Internal Docs

Internal documentation for Raxx — runbooks, architecture decisions, agent specs, security reports, business, finance, and legal. Auto-generated from docs/ on every push to main.

Agent Guides

Adding a feature
Agent Onboarding
Card grooming
Responding to a security finding
The agent pipeline

Architecture

"What Could've Been" (WCB) — Architecture Design
ADR 0001 — WebAuthn / Passkeys as the Only Authentication Factor
ADR 0002 — No Stored Credentials (Enforcement)
ADR 0003 — GDPR by Default
ADR 0004 — iOS App Stack: Native Swift/SwiftUI
ADR 0004 — raxx-console Stack: Flask + Jinja2 + HTMX + Tailwind CDN
ADR 0005 — iOS WebAuthn: Reuse raxx.app as the RP ID (scope: web + iOS only)
ADR 0006 — iOS Offline Posture: Read-Only Cached State
ADR 0007 — iOS subscription billing: Apple In-App Purchase
ADR 0008 — Alpaca integration mode: OAuth 2.0 (user-delegated) for v1
ADR 0009 — OAuth access token at rest: documented invariant exception
ADR 0010 — v1 per-user compute: shared Raptor process, per-request OAuth scope
ADR 0011 — Premium "fully-hosted workflow" tier: Fargate + Firecracker microVM candidate
ADR 0012 — Console WebAuthn: Separate RP ID (console.raxx.app)
ADR 0013 — MBT: Raxx-native paper-trading engine, displacing per-user Alpaca OAuth for paper
ADR 0014 — Alpaca scope: server-side market-data account + Pro+ live-broker handoff only
ADR 0015 — MBT defaults are profile-driven, not fixed config knobs
ADR 0016 — Founders Trial: Celery beat for daily sweep, not APScheduler
ADR 0017 — E2E Encryption with Opt-In Shadow Analytics: Architecture Posture
ADR 0017 — Founders Referral: 6-byte base64url slug for link identifiers
ADR 0018 — Founders Referral: cookie-primary attribution with URL-param fallback
ADR 0018 — Shadow-analytics data goals + consent-UX consequences
ADR 0019 — Founders Grace: business-day calendar library choice
ADR 0020 — Branch promotion model: tag + environment approval gate
ADR 0021 — Trace Storage: Timescale vs Plain Postgres vs ClickHouse vs Others
ADR 0022 — Event Log: Append-Only + Hash Chain for Tamper Evidence
ADR 0023 — Render ID Granularity: Per-View vs Per-Component vs Per-Field
ADR 0028 — Intentional friction on prod deploys: manual gate over full automation
ADR 0029 — Console staging retirement: why console retires staging while API keeps it
ADR 0031 — Platform Auth Posture: Defense-in-Depth Across Surface Classes
ADR 0032 — Customer account recovery: A+B only (multi-passkey + backup codes; no email recovery; no agent re-enrollment)
ADR 0033 — CI runner posture: transient-failure retry + Ubicloud migration trigger
ADR 0042 — Auth Unification: Hybrid Identity Model
ADR 0047 — Track B: CORS origin allowlist for raxx.app on raxx-api-prod
ADR 0048 — Track B: Align deploy-antlers.yml tag trigger with release-please tag format
ADR 0049 — Track B: v1.0 Alpaca credential shape — single operator set, paper only
ADR 0050 — Fidelity API surface: target WIX (Wealthscape Integration Xchange), fallback FDX read-only
ADR 0050 — Trunk-based SDLC affirmed; Gitflow rejected; hardening plan for drift and revert friction
ADR 0051 — Drift prevention: layered structural controls
ADR 0051 — Fidelity auth flow: 3-legged OAuth 2.0 with PKCE; no credential hand-off to Raxx
ADR 0052 — Broker adapter interface: BrokerAdapter ABC with registry, not extending alpaca_integration.py
ADR 0052 — New-surface hosting tier classification
ADR 0053 — New-surface deploy workflow template structure
ADR 0054 — Reasonator deployment target: Heroku Standard-2X
ADR 0055 — Reasonator API contract: REST with sync + async endpoints
ADR 0056 — Reasonator service auth: bearer token in vault
ADR 0057 — Reasonator re-scoring: model SHA as first-class provenance field
ADR 0058 — Unified Customer Audit: Single Table vs Federated Tables
ADR 0059 — Shadow Tables: Postgres Triggers vs Application Dual-Write
ADR 0060 — Unified Audit RBAC: Role-Gated Dimensions vs Feature-Flag-Gated Dimensions
ADR 0061 — Ticket-State-Aware Notification: Two-Path Model for Dim-3 Operator Reads
ADR 0062 — Deny-List + Per-Action Allowlist for State-Diff PII in Audit Rows
ADR 0063 — Scale Tier Latency Budget + Numeric Upgrade Triggers for Shadow-Table Writes
ADR 0064 — SOC-2 Retention SLA, Auditor Role, and Attestation Cadence
