Skip to content

Compliance & legal hardening

Related code: app/graphql/ledger_audit/, app/graphql/rbac/, app/auth/.

Items

  • Libro Mayor / Libro Diario / Libro de Inventario PDF export with the official Panama auditor layout.
  • Acceptance: each book exportable per period; pagination + header per page; opens cleanly as a sealed binder.
  • Backup + "export everything as ZIP".
  • Acceptance: per-tenant request → background job → signed URL to a ZIP containing CSV of each major entity + PDFs of all generated documents.
  • Two-factor auth (TOTP) with backup codes.
  • Acceptance: per-user enrolment; required for owner / admin roles by policy; rate-limited.
  • Per-role IP allowlist for accountants / external auditors.
  • Acceptance: role-level allowlist; non-matching IPs see a 403 with a friendly message.
  • Audit-log UI.
  • Acceptance: surface ledger_audit_logs + RBAC events + login events in a single searchable log per tenant; export to CSV.
  • Tenant data retention policy (delete after N years per Panama legal req — typically 5).
  • Acceptance: per-tenant config; soft-delete with restore window; hard-delete job after legal period.
  • GDPR-style data-subject export / delete for individuals (employees, clients).
  • Acceptance: request workflow with admin approval; produces a per-subject ZIP or hard-deletes with audit footprint.
  • Suspicious-activity detection (login from new geo, mass deletes, off-hours bulk void).
  • Acceptance: configurable rules; notifications go to owner via WhatsApp + email.
  • Session pinning + remote logout of all sessions.
  • Acceptance: list sessions per user; one-click revoke all.

Shipped

None yet.