Operating model
Disclosure
control
Govern the lifecycle of fund disclosure content: QA evidence, parallel approvals, and an append-only audit trail — with rules enforced on the server, not just in the UI.
- Controlled lifecycle — Draft, review, and formal approve with checklist and workflow gates.
- Segregation of duties (demo) — Viewer, reviewer, and admin roles; authority re-checked on every mutation.
- Defensible history — Searchable audit log with integrity chaining for tamper-evidence (prototype scope).
End-to-end control flow
Each step is something you can walk through with a stakeholder: where content lives, how readiness is proven, and how approvals and audit evidence are recorded. Highlighted steps are enforced on the server.
- Model in PostgresDrizzle
Funds → documents → version rows with lineage (
Open funds →parent_version_id). - QA workspaceRSCApp Router
Edit body, redline vs parent, checklist, demo iXBRL validation, EDGAR-style HTML export stub.
Browse funds → - Server-enforced gatesServer Actions
Cannot submit for review until required checklist items close. Formal approve requires workflow final step + closed QA.
Set role on Compliance → - Parallel DAG workflowReact Flow
Template nodes/edges,
Workflow & review →step_executions, shared rules engine in TypeScript; merged with review queue in one screen. - Append-only auditSHA-256 chain
Every mutation can emit
Audit log →audit_eventswith chained record hashes for tamper-evidence (demo scope).
Overview
Reference prototype — not a certified control or production filing system.