ADR 0077 — Cloudflare WAF as Layer 1 of Raxx Layered Defense
ADR 0081 — New-surface deploy/preview convention as Raxx standard
ADR 0083 — Infisical Google OIDC SSO via Cloudflare Access
ADR 0088 — Docs site tooling: custom Python builder for v1
ADR 0094 — Founders Gate: Fail-Open Posture and Overshoot Tolerance
ADR 0096 — Console Dashboard V2: Split-View Layout (Option B)
ADR 0096 — Per-PR Context Swap: Agent Identity Routing
ADR 0098 — Flag Operator UX Hardening + Pony-Style Internal Docs
[ADR-0020](https://internal-docs.raxx.app/architecture/adr/0020-branch-promotion-soak-gate.html): RBAC — Groups as the permission bridge; centralized identity authority
[ADR-0024](https://internal-docs.raxx.app/architecture/adr/0024-env-switcher-state-storage.html) — Env Switcher: Session-resident selected_env vs DB column
[ADR-0025](https://internal-docs.raxx.app/architecture/adr/0025-env-switcher-rbac-gate.html) — Env Switcher: RBAC gate on switching vs gate on mutation
[ADR-0026](https://internal-docs.raxx.app/architecture/adr/0026-feature-flag-persistence.html) — Feature Flag Persistence: DB table vs external store vs env-var-only
[ADR-0027](https://internal-docs.raxx.app/architecture/adr/0027-feature-flag-env-scoping.html) — Feature Flag Env Scoping: per-env rows vs single row with override
[ADR-0028](https://internal-docs.raxx.app/architecture/adr/0028-prod-deploy-intentional-friction.html) — Status Page Hosting: where does /api/status/public live?
[ADR-0029](https://internal-docs.raxx.app/architecture/adr/0029-console-staging-retirement-rationale.html) — Status Surface Registry: where and how is the surface list stored?
[ADR-0030](https://internal-docs.raxx.app/architecture/adr/0030-status-state-machine.html) — Status Page State Machine: canonical states, transitions, and actors
[ADR-0034](https://internal-docs.raxx.app/architecture/adr/0034-console-driven-deploy-flow.html) — Console-driven deploy flow with GitHub Actions status callbacks
[ADR-0035](https://internal-docs.raxx.app/architecture/adr/0035-flag-promotion-staging-to-prod.html) — Staging-to-prod flag promotion: explicit promotion queue over ambient drift
[ADR-0036](https://internal-docs.raxx.app/architecture/adr/0036-deploy-async-run-id-resolution.html): Async Run-ID Resolution for Console Deploy Dispatch
[ADR-0037](https://internal-docs.raxx.app/architecture/adr/0037-velvet-service-bus-subscription-model.html): Velvet — Service-Bus Subscription Model
[ADR-0038](https://internal-docs.raxx.app/architecture/adr/0038-velvet-three-stage-operational-flow.html): Velvet — Three-Stage Operational Rotation Flow
[ADR-0039](https://internal-docs.raxx.app/architecture/adr/0039-velvet-revocation-401-criterion.html): Velvet — 401 Unauthorized as the Revocation Success Criterion
[ADR-0040](https://internal-docs.raxx.app/architecture/adr/0040-velvet-consumer-registration-static-manifest.html): Velvet — Static Manifest for Consumer Registration (No Runtime API)
[ADR-0041](https://internal-docs.raxx.app/architecture/adr/0041-velvet-runtime-registration-supersedes-0040.html) — Velvet consumer registration: runtime API + manifest bootstrap (supersedes [ADR-0040](https://internal-docs.raxx.app/architecture/adr/0040-velvet-consumer-registration-static-manifest.html))
[ADR-0043](https://internal-docs.raxx.app/architecture/adr/0043-auth-rbac-reconciliation.html) — Auth Unification: RBAC Reconciliation
[ADR-0044](https://internal-docs.raxx.app/architecture/adr/0044-console-self-deploy-web-layer.html) — Console Self-Deploy Web Layer: Option Selection + Topology
[ADR-0045](https://internal-docs.raxx.app/architecture/adr/0045-support-portal-topology.html) — Support Portal Topology: CF Pages + Raptor Proxy (Option A)
[ADR-0046](https://internal-docs.raxx.app/architecture/adr/0046-support-portal-secret-store.html) — Support Portal: FreeScout API Token in Infisical (not SSM)
[ADR-0054](https://internal-docs.raxx.app/architecture/adr/0054-rbac-ticket-scoped-grants.html): Ticket-Scoped Role Grants — State in DB, Validated Per Request
[ADR-0055](https://internal-docs.raxx.app/architecture/adr/0055-rbac-pre-write-audit.html): RBAC Grant Mutations — Pre-Write Audit Pattern
[ADR-0056](https://internal-docs.raxx.app/architecture/adr/0056-rbac-session-embedded-permission-cache.html): Permission Resolution — Session-Embedded Cache (Option A)
