Candela is a governance-first proxy — it sits between your applications and LLM providers, enforcing policies in real time while capturing a complete audit trail. Governance isn’t a roadmap feature; it’s the core architecture.
Every Candela deployment — whether candela on a developer laptop or candela-server in production — includes these enforcement controls out of the box:
Budget Enforcement
Per-user daily budgets with pre-flight gates. Requests that would exceed a user’s budget are rejected with HTTP 402 before they ever reach the LLM provider. Grants provide one-time budget bonuses with expiration dates and waterfall deduction.
Rate Limiting
Per-user request throttling with minute-window counters. Prevents runaway automation and rogue scripts from consuming resources. Configurable limits per user via the admin API.
Immutable Audit Trail
Every LLM request, every admin action, every policy decision — logged to BigQuery, DuckDB, or SQLite. Audit entries survive user deletion. The trail is append-only and tamper-proof by design.
Tenant Isolation
Full multi-tenant attribution via X-Candela-Tenant-Id headers and W3C Baggage. Per-tenant cost tracking, spend leaderboards, and tenant-scoped dashboard views — ensuring complete separation of concerns.
Role-Based Access Control
Admin vs Developer roles with distinct permissions. Admins manage budgets, grants, and user lifecycle. Developers can only view their own usage and budget status.
Multi-Provider Routing
Route to OpenAI, Gemini, Anthropic, Ollama, and LM Studio through a single endpoint. All traffic — regardless of provider — passes through the same governance pipeline.
eBPF Enforcement
Kernel-level enforcement ensures all LLM traffic flows through the proxy. Transparent iptables redirection with SNI-based routing, Cilium network policies, and Tetragon process enforcement — making bypass impossible, even by misconfigured workloads.
Every LLM request passes through a governance pipeline before it reaches the upstream provider:
Request arrives │ ▼┌─────────────┐│ Rate Limit │──── Over limit? ──────────────▶ HTTP 429└──────┬──────┘ │ ✅ ▼┌─────────────┐│ Body Read │ Extract model, tokens,│ + Parse │ tenant, user metadata└──────┬──────┘ │ ▼┌─────────────┐│ PHI Scan │──── PHI detected? ────────────▶ Block / Redact / Warn│ (roadmap) │ (configurable mode)└──────┬──────┘ │ ▼┌─────────────┐│ Model Policy│──── Unapproved model? ────────▶ HTTP 403│ (roadmap) │└──────┬──────┘ │ ▼┌─────────────┐│ Budget │──── Budget exhausted? ────────▶ HTTP 402│ Gate │└──────┬──────┘ │ ✅ All checks passed ▼┌─────────────┐│ Forward to │ Proxy to upstream,│ Provider │ capture response└──────┬──────┘ │ ▼┌─────────────┐│ Deduct & │ Calculate cost,│ Audit │ deduct from budget,│ │ write audit span└─────────────┘The pipeline is fail-open for observability (a tracing failure never blocks requests) but fail-closed for governance (a budget gate failure always blocks).
These governance capabilities are designed and tracked on the Enterprise Governance & Compliance project board: