Scope

PM / Head of AI

Matt D. on Feb 10

Build

Engineering

Simon R. on Feb 24

GRC

Compliance/Legal

Blocked until findings are resolved

4Production

DevOps

5Monitoring

Operations

Agents / LangChain Bot

LangChain Bot

An engineering-owned automation bot touching high-sensitivity finance systems.

ID: GA-003Framework: LangChainStage: GRCOwner: Compliance/LegalBlocked

Builder Details

Stakeholder Gates

Active Workflows

Upgrade Finance-MCP auth to certificate-based

Assigned to: Simon R. · Due: Apr 10

Status: Open · Created by System on Mar 27

Linked: Security - API Key auth on high-sensitivity service

Open

Approval Chains

Finance-MCP API key auth — security finding

3 participants · 3 days ago

Simon R.·Engineering4 days ago

Flagged for risk→Rachel Moore

The API key connecting GA-003 to Finance-MCP is being rate-limited. This is causing intermittent auth failures and degraded performance. Longer term, API Key auth isn't appropriate for a high-sensitivity finance service — we should upgrade to certificate auth. But that requires infra changes I can't do alone.

Rachel Moore·CISO4 days ago

Assigned→Michael Torres

Agreed on the cert-based upgrade — API Key on Finance-MCP is a known risk we've been deferring. Short-term, @Simon R. can you increase the rate limit on the key with Finance-MCP? @Michael Torres can you scope the cert-based migration?

Michael Torres·DevOps3 days ago

Requested review→Rachel Moore

Rate limit increase applied — Simon's API key now has a 500 req/min limit (was 100). For the cert migration: Finance-MCP supports mTLS. We need a cert from our internal CA, a rotation policy, and vault integration. Estimating 3 days of engineering. Ready to start Apr 10.

Applied Policies

PII Redaction

Mask sensitive user data before any external call

Last triggered: Mar 28 - Passed

Enabled

Budget Cap ($140/mo)

Cap spend at $140 per month

Last triggered: Mar 28 - Passed

Enabled

Service Allowlist

Finance-MCP requires certificate auth

Last triggered: Mar 27 - Blocked

Enabled

Hallucination Check

Verifier pass required before external output

Last triggered: Mar 27 - Passed

Enabled

Human Escalation Threshold

Escalate when confidence falls below configured guardrail

Last triggered: Mar 27 - Triggered

Enabled

Audit Trail

Mar 27

Jamie L. blocked Security/Legal gate

Jamie L. · Mar 27

Credential rotation required

Mar 27

System Service Allowlist policy blocked Finance-MCP access

Feb 24

Simon R. signed off Build stage

Simon R. · Feb 24

Lifecycle advanced to GRC

Feb 10

Matt D. signed off Scope stage

Matt D. · Feb 10

Agent moved into Build