[ADR-0057](https://internal-docs.raxx.app/architecture/adr/0057-rbac-break-glass-time-limit.html): Break-Glass Grant — Time-Limited, Justification-Required, Alert-First
[ADR-0065](https://internal-docs.raxx.app/architecture/adr/0065-queue-strangler-fig-vs-greenfield.html) — Queue v1: Strangler-Fig over Greenfield
[ADR-0066](https://internal-docs.raxx.app/architecture/adr/0066-queue-colocation-blueprint-mount.html) — Queue v1: Co-location as Flask Blueprint Mounted in Raptor
[ADR-0067](https://internal-docs.raxx.app/architecture/adr/0067-queue-jwt-offline-verification.html) — Queue: Signed JWT for Session Tokens (Offline Verification)
[ADR-0068](https://internal-docs.raxx.app/architecture/adr/0068-queue-fail-closed-on-outage.html) — Queue: Fail-Closed on Outage (No Credential Cache in Raptor)
[ADR-0069](https://internal-docs.raxx.app/architecture/adr/0069-psycopg2-binary-over-psycopg3.html): psycopg2-binary as Raptor's Postgres driver
[ADR-0070](https://internal-docs.raxx.app/architecture/adr/0070-pytest-postgresql-over-testcontainers.html): pytest-postgresql over testcontainers for Raptor test fixtures
[ADR-0071](https://internal-docs.raxx.app/architecture/adr/0071-stripe-billing-queue-as-authority.html): Stripe Billing Tables — Queue as the Authoritative Store
[ADR-0072](https://internal-docs.raxx.app/architecture/adr/0072-durable-email-sns-sqs-ses.html): SNS/SQS/SES Durable Email Delivery with DLQ at Both Layers
[ADR-0073](https://internal-docs.raxx.app/architecture/adr/0073-stripe-v1-home-decision.html): Stripe Billing v1 Implementation Home — Raptor Stopgap
[ADR-0074](https://internal-docs.raxx.app/architecture/adr/0074-email-delivery-hybrid-postmark-v1.html): Email Delivery v1 — Hybrid Architecture (Postmark + SNS/SQS/Lambda)
[ADR-0075](https://internal-docs.raxx.app/architecture/adr/0075-billing-stays-in-queue-operator-override.html): Billing Stays in Queue — Operator Override of [ADR-0073](https://internal-docs.raxx.app/architecture/adr/0073-stripe-v1-home-decision.html)
[ADR-0076](https://internal-docs.raxx.app/architecture/adr/0076-queue-phase1-billing-v1-aggressive-12day.html): Queue Phase 1 + Billing v1 — Aggressive 12-Day Plan (Python)
[ADR-0076](https://internal-docs.raxx.app/architecture/adr/0076-queue-phase1-billing-v1-aggressive-12day.html): Queue Phase 1 + Billing v1 — C++ Implementation
[ADR-0078](https://internal-docs.raxx.app/architecture/adr/0078-queue-cf-edge-protection.html): Queue Cloudflare Edge Protection
[ADR-0079](https://internal-docs.raxx.app/architecture/adr/0079-wcb-snapshot-storage.html): WCB Snapshot-Only Storage with Compute-on-Render Trajectory
[ADR-0080](https://internal-docs.raxx.app/architecture/adr/0080-support-portal-api-contract.html) — Support Portal: API Contract, JWT Shape, and Privacy Boundary Algorithm
[ADR-0082](https://internal-docs.raxx.app/architecture/adr/0082-terraform-pipeline-pattern.html) — Terraform deployment pipeline pattern (Option D: GH Actions + AWS OIDC)
[ADR-0084](https://internal-docs.raxx.app/architecture/adr/0084-burr-v2-multi-region-oidc-gateway.html) — Burr v2: Multi-Region OIDC Gateway with R53 Latency Routing + Auth Down Failover
[ADR-0085](https://internal-docs.raxx.app/architecture/adr/0085-flag-reconciler-bidirectional-sync.html) — Flag Reconciler: Bidirectional Sync with Drift-as-Kill-Switch
[ADR-0085](https://internal-docs.raxx.app/architecture/adr/0085-flag-reconciler-bidirectional-sync.html): vcpkg Version Pinning Policy for Tier-1 C++ Services
[ADR-0086](https://internal-docs.raxx.app/architecture/adr/0086-vcpkg-lockfile-policy.html): vcpkg Lockfile Policy — Defer for v1
[ADR-0087](https://internal-docs.raxx.app/architecture/adr/0087-vcpkg-manifest-ci-guard.html): CI Guard for vcpkg Manifest Changes
[ADR-0088](https://internal-docs.raxx.app/architecture/adr/0088-docs-site-tooling-choice.html) — Stripe Webhook Failure Strategy: 5xx to Stripe, Not 2xx + Local Queue
[ADR-0089](https://internal-docs.raxx.app/architecture/adr/0089-queue-vcpkg-audit-2026-05-14.html): Queue vcpkg.json Full Audit Against Pinned Baseline — 2026-05-14 UTC
[ADR-0091](https://internal-docs.raxx.app/architecture/adr/0091-alerting-source-and-oncall-agent.html): Alerting Source Selection and On-Call Agent Runtime
