Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.opper.ai/llms.txt

Use this file to discover all available pages before exploring further.

Control Plane features are in early access and need to be turned on per account. Contact support@opper.ai if you’re interested.
Comply is the layer that constrains how a call can run: which models it can reach, how long its trace is retained, how much you’ll spend, and whether it has to stay inside a Zero Data Retention provider set. You assemble those constraints as rules, each scoped to your organization, specific projects, or specific functions.

Rule kinds

Open platform.opper.ai and navigate to Controls → Comply to add a rule. There are four kinds.

Model allowlist

Constrain which models calls can reach across four dimensions. Leave a dimension empty to skip it.
  • Allowed providersanthropic, openai, google, etc.
  • Allowed regionseu-west-1, us-west-2, etc.
  • Allowed countries — including an “Other” bucket for models without country metadata. Useful for data residency.
  • Allowed models — explicit model names like anthropic/claude-opus-4-6.
A live counter shows “N of M models match.” so you can verify the rule’s reach before saving. When a child rule inherits from a parent (project allowlist inheriting from an org allowlist, for example), items the parent disallows appear dimmed in the picker with a tooltip like “Not allowed at organization scope — broaden the parent allowlist first.” A child rule can only narrow what the parent permits, never widen it.

Trace retention

A single number, 0–30 days (default 30). Generations and spans inside the rule’s scope are kept for that many days, then deleted.

Budget

  • Monthly limit — a dollar cap.
  • Soft alert at X% — default 80. When monthly spend crosses this, email alerts are sent to your org (if alerts are enabled below).
  • Email alerts — checkbox.
Budget rules conflict gracefully — if an org-level budget is tighter than a project-level one, the org limit wins and the platform surfaces a clear error message.

Zero Data Retention (ZDR)

No config. Enabling a ZDR rule locks calls in scope to ZDR-eligible providers (today: evroc, berget) and forces retention to 0 days. The rule shows you how many models in the catalog qualify.

Scope

Each rule applies to one of three scopes:
  • Organization — every project and every function.
  • Projects — one or more specific projects.
  • Functions — specific functions inside a project.
The allowlist supports all three scopes. Retention, Budget, and ZDR are limited to organization or project scope (no function-level).

Scope chain and intersection

Rules at different scopes layer rather than override. The effective allowlist for a function is the intersection of every allowlist that applies to it — org rules narrow what projects can do, project rules narrow what functions can do, function rules narrow further. You can never widen at a lower scope.

In traces

Comply events appear on a span with a Scale icon labeled Comply:
  • Passed — the call satisfied every Comply rule in its scope chain.
  • Blocked — a rule rejected the call. The span carries the error; the Comply event identifies which rule.
Each event carries the rule’s name (when set) and a scope badge (Org-level / Project-level / Function-level). When a model is denied by the allowlist, you can see which rule and scope produced the block without leaving the trace view.

In playground

Comply rules apply to playground calls when the Project controls toggle in the task sidebar is on. If a rule would block the call, the playground run fails the same way a production call would — the trace shows the Comply event with the blocking rule. To verify a function would still work if a rule were relaxed, switch Project controls off for the run.
Set the strictest policy at organization scope (e.g. “EU-only providers”). Use project and function scopes for narrower exceptions or further tightening. Trying to “loosen” at a lower scope won’t work — the parent constraint always wins.
Pair a ZDR rule with retention=0 on a specific function when handling regulated data. Keep ZDR scoped tightly — it limits the available model set.