VaultFolio — Ops Dashboard

Executive Dashboard

Leadership overview — high signal, click any card to drill down

Growth vs Cost Projection

Projected Revenue

Projected Cost

Break-even (Aug 2026)

Recent Activity

Loading activity...

View PRs View Issues TECH_ROADMAP COST_COMPARISON

Security Dashboard

Credential status, auth system health & security issues

Credential & Key Status

Key Name	Status	Last Rotated	Notes	GitHub Issue

Auth System Health

Security Issues

#	Title	Priority	Status	Milestone

Security Maturity Roadmap

OWASP Mobile

4/10

40% passed

Controls Mapped

18/34

53% coverage

SIEM Use-cases

0/5

Active

Attestation

0/3

Implemented

Phase Timeline

✓

Phase 0-1

Foundations

NOW → 6mo

2

Phase 2

Hardening

6 – 18mo

3

Phase 3

CCA Integration

18 – 36mo

+

Phase 3+

Continuous

Ongoing

OWASP Mobile Top 10 (2024)

#	Control	Status	Notes
M1	Improper credential usage	In Progress	Keychain / Keystore migration started
M2	Supply chain security	Pending	Lock deps, verify signatures
M3	Insecure authentication	Implemented	PKCE OAuth + step-up auth
M4	Input / output validation	Implemented	Zod on all API inputs
M5	Insecure communication	Partial	TLS done, cert pinning needed
M6	Privacy controls	Implemented	Privacy policy + consent live
M7	Binary protection	Pending	Android obfuscation needed
M8	Security misconfiguration	Fixed	user-scalable=no removed
M9	Insecure data storage	Partial	Audit localStorage needed
M10	Insufficient cryptography	Partial	Using platform crypto, audit needed

Controls by Layer

Mobile

4 / 8

PKCE OAuth flow
Biometric unlock
Zod input validation
Content-Security-Policy
Keychain migration
Cert pinning
Binary obfuscation
Device attestation

API / Microservices

5 / 7

Row-level security
JWT validation
Rate limiting
CORS whitelist
Input sanitisation
API versioning
WAF rules

Data & Comms

4 / 7

TLS 1.3 everywhere
AES-256 at rest
Secrets in env vars
Supabase RLS
localStorage audit
Cert pinning
E2E encryption

SDLC

3 / 6

PR reviews required
CI lint + type-check
Dependabot alerts
Dep signature verify
SAST scanner
SBOM generation

Operations / SIEM

2 / 6

Railway deploy logs
GitHub audit log
Centralised log drain
Auth failure alerts
Rate-limit alerts
Incident runbooks

SIEM Status

⚠ Phase 0 — Log drain not configured

Target: Centralised log aggregation across Railway, Supabase, and GitHub Actions

Priority use-cases:

Auth failure spikes
API rate-limit violations
Credential rotation events
Deployment anomaly detection
RLS policy bypass attempts

Recommended: Wazuh (open-source) or Elastic SIEM

Attestation Readiness

iOS — Apple App Attest / DeviceCheck

Not Implemented

Prerequisite: TestFlight build (PR #160 ready)
Phase: 2 (6 – 18 months)

Android — Play Integrity API

Not Implemented

Prerequisite: Play Store build
Phase: 2 (6 – 18 months)

Arm CCA

Phase 3 (2028+)

Note: Hardware rollout dependent (Armv9-A devices)
Status: Monitoring ecosystem readiness

CI / CD Pipeline Status

GitHub Actions — vaultfolio/platform — last run per workflow

✅ Main branch healthy — all failures are on dependabot branches

CI Architecture

push to main ├─ Config Gate (validate-bookmarks) — blocks deploy on schema fail ├─ Deploy Web App (checks Config Gate → builds → Cloudflare Pages) ├─ Playwright E2E (7 specs × Desktop + Mobile Chrome) │ playwright-gate = required check before merge ├─ CodeQL Analysis └─ Security: Key Rotation Monitor / Chaos Tests

