SYSTEM INTEGRITY — ALL CONTROLS ACTIVE
System Integrity
Real-time visibility into OPTKAS infrastructure state, security controls, and capital lifecycle enforcement.
SETTLEMENT MODESimulated
INFRA VERSION1.4.0
LAST AUDITFeb 28, 2026
Capital Allocation Counters
+3 this week
27Total Allocationsawaiting review
4Pendinglocked
8Escrow Initiatedsettled
12Funded (Terminal)terminated
3Cancelledimmutable
184Audit Log EntriesDeterministic State Machine
pending
under_internal_review
escrow_initiated
funded
cancelled← from pending or under_internal_review only
Security Control Inventory
JWT Authentication
ActiveEntity identity resolved server-side from Supabase Auth JWT. Body-trusted identity eliminated.
HMAC Webhook Validation
ActiveSHA-256 signature verification with 5-minute timestamp drift enforcement and constant-time comparison.
Immutable Audit Ledger
ActiveINSERT/SELECT only. UPDATE and DELETE blocked by PostgreSQL trigger. Idempotency key deduplication enforced.
Deterministic State Machine
ActiveState transitions enforced at DB trigger level. pending → under_internal_review → escrow_initiated → funded. No skip.
Referential Integrity
ActiveFK constraint on entity_id. $50M per-allocation cap. Unique pending allocation per entity/tranche.
Security Headers
ActiveHSTS preload, CSP, X-Frame-Options DENY, X-Content-Type-Options, Referrer-Policy enforced at CDN edge.
Schema & Migration History
M1
capital_os_initial_schemainstitutional_entities, onboarding_events, qr_events, webhook_logs
2026-02-27M2
atomic_state_transitionsdealroom_permissions + advance_entity_state() RPC
2026-02-27M3
capital_commitment_ledgerallocation_requests ($100k min CHECK)
2026-02-27M4
audit_logging_idempotencysystem_audit_logs (unique idempotency_key)
2026-02-27M5
zero_trust_rls_hardeningImmutable audit trigger + state machine trigger
2026-02-27M6
institutional_hardeningFK constraint + $50M cap + actor tracking + cancellation
2026-03-01