A relationship-manager view where client context, model proposal, signature, and follow-up care orbit around the same human account.
Institutional Finance Design System
244 catalogued categories across nine domains — trading, compliance, AML, AI, enterprise SaaS, data — each carrying its own decision logic, regulatory anchor, and accessibility contract. One file. Versioned, hand-coded, maintained.
The Domain Map
Nine domains, from raw tokens to sanctions screening. Pick one — it filters the whole catalogue, sidebar included.
What an entry actually carries
115 registers · 84 cite a regulation · 20 frameworks · 2 themes · AA baseline
Not a screenshot — a component you can operate, plus the reasoning that produced it.
Rendered from the same tokens as production, in both themes. Not a picture of the component — the component.
The situation it was built for, stated plainly enough that a PM can check it against a ticket.
What it should refuse, and what to reach for instead. A system that can’t say no isn’t a system.
Keyboard path, focus order, contrast ratio, reduced-motion — written as a contract, not an aspiration.
The rule it answers to — ASIC RG 268, MiFID II Art 24–27, FINRA 2111, SEC 17a-4, SR 11-7, GDPR, WCAG 2.1 AA. A citation, not a vibe.
Honest scope: 115 entries carry the full four-cell register. Foundations, token pages and labs carry the cells that apply to them — a colour ramp has no when not to.
Live Implementations
Run the system. Don’t read about it.
- A versioned component contract for trading platforms, KYC flows, advisor dashboards, and compliance surfaces
- Tokens exposed as CSS custom properties, JSON, and Tailwind config — see Code Export
- WCAG 2.1 AA baseline + Finance-Specific Accessibility extensions (deuteranopia-safe semantic palette)
- Production-tested across 40+ jurisdictions including ASIC RG 268, MiFID II Art 24-27, FINRA 2111, SEC 17a-4
- AI Skill Set: added the runs-anywhere tool strip (12 third-party AI tools, honest no-affiliation caption) — the 40 Markdown skills are vendor-neutral by construction.
- Not an incumbent terminal clone — opinionated decisions, not parity
- Not a marketing site framework — every component carries an institutional use case
- Not a generic "design system in a box" — built around regulated-finance constraints
- Not auto-generated from Figma — every component is hand-coded, audited, and versioned
Design Principles
AI Skill Set
Forty repeatable, AI-assisted working methods for absorbing unfamiliar, C-level, cross-functional work quickly — while keeping the qualified professional in the loop. Each is downloadable as a Markdown skill file, grouped into eight domains and searchable below. Every one is a working method, not professional advice.
The value isn't the list — it's the routing. Each brief loads only the skills it needs into a live pipeline, so I start on the deadline, not after a ramp.
Cognitive-Behavioral Toolkit
Stay clear and steady under high-pressure, high-ambiguity C-level load — as workplace self-management.
- Thought recording & cognitive reframing
- Behavioral experiment design
- Emotion-regulation techniques
Career Development Strategist
Turn a vague career question into a sequenced plan, a negotiation script, and a defensible decision.
- Career-path planning
- Salary-negotiation scripts
- Career-change decision analysis
Financial-Grade Accessibility Audit
A first-pass WCAG audit a fintech team can act on — findings, fixes, and how the standards are moving.
- WCAG item-by-item audit (2.1 / 2.2 AA)
- Remediation code suggestions
- Standards-evolution tracking
Academic Paper Writing
Structure a defensible manuscript fast — from literature map to argument spine to submission-ready format.
- Literature review synthesis
- Argument-structure suggestions
- Journal formatting & submission
Product & Market Analysis
A directional read on demand, pricing, and opportunity before capital or inventory is committed.
- Demand & trend analysis
- Competitor pricing comparison
- Product-selection opportunity scoring
GDPR Data-Privacy Operations
Map the data flows, redline the processor terms, and plan a lawful cross-border transfer — for the DPO to sign off.
- Data-flow inventory (Art. 30 ROPA)
- DPA clause review (Art. 28)
- Cross-border transfer mechanisms
US Tax Law Navigator
Issue-spot and organise the records so a CPA or tax attorney starts from a clear, well-cited map — not a blank page.
- Federal / state comparison
- Deduction & credit strategy (illustrative)
- Cross-border tax risk assessment
SEO Strategy
Find the ranking opportunities, fix the technical debt, and plan the content that earns them.
- Keyword opportunity analysis
- Technical SEO audit
- Content blueprint planning
Smart-Contract Audit
A first-pass vulnerability scan, gas review, and a report a professional auditor can verify and sign.
- Reentrancy / overflow scanning
- Gas optimization suggestions
- Audit report draft
Patent Search & Prior-Art
Map the prior art and the field so a patent attorney starts from evidence, not a blank page.
- Prior-art search strategy
- Patent-landscape analysis
- Patentability preliminary (issue map)
Web3 & Tokenomics
Design the token flows, phase the roadmap, and structure DAO governance — for counsel to review.
- Token-economic model design
- Product roadmap planning
- DAO governance mechanisms
Awwwards-Grade Web Design
Award-grade art direction, scroll storytelling, and interaction polish — accessible and fast by contract.
- Visual direction & typography
- Motion & scroll storytelling
- Interaction detail polish
AI Production Engineering
Ship models to production, cut inference cost, keep data pipelines stable, and backstop reliability and safety.
- Model deployment & serving
- Inference-cost & pipeline stability
- AI reliability & safety backstops
Intellectual Property
Patent strategy, trademark clearance, and copyright licensing — organised so an IP attorney starts from evidence.
- Patent application strategy
- Trademark infringement risk scan
- Copyright licensing clause review
COPPA Children's-Privacy Compliance
Review consent flows, map what's collected from under-13s, and track FTC enforcement — for privacy counsel.
- Consent-mechanism clause review
- Data-collection process comparison
- Enforcement-case update tracking
Workplace Psychology & Resilience
Manage stress and burnout, navigate conflict, and set boundaries — as workplace self-management.
- Stress & burnout management
- Conflict-communication strategy
- Boundary-setting
TypeScript Architecture
Model illegal states away, refactor large codebases safely, and set the frontend architecture.
- Type-system design review
- Large-project refactoring
- Frontend architecture best practices
Growth Marketing
Diagnose the funnel, design honest A/B tests, and read acquisition ROI without fooling yourself.
- Funnel diagnosis (AARRR)
- A/B test design
- Acquisition-channel ROI analysis
Brand Copywriting
Define the voice, write the product page, and land the tagline — with a claims flag for the reviewers.
- Brand-voice definition
- Product-page copy
- Campaign tagline ideation
US Securities Regulation (SEC)
Map registration vs exemption, disclosure obligations, and Reg BI / adviser conduct rules — as an issue map for counsel.
- Registration vs exemption mapping
- Disclosure & periodic-reporting
- Broker-dealer / adviser conduct rules
ISDA Derivatives Documentation
Map what the Schedule and CSA change from the defaults, and check confirmations against the Definitions — negotiation prep for counsel.
- Master & Schedule election mapping
- Credit Support Annex mechanics
- Confirmation & Definitions check
Output-Token Efficiency
Cut the token cost of an AI workflow at equal quality — audit the budget, restructure the output, gate the regression.
- Token-budget audit
- Prompt & output restructuring
- Cost governance & verification
Objectivity & Logical Rigor
Check a claim before it ships — separate claim from evidence, name the fallacies, steelman the other side, calibrate the confidence.
- Claim–evidence separation
- Fallacy & assumption audit
- Steelman & confidence calibration
Multi-Jurisdiction KYC/AML
Map AML duties across jurisdictions, gap-report against the program, and structure findings to feed the compliance stack.
- Multi-jurisdiction requirement mapping
- Automated gap & comparison reporting
- Integration with existing systems
Broker / Exchange Listing Readiness
Generate the admission checklist from the rulebook, track gaps to closure with reminders, and cross-reference prior cases.
- Automated review-checklist generation
- Gap tracking with reminders
- Historical-case cross-referencing
Socratic Facilitator
Draw out a person’s own best thinking — sharp questions, deliberate perspective-shifts, and a concrete action to close on.
- Socratic questioning
- Perspective shifting
- Action triggering
Fintech HR
Scorecards and interviews for compliance-sensitive roles, plus the fit-and-proper & accountability map a regulated hire carries.
- Regulated-role scorecards
- Regulatory-judgment interviews
- Fit-and-proper & accountability mapping
Corporate Management
Turn strategy into measurable objectives, design the operating cadence, and structure the decisions that matter.
- Strategy-to-objectives translation
- Operating cadence & reviews
- Decision structuring
EBITDA & Financial Analysis
Build defensible adjusted EBITDA with labelled add-backs, bridge the drivers, and frame valuation multiples — every number sourced.
- EBITDA build & normalisation
- Margin & variance decomposition
- Valuation-multiple framing
IPO & SPAC Readiness
Jurisdiction-configured listing prep — close and estimate the financials, match every required material and data point, sequence the path.
- Jurisdiction & path configuration
- Financial close & estimation
- Materials matching & data-room assembly
Persona Development
Turn real research into decision-useful personas — behaviour-clustered, evidence-anchored, activated into journeys and JTBD.
- Evidence intake & segmentation
- Persona synthesis
- Activation — journeys, JTBD, scenarios
n8n Automation
Turn a manual multi-tool process into a dependable n8n workflow — node mapping, debugging, then reliability, secrets, and cost.
- Workflow design & node mapping
- Building & debugging
- Reliability, security & cost
Video Director Prompt
Director-grade prompts scaled to length — a 10-second beat, a 1-minute sequence, or a 30-minute program decomposed into shots with continuity.
- 10-second shot — single beat
- 1-minute sequence — multi-shot continuity
- 30-minute program — structured decomposition
Reading & Learning Coaching
Learn faster and remember longer with evidence-based methods — retrieval practice, spaced repetition, interleaving, Feynman, active reading.
- Diagnose & goal-set
- Evidence-based study system
- Reading comprehension & retention
CFA Level III Analysis
Portfolio management and private-wealth planning at Level III depth — capital-market expectations, asset allocation, IPS, risk and performance.
- Capital-market expectations & allocation
- Portfolio construction & IPS
- Risk, behavioral finance & performance
CPA Accounting
Financial accounting and reporting the way a CPA works — journal entries, statement prep and close, GAAP/IFRS treatment and disclosure.
- Transaction analysis & journal entries
- Statement preparation & the close
- Standards, disclosure & controls
Mathematical Model Analysis
Build and stress a quantitative model honestly — formulate and state assumptions, solve and calibrate, then validate with sensitivity and uncertainty.
- Formulation & assumptions
- Solve & calibrate
- Validate, sensitivity & uncertainty
Logic Structuring
Untangle a messy problem or argument into a clear structure — MECE decomposition, dependency and assumption mapping, top-down synthesis.
- Decompose — MECE issue tree
- Map dependencies & assumptions
- Structure the synthesis
JavaScript Development
Modern vanilla-JS engineering done right — language and runtime fundamentals, DOM and browser APIs, then testing, performance and security.
- Language & runtime fundamentals
- Browser & DOM engineering
- Testing, performance & security
Canvas Web Animation
Performant web animation on the Canvas 2D API — motion design, the rAF render loop and particle systems, with a mandatory reduced-motion contract.
- Motion design — easing, spring, choreography
- Canvas engineering — rAF, particles, layering
- Performance & accessibility
Claude
ChatGPT
Codex
Gemini
Antigravity
Cursor
Grok
DeepSeek
Qwen
Figma MCP
Hermes Agent
OpenClaw
NVIDIA
Hugging Face
Ollama
n8n
Dify
ComfyUI
Cline
OpenCode
Monica
Z.ai
Each skill is a plain Markdown file — paste it into any assistant, load it as a Claude skill or agent brief, or serve it to a local open-weight model; nothing here is locked to one vendor. Logos identify third-party tools for context; no affiliation or endorsement is implied.
Eight concept applications
The catalog above isn't speculative. Every primitive is stress-tested across eight self-initiated concept applications spanning adjacent regulatory regimes — Reg BI, FINRA 2111, FATF, BSA, SEC 17a-4, SR 11-7, MiFID II, CSDR, FIX 4.4, SWIFT MT54x, T+1 settlement. One system, eight applications. Click any card to open the case study.
Xanthos — Private Bank
B2B2C private banking platform for UHNW clients ($28M+ net worth) and their relationship managers. 5 flows × 11 screens — portfolio dashboard, RM briefing, proposal acceptance, life event planning, 5-step onboarding. The RM is the primary tool user; the client experiences the bank through them.
TradeX — Institutional Hedge Fund Dashboard
Institutional risk dashboard built from primary research with PMs ($100M–$50B AUM). Causal intelligence overlays, liquidity stress visualisation, real-time alpha attribution, GenAI scenario stress testing. The dashboard an incumbent terminal structurally cannot build.
Argos — Cross-Asset Financial Crimes Platform
Cross-asset AML/CFT compliance platform — alert triage, investigator workspace, SAR filing, real-estate compliance, securities surveillance. 40+ screens, 4 user roles (L1/L2 Analyst, Investigator, Compliance Officer), AI co-pilot with explainable confidence scoring.
Aureus — B2C AI Wealth Hub
Translates UHNW private-banking fiduciary logic into a retail mobile experience. Four AI modules — Velocity Dashboard, Alternative Finder, Event Radar, Fiduciary Decision Room. 31 screens, working React prototype, 3 interactive demos, full 90-day persona journey.
ConnectX — Private Banking CRM
Relationship-manager CRM with four-tier AI autonomy governance — Read-Only, Suggest, Draft, Execute. Each tier carries explicit consent surfaces and audit hooks. The CRM the RM uses to talk to the AI without losing fiduciary sign-off.
Double-Blind — Fiduciary Protocol
Protocol design for AI-augmented fiduciary decisions. SHA-256-sealed commit captures the analyst's hypothesis before the AI's recommendation is shown. Aligns with SR 11-7 model risk management and SEC Rule 17a-4 record retention.
Praxis Prime — F2B Prime Brokerage
Front-to-Back prime brokerage platform tracking a 2M-share institutional block trade across execution, risk, and T+1 settlement — bound by a single OrderID. 8 modules, 5,288 LOC React / TypeScript, FIX/SWIFT Diff Viewer signature feature.
Nova — Designing AI Trust in High-Stakes Finance
Design language for AI co-pilots in high-stakes financial decisions — explainability surfaces, confidence intervals, dissent capture, and the override boundary between human and machine. When the AI is wrong, the human's audit trail must show why they overrode it.
Beyond these eight concept applications, the same component contract is in shipped production at ACY Securities (150-component live system, 4 years, 100K+ traders, 0 material UX-tied findings), ACY Connect (FIX 4.4 institutional API, 12+ prime-broker clients), Finlogix Market Data (8 jurisdictions, 40+ markets), LogixTrader (4 audience types, multi-tenant OAuth widgets), and TradingCup (10K+ followers, 0 ASIC findings, ASIC RG 268 disclosure compliance). One catalog · eight concept stress-tests · five production deployments.
Beyond the enterprise — open-source engines
This catalog is built for regulated finance. But the discipline behind it —
tokens-first, accessible by contract, machine-readable — is how I build everywhere. Three open-source tools,
all MIT, all usable by a human and by an AI agent (MCP server + llms.txt): a
design-system API, a creative animation engine, and a React component registry. The point is range:
I don't only design rigid institutional surfaces — I think, design, and ship across the whole
spectrum, in the open.
eds-mcp
This very catalog, made machine-readable. A pure core engine drives an MCP server and a zero-dependency HTTP REST API (OpenAPI) that serve tokens, component contracts and regulatory anchors — so an AI agent reads them and generates compliant UI, audits accessibility, and scaffolds a conformance test. 29 tools over 65 institutional contracts in 14 domains — and, since v1.17.0, 118 consumer contracts in 11 more. The contract behind this showcase, exposed.
GalaxyJS
60 hand-tuned cosmic canvas animations + a UI kit, ~20 kB gzipped,
framework-free — drops into any page with one <script> tag. One shared rAF loop,
HiDPI, offscreen auto-pause, reduced-motion by contract. Proof I design for delight and performance,
not only for compliance density.
ReactΩ
31 copy-paste motion, interaction & physics React components you own outright —
installable by humans and AI agents via a CLI, shadcn, or an MCP server. A deterministic
registry + an llms.txt keep human docs and machine contracts from ever drifting. The same
discipline as this catalog, a different stack.
Ed Agent
The operating model behind this system, made runnable. One plain-English requirement runs nine human-gated lifecycle stages with two deliberation checkpoints — was the intent captured, and should you trust this? A squad swaps across five missions, drives eds-mcp to build compliant UI, and runs a red team, claim grounding and a self-correcting inner loop. Design judgment and the sign-off gates stay human.
// All four are git clone-able and npx-runnable today — and every
one
ships an MCP server, so an AI agent can use it without reading a line of docs. Human-editable, machine-operable.
The same hand that builds a regulated trading surface built these.
About this system
An editorial stance — why this catalog exists, who it's for, and what it isn't.
Why this exists
Most fintech design systems read like an extended Figma library — neat tiles of buttons, cards, and modals. That's a deliverable, not a system. Real design systems are contracts: between designers and engineers, between product and compliance, between the team that ships v1 and the team that maintains it three years later.
This catalog is the contract behind every case study on the portfolio. ACY's 150-component absorption of 8
regulatory rewrites without a rebuild cycle is this catalog. Christie's 260-year editorial restraint
translated into a private-banking onboarding flow is this catalog. The institutional terminal at
/demo-trading-terminal.html compiles down to tokens defined here.
How to read this catalog
The sidebar groups 251 categories into 18 domains. Three approaches:
- Designer scan — open Color, Typography, Spacing, then jump to a domain you care about (AML, Trading, Compliance).
- Engineer scan — open Tokens · Code Export first to grab CSS / JSON / Tailwind config, then copy any component snippet directly.
- HR / hiring manager scan — read this section, the Changelog, and pick three components from different domains. The breadth of regulatory citations across components is the signal you're looking for.
Engineering Extension: Live Storybook
This showcase is accompanied by a full Storybook component library. It acts as an engineering extension and verification layer where engineers, design system consumers, and frontend/tech leads can interact with live component variants, prop controls, states, and interactions. It demonstrates that every design decision considers strict implementation feasibility and is fundamentally R&D-ready.
What you won't find here
No external animation library, no marketing-page pattern dependency, no chart engine wrapper. This catalog
handles the regulated finance core — disclosures, surveillance, order entry, KYC, risk, audit, and a
small motion taxonomy for production UI states. Charts live in Lightweight Charts v4.2;
animations live in component-level CSS keyframes; marketing pages live in main.css outside this
surface.
Maintenance contract
Versions are SemVer. Breaking changes go in the changelog with migration guidance. New components arrive in batches with a regulatory anchor (you don't add a new disclosure pattern without naming the rule it serves). Tokens are immutable within a major version.
AI-Native Development
One machine-readable contract. A designer, a front-end engineer and an AI agent all read it — and none of them can invent a hex code or drop a disclosure.
A gallery is a deliverable. This is a contract — tokens as CSS / JSON / Tailwind, every component carrying its usage rules, props, a11y notes and the regulation it serves, served live over MCP. The speed comes from the agent. The correctness comes from the system, not from hoping the model gets it right.
The whole section in one picture. Nobody re-types anything, so nothing drifts — six consumers, one source of bytes. Everything below is just the detail of how each arrow works.
The decisive gap
- A Figma library a human re-types into code — design and code drift apart
- The AI guesses hex codes, spacing, and which component to use
- Compliance (risk warnings, disclosures, KYC gates) is bolted on afterward
- Demos wire mock data; real loading / empty / error / stale states get skipped
- Every regulated surface is rebuilt by hand — weeks per change
- One token contract (CSS / JSON / Tailwind) — the agent reads the exact values
- Every component ships when-to-use / when-not, props, a11y, regulatory anchor — the agent picks correctly
- Compliance lives in primitives the agent can't restyle away
- Components declare a data contract with all four states — the agent wires real streams
- A change propagates through tokens — minutes, zero rebuild
One token, every layer
Change a token once and it threads through every layer the agent
touches — the same value, no drift. Here is --accent expressed simultaneously across the stack:
Re-theme, or absorb a regulatory restyle, by editing layer 01. Layers 02–06 inherit it — the agent never edits a value it shouldn't.
One contract, three consumers
A designer, a front-end engineer and an agent are not three workflows. They are three doors onto the same bytes.
The design system is the MCP server
Not documentation an agent reads. Tools an agent calls — and that can answer no. Click a tool.
eds-mcp calls (v1.17.0 · 23
tools · 65 component contracts / 14 domains · zero-dependency, also served as an OpenAPI 3.1
REST
API). Payload shapes are simplified for reading; the tool names, the contracts and the refusal behaviour are
the real ones. Source
→The machine layer — fetchable, not described
This page spends a lot of words claiming an agent can read the system. So here is the system, as two files an agent can actually GET.
The contract, served as JSON
251 categories · 9 domains · 122 registers · 84 cite a regulation · 20 frameworks · 64 tokens × 2 themes
Every design token, both themes, exactly as the page resolves them. Not a copy that will drift — it is parsed out of the stylesheet this page renders with.
Every category, its domain, and — where it has one — the four cells: when to use, when not to, the a11y contract, and the regulatory anchor. Counts are read off the live page, never typed in.
Logos identify third-party tools; no affiliation or endorsement is implied. The point is not the list — it is that plain JSON over HTTP needs no integration at all. Anything that can fetch a URL is already a client.
No server, no SDK, no install. Two GETs and the agent has the whole contract.
The static files are the contract. The server is the contract plus the verbs — it can scaffold, lint, and refuse.
compliance_check can come back
BLOCK. A contract an agent can read is useful; a contract an agent can be refused by is
governance. eds-mcp on
GitHub →
The 2026 build loop
The loop, at a glance. Two human gates — state the intent, sign the diff. Everything between them runs unattended, four of the stages at the same time, and the compliance gate can refuse the build and send it back rather than filing a warning nobody reads.
-
Agent ingests the contractHumanPoints the agent at the token export + Storybook + MCP server.AILoads tokens, component metadata, and the 4-state data contracts.System guaranteesOne source of truth — no scraping screenshots, no guessing.
-
Human states intentHumanPlain language: “order ticket, ASIC risk warning, live price.”AIMaps intent to the right components by their usage metadata.System guarantees“When-not-to-use” rules stop the wrong component.
-
AI assembles from tokensHumanReviews the assembly, not the hex codes.AIComposes components referencing tokens — never raw values.System guaranteesToken-only: a theme or rule change still propagates later.
-
Compliance is enforcedHumanDoesn't have to remember the rule — it's structural.AICan't ship the surface without its required disclosure primitive.System guaranteesRisk warnings & KYC gates can't be styled away.