[ADR-0093](https://internal-docs.raxx.app/architecture/adr/0093-raptor-postgres-migration.html) — Raptor SQLite → Postgres Migration (Path B, v1-blocking)
[ADR-0095](https://internal-docs.raxx.app/architecture/adr/0095-deploy-modal-phase-option-a.html): Deploy Modal Phase Progression — Option A (Fine-Grained Workflow Callbacks)
Agent GitHub identity
Alpaca integration — scoped to market data + optional live-broker handoff
Audit CI Gates
Auth Unification — Hybrid Identity Model
Auth Unification — RBAC Reconciliation
AWS OIDC Trust — GitHub Actions
Billing Data Model
Branch Promotion Strategy — Soak Gate for Raptor / Antlers / Docs
CF WAF Layered Defense Strategy
CI Migration Candidates — Architect Filtering
CI Notification Posture
Cloudflare Pages projects — domain mapping
Console Dashboard V2 — Option B Split-View Design
Console Deploy — Async Dispatch (H12 Fix)
Console Env Isolation — Vault Path Layout
Console Environment Switcher — Design
Console Feature Flag Management — Design
Console Flag Promotion Flow — Staging to Prod
Console Self-Deploy Web Layer
Console-Driven Deploy Flow
Credential-Boundary Test Pattern
Customer Detail View — Design Doc
Deploy Modal Phase Progression
Design: Flag Operator UX Hardening + Pony-Style Internal Docs
Design: Public Docs Site Scaffold — docs.raxx.app
Durable Email Delivery — SNS/SQS/SES with DLQ at Both Layers
Email Routing — Platform Address Map
Fidelity Broker API Integration — Architecture Design
Flag Reconciler — Bidirectional Sync (Drift-as-Kill-Switch)
Founders Grace Window + Paid-Tier Transition
Founders Referral Service — link generation, click attribution, conversion tracking
Founders Trial Engine — data model, state machine, scheduler, and rules engine
Founders-Gate Signup Block
FreeScout → GitHub Issue Auto-Linking
JWT Access-Token TTL + Refresh-Token + Revocation Research
Language Tier Policy
MBT — Investor Profile Model + Educational Overlay
MBT — Raxx-native paper-trading engine
Multi-user Authentication & GDPR Architecture
Natural-Language to Strategy DSL: Parsing Research Brief
New-Surface Deploy/Preview Convention
Passkey E2E Encryption with Opt-In Shadow Analytics
Per-PR Context Swap — Agent Identity Routing
Principle: Staging Is a Runtime Duplicate, Not a Parallel Admin Plane
Prod-Deploy Gating — Universal Pattern + Console First Implementation
Proposal — Market Calendar Service
Queue C++ Scaffold Review — vcpkg Discipline Post-Incident
Queue CF Edge Protection — Design
Queue Phase 1 — C++ Foundation + Billing
Queue Stripe Webhook + Billing Layer — Design
Queue — API Contract v1
Queue — Identity, Session, RBAC, and Customer Service
Queue — In-Flight PR Disposition
Queue — Migration Plan
Raptor Postgres Migration — Phased Rollout Plan
Raptor Postgres Migration — Sub-Cards for PM to File
Raptor SQLite → Postgres Migration — Design Doc
Raptor SQLite → Postgres Migration — Design Refresh 2026-05-15 UTC
Raxx iOS Companion App — Architecture Sketch v1
Raxx On-Call Cloud Agent + Alerting Architecture
Raxx RBAC — Role-Based Access Control Design (v1, First Pass)
raxx-console — Operator Admin Console Architecture
raxx-console — Operator Dashboard (Milestones 7–13)
RBAC Antlers Surface Audit — Flag Inventory, Gap Report, and Denied-State Remediation
RBAC V2 — API Contract
RBAC V2 — Design
RBAC V2 — Migration Plan
RBAC V2 — SAML Claims-to-Groups Wiring
RBAC V2 — SAML Group-to-Group Wiring Design
Reasonator API Contract
Reasonator Cost Model
Reasonator Sequence Diagrams
Reasonator — Sentiment Scoring Service Design
Repo Split Strategy + Buildkite Migration Plan
Session engine — REST + JWT + server-side revocation + per-tier rate limits
status.raxx.app — Data Model, State Machine, and FreeScout Webhook Contract
Stripe Billing Gap Analysis — 2026-05-13 UTC
Stripe Customer Billing — Data Model
support.raxx.app — Customer Support Portal Design
Ticketing System — Build vs. Buy Analysis
Track B — Backend wiring for raxx.app customer-facing launch
Unified Customer Audit + Shadow-Table Architecture — v2
Unified Customer Audit API Contract — v2
Unified Customer Audit — Migration Plan v2
Velvet Handler-Author Guide
Velvet v2 — Rotation Flows Design
Workflow UUID Tracing — Replay + Support Transparency Design

