Governance Model
Three-Tier Authorization
Every system action is classified, verified, and logged through a tiered governance framework.
Tier Architecture
┌──────────────────────────────────────────────────────┐
│ TIER 0 — Automated │
│ No human approval required │
│ Logged to governance ledger automatically │
│ │
│ Examples: health checks, fingerprint generation, │
│ CID registration, backup rotation, status queries │
└──────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────┐
│ TIER 1 — OTP Verified │
│ Requires one-time password confirmation │
│ Time-limited challenge window │
│ │
│ Examples: document signing, access token issuance, │
│ viewing session creation, export approval │
└──────────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────────┐
│ TIER 2 — Manual Approval │
│ Requires explicit operator authorization │
│ Queued on monitoring dashboard for review │
│ │
│ Examples: config changes, new investor onboarding, │
│ governance override, backup restoration, key rotation│
└──────────────────────────────────────────────────────┘
Tier 0 — Automated Operations
| Operation | Description |
|---|---|
| Health Check | Service readiness verification across all ports |
| Fingerprint Generation | SHA-256 document hash computation |
| CID Registration | IPFS content identifier recording |
| Backup Rotation | Scheduled archive creation and cleanup |
| Status Query | System state reporting via SCA |
| Ledger Append | Hash-chain event recording |
| Rate Limit Enforcement | Automatic request throttling |
Tier 1 — OTP Verified Operations
| Operation | Challenge | Window |
|---|---|---|
| Document Signing | 6-digit OTP | 5 minutes |
| Access Token Issuance | 6-digit OTP | 5 minutes |
| Viewing Session | 6-digit OTP | 5 minutes |
| Export Approval | 6-digit OTP | 5 minutes |
| Funding Intent Capture | 6-digit OTP | 5 minutes |
Tier 2 — Manual Approval Operations
| Operation | Approver | Method |
|---|---|---|
| Configuration Change | System Operator | Dashboard review |
| New Investor Onboarding | System Operator | Manual session creation |
| Governance Override | System Operator | Explicit approval with reason |
| Backup Restoration | System Operator | CLI with verification |
| Key Rotation | System Operator | Scheduled maintenance window |
| Perimeter Rule Change | System Operator | Config update + restart |
Governance Ledger
Every governance action is recorded in an append-only hash-chain ledger with the following structure:
{
"id": "gov-20260101-001",
"timestamp": "2026-01-01T00:00:00.000Z",
"tier": 1,
"action": "sign.session.create",
"actor": "operator",
"target": "session-abc123",
"result": "approved",
"otpVerified": true,
"previousHash": "sha256:abc...",
"hash": "sha256:def..."
}The ledger is tamper-evident: each entry's hash incorporates the previous entry's hash, creating an unbroken verification chain.
DAO Governance Modules
The governance framework is implemented through dedicated TypeScript modules in the governance/ directory:
| Module | Purpose |
|---|---|
| daoGovernance.ts | Core governance rule engine |
| complianceEngine.ts | Regulatory compliance rules |
| brandStyleEngine.ts | Brand and formatting standards |
| agreementState.ts | Agreement lifecycle tracking |
Pilot Configuration
During the pilot phase (1 accredited investor), all investor-facing operations require Tier 2 manual approval by default, with the option to relax specific operations to Tier 1 after trust is established. This maximizes security posture during the validation period.