How to verify the savings number

Tessera maintains a unified pricing catalog covering 14 LLM providers (OpenAI, Anthropic, Mistral, Groq, Cohere, Google, Amazon Bedrock, Azure OpenAI, Cerebras, Together, Fireworks, DeepSeek, OpenRouter, Perplexity). For every (provider, model) pair we cross-reference three independent sources on each refresh:

• LiteLLM model_prices.json — community- maintained reference, broad coverage, slower drift detection
• tokencost Python library — independent maintenance, tracks per-token rates separately for input / output / cached / batch
• OpenRouter public API — live aggregator pricing, fastest detection of new model releases and price changes

A (provider, model, field) tuple is eligible for use only when all three sources agree within 1%. The confidence_score column on each pricing_catalogrow records the agreement ratio. We only ever bill against rows with confidence ≥ 0.95.

When the three sources disagree by more than 1%, we hold the row in a staging table and flag it on the /portal/auditdashboard. Pricing for the affected model falls back to the last high-confidence snapshot until the disagreement resolves. We never bill against contested pricing.

Every measured request emits two cost figures pinned to a single pricing_snapshot_id captured at request time:

• original_cost_usd— the cost you would have paid had the request gone direct to the provider at the requested model's rate
• actual_cost_usd — the cost the provider actually charged after our mechanics ran (cheaper model + cache hit + cached prefix + batch discount, etc.)
• delta_savings_usd = original − actual — what gets aggregated into the monthly invoice

The pricing_snapshot_id is a ULID (lexicographically time-sortable) and the underlying pricing_catalog row is append-only. Once published, a snapshot at that ID never changes — even if we discover an error, we publish a new snapshot with corrected data and leave the old one queryable. This is the audit-immutability guarantee.

Translation: if you call the API today and the snapshot id captured is 01HXKTM4Y7Z8A3B9D2E5F6G7H8, that same id will return the same pricing rates in 2030. Mid-contract OpenAI / Anthropic price changes do not retroactively alter past savings figures. The invoice math is frozen at the moment the request fires.

Every sponsor can export their full audit ledger as CSV any time from /portal/audit → Export CSV. The export includes one row per measured request with the full provenance chain:

• request_id · occurred_at · requested_model · actual_model
• tokens_in · tokens_out · original_cost_usd · actual_cost_usd
• pricing_snapshot_id · worker_version · mechanics_stack (which optimizations fired)
• cache_hit · quality_score (if canary-sampled)

The same CSV is what we use internally to compute your monthly Joint Reading. There is no second set of books.

We design every billable claim against a single standard: two engineers with three hours of focused work should be able to re-derive any month's invoice from the raw audit ledger.

What that looks like in practice:

1. Export CSV for the month from /portal/audit
2. For each pricing_snapshot_id in the export, request the snapshot rates from us at contact@tesseraai.io (we return the raw pricing_catalog row inline; public read-only API at pricing.tesseraai.io/v1/snapshots/<id> is in development, ETA Phase 3 — see /how-it-works)
3. Recompute original_cost_usd = tokens_in · input_rate + tokens_out · output_rateusing the requested model's rates
4. Recompute actual_cost_usdusing the actual model's rates plus any cache / batch discount the row carries
5. Sum delta_savings_usd across the month → multiply by 0.20 → that is the invoice line

If your independent calculation disagrees with our invoice by more than 0.5%, the difference is the disputed portion. The ToS dispute clause covers withholding + resolution timeline (target: 10 business days from receipt of dispute, extendable by mutual agreement).

Transparency means admitting where the guarantee weakens.

• We do not promise zero pricing-source drift. The upstream providers occasionally publish pricing changes that take 24-48 hours to land in LiteLLM / tokencost. Our staging table absorbs the ambiguity but you may see brief gaps where the catalog skips a model.
• We do not promise our mechanic implementations are bug-free. If a cache key hash collision overstates a cache hit, the savings figure for that request would be wrong. We carry insurance against this and refund discovered overcharges retroactively (audit-event row kind billing_correction records each one publicly to your ledger).
• We do not retroactively re-derive past savings.If we ship a v2 of the mechanics stack tomorrow, last month's invoices stay computed against the v1 worker that handled them. The audit-event row carries worker_version for exactly this reason.
• SOC 2 Type II is not certified yet. Type I in progress with theopenlane; Type II audit window starts after Type I lands. If your procurement process requires Type II today, we are not the right vendor yet.

Every claim on this page is independently verifiable.

• Per-request audit row in your dashboard: /portal/audit?request_id=<id> (live now for any authenticated paid-tier client)
• CSV export of your full ledger: /portal/audit → Export CSV (live now; same data we use internally for monthly Joint Reading computation)
• Public pricing catalog API: pricing.tesseraai.io/v1/... (in development, ETA Phase 3 — locked spec at .claude/rules/pricing-oracle-api-v1.md in our SDK repo if you want to preview the contract). Until live, request raw snapshot rates by emailing contact@tesseraai.io with the snapshot id; same-day turnaround.
• CC-BY 4.0 monthly data dump: in development, shipping alongside the public API. The pricing data is open under CC-BY 4.0 today; the distribution mechanism is what is pending.
• Source code of the multi-source verify cron: github.com/tessera-llm/tessera-sdk (the SDK is Apache-2.0; the cron logic that ingests + cross-verifies the three sources is documented in the README + the publish workflow)
• Security posture: /security (data handling, RLS isolation, vulnerability reporting)
• How the mechanics work: /how-it-works (per-mechanic logic, quality SLA, hosted-only tradeoff)

Bugs in the savings math are graded at the same severity as security vulnerabilities. If your independent re-derivation disagrees with our invoice and you can show the math, write to contact@tesseraai.io with the request ids and your computed figures. We aim to acknowledge within two business days and resolve (with credit + audit_event record) within ten.

For audit-grade procurement reviews where you need to walk through the re-derivation live with one of our engineers, mention it in the same email and we will schedule a 60-minute screen-share. No NDA needed for the ledger walkthrough; the pricing catalog is CC-BY-4.0 and the audit row format is documented in the SDK README.