Security

🔒 Authentication & Access Control

• Admin sessions — HMAC-SHA256 signed, HttpOnly, Secure, SameSite=Strict cookies with 8-hour TTL
• Agent API keys — Peppered SHA-256 hashed keys (sk_live_ prefix), support key rotation
• RBAC — Three roles: Owner, Approver, Auditor with server-side enforcement
• CSRF protection — Origin/Referer validation on all admin endpoints
• Login lockout — Exponential backoff (30s → 15min) after 5 failed attempts per IP+email
• IP allowlists — Per-agent IP restrictions via scopes.allowed_ips

📋 Audit Logging

• Every gate decision, approval, rejection, and payment execution is logged with actor, timestamp, and correlation ID
• Admin login events (success & failure) are captured with IP and user-agent
• Agent authentication events tracked in dedicated agent_auth_events table
• Full audit trail exportable as CSV

🏢 Multi-Tenancy Isolation

• Every table has org_id NOT NULL with foreign key constraint
• Row Level Security (RLS) enabled on 15+ tables
• Server-side org_id filtering on every query
• Cross-org access tests in automated test suite

🔐 Encryption & Data Protection

• All data encrypted at rest via Supabase (PostgreSQL with AES-256)
• TLS enforced for all API traffic (HSTS headers applied)
• Agent API keys stored as peppered hashes — raw keys never persisted
• Admin passwords stored as bcrypt (cost ≥ 12) or PBKDF2

🛡️ Shadow Mode & Policy Safety

• Shadow evaluation allows testing new policies against live traffic without affecting decisions
• Canary rollout support — deploy policies to a percentage of traffic
• Policy simulator for dry-run testing in the admin console

🗺️ Compliance Roadmap

• SOC 2 Type I preparation in progress
• Infrastructure audit logging and evidence export tools built-in
• Incident response evidence packaging available via admin API

For security inquiries: security@sentinelfinancehq.com