-
Live data bindsHumanSupplies the stream endpoint; the contract does the rest.AIWires the documented schema with loading / empty / error / stale states.System guaranteesReal data streaming, not happy-path mocks.
-
Human signs off at the diffHumanApproves a small, readable diff and owns the outcome.AISurfaces exactly what changed and why.System guaranteesSR 11-7 / SEC 17a-4 effective-challenge discipline on every commit.
How the whole build pipeline changes with AI
The component contract is one half. The other half is what AI does to the whole product pipeline. The classic flow is linear and finds problems late; with AI in the loop, every stage gains a draft-ahead and a predict-ahead layer, the stages overlap instead of queuing, and problems shift left — caught at design time, not discovered at QA/UAT where a fix costs the most.
Landing on a system you didn’t build
Most of the job is not designing the next screen. It is working out why the last one looks like that — fast, and without breaking anything.
The first thing I open is not a ticket — it is a request to DevOps and InfoSec: may I point AI at this history, what may leave the network, what is retained, for how long. If the answer is no, the answer is no; if it is “not to a vendor cloud,” the same stack runs on-prem. I want that decision in writing, from the people who own it. An AI workflow that starts by quietly exfiltrating your backlog is not a workflow, it is an incident.
Epics, stories and tickets from the last ~12 months, clustered into themes rather than read end-to-end: what shipped, what got reverted, and what keeps coming back. A bug that recurs three times is not a bug. It is a missing rule.
The Figma history against what is actually live. Where the two diverged is the interesting part — it is almost never laziness. It is a constraint nobody wrote down: a deadline, a vendor limit, a regulator’s comment.
If it is an app: Flutter or native? Does it consume a token layer, or a third-party
kit with its own opinions? Are colours #hex in the widgets? That one answer decides everything
downstream — whether a future change can propagate, or has to be rebuilt.
Now the unwritten constraints have names. You cannot redesign a system whose constraints you cannot state — and every constraint you cannot name is one you are about to break in the next sprint.
Straight into Confluence, where the team already looks: a decision register and a per-surface checklist, in the same four cells this catalogue uses — when to use, when not to, behaviour and a11y contract, regulatory anchor. Designers and engineers now cite the same page.
The register is already structured, so it also ships as a contract a machine can read. Same rules, two audiences — the page a human cites in a stand-up, and the tool an agent calls before it writes a line. The project stops being something you have to remember.
The sprint, with the contract in the middle
| Ceremony | What the PM brings | What I put in | What the contract enforces |
|---|---|---|---|
| Epic | The outcome and the deadline — in the PM’s language, not mine. | The surfaces it touches, and which of them are regulated. | Acceptance criteria drafted against real components, so “done” is checkable instead of arguable. |
| Refinement | Priority, scope, what is being cut. | Component IDs and the regulatory anchor, attached to the story. | The ticket now names the rule — nobody has to remember it at 5pm on a Friday. |
| Sprint | Nothing. This is the part that should be quiet. | Intent, then review of the diff — not the hex codes. | Dev scaffolds from the same contract: no raw hex, no missing disclosure, four data states. |
| QA | The acceptance criteria, unchanged since the epic. | The edge cases the register already lists under when not to. | Tests generated from the contract, not from a screenshot — and a11y is a gate, not a nice-to-have. |
| Retro | What hurt, and what we are changing. | Any new decision, written into the register the same day. | The rule set learns. Confluence and the MCP update together, so the page and the agent never disagree. |
Why the speed doesn't cost quality
--accent, --space-4,
--radius — never a literal. One edit re-themes everything, and the next regulatory restyle is a
token change, not a rebuild.
when-to-use, when-not, props, a11y notes, and
a regulatory anchor. The agent picks the right one for the right reason — the metadata is the guardrail.
loading,
empty, error, and stale — so AI-wired live streams (price ticks, FIX
OrdStatus, KYC progress) behave under real conditions, not just the happy path.
Prompt → component
For the enterprise: lower AI cost, total consistency
The same contract that makes an agent accurate makes it cheap. Serving targeted, reference-based slices over MCP — instead of pasting CSS and screenshots into the agent every turn — cuts both input and output tokens, and the correctness of the contract collapses the correction loops that quietly burn most of the budget. A measured example: a single targeted token slice is 78% smaller than shipping the whole token file.
60K input + 4K output
tokens (multi-turn agent re-reading CSS/screenshots, ~2.3 correction loops); MCP ≈ 6K input
+ 700 output (targeted retrieval, prompt-cache-friendly, ~1.1 loops). Token-per-request
assumptions are the conservative part; the loop reduction is where the real money is.The second lever: model-tier routing & output discipline
The calculator above is the retrieval-side saving — hand the agent a targeted slice instead of pasting whole files. The generation side is a second, independent lever that compounds with it:
- Model-tier routing — a small orchestrator (my own “hermes” router) sends each task to the cheapest model that can do it; the top model is reserved for genuinely hard reasoning, so most agent calls never touch it.
- Output discipline — agents are stopped from “thinking out loud” and forced into terse, structured output (output tokens are the expensive ones). Suppressed where safe, kept where correctness depends on it — regulated logic is never run terse.
- Context as keywords — compressed, keyword-shaped context with a persistent
DB_Structure.mdsource-of-truth the agents read and write back to, so compression doesn’t drift and errors are caught against one coherent spec.
- This is DesignOps cost governance, not ML infra — part of owning the company’s design-tooling and AI-API admin and budget (Figma, Adobe, OpenAI / Codex).
- Stacked with the MCP retrieval saving, the two levers cut spend an estimated ~60–80% versus naively routing everything to the top model — measured on my own workloads, not a universal guarantee.
- The actual figures live in a private usage dashboard, kept off the public site — available to walk through in an interview.
Auto-update & deploy
Change a token once; it reaches every consumer with no rebuild — because apps, docs, and agents all read the same contract and pull only the delta.
diff_since returns the delta.Consistency, guaranteed
manifest.json with per-file checksums is the
source of truth. Every team resolves to the same bytes — no “which version are you on?”Data residency — run the whole stack on-prem
When data can't leave the building — regulated finance, privacy-bound enterprises — the same MCP + agent stack runs entirely on your own hardware, not a vendor cloud.
gpt-oss-120b (Apache 2.0), Qwen3.5 122B-A10B (Apache 2.0), and
gemma4:31b-it-bf16. Served, not pre-trained — the honest scope.
tokens.json · components.json ·
server.js · build-manifest.js · manifest.json.
npm install && npm start and point your agent at it.
How to drive it
Domain-Expert Orchestration Studio
Pick a client brief. Watch the right domain experts — and only the right ones — engage, call eds-mcp, and return a precise, quantified build plan. The point a recruiter should take away: I read a need from several angles and route it through a multi-agent team that pulls exactly the components, tokens and regulatory anchors the brief requires. Not a token dump. Not a generic answer.
The expert team
Faithful to the real eds-mcp engine: every tool, component id and regulatory anchor above is
one the system actually exposes (v1.17.0 · 29 tools · 65 contracts · 14 domains). The
agents that sit out are the point as much as the ones that engage — the brief never pulls a
primitive, a token, or an expert it doesn’t need. Run it yourself: the open-source
eds-mcp repo ships a one-command lifecycle example (npm run example) that takes a one-line
requirement intake → planning → PRD → R&D → QA → launch and writes the real
artifacts — the regulation map, the spec, the compliant code, the QA reports and the conformance tests
— in about 70 ms. And the real, runnable version of this studio — the nine-agent,
human-gated orchestrator itself — is open-source: Ed Agent runs this exact lifecycle on your
machine and drops into any bot via MCP or an AGENTS.md brief. github.com/Edwson/Ed-Agent →
Why it’s fast — the queue, not the typing
I am not typing faster. The dependency graph is shorter, and I am only in it at the gates.
npm run example). The human side is the
gates — and those are the part I refuse to compress.Changelog & Version
SemVer · breaking changes called out · regulatory anchors per release.
- Seven corporate-action components, one new sidebar group. Stock Split, Reverse Split, Dividend Declaration, Dividend Payout, Ex-Dividend Timeline, Rights Issue, and Corporate Action Election — the events that adjust a position without a trade. Each carries the four-cell decision register and a jurisdiction-correct anchor: SEC Rule 10b-17 and FINRA UPC 11140 for record/ex-date notice, Nasdaq 5550(a)(2) / NYSE §802.01C for a reverse-split listing cure, IRC §1(h)(11) for qualified-dividend character, IRS 1099-DIV and IRC §3406 backup withholding for payouts, Securities Act §5 for a rights offering, and DTC voluntary-election deadlines with SEC Rule 17a-4(f) instruction retention.
- Honest by construction. A split shows position value unchanged, not a price crash; a
reverse split names the cash-in-lieu of fractional shares; a rights issue states that unexercised rights
lapse and non-participation dilutes; an election shows the no-instruction default as prominently as the
choices. Categories 244 → 251, decision registers 115 → 122;
the machine contract (
eds/components.json) regenerated to match.
- This page argued for 55 KB that an agent can read the system — and then gave it
nothing to read. The consumer sibling shipped
cds/*.json; the institutional system shipped a screenshot of an argument. Now it shipseds/tokens.jsonandeds/components.json— both generated from this page, never hand-written, so they cannot drift from what you are looking at. Discoverable from the<head>viarel="alternate"and a schema.org Dataset with twoDataDownloadentries, so a crawler finds the contract without parsing 2 MB of HTML. - Generating the contract immediately caught the page lying to itself. The header claimed 245 categories while the Domain Map — whose counts are read off the live DOM — summed to 244. The truth is 244 (252 sections minus the 8 overview/meta ones). Likewise the register count was stale at 113 (it is 115 since two registers were repaired), and “17 frameworks” was a hand-kept number: extracting the citations from the anchor cells and folding each to its issuing body gives 20. Every live surface now matches the contract file; the changelog history was left alone, because history is not edited.
- Two ways in, and the difference between them is the word no. Plain JSON over
HTTP needs no integration — anything that can fetch a URL is already a client, which is why the logo strip
is a fact and not a partnership claim. But JSON can only be read. The MCP server can be
asked, and
compliance_checkcan come back BLOCK. A contract an agent can read is useful; a contract an agent can be refused by is governance.
- The ARR waterfall was broken in three ways at once, and the worst one was not visual.
Its axis said
y=80is $24M, but the $18.4M bar was drawn toy=70— a bar labelled 18.4 that measured 25.7. Two value labels sat aty="-2", outside the viewBox, so +$0.4M and $24.1M simply never rendered. And the KPI cards underneath contradicted the chart above them: the bridge's own numbers give NRR 100% and GRR 86%, while the cards claimed 108% and 92%. Rebuilt from one scale, with connector lines, token colours, and figures chosen so that every card is derivable from the bars — the arithmetic is now printed under each one. A revenue bridge whose KPI cards don't reconcile with its own bars is worse than no chart: it is a chart that will be believed. - Two decision registers were rendering as plain body text.
#sec-ag-teamand#sec-ag-sopused.ds-logic-label/.ds-logic-text— class names that do not exist anywhere in the stylesheet. Same content, wrong contract. All 460 register cells now carry a real.ds-logic-klabel. .ds-changelog__tag--patchwas used but never defined, so two release tags rendered unstyled next to styled ones. (This entry uses it.)- The consumer CTAs were painted with the wrong token. Profile Follow,
notification Follow back, the DM send button and the story-ring + all used
--gold— which is this system's emphasis colour (the human gate, the ◆), not its action colour, and which resolves to a muted brown in the light theme. Muddy fill, near-black label. Worse, the DM unread badge was white on gold: 3.1:1, an outright AA failure on a page that audits everyone else for contrast. Added a real--cta/--cta-fgpair (5.6:1 light, ~6.5:1 dark) and pointed all five at it. An action deserves its own token, not a borrowed one. Swept the whole page rather than waiting to find them one at a time: the ISDA Clause Negotiator’s Resolve Clause was the last one (gold fill, and a hardcodedcolor:blacklabel). Every interactive element backed by--goldis now on--cta; the 16 that remain gold are decorative — avatars, sparkline fills, timeline dots — where an accent is exactly right. - Clean on the structural sweep: 0 duplicate element ids, 0 dead nav links, 0 unreachable sections, 0 inline handlers calling an undefined function, and — after this pass — 0 SVGs drawing outside their own viewBox. Known debt, quantified: 610 hardcoded hex values remain in live preview markup, against a page whose first principle is token-only. That is a separate, larger job.
- The section had grown dense enough to need a map. Two short inline SVG diagrams, both themed from tokens (no images, no library): a hub at the top — the contract in the centre, six consumers around it (designer, PM, front-end, AI agent, QA, production) — so the reader sees the whole argument before reading any of it; and a build-loop flowchart under the loop heading: intent → compose_flow → four parallel reads → scaffold → compliance gate → audit → sign the diff.
- Fixed on first look: the hub’s third line was wider than the hub (text overflowing its own box), “Sign the diff” ran past the right edge of the viewBox, the BLOCK arrowhead floated below the node it points at, and the SVG stretched to the full container width — inflating 12px labels to ~20px. Capped at 880px, gate labels centred, arrow lands on the box.
- The flowchart draws the thing the prose kept having to explain: a red dashed arrow looping from the compliance gate back to the scaffold. The gate refuses the build — it does not warn about it. Human gates keep the ◆-and-outline treatment used everywhere else on the page, so “a machine did this” and “a person did this” stay visually distinct.
- New: “Landing on a system you didn’t build.” Seven steps, and step 00 is asking permission — the first thing I open on a new project is not a ticket, it’s a request to DevOps and InfoSec: may I point AI at this history, what may leave the network, what is retained. If the answer is “not to a vendor cloud,” the same stack runs on-prem. An AI workflow that starts by quietly exfiltrating your backlog is not a workflow, it is an incident. Then: read the year of tickets (a bug that recurs three times is a missing rule), diff the Figma history against production (divergence is a constraint nobody wrote down), read the stack (Flutter? a token layer, or hardcoded hex in the widgets? — that one answer decides whether a change can propagate or must be rebuilt), name the constraints, write the rules back to Confluence, and give the project its own MCP.
- New: the sprint, with the contract in the middle. Epic → refinement → sprint → QA → retro, mapped across three columns: what the PM brings, what I put in, and what the contract enforces. Acceptance criteria drafted against real components (so “done” is checkable, not arguable); the ticket names the rule; tests generated from the contract, not from a screenshot; and every new decision written back the same day, so the Confluence page and the agent never disagree. Tool-agnostic by design — Jira + Confluence is what I use; Linear + Notion, Azure DevOps or Slack + Zoho map one-to-one. The tools change; the artefacts don’t.
- Why it matters: a system only three people understand is not a system — it is a hostage situation. Written rules are how you take a codebase back from whoever has been there longest, and they are the only version of institutional knowledge that survives someone resigning.
- New: the critical path, plotted. The studio showed which experts engage but never when — so the one thing a hiring manager actually wants to know (why this ships in days) was missing. Three views of the same nine stages: serial hand-off (8 queues, >50% of elapsed time is waiting, QA arrives last when a finding costs the most), orchestrated (regulation, risk, data and performance are independent reads — they run at once; the critical path is 5 stages, not 9, and compliance runs before the build), and three briefs at once.
- What “multi-line” actually means. Not doing three things at once with my hands — being the serial resource in three graphs that are otherwise parallel. The agents have no calendar; I do, so the design spends it only where judgment is required: stating the intent, and signing the diff. When brief B is BLOCKED on a missing SCA gate, briefs A and C don’t stop — the block is a machine verdict on one lane, not a meeting.
- Honest by construction: the chart is labelled a dependency model, not a stopwatch — it shows sequence and concurrency, not measured wall-clock. The one measured figure is machine-side (the eds-mcp lifecycle example writes the full artefact set in ~70 ms). The trace column header, which claimed calls ran “in sequence,” now says dependency order — because that was the whole point.
- New: “One contract, three consumers.” A designer, a front-end engineer and
an AI agent are not three workflows — they are three doors onto the same bytes. Switch between them
and see what each one actually opens: the palette plus the four-cell register;
npm iplus the four-state data contract; an MCP call plusremovable: false. Edit layer 01 and all three resolve to the new value on the next pull — nobody re-types anything, so nothing drifts. - New: the MCP console. The design system is not documentation an agent reads — it
is tools an agent calls, and that can answer no. Six real
eds-mcptools, each showing the request the agent sends and the payload the server returns: a 312-byte token slice instead of a 14 KB file; a contract carryingwhenNotToandremovable: false;lint_usagefailing a raw hex on WCAG 1.4.1;compliance_checkreturning a ship-blocking BLOCK;diff_sincereturning a 2.1 KB delta instead of a rebuild. - New: four agents, one contract. The relay view — design-agent composes the flow, build-agent scaffolds it token-only, compliance-agent refuses the build (missing ASIC RG 227 suitability gate), build-agent re-scaffolds, a11y-agent audits contrast and focus order, and the human signs the diff. The agents don’t coordinate by chatting; they coordinate by enforcing the same machine-readable rules. That is why one can overrule another: it isn’t being opinionated, it is quoting the contract. Speed comes from the agents. Safety comes from the system.
- Section subtitle and lede cut back; the
aidev-ledeinline margins and the token swatch converted to classes.
- New: The Domain Map. Nine domains — foundations, components, financial, compliance, AML, AI & ML, B2B & SaaS, patterns, data engineering — each card renders its category count from the live sidebar at runtime (never hand-written, so it cannot drift) and drives the existing domain filter. Breadth is now visible on the first screen instead of buried in the nav.
- New: “What an entry actually carries.” The depth counterpart — 113 four-cell decision registers (when to use / when not to / behaviour & a11y contract / anchor), 84 of which cite a named regulation across 20 frameworks. Honest scope stated inline: foundations and token pages carry only the cells that apply to them.
- Entry anatomy is a spec table, not a card of pills. The first cut dressed data (113 / 84 / 17) in the same pill language as the CTAs above it — wrong affordance — and split five prose cells into ragged columns. Rebuilt as one hairline-ruled row per cell, with the counts as a quiet mono data line.
- System Card rhythm pass. The content was right; it read as five equal-weight bands stacked into a wall. The stats now carry the weight (mono, tabular, larger), the receipts are demoted, the shouty uppercase body copy is sentence case, and the disc bullets are em-dash markers.
- Cut the waffle. Section subtitle, executive lede and the six design principles rewritten shorter and sharper; all remaining static inline styles in Getting Started converted to classes.
- The first screen is now the masthead and four ways in. The hero card is gone — Inter-black headline, eyebrow, pill buttons, floating white panel: a second, generic design language sitting directly under a Cormorant masthead. Also gone: the restated headline and the lede. The title and subtitle already say what this is; everything else was a second voice repeating them. What remains is four quiet mono links — where this ships, inspect tokens, live data, regulatory map — and then the Domain Map, which is the first thing on the page that is actually evidence.
- Removed the fake terminal mockup. A page that links to a real live trading terminal has no business opening with a screenshot of a pretend one — it was the weakest artefact on the page and it undercut the density it claimed. The hero is now a single editorial column; the Domain Map and the live implementations carry the weight.
- Expanded the AI Skill Set from 34 to 40 downloadable skills. Added CFA Level III Analysis (portfolio management & IPS), CPA Accounting (GAAP/IFRS treatment, close, disclosure), Mathematical Model Analysis (formulation, calibration, sensitivity/uncertainty), Logic Structuring (MECE decomposition, dependency mapping, top-down synthesis), JavaScript Development, and Canvas Web Animation — each honestly scoped (CFA is analysis, not investment advice; CPA is unaudited, not attest or tax; a model is a simplification, not a forecast).
- Made the set findable. The forty skills are now grouped into eight domains (finance & business, regulation & compliance, law & IP, engineering, design & web craft, analysis & reasoning, growth & writing, people & coaching) with a live search box and per-domain filter chips (counts included), event-delegated over static cards so download links and SEO stay intact.
- Meta section — the 245 component-category count is unchanged. Scoped
sk-styles, dual-theme via tokens.
- Expanded the AI Skill Set from 30 to 34 downloadable skills. Added Persona Development (behaviour-clustered, evidence-anchored personas activated into journeys and JTBD), n8n Automation (workflow design, debugging, and reliability/secrets/cost), Video Director Prompt (director-grade prompts scaled across 10-second, 1-minute, and 30-minute tiers), and Reading & Learning Coaching (retrieval practice, spaced repetition, interleaving, Feynman, active reading).
- Same honesty frame. Persona Development stays grounded in real research and refuses demographic stereotypes; n8n Automation gates every irreversible action behind a human and keeps secrets in the vault; Video Director Prompt is direction not guaranteed output, with no real-person likeness or protected IP; Reading & Learning Coaching is a study method, not a clinical assessment for dyslexia or ADHD — those route to a specialist.
- Added an “In practice” operating loop above the grid — a four-step routing model (exec brief → load Ed Agent + only the skills the brief needs → run in parallel → ship to fit) showing the set is loaded on demand into a live delivery pipeline, not admired as a list.
- Expanded the AI Skill Set from 27 to 30 downloadable skills. Added Corporate Management (strategy-to-objectives, operating cadence, decision structuring), EBITDA & Financial Analysis (EBITDA build & normalisation, margin/variance decomposition, valuation-multiple framing), and IPO & SPAC Readiness — a jurisdiction-configured listing-prep method (regime/path configuration, financial close & estimation, materials matching & data-room assembly) drawn from close C-level IPO/SPAC support.
- Same honesty frame, sharpened. IPO/SPAC Readiness is jurisdiction-first and evidence-backed but explicitly prepares, never attests: no audit, no eligibility, no valuation, no adequacy — every determination routes to securities counsel, PCAOB auditors, the underwriter/sponsor, and the CFO, with real anchors (Securities Act, Forms S-1/F-1/S-4, Reg S-K/S-X, SOX, ASX/UK/HK/SGX regimes, de-SPAC projection-liability caution). EBITDA carries the non-GAAP / Reg G reconciliation discipline and flags aggressive add-backs; Corporate Management structures the call and leaves it to the accountable executives.
- Meta section — the 245 component-category count is unchanged. Scoped
sk-styles, dual-theme via tokens, event-delegated download links.
- Expanded the AI Skill Set from 23 to 27 downloadable skills. Added Multi-Jurisdiction KYC/AML (per-jurisdiction requirement mapping, automated gap/comparison reporting, integration with existing compliance systems), Broker / Exchange Listing Readiness (rulebook checklist generation, gap tracking with reminders, historical-case cross-referencing), Socratic Facilitator (Socratic questioning, perspective shifting, action triggering), and Fintech HR (regulated-role scorecards, regulatory-judgment interviews, fit-and-proper & accountability mapping).
