Append-only audit log
Every create, update, transition, and delete is appended. No record is ever silently changed.
Audit · Compliance · Governance
Every mutation, signed and timed.
When oversight asks what happened, who acted, and when each infraction changed status — the answer is one query away. The audit log is append-only, tenant-scoped, and searchable across years.
What's shipped
Key capabilities, live today.
These are runtime-backed features available in the current production build — not promises on a roadmap.
Tenant isolation
Every read, write, search, and aggregate is tenant-scoped. Wrong-tenant access is rejected at the gateway.
RBAC
Admin, Finance, Support, Violator, and Service-Principal roles — with role enforcement on every endpoint.
Session control
Active session list, force-logout, and session-binding to IP and device fingerprint.
Search & replay
Filter by actor, resource, action, correlation ID, or time window. Replay any record's history.
Export
Sign-off-ready exports in CSV and JSON, with chain-of-custody hashing for legal admissibility.
Integrates with
OIDCSAMLService principalWebhook export
Run a 90-day pilot on this capability.
We will scope the smallest possible deployment that proves the workflow, then expand on the data the pilot produces.