Security · The Audit Story
Built So Your CPA Can Defend The Books Without Asking Kuroji A Single Question.
The standard finance-tool sales pitch is that the books are a black box you have to trust. Ours is the opposite: the books are a view of an event log, the event log is hash-chained, and you can prove every number from first principles whenever you want.
The Chain
Every Dollar.
Cryptographically
Defensible.
Every external event lands as one immutable row, linked by SHA-256 hash to the row before it. Journal entries are derived from a deterministic rule engine and chained the same way.
event {
id: e_24f1a8...
prev_hash: 3a91c2f8...
payload: plaid.transaction.added
amount: -2,499.00
occurred_at: 2026-04-19T14:08:21Z
ingest_at: 2026-04-19T14:09:03Z
}
derived_journal_entry {
from_event: e_24f1a8...
debit: Software $2,499.00
credit: RBFCU_Checking $2,499.00
rule: category.anthropic_software_v3
derived_at: 2026-04-19T14:09:03Z
}
action_receipt {
actor: agent:kuroji
ring: ii
caps: $5,000/day · $50,000/month
signed_by: chain_head_3a91c2f8
}The Principles
Six Commitments. Encoded In The Architecture Itself.
01
Every External Event Is Immutable.
Bank lines, Stripe charges, payroll runs — each lands in the ledger as one row that is never edited or deleted. Corrections produce new rows linked to the old. The original event survives every revision.
02
The Chain Is Tamper-Evident.
Each event row stores the SHA-256 hash of the row before it. Modifying any historical row invalidates every hash that descends from it. We periodically anchor the chain head to an external timestamping service so even our own database admins cannot quietly rewrite history.
03
Journal Entries Are Derivations, Not Facts.
The books are computed from the events by a deterministic rule engine. Drop any event into the verifier and we re-derive every entry that descends from it. The books are reproducible from the canonical inputs, on demand, without us.
04
Every Action Carries A Receipt.
When Kuroji writes a journal entry, files a sales-tax return, or sweeps cash to treasury, the action is signed against the auth chain. The signed receipt names the actor, the limits in force at the time, and the events that justified the action.
05
Credentials Never Touch Our Servers.
Bank credentials are held by Plaid. Stripe access is via restricted read-only keys you generate. Payroll integrations use OAuth tokens that you can revoke from the provider's dashboard at any moment.
06
Hard Limits Live In The Auth Chain.
Per-action caps, per-day caps, allowed vendors, allowed jurisdictions — these are not config strings someone could change quietly. Changes to limits are themselves events on the chain, signed and audit-logged.
Compliance Posture
Where We Are Today,And What’s Next.
Today. Encryption in transit (TLS 1.3) and at rest. AES-256 for blob storage. Postgres row-level security partitioning per entity. Plaid Production access. Stripe Restricted Keys only. Google OAuth for sign-in.
In Flight. SOC 2 Type I gap analysis with a Vanta-equivalent provider. Independent penetration test scheduled before public launch. Targeted Type II completion within twelve months of Type I.
Required For Ring III. Ring III (money movement, treasury sweeps, tax filings) is gated behind SOC 2 Type I completion and a written DPA. No customer is on Ring III until that gate is cleared.
Reporting. Security disclosures and vulnerability reports go to security@kuroji.ai. We respond within 48 hours and credit reporters on the advisory page after fix.
Architecture Inherits From Kodori