Business

Bookkeeper reconciliation — 2026-04-22
Business email — Google Workspace multi-domain (moosequest.net primary + aliases)
CI Cost Analysis — GitHub Actions Billing Situation
Draft — email to Matthew Crosby asking for securities-attorney referral
EIN and state tax IDs
Entity structure — LLC vs S-Corp-elected LLC vs C-Corp
Expense record — FreeScout modules (FastSpring)
Founders Pro at $19/mo — Cost + Pricing Rationale
Natural-Language AI Strategy Execution — Feedback Investigation
Owner compensation — S-Corp election, reasonable salary, payroll
Questions for the attorney — first consult
Questions for the CPA — first consult
Raxx business, legal, and tax research pack
State of formation — Delaware vs Wyoming vs Nevada vs home state
Support Autoreply Legal Posture — support@raxx.app
Trademark — MOOSEQUEST (USPTO)
Velvet v2 Infrastructure: Cost + Compliance Analysis

Business Legal

CI Migration Candidates — Financial and Licensing Research
Cover Letter Template — Securities Attorney Outreach
Decision Matrix — Securities Attorney Candidates
Domain Research: moosequest.com Registrar + Acquisition Options
Infisical Pricing and Auth-Tier Research
MBT Copy Sample — Attorney Review
Northwest Registered Agent — Order Record
Pre-Meeting Questions — Securities Attorney Engagement
Raxx Product Principles — Securities-Law Relevant
Raxx — Company and Product Overview
Scope of Work — Securities Attorney Engagement
Securities Attorney Engagement Package
Securities Attorney Engagement Package — Index
Securities Attorney Research Shortlist
USPTO Knockout Search — RAXX + MOOSEQUEST (2026-04-28)

