Ironframe Documentation Hub · Chapter 1 · Track 2

Business Plan & Product Core — Practitioner Specification

Classification: Internal Stakeholder · Verified against docs/stakeholders/business-plan.md, prisma/schema.prisma, docs/TAS.md

1. Executive Summary

Ironframe targets mid-market and enterprise organizations requiring defensible quantitative risk (ALE in integer cents), multi-tenant Command Center UX with strict row isolation, and an observable 19-agent LangGraph workforce on Vercel + Supabase.

2. Constitutional Financial Baselines (BIGINT)

Tenantale_baseline (cents)Prisma field
Medshield Health1110000000Tenant.ale_baseline BigInt
Vaultbank NA590000000Tenant.ale_baseline BigInt
Gridcore Infrastructure470000000Tenant.ale_baseline BigInt

Reference implementations: src/services/irontrust/mathEngine.ts, app/actions/ironqueryExportActions.ts, core/irontrust/ale-engine.test.ts.

3. Java Validation Contract — AleBaselineValidator

Production-grade cents validation mirroring Irontrust deterministic math. Floating-point division on monetary paths is forbidden.

package com.ironframe.grc.financial;

import java.math.BigInteger;
import java.util.Map;
import java.util.Objects;

/**
 * TAS-aligned ALE baseline registry. All values are whole USD cents.
 * Mirrors: src/services/irontrust/mathEngine.ts
 */
public final class AleBaselineValidator {

  private static final Map<String, BigInteger> CONSTITUTIONAL_BASELINES = Map.of(
      "medshield", new BigInteger("1110000000"),
      "vaultbank", new BigInteger("590000000"),
      "gridcore",  new BigInteger("470000000")
  );

  private AleBaselineValidator() {}

  public static BigInteger requireBaselineCents(String tenantSlug) {
    String key = Objects.requireNonNull(tenantSlug, "tenantSlug").trim().toLowerCase();
    BigInteger baseline = CONSTITUTIONAL_BASELINES.get(key);
    if (baseline == null) {
      throw new IllegalArgumentException("UNKNOWN_TENANT_BASELINE: " + tenantSlug);
    }
    return baseline;
  }

  /** Format USD decimal string without double arithmetic (dollars = cents / 100, remainder mod 100). */
  public static String formatUsdFromCents(BigInteger cents) {
    Objects.requireNonNull(cents, "cents");
    boolean neg = cents.signum() < 0;
    BigInteger abs = cents.abs();
    BigInteger dollars = abs.divide(BigInteger.valueOf(100));
    int frac = abs.mod(BigInteger.valueOf(100)).intValue();
    return String.format("%s%s.%02d", neg ? "-" : "", dollars, frac);
  }

  public static void assertActiveAleWithinBaseline(BigInteger activeCents, String tenantSlug) {
    BigInteger baseline = requireBaselineCents(tenantSlug);
    if (activeCents.compareTo(baseline) > 0) {
      throw new FinancialIntegrityException(
          "ACTIVE_ALE_EXCEEDS_BASELINE: active=" + activeCents + " baseline=" + baseline);
    }
  }

  public static final class FinancialIntegrityException extends RuntimeException {
    public FinancialIntegrityException(String message) { super(message); }
  }
}

4. UI Label Registry (verbatim — deployment gate)

  • AGENT STATUS PULSE — top quadrant, left pane (app/components/ControlRoom.tsx)
  • Navigation: AUDIT TRAIL, INTEGRITY HUB, BOARD REPORT, OP SUPPORT, 🚨 DMZ QUARANTINE (app/components/HeaderTwo.tsx)
  • FREEZE COMMAND POST — top sub-header toolline (CommandPostFreezeControl.tsx, variant topnav)
  • Export Tabular Ledger Data (CSV) — CYBER INSURANCE OPTIMIZATION card (components/BudgetJustification.tsx, data-testid export-tabular-ledger-csv)

5. Revenue & GTM Framework

StreamDescription
Platform subscriptionPer-tenant seat + module bundles
Usage / telemetryAgent orchestration cycles, export volume
Professional servicesTAS-aligned customization, audit readiness
WORM evidence storageImmutable attestation tiers (Epic 12)

6. Framework Mapping (SOC 2 / ISO 27001)

Control domainIronframe mechanism
CC6.1 Logical accessSupabase RLS + Ironguard tenant headers
CC7.2 System monitoringIronwatch + AGENT STATUS PULSE
A.8.2 Privileged accessDMZ QUARANTINE clearance queue
Financial reporting integrityBigInt cents pipeline, Irontrust frozen ALE