LedgerOS · Phase 5 · Production Integration Blueprint
Security & Data Lineage
Authentication, authorization, secrets, PII, audit, and automation guardrails. Every number in LedgerOS must survive an audit.
LedgerOS UI Design Lab · Phase 5 blueprint — no backend is connected. Every endpoint, permission, and event listed here is a design contract, not a live API.
Authentication
SSO (Zoho Directory) + hardware key for Rose & Christin. Session TTL 8h.
Authorization
Role-based + row-level filters by department, client, and entity.
Secrets
Provider keys never touch the client. Rotate quarterly. Vault-backed.
PII handling
Bank data + payroll masked in UI except for Rose/Christin/Accountant. Never logged.
Audit
Every mutation writes an audit event with actor, target, before/after, justification.
Data lineage
Every displayed number links to source system, source id, transformation, confidence.
Automation guardrails
No auto-post without an approved rule; no cash transfer without a human; overrides expire.
Change management
Rule + policy edits require 2-person approval and land in Decision Log.
Non-negotiables
- Cash transfers between accounts are always human-initiated. No automation may move funds.
- Subscription cancellations require a human confirmation — LedgerOS surfaces the action but never executes.
- Any journal posted by a rule must include the rule id, rule version, and the approver.
- All sensitive exports (payroll, bank data) require MFA re-auth within the last 5 minutes.
- Automation may not disable another automation. Rule changes go through the Decision Log.