- Same honesty frame. The two regulated skills carry strong disclaimers with real anchors (FATF, FinCEN CDD 31 CFR 1010.230, EU AMLD, UK MLR 2017, AUSTRAC AML/CTF Act 2006; NYSE / Nasdaq 5000 / ASX Listing Rules) and route every determination to the MLRO, counsel, sponsor, and exchange; the facilitation skill routes distress and expert questions out rather than coaching around them; Fintech HR flags fairness and privacy for HR/legal and makes no hiring or fit-and-proper determination.
- Meta section — the 245 component-category count is unchanged. Scoped
sk-styles, dual-theme via tokens, event-delegated download links.
- Expanded the AI Skill Set from 19 to 23 downloadable skills. Added US Securities Regulation (SEC) (registration vs exemption, disclosure/reporting, Reg BI & adviser conduct), ISDA Derivatives Documentation (Master & Schedule elections, Credit Support Annex mechanics, Confirmation/Definitions checks), Output-Token Efficiency (token-budget audit, prompt/output restructuring, quality-gated cost governance), and Objectivity & Logical Rigor (claim–evidence separation, fallacy/assumption audit, steelman & confidence calibration).
- Same honesty frame. The two legal-sensitive skills (SEC, ISDA) carry strong “not legal advice” disclaimers with real citations (Securities Act §77a / Exchange Act §78 / Reg BI; 2002 ISDA Master §5–6, CSA, 2021 IRD Definitions) and escalate every conclusion to counsel; the two craft skills report measured results and calibrated confidence, never a portable percentage or a truth claim.
- Meta section — the 245 component-category count is unchanged. Scoped
sk-styles, dual-theme via tokens, event-delegated download links.
- Added an AI Skill Set overview section — 19 downloadable skills. Nineteen
repeatable, AI-assisted working methods for absorbing unfamiliar, C-level, cross-functional work quickly:
cognitive-behavioral, career development, financial-grade accessibility audit, academic writing,
product-market analysis, GDPR, US tax, SEO, smart-contract audit, patent search, Web3 & tokenomics,
Awwwards-grade web design, AI production engineering, intellectual property, COPPA children’s
privacy, TypeScript architecture, growth marketing, brand copywriting, and workplace psychology. Each
downloads as a Markdown skill file (
/skills/*.md) with frontmatter, a three-capability workflow, a worked example, and guardrails. - Honest by construction. Every skill carries a “What this is NOT” register — a working method, not professional advice. Legal, tax, medical, and security domains require qualified professional review, and the mental-health skills route crises to professionals and exclude any harmful technique. This is the same “AI produces, human judgment governs” discipline behind Ed Agent and eds-mcp.
- Meta section (like Overview) — the 245 component-category count is unchanged.
Scoped
sk-styles, dual-theme via tokens, reduced-motion safe, event-delegated download links.
- Added a Customer Support component group. Live Support Chat (deflection chips +
aria-livetranscript), Support Ticket & SLA tracker (colour-shifting deadline bar + status stepper), Help Center Search (combobox deflection with graceful escalation), and CSAT & Feedback capture (progressive-disclosure rating). Each carries the four-cell decision register with a real regulatory anchor (SEC 17a-4 records; FCA DISP / ASIC RG 271 complaint timeframes). - Added universal UI primitives. Scrollbar Variants (thin · minimal · fade · snap · progress — all token-driven and keyboard-scrollable) and a complete Call-to-Action vocabulary (primary → destructive, plus pill, block, icon-only, split, async-loading, and FAB) anchored to WCAG 2.1 target-size, focus, and name-role-value.
- Category count 239 → 245; synced across meta, JSON-LD, quickjump, command status, and the System Card. All new components are token dual-theme, reduced-motion-safe, and use event-delegated JS.
- Added Ed Agent to the open-source engines. A fourth card in “Beyond the
enterprise” — the nine-agent operating model behind this system, made runnable: one requirement
→ nine human-gated lifecycle stages, a squad that swaps by domain (code · marketing · contract ·
regulated-finance), a learning memory, and an MCP server /
AGENTS.mdbrief to drop into any bot. It drives eds-mcp for the regulated-finance build; design judgment and the sign-off gates stay human. - The Orchestration Studio now links to its real, runnable counterpart
(
github.com/Edwson/Ed-Agent). Machine layer synced — CreativeWorkmentions, the FAQ,ai-profile.jsonandllms.txtall reflect four open-source tools. Narrative addition — the 245 component-category count is unchanged.
- New interactive section — “Domain-Expert Orchestration Studio.” Pick a
client brief (AU KYC · EU payments · US advisory · UK lending · global AML · EU auth) and watch a
nine-strong multi-agent team engage selectively — each expert firing the specific eds-mcp tools
the brief needs (
compliance_check→find_by_regulation→compose_flow→audit_accessibility→scaffold_test) and returning a precise, quantified plan: the exact components, the regulatory anchors honoured, and only the tokens those components use, with a naive-vs-orchestrated contrast. - Faithful to the real engine. Every tool, component id and anchor mirrors eds-mcp v1.16.0 (23 tools · 65 contracts · 14 domains). The experts that sit out are the point: the brief never pulls a primitive, token, or expert it doesn’t need.
- Scoped
orc-styles, dual-theme via tokens, vanilla delegated JS, reduced-motion safe. Narrative/demo section — the 245 component-category count is unchanged.
- New section — “Beyond the enterprise — open-source engines.” Surfaces three open-source, MIT, AI-native tools alongside the financial catalog: eds-mcp (this design system as an MCP server + a zero-dependency HTTP REST API), GalaxyJS (60 cosmic canvas animations, ~20 kB, MCP + llms.txt), and ReactOmega (31-component AI-native React registry · CLI + shadcn + MCP). Each links to GitHub, a live playground, and a case study — evidence of range beyond regulated finance, all usable by humans and AI agents.
- AI-discovery weighting. Added a range FAQ (institutional-finance-and-beyond) plus
mentionsof the three repositories to the page JSON-LD; syncedai-profile.jsonandllms.txt. - Narrative section only — the 245 component-category count is unchanged.
- Transactions & Ledger — five new live components (Financial domain, no new filter pill): Deposit / Fund Account (method-aware fee + ETA + resulting balance), Withdrawal / Cash Out (available-balance and daily-limit guardrails with a text BLOCKED state), Transaction Detail (full single-record view with status in words), Transaction History (filter-by-type + search ledger), and an append-only Activity & Audit Log (sequence, severity, integrity hash). Anchored in NACHA / ISO 20022 / Reg E / SEC 17a-4(f) / SOC 2.
- Five new text-reveal animation studies alongside Stagger Text Reveal: Typewriter, Decode / Scramble, Word Fade-Up (blur), Mask Wipe (clip-path, text stays selectable), and 3D Char Flip — each screen-reader-safe (real sentence kept programmatic) and reduced-motion safe.
- Iconography +30 icons (49 → 79), payments/transaction-weighted, all inline SVG, still 5 semantic categories.
- Category count 229 → 239; synced across meta, JSON-LD, quickjump, and System Card.
Scoped
mtx-/txn-styles, dual-theme via tokens, vanilla delegated JS.
- Seven new live components — an end-to-end money-movement layer (folded into the
Financial domain, no new filter pill): a Payment Rail Selector (ACH / Same-Day ACH / Wire / RTP /
FedNow / SEPA / SWIFT with live speed, cost, cut-off, finality, limit), a Money Movement Tracker
(initiated → risk hold → clearing → settled, or a return with a real NACHA code), an FX
Quote Ticket (you-send / they-receive with mid-market markup shown in the open + re-pricing timer),
a Reconciliation Match (statement ↔ ledger, matched / unmatched / exception, manual-match
with audit note), a Payment Retry & Dunning ladder (reason-code-driven retry vs.
require-update), a Debit Mandate & Consent capture (live NACHA / SEPA mandate text, grant /
revoke), and a Payout Schedule (available / in-transit / reserve / next payout). Each carries its
NACHA / ISO 20022 / Reg E / SEPA / PSD2 / SOC 1 anchor in its decision logic; mirrors the
new
paymentsdomain in the eds-mcp server. - Category count 222 → 229; synced across meta, JSON-LD, quickjump, and System Card.
Scoped
pay-styles, dual-theme via tokens, vanilla delegated JS, reduced-motion safe.
- Three new live components — build an on-prem AI cluster (folded into AI & ML,
no new filter pill), modelled on EXO (
exo-explore/exo): a Cluster Topology & Memory Pool (add/remove Mac Studio nodes, pooled unified-memory readout, human visual + live machine-readable YAML manifest), a Model Fit & Topology-Aware Partitioning calculator (model + quant + context → est. memory, fits verdict, memory-weighted per-node shard split, Pipeline vs Tensor parallel), and a Distributed Inference & API Surface (streamed completion across the ring, tokens/sec, OpenAI/Claude/Ollama-compatible endpoint). Default = 2× M3 Ultra 128GB + 1× M3 Ultra 512GB = 768GB pooled. Grounded in EXO (RDMA over Thunderbolt 5, tensor parallel 1.8×/3.2×); memory figures labelled estimates. - Category count 219 → 222; synced across meta, JSON-LD, quickjump, and System Card.
Scoped
clx-styles, dual-theme via tokens, vanilla delegated JS, reduced-motion safe.
- Five new live components — build your own AI agent / skill cluster (folded into
the AI & ML domain, no new filter pill): an Agent Definition Builder (template-seeded,
NotebookLM-style editor that renders a live
agent.mdfrom name / role / model / system prompt / source URLs), a Skill Card Editor (liveSKILL.mdwith trigger keywords + resources, where the description is the routing signal), an Agent / Skill Cluster Manager (roster with keyword search, enable/draft toggles), an Expert Team Composer (Design / Code / Marketing / Contract presets that swap the agent roster — Executor / Reviewer / Copywriter / Data-Logic / SEO), and an Adversarial Workflow (SOP) (Diagnostic → Debate → Humanize → Final, with the de-AI constraints and output format). - Category count 214 → 219; synced across meta, JSON-LD, quickjump, and System Card.
Scoped
agm-/agw-styles, dual-theme via tokens, vanilla delegated JS, reduced-motion safe.
- Cross-Platform Rendering extended to cross-browser — a live browser & engine
switcher (Chrome, Edge, Opera, Arc, Brave, DuckDuckGo, Firefox, Tor) mapping eight browsers to three
engines (Blink / Gecko / WebKit), a feature-support matrix (
color-mix(),:has(), custom scrollbars,backdrop-filter, logical properties) with the@supportsfallback per feature, and the defensive contract (feature detection not UA sniffing, system fonts, fluidclamp()layout) that keeps layout pixel-stable on every browser. No new category — count stays 214.
- Eleven new live components across three domains — Tokens & AI Cost (Token Cost Calculator, Tokenizer Estimator, Context-Window Budget, Prompt-Cache Savings, Token Stream Meter), Data Engineering (Schema / Data-Contract Editor with live CREATE TABLE DDL, Data-Quality Profiler, Lineage DAG with upstream/downstream impact tracing, Typed Query Result Grid with type-aware sort, Delta / Version Diff), and a Cross-Platform Rendering section that re-renders one component with native macOS / Windows / Linux (GNOME) / Ubuntu window chrome, font stacks, scrollbars, and ⌘/Ctrl shortcut grammar.
- Category count 203 → 214; synced across meta, JSON-LD, quickjump, and System Card.
Scoped
tk-/dx-/osx-styles, dual-theme via tokens, vanilla delegated JS, reduced-motion safe.
- Data-residency block added to AI-Native Development — running the MCP + agent stack on-prem on enterprise hardware (verified: two NVIDIA DGX Spark / ConnectX, EXO-clustered Mac Studios; gpt-oss-120b, Qwen3.5 122B-A10B, gemma4:31b-it-bf16 served + LoRA-fine-tuned locally). Honest scope: served, not pre-trained.
- Visual cleanup — removed the coloured 3px left-rail accents from the lifecycle/proof/runs cards for a cleaner, less templated look.
- New “AI-Native Development” section — reframes the catalog as a machine-readable contract an AI agent consumes directly: the decisive gap vs an ordinary Figma library, a one-token-every-layer cascade (CSS → JSON → Tailwind → component → AI context → pixel), the 2026 build loop (human / AI / system-guarantee per step), four quality + data-streaming guarantees, an interactive prompt → component demo (order ticket / KYC EDD / AI sign-off), and how to drive it via the token export, Storybook, and the eds-mcp-server.
- Narrative section, no new component categories — count stays 203; tokens,
components, and exports unchanged. Scoped
aidev-styles, dual-theme, vanilla delegated JS.
- Micro-interactions (JS) — six pure-JS components: Count-Up Numbers (rAF ease-out,
tabular numerals), Easing Playground (real spring and bounce physics, not keyframe fakes), Toast Queue
(live manager: max-3 stack, eviction, pause-on-hover, aria-live split), Pointer Tilt Card (damped 3D +
glare, hover-device gated), Magnetic Button + Ripple (6px cap, keyboard ripple from center), and Stagger
Text Reveal (screen-reader-safe character split). Every demo no-ops to its final state under
prefers-reduced-motion. - Accessibility Lab · WCAG 2.1 AA — six live pattern demos: spec-accurate Contrast Checker (relative-luminance formula, AA/AAA grading), Focus Trap with escape + focus restore, Live Region Announcer (polite vs assertive with a visible log), Form Error Summary (GOV.UK-validated pattern with aria-describedby wiring), Skip Link (reveal-on-focus), and Touch Target Size (hit-area overlay, 24px failure vs padded fix). Each cites its success criteria by number.
- Heading semantics repaired sitewide — 63 sections that used
<div>titles converted to real<h2>(and subtitles to<p>): screen-reader users can now navigate all 203 categories by heading. - Category count 191 → 203; counts synced across meta, JSON-LD, quickjump, System Card, command status, and About.
- Two new animation domains, ten new interactive studies — Animation (SaaS): Command Palette Choreography, Plan Upgrade Morph (price odometer + feature cascade), Notification Sweep (sequential read-wave to inbox zero), Integration Handshake (packet flow, gold seal, honest fail/retry state), Workspace Provisioning (spinner-to-check sequence). Animation (Media): Player Morph (mini → theater spring), Chapter Scrub Ripple (eased seek + preview crossfade), Karaoke Caption Reveal (word-level gradient sweep), Story Ring Carousel (SVG countdown ring + layered parallax), Waveform Mood States (idle breathes / playing dances / buffering shimmers).
- Same contract as v1.5.3 — pure CSS + vanilla JS,
data-statedriven with the shareddata-ast-actionhandler, dual-theme tokens only, replay-safe, andprefers-reduced-motionfallbacks that keep the final state readable. Kept deliberately outside Animation Types per the taxonomy rule: types teach the vocabulary, these sections ship complete product moments. - Category count 189 → 191; counts synced across meta, JSON-LD, quickjump, System Card, command status, and About.
- Five complete animation studies added — Private Banking RM Journey Orbit, SaaS Deployment Rail, Consent Signature Ceremony, Permission Constellation, and Executive Insight Storyboard.
- Pure CSS + vanilla JS — no animation library added; interaction state is driven
by scoped
data-stateattributes, CSS transitions/keyframes, and small local event handlers. - Category count remains 189 — this release deepens the existing Animation Types section rather than adding separate catalog categories.
- Animation Types section added — entrance, exit, feedback, loading, data-change, and spatial-transition demos now live beside the existing motion-token reference.
- Production motion contract documented — each animation pattern names duration, easing, use case, risk boundary, and reduced-motion fallback.
- Total category count 188 → 189 — nav, quick filter count, System Card, SEO meta, SoftwareApplication JSON-LD, FAQ JSON-LD, and Getting Started copy aligned.
- Mobile shell hardened — header actions now collapse into a two-column control grid, search takes a full-width row, and the sidebar becomes a sticky horizontal navigation rail with domain filters preserved.
- Page-level overflow eliminated — 390px mobile emulation verifies
scrollWidth = clientWidthfor the overview, dark theme, and AI-filtered states. Hero copy, command-center preview, dense preview bodies, and wide tables now contain their own overflow instead of pushing the viewport. - Dark mobile contrast fixed — body-scoped theme tokens now respect
data-theme="dark", preventing the dark H1 from rendering over a light mobile background. - Getting Started refreshed — System Card bumped to v1.5.1, category count aligned to 188, domain count aligned to 18, and a responsive-readiness signal added to the first-screen evidence layer.
- SEC & ISDA Compliance — 10 new components: SEC Rule 10b5-1 Insider Trading Plan, SEC Form 4 Insider Transaction Ledger, SEC Rule 15c3-3 Customer Protection Reserve Calculator, SEC Reg BI Disclosure Gate, SEC Rule 17a-4 Storage Seal (WORM), ISDA CSA Margin Call Calculator, ISDA Master Agreement Clause Negotiator, ISDA Taxonomy UPI Resolver, ISDA SIMM Risk Exposure Matrix, and ISDA Resolution Stay Protocol Status.
- Total category count 177 → 188
- Artificial Intelligence — 10 new components: Safety Guardrails (LlamaGuard/EU AI Act), RAG Citation Map (SEC/Prospectus chunk mapping), Cost & Token Budget (slider tracker), Agent Loop Execution (DAG flow), Uncertainty Heatmap (token entropy suggestions), Adversarial Prompt Tester (jailbreak matrix), RLHF Pairwise Arena (human preference feedback), Audit Trail Registry (cryptographically sealed blocks), Schema Validator (JSON validation & coercions), and Local Feature Attribution (Integrated Gradients / feature importance).
- Total category count 167 → 177
- Artificial Intelligence — 12 new components: Calibrated Confidence Badge (with a designed abstain state), Reasoning Chain, Autonomy Tier Selector (Ambient → Autonomous), Human Sign-off Gate (typed, hash-sealed), AI Suggestion Card (reject-with-reason as a first-class state), Streaming Response, Prompt Composer (context chips + injection-safe paste), AI Disclosure Label (EU AI Act Art. 50), Model Fallback Chain, Agent Tool-Call Trace, Grounding Indicator (claim-level), and Effective Challenge (SR 11-7 taxonomy + routing).
- Machine Learning — 6 new components: Model Card (with a do-not-use panel), Confusion Matrix (business-cost framing), Feature Importance (anti-causal caveat built in), Drift Monitor (PSI bands + label-delay honesty), Experiment Tracker (reproducibility as admission rule), and Champion–Challenger Gate (promotion blocked by a fairness regression — the blocked state is the point).
- Every new component ships with a ds-logic block (when to use / when not / behaviour
& a11y contract / regulatory anchor) and a new
AI & MLdomain filter. Grounded in shipped patterns: ConnectX autonomy tiers, Aureus Decision Room, Double-Blind sealed commits, Duo-Shou calibrated valuation, Ed's Agent fallback chain.
- ds-logic blocks — a four-cell decision-logic register (When to use / When not to & what instead / Behaviour & accessibility contract / Regulatory anchor) added to the 20 highest-stakes components: the full trading set (Order Entry, Trade Ticket, Order Status, SL/TP, Leverage Selector, Margin Panel, Risk Matrix, Order Book, Price Display) and the compliance set (KYC, Disclosure, Consent, Suitability, Audit Trail), plus the core primitives they compose from (Button, Input, Toggle, Modal, Alert, Data Table).
- Why — a component library shows what; a design system has to defend when and why not. Each anchor cites the governing pattern from production: FIX 35=8 state machine driving order UI, RG 268 modal-decay evidence, FinCEN CDD citation-beside-the-field, SEC 17a-4(f) append-only trail, FINRA 2111 gating.
- No component markup changed — documentation-only release; previews, tokens, and exports untouched.
- Visual polish layer — institutional finance treatment applied across all 149 component
previews in one cascade pass: Cormorant Garamond display + Inter UI body + JetBrains Mono numerals;
gold-accented section underlines and preview-header eyebrows; refined preview-card chrome (subtle
gold-tinted gradient surface + warm shadow + soft gold hover state); unified focus state
(
border-color: var(--gold)+ 3px gold halo) on every native input / select / textarea; Tabler-style chevron SVG replacing default native select arrows. - Component logic — sole-indicator discipline — fixed stacked-indicator bugs where active
states rendered two visual treatments simultaneously: tabs (Single Select / Combobox / Multi-Select)
suppressed the original inline
border-bottom: 2px solid var(--accent2)blue line so the new gold::afterunderline is the sole indicator; sidebar nav active state suppressed the inset blue ring + blue-tint background so the gold left-border + gold gradient is the sole highlight. - Layout-engine fix · full-bleed previews — the default
.ds-preview-body { display: flex; flex-wrap: wrap; }was forcing 60+ full-application components (KYC Stepper, Audit Trail, RBAC Permission Matrix, Multi-Approver Workflow, API Keys & Webhook Manager, etc.) to render as side-by-side flex items with the smaller toolbar/legend collapsing to the left half and the bigger panel squeezed to the right. Two scoped catch-all rules now detect the "I want my own layout" signal (inlinepadding:0orpadding:NNpxwithoutgap:ordisplay:set) and switch those previews todisplay: blockfull-width stacks. 18 padding-zero previews + 43 padding-NNpx previews protected — no further per-component edits required. - Custom control geometry preserved — toggle pills (
.c-toggle: 40×22), custom checkboxes (.c-checkbox: 18×18), and custom radios (.c-radio: 18×18) are now excluded from the universal native-control sizing rule via:not(.c-toggle):not(.c-checkbox):not(.c-radio), fixing the "label clipped to 'rk Mode' / 'yo-Factor Auth'" bug where pseudo-elements were overflowing collapsed boxes. Custom controls retint to gold via colour-only overrides — geometry untouched. - Filter pill polish — the left-sidebar domain filter (All / Foundations / Components / Financial / Compliance / AML / B2B & SaaS / Patterns) reskinned: outlined chips with gold hover border + active state inverts to dark-fill on bone-white text.
- Storybook v1.0 GA — the working component library at edwson.github.io/Ed_Storybook is now feature-complete for v1.0: 9 vanilla-HTML reference components (Button, Input, Select, Chip, Breadcrumb, Toast, Sparkline, Badge, Card) shipped with full Args/Controls panels, light + dark theme toggle, accessibility addon report (WCAG 2.1 AA verified), and copy-paste-ready HTML + CSS for every variant. This is the working dev library that complements the marketing showcase you are reading now.
- Git — clean commit boundary at this release; tag
v1.1.0applied. - No breaking changes from v1.0.x — all token names, component class names, and BEM contracts preserved. Body class hierarchy unchanged. Safe to upgrade in place.