Console Features

Console feature QA — 2026-05-01

Data Science

"What Could've Been" — Retrospective Decision Quality
Build Roadmap
Core Strategy
Data Science — Strategy Inventory
ETF NAV Discount Strategy — Data Schema
ETF NAV Discount Strategy — Failure Modes
ETF NAV Discount Strategy — Model Card
ETF NAV Discount Strategy — Specification
Execution Workflow
Historical Options-Chain Data Vendors — Raxx Use-Case Comparison
Layered Covered Call Income Cycle — Strategy Spec
LCC Income Cycle — Alert Specification
LCC Income Cycle — Data Schema
LCC Income Cycle — Failure Modes and Edge Cases
Markov / HMM Fit-Analysis for Raxx Options-Income Strategies
Model Card — Layered Covered Call Income Cycle
Rolling-Income Monte Carlo Simulator + Regime-Aware Entry Gate
Strengths
Trading Strategy Package

Decisions

Decision: Internal-only docs site hostname

Demo

Demo flow — client-side only (2026-05-13)

Dev Setup

Local development setup
Testing Raptor (backend_v2)

Finance

Chart of accounts — MooseQuest / Raxx
Finance records — MooseQuest / Raxx
Vendor categorization conventions

General

Api
CI Health Gate Runbook
Claude 3.7 Sonnet Research Prompt: Technical Indicators for Trading Algorithms
Development Log
Documentation Governance
Observability Baseline (Sprint 3 Card #37)
Release v1.0.0 (2025-03-12)
Release v[VERSION] (YYYY-MM-DD)
Slack Integration for Repo Updates
Technical Indicators Research
TradeMaster API Documentation
TradeMaster API Project Summary
TradeMaster API v1.1.0 Release Notes
TradeMasterAPI End-to-End QA Workflow

Grooming

Grooming pass — 2026-04-22

Incidents

CI Failure Triage — 2026-05-18
Email pipeline — post-#1666 operator actions + E2E smoke test
Incident RCA — getraxx.com unserved (2026-05-08 UTC)
Operator Action Queue — 2026-05-12
RCA — Bot token mint returning 404 after MooseQuest → raxx-app org migration
RCA — CI baseline degradation blocking merge queue (5 PRs, 5 failure classes)
RCA — CI cleanup pass: YAML parse error, name collision, Heroku 429, deploy modal stall, nightly scan recurrence
RCA — console.raxx.app dashboard: multiple surfaces showing DEGRADED/FAILED
RCA — FreeScout cloud-init FATAL: could not extract MySQL root password
RCA — gitleaks false-positive fires nightly on Cloudflare Account ID
RCA — Postgres owner privilege voids audit-chain append-only invariant (#1455)
RCA — Postmark bounce/spam alert misfire (low-denominator repeat paging)
RCA — raxx-api-prod: 0 dynos, no slug, never deployed
RCA — www.getraxx.com CF Access gate bypass
Stripe Keys Verification + Vault Copy — 2026-05-12

Launch

Raxx v1 Launch Punch List — 2026-05-23 UTC (T-9 days)

Legal

AI Strategy Execution + Hybrid Broker — Legal Risk Scoping
APM Vendor Research: Sentry vs Honeybadger
Article 30 Records of Processing Activities (RoPA) — Raxx
Billing — Customer Scoring Ethics + Tier Downgrade Data Handling
CPRA Applicability Threshold — Self-Determination Form
Data Protection Impact Assessment — Trace Architecture
Demo Session Email-Gating: Compliance Scoping
DIY Privacy Compliance Path — Raxx v1 Launch Research
Draft Reply — Matthew Crosby (Schwartz IP Law)
ESIGN + UETA compliance checklist — Raxx NDA portal
FCRA-Out Posture Documentation — Raxx
Fidelity Broker API Integration — Research Briefing
GitHub Org Creation Before LLC Formation — Research Note
i18n Launch Language Research — Raxx
NDA framework — decisions, alternatives, and sourcing
NDA template — Raxx v1 (one-way)
Privacy Policy Skeleton — Raxx
Privacy Policy — Raxx
Privacy Policy — Raxx
Privacy Policy — Version History
Ramp Payment Solutions LLC — RAXX Reg. 7779396 Ownership + Opposition Risk
RAXX Trademark — §2(d) Conflict Analysis (Attorney Signal: Crosby 2026-05-05)
raxxapp Handle Due Diligence
Social Handle Reclamation — RAXX Trademark
Terms of Service — Raxx
Waitlist Privacy Notice — Raxx

