What we're shipping
and what's coming next.

Generate a Twinfield Transactions XML for any period. One temporary journal per card transaction; finance promotes to final inside Twinfield.

Surfaces transactions with no provenance trail and lets admins/finance scrub them. Cascades to matches, comments, approvals, and explanations.

Long-lived device cookies bucket sign-ins from the same physical device under one collapsible row, even across changing IPs.

Postgres RLS active on every tenant-scoped table; reserved tenant pool with app.company_id GUC; CI guard prevents regressions.

Sessions inactive longer than SESSION_IDLE_TIMEOUT_DAYS get revoked on a daily sweep, with an audit trail per revoke.

fastify-metrics over /metrics; queue stats exported; daily encrypted audit-log archive to S3-compatible storage.

Subject access + erasure requests handled in-product; signed PDF receipt issued on completion.

Admins can freeze a workspace; deletes enter a configurable grace period before hard removal.

Invoices issued with location-aware tax. Reverse-charge for B2B EU, EU OSS for B2C consumers, US sales tax handled by Stripe.

Per-department default workflows + per-member overrides; finance-only, two-step (manager → finance), and auto-approve thresholds.

Multi-cardholder Amex CSVs (NL + EN headers) split per card. Foreign-spend + FX rate parsing; per-row occurrence index keeps real duplicate charges.

Flip the framework stub on: OAuth round-trip + token rotation + SOAP ProcessXmlString. One-click "Push to Twinfield" replaces manual XML upload.

Read the customer's chart of accounts so the export modal validates GL codes before submit instead of failing at the wire.

Hardened prompt + Anthropic SSE streaming with cancellation, per-tenant rate limits, and a transparent action log inside the chat.

Bring Rexa into Okta, Azure AD, Google Workspace. SCIM keeps team membership + roles in sync; step-up MFA enforced on staff actions.

Sister to the Twinfield work — promote the Exact Online exporter from stub to a real GeneralJournalEntries + Documents API push.

OTel exporters across api + workers; trace a receipt from upload through OCR, matching, approval, export. Configurable sink (Tempo, Honeycomb, Datadog).

Extend the app.company_id GUC contract to BullMQ workers so every tenant query runs under the same policy enforcement as the API.

Same skeleton as the Exact/Twinfield work. Priority depends on which non-NL geographies pull hardest.

Bring-your-own-key for receipt + secret blobs. Customers rotate, revoke, or freeze data from their own AWS account.

Receipt capture, push notifications for approvals, offline-tolerant queueing. Today's web-based capture handles the path; native is the polish.

TrueLayer integration is already scaffolded — research is what happens when the card-statement and bank-feed views start to overlap.