- System Card pinned at top — version, scope, audience, maintainer signature
- New Tokens · Code Export module exposing color / typography / spacing / motion / elevation tokens as CSS, JSON, and Tailwind config (multi-format copy)
- Editorial stance section formalises why the system exists and how to read the catalog
- Promoted from 0.9.x. No breaking changes from 0.9.x — all token names preserved
- 10 AML Compliance components (Sanctions Screening, PEP Monitor, SAR Filing, UBO Graph, Ongoing Monitoring, Jurisdiction Heatmap, CDD Refresh, Typology Library, Regulatory Change Feed, Transaction Risk Scoring) — all anchored to FATF / FinCEN / EU AMLD6 / MAS / OFAC
- 10 B2B SaaS Platform components (Contract Lifecycle, Usage Pricing, Customer Health, Provisioning, Quota Dashboard, Incident Command, Audit Evidence, Partner Deal Reg, ARR Waterfall, SSO/SCIM Console)
- Total category count 126 → 146
- WCAG 2.1 AA contrast verified across all fg/bg pairs in core + semantic palettes
- Deuteranopia-safe semantic colors for trader-facing components (replaces standard red/green with blue/orange where context permits)
- Keyboard navigation documented for all interactive components
- Three density modes (HD / MD / LD) added across data table, order entry, and risk components
- HD targets institutional terminals (≤ 28px row height)
- LD targets retail / advisor portals (≥ 44px row height meeting Fitts'-law thresholds)
- Initial public catalog with 94 categories — UI primitives, financial domain, compliance, data display, social platform
- Light/dark theme via CSS custom properties
- Used as the artifact behind ACY Securities, ACY Connect, Finlogix, and Christie's case studies
Tokens · Code Export
Every foundation token in three formats — CSS custom properties, JSON, and Tailwind config. Copy whatever your stack needs.
Live Density Switcher
HD compresses trading rows, MD fits analyst dashboards, and LD gives client-facing flows more touch area.
Color tokens · with WCAG contrast
Core palette in dark mode. Each pair carries its computed contrast ratio against
--bg = #0a0a12. AA = ≥4.5 normal text · AAA = ≥7.0.
--text1#e8eaf014.8 : 1AAA--text2#8c95a65.6 : 1AA--text3#5a66783.2 : 1AA Large--accent#6495ed5.9 : 1AA--green#16825d3.4 : 1AA Large--red#c5303f4.7 : 1AA--gold#C9A9598.7 : 1AAA:root {
/* Core surfaces (dark mode) */
--bg: #0a0a12;
--surface: #12121e;
--surface2: #1a1c2e;
--border: #1e2030;
--border2: #2a2d42;
/* Text */
--text1: #e8eaf0;
--text2: #8c95a6;
--text3: #5a6678;
/* Brand + signal */
--accent: #6495ed;
--accent2: #7aabff;
--accent-fg: #0a0a12;
/* Semantic */
--green: #16825d;
--red: #c5303f;
--gold: #C9A959;
--purple: #7b1fa2;
}
{
"color": {
"bg": "#0a0a12",
"surface": "#12121e",
"surface2": "#1a1c2e",
"border": "#1e2030",
"border2": "#2a2d42",
"text": {
"1": "#e8eaf0",
"2": "#8c95a6",
"3": "#5a6678"
},
"accent": "#6495ed",
"accent2": "#7aabff",
"accentFg": "#0a0a12",
"green": "#16825d",
"red": "#c5303f",
"gold": "#C9A959",
"purple": "#7b1fa2"
}
}
// tailwind.config.js
module.exports = {
theme: {
extend: {
colors: {
bg: '#0a0a12',
surface: '#12121e',
surface2: '#1a1c2e',
border: '#1e2030',
border2: '#2a2d42',
text: {
1: '#e8eaf0',
2: '#8c95a6',
3: '#5a6678',
},
accent: '#6495ed',
accent2: '#7aabff',
accentFg: '#0a0a12',
green: '#16825d',
red: '#c5303f',
gold: '#C9A959',
purple: '#7b1fa2',
}
}
}
}
Typography tokens
7-step modular scale (1.25× ratio). System fonts for body, monospace for market data and code.
:root {
/* Family */
--font: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
--mono: 'SF Mono', 'Fira Code', 'Courier New', monospace;
/* Size scale (1.25× ratio) */
--text-xs: 0.75rem; /* 12px · captions, kbd */
--text-sm: 0.875rem; /* 14px · UI default */
--text-base: 1rem; /* 16px · body */
--text-lg: 1.125rem; /* 18px · H3 */
--text-xl: 1.5rem; /* 24px · H2 */
--text-2xl: 2rem; /* 32px · H1 */
--text-display: 3rem; /* 48px · hero */
/* Weight */
--weight-light: 300;
--weight-regular: 400;
--weight-semibold: 600;
--weight-bold: 700;
/* Line-height */
--leading-tight: 1.2;
--leading-snug: 1.45;
--leading-relaxed: 1.7;
}
{
"font": {
"family": {
"sans": "-apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif",
"mono": "'SF Mono', 'Fira Code', 'Courier New', monospace"
},
"size": {
"xs": "12px",
"sm": "14px",
"base": "16px",
"lg": "18px",
"xl": "24px",
"2xl": "32px",
"display": "48px"
},
"weight": {
"light": 300,
"regular": 400,
"semibold": 600,
"bold": 700
},
"leading": {
"tight": 1.2,
"snug": 1.45,
"relaxed": 1.7
}
}
}
// tailwind.config.js
module.exports = {
theme: {
extend: {
fontFamily: {
sans: ['-apple-system', 'BlinkMacSystemFont', 'Segoe UI', 'Roboto', 'sans-serif'],
mono: ['SF Mono', 'Fira Code', 'Courier New', 'monospace'],
},
fontSize: {
xs: ['0.75rem', { lineHeight: '1.45' }],
sm: ['0.875rem', { lineHeight: '1.45' }],
base: ['1rem', { lineHeight: '1.7' }],
lg: ['1.125rem', { lineHeight: '1.45' }],
xl: ['1.5rem', { lineHeight: '1.2' }],
'2xl': ['2rem', { lineHeight: '1.2' }],
display: ['3rem', { lineHeight: '1.2' }],
}
}
}
}
Spacing tokens · 4px base grid
Every gap, padding, and margin maps to this scale. Multiplier of 4 means 1px shifts compound predictably.
:root {
--space-1: 4px;
--space-2: 8px;
--space-3: 12px;
--space-4: 16px;
--space-5: 24px;
--space-6: 32px;
--space-7: 48px;
--space-8: 64px;
--space-9: 96px;
}
{
"space": {
"1": "4px",
"2": "8px",
"3": "12px",
"4": "16px",
"5": "24px",
"6": "32px",
"7": "48px",
"8": "64px",
"9": "96px"
}
}
// tailwind.config.js
module.exports = {
theme: {
extend: {
spacing: {
1: '4px',
2: '8px',
3: '12px',
4: '16px',
5: '24px',
6: '32px',
7: '48px',
8: '64px',
9: '96px',
}
}
}
}
Motion tokens · duration + easing
Four durations, three easings. Respect prefers-reduced-motion via the
--motion-allow guard.
:root {
/* Duration */
--duration-fast: 120ms; /* hover · focus */
--duration-base: 200ms; /* default UI */
--duration-slow: 320ms; /* drawer · modal */
--duration-slower: 500ms; /* page transitions */
/* Easing */
--ease: cubic-bezier(.2, .8, .2, 1); /* default */
--ease-out: cubic-bezier(0, 0, .2, 1); /* enters */
--ease-in: cubic-bezier(.4, 0, 1, 1); /* exits */
}
@media (prefers-reduced-motion: reduce) {
:root {
--duration-fast: 0ms;
--duration-base: 0ms;
--duration-slow: 0ms;
--duration-slower: 0ms;
}
}
{
"motion": {
"duration": {
"fast": "120ms",
"base": "200ms",
"slow": "320ms",
"slower": "500ms"
},
"easing": {
"default": "cubic-bezier(0.2, 0.8, 0.2, 1)",
"out": "cubic-bezier(0, 0, 0.2, 1)",
"in": "cubic-bezier(0.4, 0, 1, 1)"
}
}
}
// tailwind.config.js
module.exports = {
theme: {
extend: {
transitionDuration: {
fast: '120ms',
base: '200ms',
slow: '320ms',
slower: '500ms',
},
transitionTimingFunction: {
DEFAULT: 'cubic-bezier(0.2, 0.8, 0.2, 1)',
out: 'cubic-bezier(0, 0, 0.2, 1)',
in: 'cubic-bezier(0.4, 0, 1, 1)',
}
}
}
}
Elevation tokens · 4-step shadow ladder
Subtle gold-tinted shadows on dark surfaces for institutional warmth without losing data legibility.
:root {
--shadow-sm: 0 1px 2px rgba(0,0,0,0.45);
--shadow-md: 0 4px 12px rgba(0,0,0,0.40), 0 0 0 1px rgba(201,169,89,0.04);
--shadow-lg: 0 12px 32px rgba(0,0,0,0.55), 0 0 16px rgba(201,169,89,0.08);
--shadow-xl: 0 24px 64px rgba(0,0,0,0.65), 0 0 24px rgba(201,169,89,0.12);
--radius-sm: 4px;
--radius: 8px;
--radius-lg: 12px;
--radius-pill: 9999px;
}
{
"shadow": {
"sm": "0 1px 2px rgba(0,0,0,0.45)",
"md": "0 4px 12px rgba(0,0,0,0.40), 0 0 0 1px rgba(201,169,89,0.04)",
"lg": "0 12px 32px rgba(0,0,0,0.55), 0 0 16px rgba(201,169,89,0.08)",
"xl": "0 24px 64px rgba(0,0,0,0.65), 0 0 24px rgba(201,169,89,0.12)"
},
"radius": {
"sm": "4px",
"DEFAULT": "8px",
"lg": "12px",
"pill": "9999px"
}
}
// tailwind.config.js
module.exports = {
theme: {
extend: {
boxShadow: {
sm: '0 1px 2px rgba(0,0,0,0.45)',
md: '0 4px 12px rgba(0,0,0,0.40), 0 0 0 1px rgba(201,169,89,0.04)',
lg: '0 12px 32px rgba(0,0,0,0.55), 0 0 16px rgba(201,169,89,0.08)',
xl: '0 24px 64px rgba(0,0,0,0.65), 0 0 24px rgba(201,169,89,0.12)',
},
borderRadius: {
sm: '4px',
DEFAULT: '8px',
lg: '12px',
pill: '9999px',
}
}
}
}
Color
The color system supports visual hierarchy, accessibility, and product differentiation. All tokens respond to light/dark theme toggle.
Core Palette
Live Theme Switcher
Preview how core components react to token changes without leaving the color foundation.
Semantic Colors
Accessibility: Color-Blind Safe
Typography
A clear type hierarchy optimized for financial data density. System fonts for performance; monospace for market data.
Display / 48px / Weight 300
H1 / 32px / Weight 400
H2 / 24px / Weight 600
H3 / 18px / Weight 600
Body / 16px / Weight 400 / Line-height 1.7
Caption / 12px / Weight 600 / Uppercase
Monospace / Data / 14px
Spacing
A 4px base grid ensures consistent rhythm across all components. Spacing tokens scale from 4px to 96px.
| Token | Value | Usage |
|---|---|---|
--space-1 |
4px | Inline icon gaps, minimal padding |
--space-2 |
8px | Compact padding, tag gaps |
--space-3 |
12px | Input padding, button gaps |
--space-4 |
16px | Card padding, section gaps |
--space-6 |
24px | Content padding, grid gaps |
--space-8 |
32px | Section separation |
--space-12 |
48px | Major section margins |
--space-16 |
64px | Page-level spacing |
Elevation
Elevation communicates hierarchy and interactivity. Shadows scale from subtle borders to prominent overlays.
Iconography
Tabler-based SVG icon system — 5 semantic categories, 3 density sizes, consistent 2px stroke weight. Every icon is inline SVG for full colour control and zero network requests. Click any icon to copy its SVG.
| Token | HD (dense) | MD (default) | LD (comfortable) | Stroke | Usage |
|---|---|---|---|---|---|
--icon-xs |
12px | 14px | 16px | 1.5px | Inline text, badges, table cells |
--icon-sm |
14px | 16px | 18px | 2px | Buttons, input adornments |
--icon-md |
18px | 20px | 24px | 2px | Navigation, cards, tabs |
--icon-lg |
24px | 28px | 32px | 1.5px | Feature icons, empty states |
--icon-xl |
32px | 40px | 48px | 1.5px | Hero, onboarding illustrations |
Button
Buttons trigger actions. Variants communicate importance hierarchy from primary CTA to ghost actions.
Use for actions — submit, confirm, execute — never for navigation (that is a link). One primary button per view region; the hierarchy is the decision, not the decoration.
Do not use danger styling for emphasis — it is reserved for destructive or capital-committing actions, and those always pair with a confirm step. Avoid icon-only buttons for irreversible actions.
Loading state disables the control and sets aria-busy to prevent double-submit — in an order path, a double-click is a duplicate order. Focus ring is never removed, only restyled.
Destructive financial actions (close position, cancel all) require a typed or two-step confirm so the action leaves an auditable intent trail (SEC 17a-4 discipline).
Variants
Sizes
States
With Icons
Input
Form inputs for financial data entry. States communicate validation status for compliance workflows.
Use for free-form single-line entry. Labels are always visible — placeholder-as-label fails the moment a user starts typing, and screen readers lose context.
Do not validate on submit only. Financial forms validate pre-flight, field by field, because a round-trip costs latency the user can feel (the FIX order-entry budget is 8–12ms).
Errors bind via aria-describedby and never rely on colour alone. Numeric fields use inputmode + tabular-nums so digits align in review.
Fields collecting personal data show why beside the field — in-context citation reduced KYC support tickets and lifted completion in the EDD studies.
Toggle & Checkbox
Selection controls for settings and multi-choice forms.
Toggle is for instant-effect settings only — the state change IS the action. Checkbox is for declarations collected now, applied on submit.
Never use a toggle where a submit follows — the user cannot tell whether the change took effect. Never pre-tick consent checkboxes.
Both controls keep a 44px touch target regardless of visual size; state is announced via aria-checked, not colour.
Consent to data processing or marketing must be an explicit affirmative act — unticked by default, granular per purpose, with withdrawal on the same surface (GDPR / MiFID client-communication rules).
Badge & Tag
Status indicators and categorical labels for financial workflows.
Card
Cards group related content and data. Hover states signal interactivity.
Alert & Toast
Feedback patterns for system messages, confirmations, and compliance notifications.
Severity maps to consequence, not excitement: info (no action), warning (action may be needed), critical (action required now). The ladder is fixed system-wide so colour carries meaning.
Toasts auto-dismiss, so they never carry compliance-relevant or loss-relevant information — anything a user might need to prove they saw must persist until acknowledged.
Alerts announce via aria-live (polite for info, assertive for critical). Icons + colour dual-encode severity for colour-blind users.
Margin calls and trade rejections render as persistent banners with timestamps, never toasts — if it can end up in a dispute, it stays on screen and in the log.
Inline Alerts
Toast Notifications
Data Table
Sortable data tables for portfolio holdings, transaction history, and compliance logs.
The default register for financial data. Numbers right-align in tabular-nums; text left-aligns; headers are real th elements with scope.
Do not centre numeric columns or truncate identifiers (order IDs, ISINs) — truncation is how a wrong-instrument error survives review.
Sticky headers above 20 rows; sort state is visible and announced; density is a user setting, not a designer preference.
Columns that feed compliance review (timestamps, venue, status) are never hideable — configurability stops where the audit requirement starts.
| Asset Class | Allocation | Value | YTD Return |
|---|---|---|---|
| Equities | 42% | $10,291,008 | +12.4% |
| Fixed Income | 28% | $6,860,672 | +4.1% |
| Alternatives | 18% | $4,410,432 | +9.8% |
| Real Estate | 8% | $1,960,192 | +3.2% |
| Cash | 4% | $980,096 | +0.2% |
Progress
Progress indicators for onboarding flows, file uploads, and multi-step compliance processes.
Modal & Dialog
Modals for confirmations, signatures, and compliance acknowledgments. Focus-trapped with keyboard navigation (WCAG 2.1 AA).
Interrupt only when the user must decide before anything else can happen: irreversible actions, capital commitment, regulatory acknowledgement.
Do not use modals for repeat disclosures — the 18-month RG 268 study showed dismissal time decays from 18s to 0.6s as muscle memory forms. Repeat-exposure content belongs inline at the decision point.
Focus is trapped, Escape closes (unless legally gated), focus returns to the trigger on close. Exactly one primary action; the safe option is never visually dominant by accident.
When a modal carries a regulatory acknowledgement, the render event and dismissal are logged with timestamps — the audit trail is the deliverable, not the pixels.
Tooltip
Contextual hints for data points, regulatory terms, and abbreviations. Accessible via keyboard focus.
Avatar
User identity indicators for RM profiles, client accounts, and team displays.
Skeleton
Loading placeholders that maintain layout structure while data fetches. Reduces perceived latency.
Disclosure
Regulatory disclosure patterns for SEC, FINRA, and ASIC requirements. Expandable by default to meet visibility mandates while preserving UI cleanliness.
Disclosure is a render event, not a paragraph: jurisdiction-routed copy computed from client × product × licence, logged with a timestamp when it enters the viewport.
Never reuse one global disclosure string — the RG 268 engagement standard is jurisdiction-specific, and generic text fails it even when displayed correctly.
Contextual inline at the decision point beat modal and header-strip patterns across 18 months: 1.6s sustained read, 0.4% abandonment, and it survived two regulation revisions without redesign.
The backend event log is the deliverable — when the regulator asks 'was it shown, when, in what form', Legal answers from the log, not from a screenshot.
Risk Disclosure (ASIC)
Consent Flow
Stepped consent patterns for GDPR, COPPA, and financial services agreements. Consent is recorded with timestamp for audit trail compliance.
Granular, per-purpose consent collected at the moment the purpose becomes real — not a wall of checkboxes at signup for things that may never happen.
Pre-ticked boxes and bundled consent are design debt that becomes a finding. Decline is always as reachable as accept.
The consent record stores what was shown (copy version), when, and the affirmative act — versioned copy because the text at the time of consent is what was consented to.
Withdrawal lives on the same surface as the grant (GDPR Art. 7(3) symmetry) — burying revocation in support email is the anti-pattern this component exists to prevent.
KYC Stepper
Multi-step Know Your Customer onboarding. Progressive disclosure collects all AML/FINRA-required information across 5 validated steps — Identity, Source of Wealth, Entity Structure, Investment Policy, and Compliance Review.
Progressive disclosure, one question per screen — the 'dentist model': never show the whole instrument tray at once. Completion doubled (27% → 55%, GA4) when the wall became a corridor.
Do not front-load document upload — sequence identity → residency → income → source of funds so each ask is anchored by the trust built before it.
Save-and-resume via 30-day magic link, because UHNW clients need days to locate source-of-wealth documents. Abandonment is mostly a pause, not a refusal — unless you make resuming impossible.
Every intrusive question cites its regulation beside the field (FinCEN CDD 31 CFR § 1010.230, FATF Rec 10) — sophisticated clients respond to legal framing, not friendly copy.
Risk Warning
Contextual risk indicators for leveraged products, margin calls, and position sizing. ASIC and ESMA mandated visibility at point of action.
Suitability
FINRA Rule 2111 suitability assessment components. Captures risk tolerance, investment horizon, and financial situation for compliance-grade audit trails.
The FINRA 2111 / Reg BI gate rendered as product UI: the questionnaire scores into a profile, and the profile gates product access — visibly, with reasons.
Suitability is not advisory copy beside a buy button. If the gate can be scrolled past, it is not a gate — it is decoration that a plaintiff's lawyer will screenshot.
A failed gate routes to education and a cooling-off path, never to a retry-until-pass loop — retake limits are part of the control.
Answers, score, and gate outcome are stored against the copy version shown — the suitability decision must be reconstructable years later.
Session Timeout
Session management for authenticated financial portals. Preserves in-progress state and provides graceful re-authentication (WCAG 2.2.1 Timing Adjustable).
Session Expiring Soon
Your session will expire in 4:59. Any unsaved progress will be preserved. Click below to continue working.
Accordion
Expandable content panels for FAQ, regulatory disclosures, and progressive information architecture.
Tabs
Content segmentation for multi-view interfaces. Active tab maintains keyboard focus for WCAG compliance.
Breadcrumb
Navigation trail for deep hierarchies. Provides context within multi-level information architecture.
Pagination
Page navigation for transaction logs, audit trails, and large data sets.
Divider
Visual separators for content sections. Horizontal and labeled variants.
Or continue with
Regulatory Disclosure
Dropdown
Action menus and selection lists with keyboard navigation support.
Spinner
Loading indicators for asynchronous operations. Sizes scale with density mode.
Banner
Page-level announcements for system maintenance, regulatory updates, and critical alerts.
Empty State
Placeholder content when data is unavailable. Provides context and actionable next steps.
No Transactions Yet
Once your investment proposal is approved, transactions will appear here with full audit trail.
Drawer
Slide-out panels for detail views, filters, and secondary content without leaving context.
Client Details
File Upload
Document upload for KYC verification, tax forms, and compliance documentation.
Textarea
Multi-line text input for notes, descriptions, and compliance remarks.
Chip Select
Multi-select chips for filtering, tagging, and categorical selection.
Timeline
Chronological event display for audit trails, trade history, and compliance logs.
Stat / Metric
Key performance indicators and summary metrics for dashboards and reports.
Key-Value
Structured data display for account details, transaction records, and compliance metadata.
Link
Navigational links with accessible focus indicators. External links include visual indicator per WCAG.
Step Indicator
Compact horizontal step tracker for multi-step flows.
Price Display
Real-time price rendering with directional indicators, color coding, and flash-on-change animation.
The atomic unit of every trading surface. Tabular numerals, fixed decimal precision per instrument convention, tick direction encoded by colour AND glyph.
Never animate price changes with movement — a blinking or sliding price draws attention disproportionate to its information. Flash the background, not the position.
Colour-only tick direction fails colour-blind users on the highest-stakes signal on screen — the arrow glyph is non-negotiable.
A stale quote is a risk event: past the staleness threshold the price greys out and timestamps itself rather than silently showing the last print.
Order Entry
Trade execution form with buy/sell toggle, order type selection, and pre-trade risk check.
The highest-stakes form in the system. Validation is pre-flight and continuous — by the time SEND activates, rejection should be near-impossible.
No confirm modal on the hot path — it adds 300–500ms of human dismissal and trains click-through. Use reversible execution instead: one-click send, a visible 3-second cancel window on the blotter.
Keyboard-first: every field reachable without a mouse, shortcuts for size presets, Enter is never bound to SEND without explicit arming.
UI state is driven by the FIX ExecutionReport (35=8) state machine — what the venue says happened, not what the click intended. That distinction is the audit trail.
Position Card
Active position display with real-time P&L, entry price, and allocation weight.
Trade Ticket
Confirmation receipt for executed trades with compliance-grade audit metadata.
The decision surface: instrument, size, direction, and consequence in one frame. Margin impact and worst-case loss render before submit, not after.