Data API Registry

13 endpoints · Live status · Auth source coverage

Endpoint	Category	Auth Source	Key Status	Fallback	Status	Notes

Milestones

GitHub milestones — progress and issue breakdown

Equity & Team

Cap table, share units & team directory

Equity Structure

Share Units — Earned to Date

Team Member	Role	SU Earned	SU Potential	Open Issues	Joined

Team Directory

GitHub Tasks

Issue tracker — vaultfolio/platform

#	Priority	Title	Labels	Milestone	Date	Status	Handler	Owner

Trading Cards — Sub-Category Coverage

PSA, BGS, and CGC grading coverage across all trading card sub-categories

Sub-Category	Grading Auth	Data Source	Status	PSA Coverage	BGS Coverage

PSA API live — cert lookup returns grade, player, year, set for ALL card types listed above. BGS via eBay title parse fallback. CGC planned for TCG cards.

Conflicts Register

Influencer conflict of interest analysis — review before outreach

Rank	Name	Category	Conflict Level	Conflict Type	Detail	Mitigation	Known Exclusive Deals

Influencer Pipeline

Top 25 target influencers for outreach

AI vs Computer Task Classifier

Route every task to the right execution mode

AI handles thinking, drafting, analysis and research. Computer handles clicking, form-filling, system navigation, and real-world tool interaction. Every open task is classified below.

🤖 AI Tasks (Standard LLM)

Strategy drafts, GTM plans, outreach copy
Architecture reasoning and code generation
Requirements refinement and spec writing
Issue decomposition and documentation
Launch checklist drafting and analysis
Data source research and competitive analysis
Influencer angle strategy
Legal document drafts (NDA, IP disclosure)
Financial modelling and projections
Summary of previous sessions

💻 Computer Tasks (Browser Execution)

Logging into admin consoles (Railway, Cloudflare, Supabase dashboard)
Deploying to Railway/Cloudflare — pushing builds
Verifying UI in live app (camera test, auth flows)
Enrolling in API portals (Brickset, PCGS, Artsy, Numista)
Google Admin — managed bookmarks update
GitHub — reviewing and merging PRs
Supabase dashboard — applying migrations manually
PSA API enrollment and key retrieval
App Store Connect — TestFlight uploads
Running live browser Playwright tests manually

Open Issue Classification

#	Priority	Title	Labels	Handler

Camera QA

Feature matrix — cross-platform testing status (click cells to toggle)

Feature	iOS Safari	Android Chrome	Desktop Chrome	Desktop Firefox	Notes

Known Issues

Spend Tracker

12-month projected spend breakdown — Apr 2026 to Mar 2027

Monthly Spend by Category

Cumulative Spend

Spend Summary

Category	Apr 2026 (Actual)	Projected Annual

💰 Revenue Model

VaultFolio revenue streams — free vs premium breakdown with projections

Revenue Projection by User Milestone

Mix: 30% subscriptions · 40% API revenue · 20% referrals · 10% brand/ads

Currently Live Revenue Features

✅ eBay Click to Sell (listing endpoint)

✅ VaultFolio Vault (item storage)

✅ VF-500 API (market data)

✅ PSA/BGS cert lookup (enrichment)

⏳ Stripe (not yet connected — issue #64)

Capability Maturity

Platform capability readiness — 5-stage maturity model

1 = Defined 2 = Built 3 = Operational 4 = Customer-Ready 5 = Revenue-Producing

Timeline

Unified chronological stream of all project events

—

Total Commits

—

PRs Merged Today

—

Issues Closed This Week

—

Last Deploy

Legal

Trademark register, compliance checklist, store gates & legal deadlines

Trademark Register

Mark	Classes	Jurisdiction	Status	Filed	Notes
VaultFolio	9, 35, 42	Australia	Pending	—	#1
VF-500	9, 36	Australia	Pending	—	#2
VAULT SCORE	9, 36	Australia	Pending	—	#9
NEAR YOU	9, 35	Australia	Pending	—	#9
VaultFolio	9, 35, 42	International (EU/US/NZ/SG/JP)	Not Started	—	#8