Marketing

Competitor — Composer (composer.trade)
Competitor — Interactive Brokers (IBKR)
Competitor — Public.com
Competitor — QuantConnect
Competitor — Robinhood
Competitor — tastytrade
Competitor — thinkorswim (Schwab)
Competitor — Trade Ideas
demo.raxx.app — Open-Flow + Conversion Strategy
demo.raxx.app — PM + UX Handoff
Differentiation — Raxx v2
Downgrade Resistance + Win-Back Strategy
getraxx.com — Launch Readiness Audit
Hero strategy — Raxx marketing
Messaging — Raxx (v2)
Positioning — the platform (name TBD)
Pricing — Raxx v2 (refreshed anchors + recommendation)
Pricing — tier structure + rationale (v1 proposal)
Raxx — Competitive Landscape + White-Paper Survey
Social Media Handle Research + Signup Playbook
Social Media Handle Research + Signup Playbook v2
Support Auto-Reply Copy — support@raxx.app
support.raxx.app — Customer Support Portal Scope

Operations

SOP: Pausing Raxx dev compute

Ops Runbooks

2026 05 03 Groomer Velvet Pass
Agent bot-token setup runbook
Auth Unification — PM Card Rework
Auto-Ticketing Pipeline — Incident Response Runbook
Auto-Ticketing Pipeline — Overview
Auto-Ticketing Pipeline — Staged Rollout
Backlog Grooming — Full Pass — 2026-05-03 UTC
Billing read-only API tokens runbook
CI hygiene runbook
Cloudflare API tokens runbook
Cloudflare Rate Limiting runbook
Console Cockpit Pattern — Operator Runbook
Console Completeness Audit — 2026-05-06 UTC
Console deploy — manual break-glass runbook
Console Phase 1 Live Reachability — 2026-05-07 UTC
Console Phase 2 Functional Audit — 2026-05-07 UTC
Console Phase 2.5 Interaction Audit — 2026-05-07 UTC
Console review apps runbook
Console Status Poller Runbook
Console UI Sprint — 2026-05-09 UTC
Data Retention Policy — Raxx
Demo chain snapshot refresh
Deploy Freeze — Operator Runbook
docs-customer-deploy runbook
Email DLQ Redrive Runbook
Email DNS State — moosequest.net
Email Routing — raxx.app mailboxes
Feature Flag Ops Runbook
FreeScout backup and restore runbook
FreeScout email templates — runbook
FreeScout end-to-end email pipeline test runbook
FreeScout Google OAuth SSO — setup and operations runbook
FreeScout Operations Mailbox — First-Deploy Provisioning SOP
FreeScout paid module install — runbook
FreeScout polish sprint — triage notes
FreeScout Postmark SMTP relay — operator runbook
FreeScout runbook
FreeScout S3 IAM runbook
FreeScout ticket workflow
FreeScout TLS / certificate renewal runbook
getraxx.com DNS + Cloudflare Pages State
GitHub App credentials runbook
GitHub App provisioning runbook
Gitleaks runbook
Heroku FLAG_* Config Vars — Deprecation Tracking
Heroku runbook
Infisical Cloud SaaS configuration runbook
Infisical SSO runbook
Manual DSR Handling — Standard Operating Procedure
MBT v1 sub-card grooming pass — 2026-05-02 (UTC)
Migration gate runbook
Ops Runbooks
Postmark Bounce Alerts — Diagnostic Packet
Postmark runbook
Production deploy approval gate — runbook
QA Report — [PR #1431](https://github.com/raxx-app/TradeMasterAPI/pull/1431) (Tailwind build-step + favicon.ico)
QA Report — [PR #1432](https://github.com/raxx-app/TradeMasterAPI/pull/1432)
Raptor Postgres Roles Runbook
Raptor Prod Postgres Cutover SOP
Raptor Staging Postgres Cutover SOP
RCA — Stuck Flag Promotion: console_heroku_log_drain_alerting
Rebound Sprint — 2026-05-12
Recurring + scheduled tasks (Claude session-local)
Rotation Routing Matrix
Rotation SOP — Alpaca Live Trading API Keys
Rotation SOP — Alpaca Paper Trading API Keys
Rotation SOP — Anthropic API Key
Rotation SOP — AWS IAM Access Key
Rotation SOP — Cloudflare Access Service Token
Rotation SOP — Cloudflare User API Token
Rotation SOP — DreamHost API Key
Rotation SOP — Dyn (Oracle Dyn) API Key
Rotation SOP — GitHub App Installation Access Token (informational)
Rotation SOP — GitHub Personal Access Token (PAT)
Rotation SOP — Google Workspace Service Account Key
Rotation SOP — Heroku Platform API Token
Rotation SOP — Infisical Service Token / Machine Identity
Rotation SOP — Postmark Server API Token
Rotation SOP — Stripe Restricted API Key
Runbook — CI runner posture
Runbook — console-prod H12 + WORKER TIMEOUT Slack alerting
Runbook — getraxx.com CF Access gate removal (launch day)
Runbook — v1 launch-day cutover (2026-05-23 UTC)
Runbook: Drive ledger consolidation — Sheets-per-tab to single workbook
Runbook: FreeScout custom fields for status.raxx.app integration
Runbook: Support portal S3 attachments
Session-bootstrap runbook
SOC-2 Quarterly Attestation Runbook
SOC-2 Quarterly Attestation — 2026 Q2
SOP — CF Access Service Token Provisioning
SOP — FreeScout Lightsail Instance Rebuild
SOP — HEROKU_API_KEY Drift Recovery
SRE Provisioning Batch — 2026-05-06
status-d1 Runbook
Stripe Test Mode Wiring Verification
Support Portal (support.raxx.app) — Operations Runbook
Synthetic Check Diagnosis Runbook
Terraform cf-access state imports runbook
Trading-Core Track Pitch — 2026-05-03
Vault coverage audit runbook
Vault environment coverage snapshot
Vault token taxonomy — function mapping, tag system, and provisioning template
Velvet First-Deploy Triage — 2026-05-05
Velvet Operator Runbook
Velvet v2 — PM Card Rework
WAF runbook
ZAP Finding Triage — Operator Runbook