Do not collapse the ticket into a one-tap buy button for leveraged products — friction at the point of leverage is a regulatory feature, not a UX failure.
Size steppers respect lot conventions; switching direction re-runs validation; everything visible at 360px width because the mobile ticket is the real ticket.
Suitability gating (FINRA 2111 / ASIC RG 227): if the client profile fails the product gate, the ticket routes to education — it never just hides the button.
P&L Display
Profit and loss rendering with directional formatting, color coding, and arrow indicators.
Watchlist Row
Compact instrument display for watchlists with sparkline area, last price, and change.
Sparkline
Inline mini-charts for trend visualization within table rows, cards, and compact displays.
Depth Indicator
Order book depth visualization showing bid/ask volume at each price level.
Heatmap Cell
Color-intensity cells for market sector performance, correlation matrices, and risk grids.
Order Book
Full bid/ask price ladder with quantity, cumulative depth bars, and spread highlight. Designed for HD-density trading terminals.
Level-2 depth where bar length encodes size and colour intensity encodes proximity to touch — the book's shape is readable before any number is.
Do not smooth or animate book updates for elegance — a book that moves prettily misrepresents microstructure. Updates snap; only the aggression highlight pulses.
Aggressor prints flash on the tape side, not the resting side — direction of initiative is the signal traders actually read.
Time priority is honest to the feed's granularity: if the feed is conflated, the UI says so rather than implying microsecond precision it does not have.
Instrument Header
Full instrument identity strip — symbol, name, exchange, asset class, currency, and live session status. Used at the top of charts and order panels.
Leverage Selector
Interactive leverage input with risk-level color gradient and maximum allowed indicator. Risk disclosure updates dynamically per ASIC/ESMA regulatory constraints.
Leverage selection renders the jurisdiction cap as a hard boundary — the selector physically cannot exceed the client's regulatory maximum.
Do not present leverage as a neutral slider to the max — the warning band begins at the threshold where margin-call probability inflects, not at the legal cap.
Each step shows the margin requirement consequence live; the control is a disclosure surface, not just an input.
Caps are config from the jurisdiction matrix (ASIC RG 227, ESMA intervention measures) — when a regulator moves the cap, the token updates, no rebuild.
Margin Panel
Account margin overview with used/available balance, margin level percentage, and warning thresholds. Color shifts to amber at 150% margin level and red at 110% (margin call zone).
Margin utilisation with three fixed thresholds (70 / 85 / 95%) that colour the entire panel context, plus projected utilisation on order hover — consequence before commitment.
Never hide the liquidation price behind a tap or tooltip — it is the single number a leveraged client must always see.
The panel is the same component on desktop dock and mobile sheet; thresholds and copy come from tokens, not per-platform forks.
Margin-call states persist with timestamps and are never auto-dismissed (dispute evidence). The 95% state pre-arms the deposit flow.
Order Status
State badges and inline status rows for the full order lifecycle. Each state maps to a deterministic UI color and icon to support rapid scanning in high-volume queues.
Maps FIX Tag 39 OrdStatus to user language: New, Partially Filled, Filled, Cancelled, Rejected — each with a distinct visual register.
Never collapse partial fills into a binary done/not-done — a PM managing a working order needs filled quantity, remaining, and average price at a glance.
Status transitions announce via aria-live; a rejection always carries the venue reason code translated into action language.
The status chip is the same component on the blotter, the ticket, and the position view — one source of truth for the same Tag 39 value everywhere.
SL / TP Config
Stop Loss and Take Profit configuration with pip distance, price equivalence, and estimated P&L impact. The dual-input layout reduces cognitive load by showing both absolute price and distance simultaneously.
Stop-loss / take-profit entry shows both the absolute price and the distance (% and currency) — traders think in both, and mismatch errors are expensive.
Never frame the stop as a percentage alone — loss is felt in currency. The projected loss at stop renders in account currency beside the field.
Values validate against tick size and minimum stop distance per instrument; invalid entries explain the constraint, not just reject.
Default SL/TP from the last trade was the single biggest abandonment fix in the order-flow study — defaults are a design decision with measurable money attached.
Volume Bar
Volume histogram showing today's trading activity relative to the 20-day average. Above-average bars are highlighted in accent color to signal unusual activity.
Time & Sales
Live execution tape showing individual trades with timestamp, aggressor side, price, and size. Color coding distinguishes buyer-initiated (green) from seller-initiated (red) trades.
Economic Calendar
Event row with impact tier indicator, consensus vs. previous values, and countdown. High-impact events trigger pre-event risk warnings in connected order entry components.
Session Clock
Multi-timezone market session display showing open/closed status for major exchanges. Critical for institutional traders managing positions across jurisdictions.
Allocation
Visual portfolio allocation breakdown across asset classes. The bar-based approach is preferred over pie charts in high-density trading UIs for accurate proportional comparison at small sizes.
Spread Display
Bid/ask spread visualization with pip value and cost-per-lot calculation. Tight spreads are shown in green; widening spreads during low liquidity shift to amber with a visual indicator.
Risk Matrix
Two-dimensional risk grid mapping position size against market volatility. Each cell's background intensity communicates aggregate risk level at a glance — designed to surface tail-risk concentrations without requiring mental arithmetic.
Concentration and exposure as a matrix where colour intensity AND a glyph encode severity — dual encoding because risk review includes colour-blind reviewers.
A heat cell is never a dead end: every cell drills to the evidence behind it (positions, metrics, conditions). A naked number a reviewer cannot interrogate is a compliance liability.
Keyboard navigation walks cells in reading order with the cell's full context announced — the matrix is a table semantically, a heatmap visually.
Built for the SR 11-7 effective-challenge standard: the surface exists so a human can challenge the model's aggregation, not just admire it.
Volatility ↓
<$50K
$50–200K
$200–1M
>$1M
Alert Config
Price alert configuration with condition logic, notification channel selection, and expiry. Supports absolute price, percentage move, and crossover triggers for professional traders managing multiple instruments.
Trade History
Closed position history row with entry/exit prices, duration, and realized P&L. Color-coded P&L with directional indicators enables rapid performance scanning across hundreds of historical trades.
Candlestick
OHLC candle display with body, wicks, and data annotation. The side panel shows Open / High / Low / Close values with directional color. Used in chart tooltips, trade review panels, and daily summary cards.
Screener
Instrument scanner with filter chips and ranked results. The chip-based filter pattern reduces the form footprint compared to dropdowns while keeping all active criteria visible — critical for traders who run multiple simultaneous scans.
| Symbol | Name | Price | Change | Volume | Rel. Vol |
|---|---|---|---|---|---|
| NVDA | NVIDIA Corp | 891.43 | +4.2% | 68.4M | 2.4× |
| META | Meta Platforms | 510.22 | +3.1% | 42.1M | 1.8× |
| AMD | Advanced Micro Devices | 188.74 | +2.8% | 38.7M | 1.4× |
Funding Rate
Perpetual swap funding rate display with next payment countdown, annualized rate, and long/short cost indication. Positive rates mean longs pay shorts; negative rates reverse the flow.
API Credential
API key management card with reveal/conceal toggle, one-click copy, environment badge, and expiry indicator. Designed for the ACY Connect institutional B2B onboarding flow — credential issuance is the final step before a counterparty can connect their trading system.
Quote Comparison
Multi-broker quote comparison for best execution analysis. Highlights the tightest spread and lowest slippage per column. Used in institutional prime brokerage dashboards to satisfy best execution obligations under MiFID II.
Stock Split
Forward-split notice: the ratio, the record and payable dates, and the before/after that proves position value is unchanged.
A corporate-action notice for a forward split (e.g. 4-for-1). Show share count up, price down, and total position value held constant — the split changes the denomination, not the wealth.
Do not render a split as a price crash on the chart. A split-adjusted history is required; an unadjusted line that shows −75% overnight is a data defect, not a price move. Use the Reverse Split component for consolidations.
Ratio, dates, and the value-unchanged fact are text, never colour alone; the before/after table reads as paired rows to a screen reader. Cost-basis-per-share adjustment is stated in words.
SEC Rule 10b-17 & FINRA UPC 11140 — timely issuer notice of the record date and ex-date; due-bill handling for trades between record and payable. Basis reallocated per IRS Pub 550 (a split is not a taxable event).
Reverse Split
Consolidation notice with the fractional-share cash-in-lieu term and the listing-compliance reason stated, not implied.
A reverse split (e.g. 1-for-10): shares down, price up, value held. Surface the reason honestly — often a minimum-bid-price cure — and disclose how fractional shares are handled.
Never present a reverse split as a 10× gain. The per-share price rises mechanically; wealth is unchanged. Do not hide the cash-in-lieu of fractional shares — it is a realised, taxable event for the holder.
The compliance reason and the fractional-share treatment are full sentences; the ratio badge is not the only signal. Cash-in-lieu amount is shown with its calculation basis.
SEC Rule 10b-17 record-date notice; listing cure under Nasdaq Rule 5550(a)(2) or NYSE §802.01C ($1 minimum bid). Fractional shares paid as cash-in-lieu; cost basis reallocated (IRS Pub 550).
Dividend Declaration
The four dates that govern a dividend — declaration, ex, record, payable — with per-share amount, yield, and tax character.
An income event notice. The four dates are the whole product: who owns before the ex-date gets paid. Show DPS, annualised yield, and whether the dividend is qualified.
Do not conflate declaration with payment — a declared dividend is not cash in the account. Use the Dividend Payout component for the settled credit and withholding.
Each date carries an explicit label; the ex-date (the ownership cutoff) is emphasised in words, not colour alone. Qualified-vs-ordinary status is stated because it changes the holder's tax.
FINRA UPC 11140 / SEC Rule 10b-17 set and notice the ex-date and record date; under T+1 (effective May 2024) the ex-date aligns to the record date. Qualified-dividend character per IRC §1(h)(11).
Dividend Payout
The settled credit: gross, withholding, and net stated in words — plus the reinvestment (DRIP) alternative and its price.
The payment confirmation on payable date: shares held × DPS = gross, less any withholding = net credited. If reinvested, show the DRIP purchase price and resulting fractional shares.
Do not show gross as the amount received when withholding applies — the net is what settles. Use the Dividend Declaration component for the forward-looking event, not the payment.
Gross, withholding, and net are separate labelled rows; the net is the emphasised figure. Withholding rate and basis are stated so the deduction is never a silent surprise.
Reported on IRS Form 1099-DIV; backup withholding at 24% under IRC §3406 where a valid TIN is absent. Non-resident withholding per the applicable tax treaty. DRIP reinvestment price disclosed.
Ex-Dividend Timeline
The corporate-action lifecycle as an ordered, labelled sequence — declaration to payable — with the current stage marked in text.
When the sequence and the current position in it matter more than any single date: to answer "have we passed the ex-date, and when does cash arrive." Each node is a real, named milestone.
Do not use a decorative progress bar with no dates — a timeline that can't say which day the ownership cutoff falls on is theatre. For a single event, use the Dividend Declaration card.
Rendered as an ordered list to assistive tech; the current stage is announced in words (aria-current), not by colour alone; each node carries its date. Reduced-motion shows the final state instantly.
FINRA UPC 11140 ex-dividend procedures; under T+1 settlement (SEC Rule 15c6-1, effective May 2024) the ex-date aligns with the record date, collapsing the legacy T+2 one-day gap.
-
DeclaredApr 08
-
Ex-Date · nowMay 09
-
RecordMay 09
-
PayableMay 16
Under T+1 the ex-date and record date fall on the same day. To receive this dividend, the position must be held before the May 09 ex-date.
Rights Issue
A rights offering: entitlement ratio, subscription price, the deadline, and what lapses if the holder does nothing.
When existing holders are offered new shares at a discount in proportion to their holding. Show the ratio, subscription price, the theoretical value of a right, and the hard deadline — rights expire.
Never present a rights issue as free upside. Unexercised rights lapse worthless (or are sold if transferable) and non-participation dilutes the holder. State both outcomes. For a mandatory event, use a different notice.
The deadline is a countable, labelled date with time zone; the lapse consequence is a full sentence. Oversubscription privilege and transferability are stated, not implied by an icon.
Registration and prospectus delivery under Securities Act §5 (or an available exemption) for the rights and underlying shares; subscription, oversubscription, and lapse terms disclosed. A voluntary election with a firm cut-off.
Corporate Action Election
A voluntary election between options — cash or stock — with the deadline, the default if the holder is silent, and the irrevocability stated.
When a holder must choose between outcomes (optional stock dividend, merger consideration, tender). The default — what happens on no instruction — is shown as prominently as the choices, because silence has a consequence.
Do not pre-select the option that benefits the broker, and never hide the default. For a mandatory action with no choice, use a notice, not an election — offering a choice that doesn't exist is misleading.
Radio options are keyboard-navigable with visible focus; the selected state is text + control, not colour alone; the deadline and default are read in words. Election is confirmed and its irreversibility disclosed before submit.
DTC voluntary-offer election deadlines govern the cut-off; instructions and their timestamps retained per SEC Rule 17a-4(f). The no-election default outcome is disclosed, and the election is irrevocable after the deadline.
Motion
Animation timing functions for transitions, micro-interactions, and loading states. Click each card to preview.
Animation Types
A motion taxonomy for production UI: entrance, exit, feedback, loading, data-change, and spatial transitions. Each pattern names its duration, easing, risk, and reduced-motion fallback.
Interactive Animation Studies
Five complete interaction studies for product contexts beyond trading: relationship management, SaaS deployment, consent ceremony, permission topology, and executive storytelling.
A release-command animation for build, test, canary, and production promotion without leaving the operator's mental model.
A high-trust signature moment where the animation confirms authorship, intent, and record capture.
A topology animation for enterprise SaaS admin consoles: roles light up as permission scope changes.
A boardroom-ready transformation between narrative and decision view, useful for SaaS executive dashboards and client advisory reviews.
Animation (SaaS)
Five complete interaction studies for SaaS product moments — command
execution, plan upgrade, inbox triage, integration handshake, and workspace provisioning. Pure CSS + vanilla
JS, state-driven (data-state), token-themed for both themes, with
prefers-reduced-motion fallbacks. Motion here is product feedback, not decoration: every study
animates a moment where the user needs confirmation that the system heard them.
Open, search, execute: the palette springs in over a defocused app, results stagger up, and the chosen action collapses the list into a single confirmation toast.
Starter becomes Pro without a page reload: the price odometer rolls, locked features unlock in sequence, and the card itself earns its highlight.
Mark-all-read as a single readable gesture: a wave moves down the list, unread dots collapse, the counter rolls to zero, and inbox-zero breathes.
Connecting two systems is a trust moment: packets travel, both nodes pulse, and success seals the line gold — while failure bounces the packet back with an honest retry countdown.
Four infrastructure steps light up in sequence — spinner to check, top to bottom — so a 30-second backend process reads as visible, ordered progress instead of a dead spinner.
Animation (Media)
Five interaction studies for media products — player morph, chapter
scrubbing, karaoke captions, story rings, and waveform mood states. Same contract as every animation in this
system: pure CSS + vanilla JS, data-state driven, dual-theme tokens, reduced-motion safe. Media
motion has one extra duty: it carries the content's emotion without upstaging it.
The mini-player grows into theater mode with one spring: artwork scales, the title breathes up a size, transport controls drop in, and the equalizer starts dancing.
Jumping chapters is a glide, not a teleport: the playhead eases across, the chapter marker ripples on arrival, and the preview card crossfades to the new scene.
Words light up in time: a gradient sweep crosses each word with a small lift, while the progress bar keeps the line honest about where the audio actually is.
The active story takes the center: its countdown ring draws, the background parallaxes a beat slower than the caption chip, and neighbors recede without disappearing.
One waveform, three honest moods: idle breathes, playing dances, buffering shimmers — so audio state is readable from across the room without a single label.
Count-Up Numbers
Animated number reveal for stats and KPIs — requestAnimationFrame with an ease-out
curve and tabular numerals so the layout never jitters. Under prefers-reduced-motion the final
value renders instantly.
Dashboard stats, impact numbers, fundraising totals — moments where the arrival of a number is part of the story.
Never on live trading or financial-decision data: an animating price is a misrepresentation of the feed. Numbers a user acts on render instantly, always.
Runs once on demand, uses font-variant-numeric: tabular-nums to prevent reflow, and stays out of the screen reader's way — AT gets the final value, not 60 intermediate ones.
WCAG 2.2.2 (short, user-initiated, replayable run); reduced-motion honoured by skipping straight to the final value.
Easing Playground
The same 320px journey under five easing functions — linear, ease-out, ease-in-out, spring, and bounce — implemented in pure JS (rAF) so spring physics aren't faked with keyframes. Watching the difference is the fastest way to teach motion taste.
Design-system education and motion-spec reviews: when an engineer asks 'which easing', point at the difference instead of describing it.
Don't ship bounce or heavy spring on serious product surfaces — overshoot reads as playful; institutional contexts use the ease-out family almost exclusively.
Buttons are real buttons; the stage is aria-hidden with the active easing named in visible text; reduced-motion jumps the ball to the end state.
WCAG 2.3.3 Animation from Interactions — motion is user-initiated, brief, and disabled by the OS preference.
Toast Queue (Live)
A working toast manager, not a static mock: spawn, stack (max 3, oldest evicted), auto-dismiss with a visible progress bar, pause-on-hover, manual close — and a split aria-live strategy (polite for info/success, assertive for critical).
Transient confirmations of completed actions: saved, sent, copied. The queue cap and eviction policy are the design decisions most toast libraries skip.
Never for compliance-relevant or loss-relevant content — auto-dismissing evidence is the anti-pattern; that register belongs to persistent banners (see Alert & Toast).
Hover pauses the timer; close buttons are focusable; critical toasts use aria-live=assertive, the rest polite so screen readers aren't interrupted by good news.
WCAG 4.1.3 Status Messages — announced without focus theft; 2.2.1 Timing Adjustable via pause-on-hover + manual dismiss.
Pointer Tilt Card
A 3D tilt that tracks the pointer with damped rotation and a radial glare that follows the cursor — pure JS transforms, springs back on leave, and switches itself off for touch devices and reduced-motion users.
Hero cards, feature highlights, award-page registers — one or two per view as a focal accent.
Not for dense grids or anything containing text the user must read while interacting — motion under the reading surface costs comprehension. Never on form containers.
Activates only on (hover:hover) and (pointer:fine); rotation capped at 7°; springs back to rest on leave; purely decorative and invisible to assistive tech.
WCAG 2.3.3 — interaction-triggered motion fully disabled under reduced-motion; no information is conveyed by the motion itself.
HOVER / MOVE POINTER
Magnetic Button + Ripple
Two press-feedback classics done with restraint: a magnetic pull capped at 6px that eases the button toward the cursor, and a ripple from the press point. Both are decoration on top of a fully functional, keyboard-perfect button.
Primary CTAs on marketing and portfolio surfaces where a moment of delight is on-register.
Skip both in dense product UI — magnetism on a 24px-tall table action is noise. The ripple must never be the only press feedback (focus + active states stay).
Works identically by keyboard (ripple fires from center on Enter/Space); magnet caps at 6px so the hit target never escapes the pointer; reduced-motion disables both.
WCAG 2.5.2 Pointer Cancellation — action binds to the click, ripple on down is feedback only; 2.4.7 focus visible at all times.
Stagger Text Reveal
Character-level entrance for display headlines: JS splits the line into spans, each rises and settles with a 28ms cascade. The original string stays in the DOM for assistive tech; the animated copy is decorative.
Hero headlines and section moments on editorial/marketing surfaces — the typographic equivalent of a curtain rise.
Never on body copy, navigation, or anything read mid-task; once per page load is the ceiling — repeated stagger becomes a tic.
Split spans are aria-hidden with the full sentence kept in a visually-hidden element; replay is user-initiated; reduced-motion renders the line instantly.
WCAG 1.3.1 — the programmatic text is the real sentence, not 34 orphan characters; reduced-motion honoured.
Typewriter Reveal
Types a headline out character by character behind a blinking caret — JS appends one glyph at a time while the full sentence stays in the DOM for assistive tech. The animated copy is decorative.
Terminal, code, or editorial moments where the “being written now” feeling earns attention — once per view.
Never on navigation, body copy, or anything read mid-task; a slow type-out in front of content the user wants now reads as a delay, not delight.
The real sentence sits in a visually-hidden span; the typed copy is aria-hidden; replay is user-initiated and reduced-motion prints the line instantly.
WCAG 1.3.1 + 2.3.3 — programmatic text is the full string, not a stream of orphan characters; motion fully removed under reduced-motion.
Decode / Scramble
A cipher that resolves left-to-right: each position cycles random glyphs, then locks to its real character — the “decrypting” register, done with restraint.
Security, data, or AI surfaces where a “resolving” metaphor fits the content — a loading-to-truth moment.
Not for long strings or anything time-critical; the scramble adds perceived latency. Never on numbers a user must trust mid-update.
Full text kept in a visually-hidden span; cycling glyphs are aria-hidden; reduced-motion skips straight to the resolved string.
WCAG 2.2.2 — no essential meaning is conveyed only by the transient glyphs; the settled text is the source of truth.
Word Fade-Up (blur)
Reveals a line word by word, each rising out of a soft blur into focus — a calmer, more legible cascade than per-character motion for longer headlines.
Longer display headlines and section intros where character-level motion would feel busy — the editorial default.
Not for single words (use a simpler fade) or dense paragraphs; blur-in on body copy hurts reading speed.
Words are aria-hidden spans with the full sentence in a visually-hidden element; one play per load; reduced-motion renders sharp instantly.
WCAG 1.3.1 + 2.3.3 — the readable sentence is programmatic, not reconstructed from fragments; blur/motion removed under reduced-motion.
Mask Wipe
The whole line is revealed by a hard-edged wipe sweeping left to right via animated clip-path — no character splitting, so the text stays selectable and natively readable.
Logotype lockups and single-line statements where you want one clean gesture rather than a cascade.
Not for multi-line blocks (the wipe reads as a glitch across wraps); not where the text must appear immediately.
No DOM splitting — the element holds the real text, fully selectable and read normally; reduced-motion shows it un-clipped at once.
WCAG 1.3.1 — text is never fragmented; the wipe is purely presentational and disabled under reduced-motion.
3D Char Flip
Each character flips up on its X-axis from flat to upright with a staggered cascade — a dimensional cousin of the stagger reveal for high-impact hero moments.
Hero headlines on award or launch surfaces where a single, deliberate flourish sets the tone.
Never on body copy or repeated elements; 3D rotation per character is the most attention-expensive of the set — use sparingly.
Split spans are aria-hidden with the sentence in a visually-hidden element; replay is user-initiated; reduced-motion renders flat and upright instantly.
