Settings / Security
Security and resilience controls
Local portal security follows OpeniBank v4 invariants: fail-closed checks, explicit permits, signed receipts, and recoverable encrypted backups.
| Control | State | Detail |
|---|---|---|
| Key Storage | Enabled | Keys encrypted at rest with local passphrase |
| Receipt Signature Validation | Enabled | Mandatory Ed25519 verification before trust |
| Permit Enforcement | Enabled | All spend flows require explicit permit context |
| Anomaly Kill Switch | Armed | Stops agent execution on critical anomalies |
| Offsite Backup | Optional | Encrypted bundle export for disaster recovery |
Operator checklist
- ✓Rotate admin credentials every 90 days
- ✓Test encrypted backup restore monthly
- ✓Audit worldline integrity after each version upgrade
- ✓Restrict node dashboard access to trusted network ranges