter rows are retained 24 months and daily rollups 60 months, giving finance a per-project breakdown of LLM spend.