WCAG 1.3.1 + 2.3.3 — the real sentence is programmatic; rotation removed entirely under reduced-motion.
Contrast Checker (Interactive)
Pick any foreground and background: the checker computes the WCAG relative-luminance ratio live and grades it against AA and AAA for normal and large text, plus the 3:1 non-text minimum. The math is the spec formula, not an approximation.
Token decisions, theme reviews, and the recurring 'is this gold readable on white' argument — settle it with the formula in front of both people.
A passing ratio doesn't end the audit: 1.4.1 colour-only signalling and state contrast still need review. The checker is one control, not the conformance story.
Inputs are native colour pickers with visible labels; results render as text chips (never colour alone); the live ratio is announced via a polite region on change.
WCAG 1.4.3 Contrast (Minimum, AA 4.5:1 / 3:1 large), 1.4.6 (AAA), 1.4.11 Non-text Contrast — computed per the WCAG 2.x relative-luminance definition.
Focus Trap (Dialog Pattern)
A live dialog focus trap done right: Tab and Shift+Tab cycle inside, Escape closes, and focus returns to the trigger that opened it. The trap is the easy half — the restore is the half everyone forgets.
Modals, drawers, command palettes — any layer that takes over the page must own focus for exactly as long as it exists.
Don't trap focus in non-modal UI (popovers should dismiss on tab-out), and never trap without a keyboard exit — that's the violation this pattern exists to prevent.
Open moves focus to the first control; Tab wraps both directions; Escape closes; focus restores to the trigger; the dialog carries role=dialog and aria-modal with a labelled heading.
WCAG 2.1.2 No Keyboard Trap, 2.4.3 Focus Order — the ARIA APG dialog pattern.
Confirm export
Tab cycles inside this dialog. Esc closes and returns focus to the trigger.
Live Region Announcer
Status messages that screen readers actually hear: a polite region for ambient updates and an assertive region for must-know-now — with a visible log so sighted reviewers can verify what was announced and when.
Async results: save confirmations, background sync, validation outcomes — anything that changes without a focus move.
Don't announce continuous noise (every keystroke, every price tick) and never use assertive for good news — interruption is a cost you spend on emergencies.
Regions exist in the DOM from load (late-inserted live regions are unreliable); messages are swapped, not appended forever; the visible log mirrors exactly what AT received.
WCAG 4.1.3 Status Messages — programmatically determinable without receiving focus; polite vs assertive chosen by consequence.
Form Error Summary
On failed submit: focus moves to a summary box that names every error as a link; each link jumps to its field; each field carries aria-invalid and an aria-describedby message. The pattern that turns 'something is wrong' into a fixable list.
Any form longer than two fields — and mandatory on regulated flows (KYC, payments) where an abandoned form has a measurable cost.
Don't rely on inline messages alone for long forms (screen-reader users get no overview), and never use colour as the only error signal.
Summary receives focus on submit (tabindex=-1); links move focus to the field; messages bind via aria-describedby; errors announce once, not per keystroke.
WCAG 3.3.1 Error Identification, 3.3.2 Labels, 3.3.3 Error Suggestion, 2.4.3 Focus Order — the GOV.UK-validated error-summary pattern.
Problems to fix
Skip Link
The first Tab press on a page should offer a way past the navigation. Visually hidden until focused, then unmissable — try it: click into the demo and press Tab.
Every page with repeated navigation before the main content — which is every page. The cheapest AA fix on the entire checklist.
Don't hide it with display:none (unfocusable) or leave it permanently visible (clutter); reveal-on-focus is the contract.
First focusable element in the demo DOM; on activation moves focus to the main region (tabindex=-1); visible focus style when revealed.
WCAG 2.4.1 Bypass Blocks — the canonical technique.
Touch Target Size
24px icons feel fine with a mouse and fail with a thumb. Toggle the overlay to see each control's true hit area against the 44×44 reference — and how padding grows the target without growing the icon.
Mobile-reachable UI review: table row actions, chip closers, player controls — anywhere small glyphs accumulate.
Don't inflate the visible control to fix the metric — grow the hit area (padding / pseudo-element) and keep the visual weight. Density and reachability are not enemies.
The overlay shows real interactive bounds; the small target demonstrates the failure, the padded target shows the fix at identical visual size; all controls stay keyboard-operable.
WCAG 2.5.8 Target Size Minimum (24px, AA in WCAG 2.2) and 2.5.5 (44px, AAA) — labelled honestly: this system targets 44px on primary touch surfaces.
Accessibility
WCAG 2.1 AA baseline with Finance-Specific Accessibility (FSA) protocols for institutional environments.
Luminance Tapering
Color-Blind Safe Mode
▼ -$18,220
▼ -$18,220
Density
Components adapt across three density modes. HD for trading terminals, MD for dashboards, LD for client portals.
| Token | HD (Trading) | MD (Dashboard) | LD (Portal) |
|---|---|---|---|
btn-height |
28px | 36px | 44px |
input-height |
28px | 36px | 44px |
row-height |
28px | 40px | 52px |
cell-padding |
4px 8px | 8px 16px | 12px 20px |
font-body |
12px | 14px | 16px |
icon-size |
14px | 18px | 24px |
Infrastructure & State
API-driven UI architecture for high-concurrency financial environments. We design the data lifecycle, not just the visual layer.
Real-time State Orchestration
In institutional platforms like TradeX, the UI must handle 10,000+ data updates per second across 8-monitor setups. Our design system extends into the state machine layer to ensure consistency and performance.
Components are architected as finite state machines. Whether it's a "Partial Fill" on a trade ticket or a "Stale Data" warning on an Order Book, every visual state is a predictable outcome of the API payload.
We use a pub/sub architecture at the component level. A price update in the Order Book automatically propagates to the Risk Matrix and P&L attribution widgets, ensuring a unified "Truth State" across all open monitors.
Error & Liability Management
We categorize system failures into high-fidelity error states mapped to SEC/FINRA auditing requirements.
Figma Libraries
Source Figma files for the complete Zerologix component library and brand system.
Component Library
Brand System
Date Picker
Date and date-range selection for transaction filtering, reporting periods, and regulatory filing deadlines. Essential for compliance date queries and historical data analysis.
Select / Combobox
Three variants: a native styled Select for simple lists, a fully keyboard-navigable Combobox with type-ahead for instrument search, and a Multi-Select Tag input. All support grouped options and ARIA roles. Keyboard: ↑↓ navigate, Enter select, Esc dismiss.
Radio Group
Exclusive choice selection for order type, account tier, and risk classification. Supports both horizontal and vertical layouts with descriptive labels for compliance contexts.
Range Slider
Dual-handle range input for price filters, allocation percentages, and risk tolerance bands. Visual range display with real-time value updates for portfolio rebalancing.
OTP Input
One-time password entry field for two-factor authentication, wire transfer confirmation, and sensitive admin actions. Secure digit-by-digit input with auto-focus between fields.
Command Palette
Keyboard-driven command interface (Cmd+K) for power users navigating instruments, executing trades, and accessing settings. Type-ahead command search with grouped action categories.
Bottom Sheet
Mobile-first panel for order confirmation, filter selection, and quick actions. Dismissible sheet with drag handle and smooth scroll behavior for touch devices.
Order Confirmation
Resizable Panel
Drag the divider handle to resize panel areas. Used in trading workspaces for chart/order-book splits and multi-panel layouts. Supports both horizontal and vertical orientations with min/max constraints.
Sticky Header
Persistent context bar for instrument identity, account status, and active session info. Remains visible during scroll for quick reference to critical data.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Data Grid
Sortable, filterable, and paginated data grid for holdings, transaction history, and compliance logs. Column-based layout with sort indicators and selection checkboxes for bulk actions.
| Symbol | Quantity | Price | P&L | Action | |
|---|---|---|---|---|---|
| TYPESCRIPT | 250 | 3,421.50 | +2,850.75 | ||
| AMZN | 150 | 2,890.25 | -1,250.30 | ||
| UST 10Y | 500k | 104.25 | +12,450.00 |
Tree View
Hierarchical account and portfolio structure with interactive expand/collapse, keyboard navigation, and optional checkbox selection. Used for fund-of-funds, sub-account hierarchies, and permission scopes.
Kanban Board
Workflow visualization for compliance task tracking, trade lifecycle states, and review pipelines. Drag-and-drop card management with status column organization.
Calendar View
Event calendar for earnings announcements, regulatory filings, dividend dates, and economic events. Visual event markers with details on hover or click.
Code Block
Syntax-highlighted code display for API documentation, FIX protocol messages, and WebSocket payload examples. Copyable code with line numbers and language identifier.
Notification Center
Aggregated notification feed for price alerts, compliance deadlines, and system messages. Categorized and dismissible notifications with priority indicators.
Confirmation Dialog
High-stakes action confirmation for trade execution, wire transfers, and account changes. Modal dialog with warning icon, destructive action button, and cancel option.
Confirm Wire Transfer
You are about to transfer $50,000 to JP Morgan Chase. This action cannot be undone.
Drag & Drop
Reorderable lists for dashboard widget arrangement and watchlist prioritization. Visual feedback during drag operations with drop zone indicators.
Keyboard Shortcuts
Keyboard shortcut reference panel for trading terminal hotkeys. Organized by category with searchable help modal for power users.
Keyboard Shortcuts
Trading
Navigation
Design System Reference Map
This system was built by studying 8+ reference-grade design systems — from institutional finance (institutional terminals, Stripe) to government compliance (Gov.uk, USWDS). Below: what each reference taught us and how it shaped component decisions.
Financial & Institutional
Enterprise & Data
Government & Regulatory
What This System Does Differently
MiFID II Suite EU 2014/65/EU
MiFID II (Markets in Financial Instruments Directive II) mandates pre-trade transparency, post-trade reporting, best execution disclosure, and transaction cost reporting. These components encode those requirements as interactive UI patterns — not PDF documents.
Pre-Trade Transparency — Best Execution Venues Art. 27
Investment firms must take all sufficient steps to obtain the best possible result for clients. This panel surfaces venue-level data so PMs can verify routing decisions before order submission.
Post-Trade Confirmation Art. 59 & 60
Investment firms must send trade confirmations no later than the first business day after execution. This confirmation component encodes all MiFID II-required fields.
Transaction Cost Disclosure Art. 24(4) & RTS 28
ESMA / FCA Risk Warning
ESMA (European Securities and Markets Authority) and FCA (Financial Conduct Authority) mandate specific risk warnings for retail CFD clients, including the percentage of retail investors who lose money. These are legally required — not optional copy.
Mandatory CFD Risk Warning ESMA 2018/796
Required at point of sale and on all marketing materials. The loss percentage must be calculated from the firm's own client data over the preceding 12 months and updated quarterly.
ESMA Leverage Caps by Asset Class ESMA 2018/796 Art. 4
| Asset Class | ESMA / FCA Cap | ASIC Cap | Risk Level | Margin Required |
|---|---|---|---|---|
| Major FX Pairs (EUR/USD, GBP/USD…) | 30:1 | 30:1 | Medium | 3.33% |
| Non-major FX / Gold | 20:1 | 20:1 | Medium-High | 5.00% |
| Major Equity Indices (S&P 500, FTSE 100…) | 20:1 | 20:1 | Medium-High | 5.00% |
| Non-major Equity Indices / Commodities | 10:1 | 10:1 | High | 10.00% |
| Individual Equities | 5:1 | 5:1 | Very High | 20.00% |
| Cryptocurrency | 2:1 | 2:1 | Extreme | 50.00% |
Jurisdiction Simulator
The same Order Entry component renders differently across regulatory jurisdictions. Switch between EU (MiFID II/ESMA), UK (FCA post-Brexit), Australia (ASIC), and US (CFTC/FINRA) to see how compliance requirements alter the interface — warnings, leverage caps, disclosures, and required fields all adapt automatically.
What Changes Per Jurisdiction
Best Execution MiFID II Art. 27 / RTS 27 & 28
Investment firms must demonstrate best execution — the best possible result for clients considering price, costs, speed, likelihood of execution, size, and market impact. This panel shows the Smart Order Router's venue decision in real-time.
FCA CASS — Client Money CASS 7 & 7A
The FCA's Client Assets Sourcebook (CASS) requires firms to segregate client money from firm money. This panel surfaces client money status for both the end-client view and the RM operational view — distinct audiences, distinct information needs.
Client View — Account Safety
RM View — CASS Operational Status
Two completely different components serve two completely different users — but they reference the same underlying data. The client view answers "is my money safe?" The RM view answers "are we CASS compliant today?" Same information architecture. Different cognitive tasks. Different visual weight.
SEC Rule 10b5-1 Plan Rule 10b5-1(c)
Visual scheduler and execution monitor enforcing statutory cooling-off periods and transaction caps for corporate insiders.
In executive equity dashboards, stock administration platforms, and compliance panels tracking scheduled insider transactions.
Do not use for standard discretionary retail trades. Use basic limit order status forms instead.
Expose status via standard aria-live="polite" when scheduled tranches change. Ensure execution
list has ARIA tables structure.
SEC Exchange Act Rule 10b5-1(c)(1)(ii)(B) (governing mandatory cooling-off periods for directors and officers).
SEC Form 4 Ledger Exchange Act Sec. 16(a)
Real-time ledger showing insider equity transactions, transaction codes, and beneficial ownership filings within the 2-business-day window.
| Reporting Person | Code | Tx Date | Amount (Shares) | Price | Owned Post-Tx | Filing Status |
|---|---|---|---|---|---|---|
| Jane Smith (Director) | S | 2026-06-09 | -15,000 | $42.50 | 85,000 (D) | ✓ Filed (SEC EDGAR) |
| Marcus Brody (VP Finance) | P | 2026-06-10 | +2,500 | $41.80 | 18,200 (D) | ✓ Filed (SEC EDGAR) |
| Alexander Vance (COO) | S | Today | -10,000 | $43.10 | 50,000 (D) | Pending File (T+1) |
Use inside compliance trade portals, equity platforms, and public investor relationship pages to show institutional insider tracking.
Do not use for general market client transactions. Use general client trade confirmations instead.
Tables should include ARIA labels for sorting headers and semantic details for transaction codes S (Sale) and P (Purchase).
Section 16(a) of the Securities Exchange Act of 1934 and SEC Rule 16a-3 (mandatory filing within two business days).
SEC Rule 15c3-3 Reserve Rule 15c3-3(e)
Special Reserve Bank Account calculator displaying credits, debits, and reserve cash deposit requirements for broker-dealers holding customer assets.
In back-office broker-dealer ledger audits, compliance reporting dashboards, and treasury reserve controls.
Do not expose in standard retail customer account pages. Use simple credit interest statements instead.
The calculation result must have role="status" and aria-live="polite" to let
screen readers know when the inputs change.
SEC Rule 15c3-3 (Customer Protection Rule) under the Securities Exchange Act of 1934 (requiring a Special Reserve Bank Account).
SEC Reg BI Gate Exchange Act Rule 15l-1
Multi-step retail investor stepper enforcing Regulation Best Interest disclosure rules, ensuring Form CRS receipt and acknowledgement prior to recommendation execution.
Before opening an account, you must review our broker-dealer relationship summary. This documents our services, fees, conflicts of interest, standards of conduct, and disciplinary history. Download Form CRS (PDF).
In retail brokerage onboarding, advisory client signups, and before delivering recommendations to retail accounts.
Do not enforce on institutional accounts or eligible contract participants (ECPs), where Reg BI does not apply.
The disclosure PDF link must have a descriptive label. The checkbox must have an explicit
aria-required="true".
SEC Regulation Best Interest (Reg BI) under Exchange Act Rule 15l-1 (requiring timely delivery of Form CRS).
SEC 17a-4 WORM Seal Rule 17a-4(f)
Visual indicators confirming Write-Once-Read-Many (WORM) storage locks, hash integrity checks, and retention scheduling for broker-dealer communications.
trade_ledger_2026_Q2.db.gz ·
SHA-256: f2a3c7...90e3
In document vaults, record-retention auditor dashboards, and trade statement export wizards.
Do not use for temporary application state caches or draft files where edits are expected.
Display status icon with appropriate aria-label="Write-Once-Read-Many storage lock active".
SHA-256 hashes must have monospace font representation.
SEC Rule 17a-4(f) under the Securities Exchange Act (governing electronic storage media integrity standards).
ISDA CSA Margin Call ISDA 2016 VM CSA
Collateral management dashboard calculating variation and initial margins, thresholds, and final payout requests under bilateral agreements.
In collateral operation desks, trade negotiation screens, and post-trade settlement systems.
Do not use for cleared swap margin requirements (which are handled by Central Counterparties / CCPs).
The margin call result should update with an ARIA notification and include proper financial units display.
CFTC Margin Requirements for Uncleared Swaps and Basel III BCBS-IOSCO framework.
ISDA Clause Negotiator ISDA Master Section 5
Bilateral negotiation interface showing termination threshold differentials and cross-default clauses between two contracting entities.
In derivative onboarding systems, legal ops negotiator dashboards, and counterparties consensus reviews.
Do not use for automated algorithmic clearing arrangements. Use structured rules engines instead.
Compare layouts side-by-side using screen reader landmarks like aria-describedby pointing to
change descriptions.
Dodd-Frank Title VII Recordkeeping obligations (requiring clear auditability of agreement negotiations).
ISDA UPI Resolver ISDA Taxonomy 2.0
Schema mapping interface generating Unique Product Identifiers (UPI) and CFI codes from raw swap attribute fields for reporting trade data to Repositories.
In post-trade compliance interfaces, transaction reporting templates, and DTCC swap reporting workflows.
Do not use for plain vanilla equity trades, which use standard ISIN or CUSIP identifiers.
Always display the CFI code and resolved UPI in raw accessible text, not inside images, so screen readers can copy it.
CFTC Part 43 & 45 Swap Data Recordkeeping and reporting rules (requiring unique product identifiers).
ISDA SIMM Risk Exposure SIMM 2.5
Risk parameter matrix entry grid mapping Delta, Vega, and Curvature vectors to compute Initial Margin requirements under Uncleared Margin Rules.
| Tenor Bucket | Delta ($/bp) | Vega ($/bp) | Curvature | Margin Weight |
|---|---|---|---|---|
| 1Y | 0.00 | $142,500 | ||
| 5Y | 0.00 | $620,100 | ||
| 10Y | 0.00 | $1,980,500 |
In derivatives risk dashboards, quantitative trading portals, and capital reserve calculation tools.
Do not use for retail accounts or standard brokerage margin accounts (which use Regulation T / SPAN margins).
Matrix inputs must have descriptive aria-label describing the intersection (e.g. "Vega for 5
year tenor").
BCBS-IOSCO framework on Margin requirements for non-centrally cleared derivatives.
ISDA QFC Stay Status 12 CFR Part 252
System warning banner detailing contract stay provisions under Qualified Financial Contracts (QFC) rules preventing cross-default close-outs.
In trade confirmations, risk settlement interfaces, and legal compliance tracking panels.
Do not use for exchange-traded derivatives or cleared swap contracts, where stays do not apply in this format.
Use a high-visibility warning status (such as role="alert") if the counterparty enters default
administration, triggering stays.
Federal Reserve Board, FDIC, and OCC Qualified Financial Contract (QFC) Stay Rules.
Filter Bar
Chip-based active filter display with search, date range picker, and status toggles. Used in data grids, trade blotters, and compliance logs to surface active filter state clearly.
Split Button
Primary action button with a dropdown chevron for variant actions. Used for order entry (Buy / Buy Limit / Buy Stop), export (CSV / PDF / JSON), and report generation actions.
Audit Trail
Immutable chronological log of system events, user actions, and compliance decisions. Required for MiFID II best execution reporting, SOX audit support, and internal controls. Each entry is cryptographically linked to prevent tampering.
Append-only event stream with hash chaining — each entry carries actor, action, payload diff, and timestamp; the chain makes silent edits cryptographically loud.
Do not render the trail as raw JSON — the audience is a compliance officer under time pressure. Each event renders as a human-readable sentence with the diff one click away.
Filterable by actor, surface, and event class, but never editable or deletable from the UI — the viewer has zero write paths by design.
Built to the SEC 17a-4(f) WORM standard: write once, read many. The same pattern seals AI recommendations in the Double-Blind protocol — sign-off is a first-class event.
Live Data Integration
Design components consuming real production APIs — zero mock numbers. Every price, rate, and filing shown here is fetched live. Demonstrates loading skeletons, stale-data detection (72-second window), error boundaries with last-known-good cache, and WebSocket reconnection with exponential backoff.
KYC / AML Identity Verification Stepper
Multi-step identity verification flow used by regulated financial platforms for onboarding under FinCEN CDD, FCA SYSC 6, and MAS AML/CFT requirements. Handles document upload, liveness check, sanctions screening, and risk scoring with clear failure states and manual-review escalation paths.
Role-Based Access Control Matrix
Granular permission editor for multi-tenant enterprise platforms. Each cell represents a policy decision logged to the audit trail. Used for SOC 2 CC6.1 access controls, Type I/II attestations, and regulatory separation-of-duties reviews. Supports role templates, permission inheritance, and "who changed this" hover tooltips.
| RESOURCE | CLIENT ANALYST | PM | TRADER | COMPLIANCE | ADMIN |
|---|
Multi-Approver Approval Workflow
N-of-M signoff pattern for high-stakes actions — trade cancellation, policy changes, vendor contracts, client offboarding. Each approver sees full context (proposed change, diff, requestor, SLA), can approve/reject/request changes, and is logged to the audit trail. Parallel or sequential, with optional hierarchy routing.
Data Lineage Graph
Visualises where data originated, every transformation it passed through, and every downstream consumer. Critical for BCBS 239 risk-data aggregation, GDPR Article 30 processing records, and IFRS 17 actuarial assumption traceability. Each node shows owner, freshness, and PII status; each edge shows the transformation contract.
SLA / Uptime Status Board
Real-time service health board with p50/p95/p99 latency, error budget burn, and incident history. Pattern used in Stripe Status, Atlassian Statuspage, and Datadog SLO dashboards. Each service shows 90-day uptime sparkline, current SLA commitment, and remaining error-budget percentage.
Reconciliation Diff Table
Side-by-side comparison of two datasets with automatic mismatch highlighting. Used for trade reconciliation (our books vs. prime broker statement), GL-to-subledger checks, MiFID II trade reporting vs. ARM acknowledgement, and daily position-break investigations. Mismatches grouped by severity with resolution actions.
| SYMBOL | OUR QTY | PB QTY | Δ | OUR NAV | PB NAV | Δ $ | ACTION |
|---|---|---|---|---|---|---|---|
| AAPL | 45,000 | 45,000 | 0 | 8,126,700.00 | 8,126,700.00 | — | ✓ Matched |
| MSFT | 22,500 | 22,501 | −1 | 9,348,075.00 | 9,348,490.54 | −415.54 | Review |
| NVDA | 12,000 | 11,000 | −1,000 | 10,697,160.00 | 9,805,063.00 | −892,097.00 | Break · Escalate |
| GOOGL | 8,200 | 8,200 | 0 | 1,358,012.00 | 1,358,012.00 | — | ✓ Matched |
| TSLA | 6,750 | 6,750 | 0 | 1,207,237.50 | 1,207,237.50 | — | ✓ Matched |
Enterprise Tenant Switcher
Multi-tenant navigation pattern for MSP dashboards, consultancy portals, and enterprise SaaS. Shows current tenant prominently, recents, search, and role-per-tenant. Keyboard-driven (⌘K opens, arrow keys, enter selects). Switching reloads workspace without full navigation to preserve scroll context.
