HARD-CODED INTEGRITY.
FlowGazer does not treat security as a "feature." It is a structural requirement. We enforce role-purity and audit-trails at the atomic transaction level.
The Four Eyes Law
Self-Review Prevention
A developer is physically blocked from approving their own work. The light_flip action is rejected by the server if userId === assigneeId. High-discipline delivery requires a second pair of eyes, always.
The Identity Shield
Hierarchical Protection
FlowGazer implements an Upwards Block. PMs and Leads can manage teams, but they are systemically blocked from editing Organization Admins or escalating their own roles. Authority is strictly uni-directional.
Identity Anchoring
Secure Session Management
FlowGazer utilizes @oslojs/crypto to anchor every system action to a verified identity. By using high-entropy session identifiers and secure token hashing, we ensure that the audit trail—recorded in the comments table—is a reliable, non-repudiable record of who moved what, and why.
Identity is the root of discipline. If the system cannot cryptographically prove who you are, it will not allow the flow to move.