OP OperixHealthcare Operations Docs
HR1-style shell Coverage
Controlled access posture

Enterprise Controls

Current state of enterprise-grade controls around auditability, token scope, invite security, and restricted operational access.

AuditabilityScoped tokensRestricted modeInvite links
Details

Current Controls

This release pushes Operix toward enterprise expectations without pretending the roadmap is finished.

  • Scoped private API tokens with optional clinic pinning and revocation.
  • Secure clinic invite acceptance links with expiry and revocation state.
  • Queued audit export jobs for platform activity, memberships, lifecycle, clinic AI, clinic communications, and commercial evidence bundles.
  • Platform-admin IP allowlists, session-age policy, and TOTP-by-role enforcement through one access-policy surface.
  • Commercial restricted mode that blocks ordinary tenant operations while preserving plan, readiness, and review-safe surfaces.
  • Webhook and lifecycle event logs for commercial and clinic state transitions.
  • Token revocation on clinic suspension, archive, or membership suspension so private access tracks real entitlement state.