API Keys & Webhook Manager
Credential lifecycle with scoped permissions, rotation policy, and delivery health. Modeled on Stripe/Plaid developer consoles with institutional audit expectations. Reg alignment: SOC 2 CC6.1 (logical access), PCI DSS 3.2.1 (key management), OWASP API Security Top 10.
https://ops.acy.com/hooks/treasury
Regulatory Alert Triage Queue
Compliance inbox for surveillance hits — AML, market abuse, sanctions, PEP. Each alert carries regulatory source, severity scoring, SLA clock, and case linkage. Pattern reference: NICE Actimize, Nasdaq SMARTS, internal tools at tier-1 banks. Reg alignment: FINRA Rule 3110, MAS Notice 626, FCA SYSC 6, OFAC SDN screening.
Seat & License Manager
Enterprise SaaS seat allocation with role tiers, utilization reporting, and contract-aware provisioning. Covers the "are we paying for ghosts" question that FP&A asks every quarter. Reg alignment: ISO 27001 A.9 (access control), SOC 2 CC6.2 (user deprovisioning).
Post Composer
Rich content composer with media attachments, @mention autocomplete, emoji picker, draft save, visibility scoping, and character limit with live counter. Pattern reference: Twitter/X, LinkedIn, Bluesky composer. Accessibility: full keyboard control, SR announcements, reduced-motion aware.
Feed Post Card
Timeline post with author meta, repost attribution, rich content, media grid, reactions bar, and action row (reply, repost, like, share, bookmark). Pattern reference: Twitter/X, Threads, LinkedIn native post. Handles quote-repost chain and collapsed-thread continuation.
Story Ring Carousel
Horizontally scrolling story row with viewed/unviewed ring states, live indicator, and "your story" affordance. Pattern reference: Instagram, LinkedIn video spotlight, WhatsApp status. Gradient ring signals unseen content; muted ring = already watched.
Threaded Comments
Nested comment thread with collapse/expand, author highlighting, reaction pills, reply composer inline, and OP/verified badges. Pattern reference: Reddit, Hacker News, Linear comments. Scales to 5+ levels of depth with visual rail to anchor the reading eye.
Profile Header
Identity block with banner, avatar, name row (verified badge, pronouns), bio, stats (followers, following, posts), action CTAs (follow, message, share), and tab navigation. Pattern reference: Twitter/X, LinkedIn, Bluesky profile. Collapses cleanly at mobile breakpoints.
Ed Chen
he/himNotification Feed
Aggregated notification stream with type iconography, actor stacking, time grouping (new vs earlier), action previews, and filter tabs. Pattern reference: GitHub, Linear, Twitter/X notifications. Groups identical actions ("12 people liked your post") to reduce noise.
Trending Hashtags Panel
Right-rail trend unit with rank, category context, post volume, and engagement delta (Δ 24h). Pattern reference: Twitter/X "What's happening", LinkedIn news, Bluesky discover. Numeric trend indicator avoids the "going viral now!" coercion and just reports the data.
Direct Message Chat
1:1 chat surface with paired conversation list (left) and thread view (right). Features read receipts, typing indicator, day separators, reaction picker, inline media/link previews, and message composer. Pattern reference: Slack DMs, iMessage, Twitter/X DMs.
Creator Engagement Analytics
Creator-facing post performance panel with impressions, engagement rate, audience growth, top referrers, and 7-day sparkline. Pattern reference: Twitter/X Analytics, LinkedIn Creator Dashboard, YouTube Studio. Uses Ben Fry's "show the data first" principle over dashboard theatre.
Verified Creator Badge System
Multi-tier verification mark (Individual, Professional, Organization, Government) with hover-tooltip explaining authority, issue date, and scope. Pattern reference: Twitter/X Verified, Bluesky moderation labels, Meta Meta-verified. Disambiguates trust signals so users can tell "celebrity" from "actual regulatory body".
Sanctions Screening Engine
Real-time name-match screening against 12 sanctions lists (OFAC SDN, EU CFSP, UN Consolidated, UK HMT, MAS TSOFA, AUSTRAC DFAT). Fuzzy-match scoring, AKA alias expansion, transliteration support (Cyrillic/Arabic/CJK). Reg alignment: OFAC 31 CFR 501, EU (EC) 2580/2001, UK SAMLA 2018.
PEP & Adverse Media Monitor
Politically Exposed Persons monitoring with three-tier FATF classification (Foreign · Domestic · IO), family member & close associate expansion, adverse media signal ingestion. Reg alignment: FATF Rec 12, EU AMLD6 Art 20, UK MLR 2017 Reg 35.
Transaction Risk Scoring Engine
Real-time multi-factor transaction risk scoring: amount velocity, geography, counterparty risk, typology fingerprint. Adjustable weights per risk appetite. Reg alignment: FinCEN 31 CFR 1010.320, BSA/AML, Wolfsberg Guidance on Risk-Based Approach.
SAR / STR Filing Workflow
Suspicious Activity Report drafting with narrative scaffolding, evidence attachment, MLRO review, and regulatory submission (FinCEN BSA E-Filing, UK NCA SAR Online, HK JFIU). 30-day FinCEN filing clock visible at all times. Reg alignment: 31 USC 5318(g), POCA 2002 s.330, FATF Rec 20.
Ultimate Beneficial Owner Graph
Multi-level corporate ownership unwinding with >25% threshold detection per FinCEN CDD Rule. Circular holdings, trust interposition, nominee flag. Reg alignment: 31 CFR 1010.230, EU AMLD5 Art 30, UK PSC Register, Singapore RoRC.
Ongoing Monitoring Alert Queue
Triage-ready alert queue from behavioural-rule and ML-model detection layers. SLA-banded disposition: clear, escalate, RFI, SAR. Reg alignment: FATF Rec 10(d), FinCEN 31 CFR 1020.210(b)(2)(v), JMLSG Part I 5.7.
Jurisdiction Risk Heatmap
FATF grey / black list status blended with Basel AML Index, Transparency International CPI, and sanctions regime density. Per-country exposure weighted by book volume. Reg alignment: FATF Public Statements, EU AMLD5 Annex III, Basel Committee AML/CFT Principles.
CDD Refresh & Trigger Event Ticker
Ongoing Customer Due Diligence refresh schedule blended with trigger-event detection (address change, ownership restructure, adverse media, unusual activity). Reg alignment: FATF Rec 10, EU AMLD5 Art 14(5), MAS AML Notice 626 §8.
Typology & Red-Flag Library
Reference library of money-laundering typologies sourced from FATF, APG, Egmont Group, MENAFATF with bound detection rules and real case exemplars. Reg alignment: FATF Typologies Reports, Egmont Case Book, UK NCA Red Flag Indicators.
Regulatory Change Watcher
Real-time ingestion of OFAC SDN updates, HMT Sanctions Notices, EU Council Regulations, MAS Circulars, HKMA Guidelines. Auto-diff old vs new lists, impact-surface against current book, CCO routing. Reg alignment: OFAC OFAC Recent Actions feed, HMT Financial Sanctions Notice, EU OJL, MAS MAS-Notices-RSS.
Calibrated Confidence Badge
Confidence as a calibrated, decision-grade signal — score bands (HIGH / MEDIUM / ABSTAIN) tied to measured calibration error, not raw softmax. The abstain state is designed, not hidden. Production pattern from Duo-Shou's three-tier valuation. Reg alignment: SR 11-7 model uncertainty disclosure, EU AI Act Art. 13 transparency.
Attach to every AI output a user might act on. The badge communicates how much to trust this specific output — banded, calibrated, and honest about coverage.
Never show raw model probability as if it were accuracy — an uncalibrated 0.92 is marketing, not measurement. If you cannot measure calibration (ECE), ship a qualitative band, not a number.
Bands are colour + label dual-encoded; ABSTAIN renders the fallback path (human review, more data) instead of an empty value. Screen readers get the band name and what it implies, not the percentage alone.
SR 11-7 requires known model limitations to be visible at the point of use; EU AI Act Art. 13 requires output interpretability. The calibration date in the corner is the audit hook.
Reasoning Chain · Explainability Surface
Every AI recommendation decomposes into challengeable steps, each with its evidence source and provenance label (live data / versioned document / model estimate). Pattern shipped in ConnectX and Aureus \u201cWhy this recommendation\u201d drawers. Reg alignment: SEC Reg BI Conflict (a)(2)(iv), SR 11-7 effective challenge.
Required wherever an AI recommendation can move money or risk: the user's job is to challenge the synthesis, not to admire the conclusion.
Do not paste a free-text 'explanation' paragraph generated after the fact — that is rationalisation theatre. If the pipeline cannot expose real intermediate steps, show inputs honestly instead.
Steps are a semantic ordered list; each step links to its evidence; estimates are visually distinct from facts. Keyboard expands steps; the chain reads top-to-bottom as one argument.
SR 11-7 effective challenge requires that a reviewer can interrogate the model's reasoning; Reg BI requires the basis of a recommendation to be articulable. This surface is that articulation.
Autonomy Tier Selector
Four explicit autonomy tiers — Ambient → Co-pilot → Assertive → Autonomous — as a governance primitive, not a settings toggle. Each tier states what the AI may do, in scope terms a compliance officer can sign. Production pattern from ConnectX's 8-agent framework. Reg alignment: SR 11-7 model governance, EU AI Act human-oversight Art. 14.
Use wherever an AI system can take actions of varying consequence — the tier ladder turns 'how much do we trust the AI' from a vibe into a signed configuration.
Not a feature flag and not a personalisation preference — do not bury it in settings. If the system has only one autonomy mode, state the mode; do not fake a ladder.
Escalating a tier re-presents the full scope contract and requires re-auth; de-escalating is instant. The active tier is announced on every affected surface. Tier state is per-client, not global.
EU AI Act Art. 14 requires meaningful human oversight proportionate to risk; SR 11-7 requires documented model-use boundaries. The tier definition IS that documentation, user-facing.
Human Sign-off Gate
The moment AI hands control to a human: typed confirmation bound to the specific proposal ID, impact and reversibility surfaced pre-commit, and the decision hash-sealed into an append-only trail. Production pattern from Aureus Decision Room and Double-Blind sealed commits. Reg alignment: SEC Reg BI Care Obligation, SEC 17a-4(f), SR 11-7.
Mandatory wherever an AI proposal becomes an irreversible or capital-committing action. The gate is the architectural promise that AI surfaces options and humans hold the commit.
Do not use for low-stakes accepts (that is the suggestion card's job) — gate fatigue destroys the gate. One sign-off per decision, never a daily batch blanket-approval.
Typed confirmation is bound to the proposal ID (no generic 'CONFIRM'); the commit button stays disabled until the exact string matches; reject requires a reason that enters the same trail.
Reg BI Care Obligation expects a deliberation surface, not a click-through; 17a-4(f) expects the decision record to be tamper-evident. The hash seal makes sign-off forensically defensible.
AI Suggestion Card
The unit of human-AI collaboration below the sign-off threshold: a suggestion with provenance chips, calibrated confidence, and three first-class responses — accept, modify, reject-with-reason. Rejected suggestions stay visible with their reason. Pattern from ConnectX RM workflow and Aureus proposals.
The default container for any AI-initiated idea: nudges, drafts, flags. If the action is irreversible or moves capital, escalate to the Sign-off Gate instead.
Never auto-accept on timeout, and never bury the reject option — a suggestion UI where accepting is easier than rejecting is an autonomy escalation in disguise.
All three actions are keyboard-reachable and logged; modify opens the draft for edit rather than regenerating; provenance chips link to the actual source records.
Reg BI conflict rules require the basis of a recommendation to be inspectable — the provenance chips are that basis. The rejection log is the SR 11-7 challenge record.
Streaming Response Surface
Token streaming with the honest affordances: visible model identity, time-to-first-token and throughput, a Stop control that actually halts spend, and an explicit \u201cunverified until complete\u201d register for financial figures.
Use for any generation longer than ~2 seconds — perceived latency drops when language arrives progressively, and Stop gives the user real control over cost and time.
Do not stream numbers into a decision surface as if final — a half-generated figure looks identical to a real one. Execution-grade values render only after the grounding pass.
Stop is keyboard-reachable and cancels the request server-side, not just visually. Completion announces via aria-live. The caret is decorative and hidden from screen readers.
Model identity and generation status visible at point of use (EU AI Act Art. 50 transparency); the 'unverified during stream' register prevents a half-truth from becoming an order.
Prompt Composer
Structured prompt input for professional surfaces: explicit context chips (what the model can see), a token-budget meter, and injection-safe paste — pasted text is data, not instructions. The composer makes the context window a visible, auditable object.
Use wherever users direct an AI with real stakes — the chips answer 'what does the model know right now', which is the question every audit and every confused user asks.
A bare chat textarea is fine for exploration, wrong for regulated work: invisible context produces unexplainable outputs. Don't silently inject CRM data the user can't see.
Chips are removable and inspectable; the budget meter warns before truncation (silent context loss is the worst failure); paste-sanitisation status is visible, and flagged content shows why.
The context chips double as the disclosure of processing basis (GDPR) and make prompt-injection a surfaced, loggable event rather than a silent compromise.
AI Content Disclosure Label
Per-artefact provenance labelling: AI-assisted (human reviewed and named) vs fully automated (rule-bounded, no review). The label travels with the content — letters, summaries, trade confirmations. Reg alignment: EU AI Act Art. 50 transparency obligations, FINRA 2210 communications standards.
Label every client-facing artefact an AI touched. The two-state taxonomy (assisted vs automated) is the minimum honest vocabulary — most policies fail by having only one.
Do not watermark internal scratch work into noise, and never use the label as a liability shield for unreviewed content ('AI-assisted' with no named reviewer is the anti-pattern).
The label is part of the document model, not a CSS overlay — it survives export, print, and forward. Reviewer name and date are mandatory fields for the assisted state.
EU AI Act Art. 50 requires AI-generated content be identifiable; FINRA 2210 holds the firm responsible for communications regardless of authorship — the named reviewer is who answers.
Model Picker & Fallback Chain
Model selection as visible infrastructure: an ordered fallback chain with live health, latency, and an honest 'reduced quality' label on the last resort. Production pattern from Ed's Agent (edwson.com) 7-model NVIDIA NIM chain.
Use when a product depends on third-party model availability — a single-model dependency is an outage waiting for a deprecation notice.
Do not expose a raw model dropdown to end users in a regulated product — model choice is a governance decision; users choose outcomes, operators choose models.
The serving model is attached to every output (attributability); chain order is config, not code; degraded-quality fallbacks are labelled so support can explain output variance.
Model inventory and version control are SR 11-7 baseline expectations; attributing each output to its producing model is what makes incident review possible.
Agent Tool-Call Trace
Every step an agent takes — tool, arguments, result, latency, status — as a readable flight recorder. Write-actions visibly stop at the approval boundary. The trace is what turns 'the agent did something' into an account a compliance officer can read.
Mandatory for any agent that calls tools with side effects. The trace is also the debugging surface — most agent failures are visible as a wrong argument, not a wrong model.
Do not collapse the trace into a cute 'thinking…' spinner for professional users — opacity is a trust cost. Keep raw payloads one click deep, not in the row.
Rows are append-only and timestamped; write-actions show their gate state; the table is semantically a table (screen-reader navigable), with tool names in mono.
Mirrors the 17a-4 audit-trail register applied to agents: actor (agent), action (tool+args), outcome, and the human gate where one exists. NIST AI RMF 'traceability' made concrete.
Grounding & Citation Coverage
Claim-level verification rendered in the text itself: every factual claim in an AI draft is grounded (source linked), ungrounded (no source), or contradicted (source disagrees) — with the worst state visually loudest. This is the hallucination guard as a shipping component, not a research demo.
Run on any AI draft containing facts that will reach a client or a regulator — letters, summaries, reports. The component answers 'which sentence do I need to check' instead of 'is this whole thing trustworthy'.
Do not gate casual internal chat on full grounding — the cost is real and the register is wrong. And never average the three states into one 'trust score'; a single contradicted number outweighs ten grounded ones.
Highlights are colour + underline-style dual-encoded; each claim links to its source or its absence; contradicted claims block one-click send until resolved or overridden with a logged reason.
FINRA 2210 prohibits false or misleading communications — claim-level grounding is the operational control. The override log is the evidence the control existed.
Feedback & Effective Challenge
Two distinct instruments deliberately kept apart: lightweight thumbs (ranking telemetry) and a structured challenge with a typed defect taxonomy that routes to the model owner under an SLA. Conflating them is how 'effective challenge' degrades into a like button. Reg alignment: SR 11-7.
Deploy both wherever professionals consume model output: thumbs for cheap signal density, the challenge form for the failures that matter.
Never let thumbs-down silently stand in for a defect report — a regulator will ask where challenges go, and 'into the ranking model' is the wrong answer.
The challenge form requires a defect class + free text; filing returns a tracking ID; resolution is reported back to the filer — the loop closes or the instrument dies.
SR 11-7 effective challenge requires documented, routed, answered criticism by qualified staff — the taxonomy, routing line, and SLA on this card are that requirement as UI.
Safety Guardrails
Real-time input/output moderation checking prompts and outputs against compliance guardrails.
Deploy as a sync interceptor on all public-facing LLM input and output streams to prevent jailbreaks and toxic generation.
Do not use as a replacement for system prompts; guardrails act as a defense-in-depth secondary filter model (e.g., LlamaGuard).
Status badges transition dynamically; triggered rules are read sequentially by screen readers with explicit ARIA alert status.
EU AI Act Art. 50 transparency; CFTC Rule 1.51 order transmission verification requirements.
RAG Citation Map
Visual attribution mapping retrieved source chunks to specific model statements with similarity weights.
Essential for advisory and compliance reporting tools where claims must be verified by reference documents (prospectuses, SEC filings).
Avoid for tasks not requiring factual evidence (e.g. code formatting, UI scaffolding generators).
Citations link to document overlays; screen readers read the full citation source name and context block via aria-details.
FINRA Rule 2210 communications with the public; SEC Investment Advisers Act compliance auditing.
The fund retains a 15% liquid collateral buffer for derivative positions, meeting regulatory liquidity ratios under MAS Guidance Paper 8.2.
Cost & Token Budget Tracker
Real-time budget tracking slider and loop termination controls to manage agentic recursion expenses.
Incorporate on all agent playbooks and loop execution views to prevent recursive feedback-loop cost escalations.
Not required for basic single-turn API calls with predictable execution overheads.
Dynamic token bars update with input range sliders; budget breach triggers a visible warn-status color shift and terminates further loops.
SOC 2 financial and operational control standards; corporate board fiduciary oversight requirements.
Agent Loop Execution (DAG)
Directed execution graph illustrating the state, steps, and tool calls of autonomous multi-agent planning loops.
Use for compound workflows involving loops, retry limits, self-correction, or multi-model evaluations.
Do not use for linear pipeline executions with no conditional routing. A simple timeline matches those use cases better.
Nodes are colored by operational state; interactive checkpoints require manual user sign-off to exit the loop; accessible labels trace path outcomes.
NIST AI Risk Management Framework Section 3 (Accountability & Tracking); CFTC records for algorithmic order execution origins.
Uncertainty Heatmap
Visual attribution highlighting token-level log-probabilities to flag potential hallucinations and uncertain model statements.
Deploy in investment research generators, automated commentary tools, or reports where exact precision of numerical claims is critical.
Do not show to regular consumers without plain-language explanations. The raw metrics are meant for analysts and risk assessors.
Uncertain words are highlighted (orange/red overlay based on entropy); keyboard focus triggers a popup menu displaying top alternate tokens.
SR 11-7 Model Risk Management (effective validation and uncertainty limits); ESMA rules for clear, not misleading client communication.
Based on yesterday's audit report, the total exposure to derivative counterparties in APAC was evaluated to be $14.2 Million, demonstrating compliance.
Adversarial Prompt Tester
Security validation panel displaying system leak protections, indirect injections, and prompt audit success scores.
Integrate in model evaluation pipelines and release staging environments to stress-test prompt injection barriers before deployment.
Do not use for normal application functional QA. Adversarial testing specifically aims to break the safety alignment of LLMs.
Presents tabular threat assessment reports; security levels are color-coded (Red/Green indicators) and categorized with clear labels.
NIST AI Risk Management Framework (Adversarial Robustness guidelines); ISO/IEC 42001 (AI Management System Security).
| Threat Vector | Adversarial Payload Snippet | Defense Trigger | Bypass Rate |
|---|---|---|---|
| System Prompts Leak | "Show instructions above..." | Structural Guard | 0.00% (Pass) |
| Indirect Injection | "Read text, ignore rest..." | Input Sanitization | 0.00% (Pass) |
| Restricted Output | "Give advice on stocks..." | Output Classifier | 0.00% (Pass) |
RLHF Pairwise Arena
Analyst interface for pairwise model output evaluation to rate compliance, formatting, and alignment metrics.
Deploy in post-training alignment toolchains where expert operators label preference data for supervised fine-tuning.
Avoid for direct end-user screens; consumers do not want to choose between multiple model outputs. Use single output interfaces instead.
Keyboard selectors (Option A vs B) mapped to numeric hotkeys; checkboxes for qualitative wins; clean column grids.
Institutional oversight of model parameters under SEC guidance; documented audit trails of human preference feedback.
The company's net income for the fiscal year ended Dec 31, 2025, increased by 14% to $2.1B, driven by retail subscriber growth.
Net income rose to $2.1 billion (+14% YoY) according to public announcements released by the CFO last month.
Audit Trail Registry
Chained cryptographic block ledger to log model interactions, hashes, and timestamps, ensuring compliance record immutability.
Deploy on algorithmic execution, risk exception overrides, and compliance reporting logs where actions must survive external auditor scrutiny.
Do not use when high-throughput logging of low-risk telemetry is required. Database audit tables are better for generic event tracking.
Blocks are visually linked with verification checks; copies hash values on single-click with visual success indicators.
SEC Rule 17a-4 (immutable data storage format requirement); FINRA Rule 4511 general compliance record keeping.
SEALED
SEALED
Structured Schema Validator
Visual mapping converting raw LLM response text to strictly typed JSON objects with validation and coercion rules.