Product

Billing Telemetry Dashboard — Feasibility Study
Raxx v1.0 Production Release — Ship Plan

QA

Antlers flag RBAC audit — 2026-05-15 UTC
MBT v1 — Launch Readiness Checklist
Queue C++ Scaffold — QA Validation Plan

Release

Release-please multi-package configuration

Research

Handoff Packet — Issue #84
Iron Condor Builder — Q1 / Q2 / Q5 Research Recommendations
Issue #84 — Risk Metrics Expansion: Sortino, Calmar, VaR, CVaR, Ulcer Index, Beta
Risk Analysis — Issue #84 Metrics Implementation

Runbooks

New-surface deploy/preview convention — runbook
Production rollback runbook
Runbook: Remove dormant FLAG_CONSOLE_* Heroku config vars (post-GA)
WAF synthetic probes runbook

SDLC

C++ Service Onboarding Checklist

Secrets

Cloudflare Token Taxonomy

Security

CSRF approach decision — console.raxx.app
Data Protection Impact Assessment — Shadow Analytics Pipeline
IAM policy — claude-infisical-bootstrap
Nightly security scan — 2026-04-25 (FIRST-RUN BASELINE)
Nightly security scan — 2026-05-06
Operator runbook — Shadow Analytics Pipeline
Public surface security sweep — 2026-04-25
Raxx Platform — Auth Posture (Single Source of Truth)
Release readiness policy — security gate
Security review batch — 2026-05-14 UTC
Security review — 2026-04-24 (round 1)
Security triage — 2026-04-26
Security triage — 2026-04-27
Security triage — 2026-04-28
Security triage — 2026-04-29
Surface state machine review — 2026-05-13
WAF Threat Model — Raxx Platform
Web surface posture — pre-launch lock-down

Sprints

T-8 sprint plan — 2026-05-15 UTC to 2026-05-23 UTC launch

Templates

ADR NNNN —

Testing

Founders Gate — Test Matrix and Run Guide

Feature Flags

Feature flag index — per-flag pages auto-generated from backend_v2/api/feature_flags.yaml