1. Executive Summary
Ironframe targets mid-market and enterprise organizations requiring defensible quantitative risk (ALE in integer cents), multi-tenant Command Center UX with strict row isolation, and an observable 19-agent LangGraph workforce on Vercel + Supabase.
2. Constitutional Financial Baselines (BIGINT)
| Tenant | ale_baseline (cents) | Prisma field |
|---|---|---|
| Medshield Health | 1110000000 | Tenant.ale_baseline BigInt |
| Vaultbank NA | 590000000 | Tenant.ale_baseline BigInt |
| Gridcore Infrastructure | 470000000 | Tenant.ale_baseline BigInt |
Reference implementations: src/services/irontrust/mathEngine.ts, app/actions/ironqueryExportActions.ts, core/irontrust/ale-engine.test.ts.
3. Java Validation Contract — AleBaselineValidator
Production-grade cents validation mirroring Irontrust deterministic math. Floating-point division on monetary paths is forbidden.
package com.ironframe.grc.financial;
import java.math.BigInteger;
import java.util.Map;
import java.util.Objects;
/**
* TAS-aligned ALE baseline registry. All values are whole USD cents.
* Mirrors: src/services/irontrust/mathEngine.ts
*/
public final class AleBaselineValidator {
private static final Map<String, BigInteger> CONSTITUTIONAL_BASELINES = Map.of(
"medshield", new BigInteger("1110000000"),
"vaultbank", new BigInteger("590000000"),
"gridcore", new BigInteger("470000000")
);
private AleBaselineValidator() {}
public static BigInteger requireBaselineCents(String tenantSlug) {
String key = Objects.requireNonNull(tenantSlug, "tenantSlug").trim().toLowerCase();
BigInteger baseline = CONSTITUTIONAL_BASELINES.get(key);
if (baseline == null) {
throw new IllegalArgumentException("UNKNOWN_TENANT_BASELINE: " + tenantSlug);
}
return baseline;
}
/** Format USD decimal string without double arithmetic (dollars = cents / 100, remainder mod 100). */
public static String formatUsdFromCents(BigInteger cents) {
Objects.requireNonNull(cents, "cents");
boolean neg = cents.signum() < 0;
BigInteger abs = cents.abs();
BigInteger dollars = abs.divide(BigInteger.valueOf(100));
int frac = abs.mod(BigInteger.valueOf(100)).intValue();
return String.format("%s%s.%02d", neg ? "-" : "", dollars, frac);
}
public static void assertActiveAleWithinBaseline(BigInteger activeCents, String tenantSlug) {
BigInteger baseline = requireBaselineCents(tenantSlug);
if (activeCents.compareTo(baseline) > 0) {
throw new FinancialIntegrityException(
"ACTIVE_ALE_EXCEEDS_BASELINE: active=" + activeCents + " baseline=" + baseline);
}
}
public static final class FinancialIntegrityException extends RuntimeException {
public FinancialIntegrityException(String message) { super(message); }
}
}
4. UI Label Registry (verbatim — deployment gate)
- AGENT STATUS PULSE — top quadrant, left pane (
app/components/ControlRoom.tsx) - Navigation: AUDIT TRAIL, INTEGRITY HUB, BOARD REPORT, OP SUPPORT, 🚨 DMZ QUARANTINE (
app/components/HeaderTwo.tsx) - FREEZE COMMAND POST — top sub-header toolline (
CommandPostFreezeControl.tsx, variant topnav) - Export Tabular Ledger Data (CSV) — CYBER INSURANCE OPTIMIZATION card (
components/BudgetJustification.tsx, data-testid export-tabular-ledger-csv)
5. Revenue & GTM Framework
| Stream | Description |
|---|---|
| Platform subscription | Per-tenant seat + module bundles |
| Usage / telemetry | Agent orchestration cycles, export volume |
| Professional services | TAS-aligned customization, audit readiness |
| WORM evidence storage | Immutable attestation tiers (Epic 12) |
6. Framework Mapping (SOC 2 / ISO 27001)
| Control domain | Ironframe mechanism |
|---|---|
| CC6.1 Logical access | Supabase RLS + Ironguard tenant headers |
| CC7.2 System monitoring | Ironwatch + AGENT STATUS PULSE |
| A.8.2 Privileged access | DMZ QUARANTINE clearance queue |
| Financial reporting integrity | BigInt cents pipeline, Irontrust frozen ALE |