Legal Compliance Checklist

Item	Status	Required By	Notes
ABN Registration	Pending	Australian law	#3
Privacy Policy	Live	Privacy Act 1988	app.vaultfolio.ai/#/privacy
Terms of Service	Live	App Store §5.1.1	app.vaultfolio.ai/#/terms
Cookie Consent	Live	GDPR / Privacy Act	In-app banner
Account Deletion	Live	App Store §5.1.1	`DELETE /api/v1/user/me`
GDPR Compliance	In Progress	GDPR Art. 17	Data export not yet built
Australian Privacy Principles	In Progress	Privacy Act 1988	APP 1–13 addressed in policy
Sign in with Apple	Live	App Store rules	auth.vaultfolio.ai
Data Breach Notification	Pending	NDB Scheme	Need incident response plan
Notifiable Data Breaches plan	Pending	NDB Scheme	Required before commercial launch

App Store & Play Store Legal Gates

iOS (App Store)

Privacy Policy URL Set

Terms URL Set

Age Rating Need to set (12+)

Content Rights Pending

Advertising Identifier (IDFA) N/A

App Privacy Labels Need to complete

Sign in with Apple Live

Android (Play Store)

Privacy Policy Set

Data Safety Form Not started

Target API Level TBC (must be ≥ 34)

Content Rating Pending

Key Dates / Deadlines

ABN registration

Required before first revenue
VaultFolio trademark filing

Required before App Store launch
App Store Privacy Labels

Required before App Store submission
Google Play Data Safety Form

Required before Play Store submission

GitHub Issue Links

🎯 Competitor Analysis

Deep competitor landscape — threat assessment and feature comparison

Feature Comparison Matrix

🏆

VaultFolio's Unique Position

VaultFolio is the only platform that combines: vault tracking + live scanning + cert lookup + eBay sell + market data + gamification across 15+ categories — with a free tier.

Project Dashboard

Launch readiness — issue tracking, progress & blockers

⚠ GitHub API rate limit reached (60 req/hr unauthenticated). Showing cached data.

Mint

NFT provenance protocol — mint activity, coverage heatmap & chain integrity

Total Mints

0

Verified Mints

0

Categories with Mints

0

Provenance Events

0

Mint Activity Feed

Cert #	Grader	Grade	Item	Minted	Confidence	Tx Hash
Loading mint activity…

Coverage Heatmap

VF-500 Methodology Audit

Index Integrity Status

Methodology version v1.0

Last calculation hash —

eBay ✓ Active

PriceCharting ✓ Active

Discogs ✓ Active

Wash trade detector —

Outlier filter (3σ) —

Source diversity check (2+ sources) —

Total index constituents —

Methodology docs docs.vaultfolio.ai/methodology

Challenge Log

No disputes recorded

Railway

Railway infrastructure — services, deploys & uptime monitoring

Services

Service	Type	Env	Status	Region	Runtime	Domain	CPU	Memory	Disk	Cost/mo	Deploys	Last Deploy	Uptime %	Reqs/24h

Recent Deploys

#	Service	Status	Trigger	Commit	Message	Branch	Author	Build	Deploy	Image	Created

Supabase

Supabase project — database, auth, API & storage monitoring

Daily Metrics (7-day trend)

Date	DB Size	Tables	Rows	Conns	CPU %	Mem %	API Reqs	Bandwidth	Active Users	Realtime	Notes

Table Inventory (48 tables)

Table	Category	Rows	Table Size	Index Size	Total Size	RLS	Policies	Columns	FKs	Indexes	Seq Scans	Idx Scans	Dead Tuples	Health