SecurityScoped AccessAuditability
Core controls in the review architecture
The portal highlights how draft launch validation flows, secure preprocessing, storage separation, and scoped access ensure that only embeddings and constrained metadata leave the secure boundary for downstream use.
Review Section
LTI security
Review-facing summary of the documented control area.
- Draft token-validation path for review
- Draft issuer and deployment validation flow
- Nonce and state protection design
Review Section
Database controls
Review-facing summary of the documented control area.
- Private schema for sensitive mappings
- Restricted mapping table access
- Row level security where applicable
- Backend-only handling for sensitive operations
- Stored model-facing records limited to embeddings plus constrained metadata
Review Section
Application controls
Review-facing summary of the documented control area.
- No service-role key exposure in the frontend
- Separated frontend and backend responsibilities
- Synthetic examples only in the review UI
- No raw logs or unprocessed text persisted for modeling
Review Section
Auditability
Review-facing summary of the documented control area.
- Launch audit visibility
- Typed-event and embedding-transposition audit trail
- Review-visible summaries
Review Section
Environment separation
Review-facing summary of the documented control area.
- Dedicated pre-registration review environment
- Future registered or pilot environment kept separate from this build
Frontend responsibilities remain intentionally narrow in this phase: no secrets, no service-role keys, and no live sensitive operations.