Frequently asked questions

Spanlens is an open-source (MIT) LLM observability platform that logs every OpenAI, Anthropic, and Gemini request in one line of code. It tracks cost, latency, and tokens; traces multi-step agent workflows; catches anomalies and PII; and recommends cheaper models with dollar-figure savings estimates. Available as hosted SaaS at spanlens.io or as a self-hostable Docker image.

LLM application developers shipping to production who need to see what their AI is doing. Common users include solo developers debugging cost spikes, teams running RAG chatbots, and AI agencies tracking per-customer spend. Spanlens replaces the "console.log + spreadsheet" workflow with a real observability stack.

Yes. The entire repository is MIT licensed with no ee/ folder. Every feature (request log, cost tracking, agent tracing, evals, Prompt A/B, anomaly detection, PII scan, model recommender, audit logs, SSO) is available in the self-hosted build. Spanlens is the same code we run for our hosted customers.

Three options. (1) Drop-in SDK: swap import { OpenAI } from "openai" with import { createOpenAI } from "@spanlens/sdk/openai" — same surface, every call captured. (2) Proxy: change your provider baseURL to https://api.spanlens.io/proxy/openai/v1 and put your Spanlens key in the Authorization header — works in any language. (3) OpenTelemetry: point your existing OTLP/HTTP exporter at Spanlens. p99 ingestion overhead is under 3ms.

Yes. OpenAI, Anthropic (including Bedrock), Google Gemini (including Vertex), Mistral, and Ollama (local LLMs) are all supported through the proxy or SDK. Streaming, tool use, vision, embeddings, and JSON mode are all captured with provider-specific parsers.

Spanlens accepts OTLP/HTTP at /v1/traces. Existing OTel SDKs (Python, Go, Java, Node.js) work without re-instrumentation. LLM-specific attributes are layered on top of standard span data, so you keep your existing tracing while gaining LLM-shaped views.

Yes. Native integrations exist for LangGraph, LlamaIndex, MCP (Model Context Protocol), and the Vercel AI SDK. LangChain (JS and Python) works through the SDK callback handler. Agent workflows render as waterfall span trees with critical-path highlighting.

Free plan: 50K requests/mo, 1 seat, 14-day log retention, all core features, community support. Pro: $29/mo, 100K requests, 3 seats, 90-day retention, $8 per extra 100K. Team: $149/mo, 1M requests, 10 seats, 365-day retention, Slack + webhooks, $5 per extra 100K. Enterprise: custom volume with SSO and SLA. See spanlens.io/pricing for details.

For comparable usage tiers, yes. Spanlens Pro at $29/mo undercuts Langfuse Cloud Hobby ($59/mo) and Helicone Pro ($50/mo). The Team plan at $149/mo includes 1M requests with the lowest overage rate ($5 per 100K). For free self-hosting, all three are MIT or similar, but Langfuse keeps an ee/ folder gating enterprise security add-ons while Spanlens does not.

Yes. docker compose up runs the full stack (web, server, Postgres, ClickHouse). No license fee, no seat cap, no feature gating. The hosted plans pay for managed infrastructure (uptime, backups, scaling), not features. Data stays in your own infrastructure when self-hosted.

One outbound LLM call (completion or embedding) equals one request. Streaming responses count as one request regardless of chunk count. Failed upstream calls are logged and still count. Internal agent steps that do not call an LLM (tool runs, retries before any provider call) do not count.

PII detectors (SSN, credit card, email, IBAN, passport) run at log time and flag matches in the Security dashboard without blocking the request. API keys that slip into prompts are auto-masked before any row is persisted. For workloads where prompt bodies must not be stored at all, opt out per-call with the X-Spanlens-Log-Body: meta header — metadata is kept, prompt and response bodies are dropped.

Provider keys are stored AES-256-GCM encrypted server-side and never logged. The decryption key is fetched only at proxy time to the upstream provider, then immediately discarded — it is never written to logs, never visible in the dashboard, and never returned to the client.

p99 ingestion overhead is under 3ms. Logging happens async in a worker after the response is already streamed back to your client. If Spanlens itself ever fails, the original request still completes — the proxy passes through with no logging side effect. Spanlens never sits on the critical path.

SOC 2 Type II is in progress (target Q3 2026). For now, hosted Spanlens runs on SOC 2-certified infrastructure (Vercel, Supabase) with AES-256 encryption at rest, TLS 1.2+ in transit, and a published DPA at spanlens.io/dpa. Self-hosting is the safest option for regulated workloads — your data never leaves your network.

Anytime. JSON, CSV, and Parquet exports are available from the dashboard. For higher-volume needs, pipe the raw stream to S3, BigQuery, or your warehouse via sink connectors. Exports are not metered and do not affect your request quota.

Free: 14 days. Pro: 90 days. Team: 365 days. Enterprise and self-hosted: configurable including unlimited. Retention is enforced at query time in ClickHouse — older rows are not deleted until the next compaction cycle, so a brief plan upgrade can recover slightly older data within the same billing window.