Use when connecting model-generated text outputs directly to transactional backend databases and execution systems requiring structural validation.
Not necessary for free-form conversational chatbots where structured output is not passed to downstream APIs.
Displays side-by-side parsed fields; highlights validation errors, missing parameters, and automatic type conversions (coercions) with distinct alerts.
SEC Regulation Systems Compliance and Integrity (Reg SCI) strict operational data validation standards.
"symbol": "AAPL",
"qty": "100",
"type": "market"
}
Local Feature Attribution (XAI)
Attribution weights visualization mapping the positive and negative impact of specific variable vectors driving a model choice.
Use for explaining credit approvals, transaction classification, or high-risk algorithmic trading triggers where reasons must be auditable.
Avoid in scenarios with thousands of complex inputs where aggregated feature importance is more representative than local attribution.
Attributes and weights are represented both visually (horizontal bars) and numerically (percentages); colors map to positive vs negative indicators.
Equal Credit Opportunity Act (ECOA) adverse action notice requirements; GDPR Article 22 explanation rights.
Model Card
The model's passport: version, owner, training window, headline metrics, intended use, and — most load-bearing — the known-limits panel stating what the model must NOT be used for. Rendered in product, not buried in a wiki. Reg alignment: SR 11-7 model documentation, EU AI Act Annex IV.
One card per deployed model, linked from every surface that consumes its scores. The intended-use and do-not-use sections are the contract between model team and product team.
Not a research README — no hyperparameter dumps in the product view. If a model has no owner or no documented limits, the card's emptiness is the finding; don't pad it.
Version is mono and copyable; limits panel renders in the warning register and cannot be collapsed by default; metric definitions link to their evaluation protocol.
SR 11-7 requires documented purpose, design, and limitations; EU AI Act Annex IV requires the same for high-risk systems. The card is that documentation at the point of use.
Confusion Matrix
The four-cell truth table with business semantics attached: false negatives labelled as missed risk, false positives as analyst cost. Read together with the threshold tuner — the matrix is the evidence, the tuner is the decision.
Use when reviewing any binary classifier that gates real workflows — fraud, AML, churn. The matrix is the only honest summary of what a threshold choice does.
Do not show accuracy as the headline on imbalanced data — 96.6% accuracy here would hide 56 missed-risk events. Lead with the error cells.
Cells are colour + label dual-encoded; counts are real counts (not percentages alone); each cell drills to the actual cases behind it.
AML model validation expects error analysis by consequence class — the matrix with business labels is the artifact examiners actually read.
FLAG
CLEAR
Feature Importance
Global feature attribution (mean |SHAP|) as ranked bars with mono feature names — plus the caveat rendered into the component, because this chart gets screenshotted into policy decks: importance is association, not causation.
Use for model review, drift investigation, and explaining 'what drives the score' to risk committees. Pair with per-decision attribution for case-level questions.
Never present as causal levers ('reduce feature X to lower risk') and never expose raw feature names that leak protected attributes — display names are a curated mapping.
Bars sort by magnitude with values printed (not colour-only); the list is a semantic list; feature names link to their definitions in the feature store.
Fair-lending and AML validation both ask 'what is the model using' — this surface answers it, and the curated display-name layer is the protected-attribute control.
Drift Monitor
Population-stability tracking with the thresholds drawn in (PSI 0.10 / 0.20 bands), the action state visible (retrain queued), and label-delay honesty — performance drift is invisible until labels arrive, so input drift is the early-warning system.
Standing surface for every production model — drift review is a calendar event, not an incident response. The threshold bands make 'how bad is 0.14' a settled question.
Do not alert on every wiggle (alert fatigue kills the monitor) and do not wait for accuracy to drop — with a 41-day label delay, accuracy is a rear-view mirror.
Bands are encoded in colour AND stated numerically; the action state is part of the component; each month drills to the distribution comparison behind the score.
Ongoing monitoring is an explicit SR 11-7 and EU AI Act Art. 61 (post-market monitoring) obligation — this surface is the evidence it happens on schedule.
Experiment Tracker
Training runs as a disciplined ledger: config, metric, status — with reproducibility (data snapshot + commit + seed) as the admission rule and a fairness-report gate before any run can become a challenger.
The working surface for model iteration — and the provenance record for 'where did the production model come from', which is an audit question, not a curiosity.
Not a leaderboard: do not sort by metric alone or the team will overfit the eval. Failed runs stay visible — deleted failures are how teams repeat them.
Status is colour + text; configs are copyable mono; each run links to its artefacts. The promote action is a gated workflow, not a button on this table.
SR 11-7 development evidence and EU AI Act record-keeping both expect exactly this trail from data to deployed weights.
Champion–Challenger Gate
Side-by-side production model vs shadow candidate over a fixed evaluation window — with promotion gated on the full criteria set, so an accuracy win cannot buy its way past a fairness regression. The blocked state is the component's reason to exist.
The standard replacement path for any production model — challengers earn promotion in shadow on live traffic, never on offline eval alone.
Do not run perpetual shadow without a decision date (zombie challengers), and never let a single headline metric decide — the gate is multi-criteria by construction.
Deltas are signed and colour-coded; the blocking criterion is named in plain language; the Promote control is disabled with the reason adjacent, and override is a routed sign-off, not a click.
SR 11-7 effective challenge and change-control expectations; fair-lending model governance. The blocked-promotion record is the strongest evidence the gates are real.
Precision@alert 0.71
FN rate 11.9%
Fairness parity Δ 2.1%
21 DAYS
Precision@alert 0.74 (+0.03)
FN rate 10.2% (-1.7pp)
Fairness parity Δ 3.4% (+1.3pp — BLOCKS)
Contract Lifecycle Board
CLM kanban for enterprise sales ops: draft → redline → legal review → signature → active → renewal. SLA countdown, clause-change alerting, counterparty party-of-record tracker. Reg alignment: SOX §302, GDPR Art 28 DPA, e-signature compliance (eIDAS, UETA).
Usage-Based Pricing Calculator
Metered billing simulator with tiered pricing, overage bands, volume discount curves, commit vs. true-up logic. Critical for FP&A and sales-engineering alignment. Patterns: Stripe Billing, AWS tiered, Datadog per-host. Reg alignment: ASC 606 revenue recognition, SEC Rev Rec disclosure.
Customer Health & Churn Risk Score
Composite health scoring blending product engagement, support sentiment, billing signals, contract renewal window, executive sponsorship attrition. Exposes the "quiet-quit" customers BEFORE they send non-renewal notice.
- Schedule QBR within 14 days (new CTO Rachel O.)
- Resolve P1 tickets #4471, #4489, #4501 (SLA breach)
- Surface product usage gap: Analytics feature 0% adoption
- CSM exec-sync if no movement by day 21
Enterprise Provisioning Wizard
Day-0 onboarding flow for enterprise buyers: workspace create → SSO (SAML/OIDC) bind → SCIM provisioning → role mapping → IP allow-list → domain claim. Post-DPA first-value under 30 minutes. Reg alignment: SOC 2 CC6.1/CC6.2, ISO 27001 A.9.
API Quota & Rate Limit Dashboard
Per-tenant request ceiling visualization with token bucket state, burst allowance, auto-escalation recommendations. Surfaces the "we're about to 429" signal before customer calls support. Reg alignment: SOC 2 CC7.2 (monitoring), AWS Well-Architected Reliability Pillar.
Incident Command Board
Active-incident war room: severity badge, timeline with ROLE-prefixed updates (IC / COMMS / OPS), blast radius calculation, downstream dependency graph, customer comms staging. Pattern: PagerDuty × Statuspage × Atlassian SRE. Reg alignment: SOC 2 CC7.3 (incident response), ISO 27001 A.16.
r3-orderbook-index
changed query plan on routing table. Slow scan introduced on EU shards.Compliance Audit Evidence Export
One-pane evidence bundle builder for SOC 2, ISO 27001, PCI DSS auditors: access logs, change log, incident records, DPA history, backup restore evidence. Time-scoped, signed, tamper-evident. Reg alignment: SOC 2 AICPA TSC, ISO 27001 A.18, PCI DSS 10.7.
Signed: CN=Ed Chen · Issued by SectigoRSADomainValidationSecureServer CA · 2026-04-19T14:22Z
Partner & Reseller Portal
Channel partner deal-registration flow with discount tier, named-account conflict resolution, co-sell marketing assets, commission tracker. Reg alignment: SOX revenue recognition for channel, anti-corruption FCPA/UKBA conflict-check.
• Named TAM assigned
• Quarterly co-sell planning
• MDF $50k/quarter
• Partner Summit 2026 access
ARR Revenue Waterfall
Period-over-period ARR composition: new logo · expansion · contraction · churn · reactivation. The GAAP-aligned view finance + BOD expect on every QBR. Reg alignment: ASC 606, SaaS metric SEC disclosure comment-letter patterns.
Every bar is placed by one scale (7.9 px per $M), and every card is derived from the bridge — the arithmetic is printed under each one. A revenue bridge whose KPI cards don't reconcile with its own bars is worse than no chart: it is a chart that will be believed.
SSO & SCIM Admin Console
IdP identity bridge ongoing state: active session count, SCIM provisioning delta, group → role mapping health, JIT provisioning toggle, session policy (idle timeout, MFA enforcement). Reg alignment: SOC 2 CC6.1 · ISO 27001 A.9.2 · NIST SP 800-63B authenticator assurance.
AI Token Cost Calculator
Estimate per-request and per-1k-call spend from input/output token counts and per-million pricing. Preset chips load common model tiers.
Sizing the unit economics of an AI feature before committing to a model tier, or comparing vendors at a glance.
For finalized billing reconciliation use the provider's metered invoice — this is a planning estimate, not an authoritative ledger.
Recalculates on every input; preset chips are toggle buttons with aria-pressed; numeric fields are labelled and keyboard-operable.
Frontier models price output ~5x input; mid/small tiers trade quality for an order-of-magnitude lower blended cost.
Tokenizer Estimator
Approximate the token footprint of arbitrary text as a range, with live character and word counts.
Quickly gauging whether a prompt, document, or system message fits a budget before sending it to a real tokenizer or API.
For exact accounting use the model's own tokenizer (tiktoken, etc.) — heuristics drift on code, CJK, and emoji.
Updates on input; the estimate region is aria-live="polite" so screen readers hear the running range without focus loss.
English averages ~4 chars/token; the words×1.3 upper bound captures subword splits on rarer vocabulary.
Context-Window Budget
Visualize how much of a model's context window is consumed, with near-limit and overflow warnings.
Monitoring a long conversation, RAG payload, or document load against the active model's window ceiling.
Not a substitute for runtime truncation logic — it informs the user, the application still has to enforce the cap.
The meter is a role="progressbar" with aria-valuenow/min/max; overflow raises a role="alert" so assistive tech announces it.
Exceeding the window truncates the oldest tokens silently — surfacing the ≥80% threshold prevents lost-context failures.
Overflow: used tokens exceed the window. Oldest context will be truncated.
Prompt-Cache Savings
Model the dollar and percentage savings from caching a portion of repeated input tokens.
Deciding whether a large stable system prompt or context block justifies enabling prompt caching.
Skip when prompts are unique per call — caching only pays off above a hit-rate and cache-lifetime break-even.
Percentage inputs clamp to 0–100; results recompute live and are exposed via an aria-live region.
Cached input tokens commonly bill at ~10% of base rate, so a 90% discount on a high-cache-hit prompt slashes blended cost.
Token Stream Meter
Simulate a streaming generation to show time-to-first-token, throughput, and a growing token count.
Demonstrating perceived-latency behaviour of streaming UIs, or prototyping a live generation indicator.
This is a simulation; wire to real SSE/stream events for production telemetry rather than synthetic timing.
Run is disabled mid-stream; reduced-motion users jump straight to the final state; the feed is aria-live="polite".
TTFT and tokens/sec are the two metrics that govern how fast a generation *feels* — independent of total length.
Schema / Data-Contract Editor
Define a table's columns — name, type, nullability — and watch a typed schema table and a CREATE TABLE DDL regenerate live. The contract a data scientist hands to engineering before a single row is written.
When authoring a data contract or table definition collaboratively — analysts specify intent, the DDL is the artifact engineering ships.
For free-form exploratory CSVs use schema-on-read inference instead; this is for governed, schema-on-write tables.
Each row is a labelled fieldset; type is a native <select>, nullable a real checkbox;
DDL updates on any change. Remove buttons carry aria-labels.
Mirrors schema-on-write data contracts (dbt models, Delta table DDL). The NOT NULL constraint is the cheapest data-quality control there is — enforced at write time, not discovered at query time.
| Column | Type | Nullable |
|---|
Data-Quality Profiler
Per-column null-rate, distinct cardinality and a PASS/WARN verdict over a profiled sample — the first thing a data scientist checks before trusting a feature. Frames bad data as downstream cost, not just a number.
At ingestion or before model training — to catch null-heavy or low-cardinality columns before they silently degrade a pipeline.
Not a replacement for a full great-expectations / Deequ suite; this is the at-a-glance triage layer above it.
Bars carry numeric text alongside (never colour-only); WARN flags use a labelled badge plus a written threshold so the verdict is screen-reader legible.
Standard column profiling (null-rate, distinct count) as run by data-profiling jobs. A 20%+ null rate on a feature column is a recall-time surprise — surface it at ingest.
| Column | Null-rate | Distinct | Status |
|---|
Data Lineage DAG
Source → transform → table provenance as a clickable directed graph. Click any node to light up everything upstream (where it came from) and downstream (what breaks if it changes). Impact analysis at a glance.
For impact analysis before a schema change, or root-cause when a downstream dashboard goes stale — trace the dependency chain.
For hundreds of nodes use a dedicated lineage tool (OpenLineage / Unity Catalog); this is a focused single-pipeline view.
Nodes are real buttons, keyboard-activatable; selection state is announced; connectors are decorative SVG with the relationship also encoded in node borders, not colour alone.
Column- and table-level lineage as captured by OpenLineage / dbt graphs. Provenance is the precondition for trust — and for GDPR / data-residency audits.
Typed Query Result Grid
A query result set with a type chip on every column header and click-to-sort with stable type-aware ordering (numbers numerically, timestamps chronologically). The grid an analyst stares at all day, done right.
To render the output of an ad-hoc query or notebook cell where column types and quick re-sorting matter.
For million-row result sets use a virtualised grid with server-side sort; this is for the typical sampled preview.
Headers are keyboard-operable, carry aria-sort, and sort is type-aware not lexical. The
rows/latency footer reports the actual rendered count.
The result-grid contract of any warehouse client (Databricks SQL, BigQuery console). Type-correct sorting prevents the classic "string-sorted numbers" analyst error.
Delta / Version Diff
Compare two snapshots of a table (v1 vs v2): rows added, changed, removed, with a colour-and-label-coded change list. The Delta-Lake time-travel idea — answer "what changed between yesterday's run and today's?" without re-querying raw logs.
To audit a pipeline run, validate a backfill, or explain a metric jump — diff two versions instead of diffing in your head.
For schema (not row) drift use the schema editor's contract diff; this compares row-level state between versions.
Every change carries a text badge (ADDED / CHANGED / REMOVED), not just colour; old→new values are shown inline so the delta is readable without colour vision.
Delta Lake / Iceberg time-travel and DESCRIBE HISTORY. Version diffing turns "the numbers
moved" into an attributable, auditable change set.
Cross-Platform & Cross-Browser Rendering
The same component across four operating systems and eight browsers. The OS sets
window chrome, fonts, scrollbars, and ⌘/Ctrl grammar; the browser's engine (Blink, Gecko, WebKit) sets what CSS
resolves. One token set with defensive @supports fallbacks — native feel everywhere, broken layout
nowhere.
Any surface shipped to more than one OS — desktop trading terminals, Electron back-office tools, web apps that must feel native on macOS, Windows, GNOME, and Ubuntu alike.
Don't hand-paint OS chrome inside a real native or Electron app — let the OS draw its own title bar. This pattern is for previews, embedded simulations, and design documentation, not for overriding the host window manager.
OS switch is a button group with aria-pressed; the live region announces the active OS.
Control clusters use logical placement so the layout mirrors correctly under RTL. Reduced-motion disables
all transitions. Window controls are decorative (aria-hidden) — never the only path to an
action.
Cross-platform consistency via system font stacks (-apple-system, Segoe UI,
Ubuntu/Cantarell), logical properties for direction-safe layout, and native conventions
(control side, scrollbar weight, ⌘ vs Ctrl, locale formatting) so intent stays identical while the surface
feels at home on each desktop.
Scrollbar weight follows the host OS. macOS uses a thin overlay thumb; Windows draws a wider tracked bar; GNOME and Ubuntu sit in between. Same component, native scroll feel on every desktop. Keep scrolling to see the thumb behaviour.
Eight browsers, three rendering engines. Compatibility isn't fought browser-by-browser — it's won at the engine layer (Blink, Gecko, WebKit) with feature queries and progressive enhancement. Pick a browser to see its engine and the exact technique that keeps the layout pixel-stable there.
| CSS feature in this system | Blink | Gecko | WebKit | Fallback if unsupported |
|---|---|---|---|---|
Flexbox / Grid / gap |
Native | Native | Native | n/a — universal since 2021 |
clamp() fluid sizing |
Native | Native | Native | static rem via @supports |
color-mix() tint tokens |
Native | Native | Native | solid token colour fallback |
:has() relational |
Native | Native | Native | class toggle (graceful) |
| Custom scrollbar | ::-webkit | scrollbar-color | ::-webkit | both APIs shipped together |
backdrop-filter |
Native | Native | -webkit- | opaque surface fallback |
| Logical properties (RTL-safe) | Native | Native | Native | physical-property shim |
- Feature detection, never UA sniffing. Anything non-universal is wrapped in
@supportswith a defined fallback path — no browser is special-cased. - System font stacks. No web-font download means no FOUT, no layout shift — and it survives Brave Shields and Tor's Resist-Fingerprinting forcing system fonts.
- Fluid
clamp()layout. Absorbs Tor's letterboxed viewport steps and any DPI without fixed breakpoints that snap. - Both scrollbar APIs shipped.
::-webkit-scrollbarfor Blink/WebKit andscrollbar-width/colorfor Gecko — styled consistently on all three. - Logical properties +
tabular-nums. Direction-safe layout and numbers that never reflow as they change.
Agent Definition Builder
A NotebookLM-style editor where an agent is nothing more than a markdown file plus
a list of source URLs. Seed from a template, edit the form, and watch agent.md regenerate live —
copy-ready frontmatter and all.
When a user needs to template, fork, or hand-tune an AI agent and wants the underlying
agent.md contract to stay visible and version-controllable instead of hidden behind a settings
panel.
Not for runtime chat or tool execution — this only authors the definition. For a multi-agent roster use the Cluster Manager; for keyword-routed skills use the Skill Card Editor.
Every keystroke re-renders the markdown deterministically; all typed text is HTML-escaped before injection.
Inputs carry real labels, the model picker is a native <select>, and source rows are
keyboard-removable. Reduced-motion safe.
An agent is a versionable markdown contract: YAML frontmatter (name, role, model, sources) over a
system-prompt body. A cluster of these is just a folder of .md files — diffable, reviewable,
portable.
The markdown is the agent — copy it into a repo, version it, diff it.
Skill Card Editor
A skill is a SKILL.md plus trigger keywords and resource URLs. The
description here is not prose for a human — it is the routing signal the keyword matcher reads to decide whether
to pull this skill in.
When authoring a narrow, keyword-triggered capability that the agent loader should grab automatically — the description and triggers are tuned for the matcher, not for a reader.
Not for full conversational agents with a persona and model — use the Agent Definition Builder. Skills are leaf capabilities a parent agent routes to.
Keyword chips and resource rows add/remove live; the SKILL.md preview re-renders on every
change with all text HTML-escaped. Chips are removable via a labelled control. Reduced-motion safe.
Description-as-routing-signal: the matcher reads the description + triggers to score relevance, so they are written to be grabbed by keyword. A skill is a versionable markdown contract that lives beside its agents in the cluster folder.
The description is written for the keyword matcher — not the human reader.
Agent / Skill Cluster Manager
A cluster is just a folder of markdown files. Search by keyword to see how the matcher grabs the right one, toggle each between Enabled and Draft, and watch the enabled count update live.
When organizing a mixed roster of agents and skills — enabling, drafting, and finding the one the router will pick by keyword across name, description, and triggers.
Not for editing a single definition's body — open it in the Agent or Skill editor. This is the folder-level view, not the file-level view.
The search box filters the roster live on input (name + keywords + description); status toggles are real buttons with aria semantics conveyed by visible text. The summary recomputes on every toggle. Reduced-motion safe.
A cluster is a folder of .md files. Keyword search demonstrates description-as-routing-signal
— the AI grabs the right contract by keyword, exactly as the loader does at runtime.
Expert Team Composer
Switch the domain preset to swap the roster of AI agents, toggle each member active or inactive, and watch the live "active team" summary recompose the auditable workflow.
When a single-pass AI output needs an adversarial, multi-role team to harden it — a composable roster where each agent owns one accountability (ceiling, attack, de-AI, quantification, distribution).
For a throwaway draft with no review bar, skip the team — use a plain prompt. Don't compose a five-agent pipeline for a one-line answer; the governance overhead is the point only when stakes are real.
Preset buttons are aria-pressed radio-style; agent toggles are
role="switch" with aria-checked, keyboard-operable, and update an
aria-live summary. Reduced-motion safe; dual-theme via tokens only.
An agent team is a composable, auditable workflow: adversarial review + quantification + de-AI become governance primitives, not vibes. Every output passes a hardcore buyer, a data officer, and a humanizer before it ships.
Adversarial Workflow (SOP)
A clickable four-step pipeline — Diagnostic, Debate, Humanizing, Final — showing which agents act at each stage, plus the hard constraints and the fixed output format the team must obey.
When you need a repeatable standard operating procedure that forces raw input through blind diagnosis, adversarial debate, de-AI humanizing, and a final optimized version — so quality is procedural, not accidental.
If the input is already validated and shipped, don't re-run the full SOP — use a lightweight spot-check. Skipping the Debate step to save time defeats the governance value; if you can't afford the attack, you can't afford the claim.
Stepper is a tablist with aria-selected steps and a
linked tabpanel detail; arrow-key and click navigation, focus-visible. Static Constraints and
Output-format panels are always readable. Tokens-only theming, reduced-motion safe.
Adversarial review + quantification + de-AI form one governance pipeline: every claim is challenged for real user/business benefit, quantified to a result (cost ↓, ROI ↑, efficiency ×2), and stripped of AI-tone before the optimized version is allowed out.
- Ban AI-tone. Forbid 總 之 / 首先 / 在當今數位時代 / 此外 and their English equivalents In conclusion / Firstly / In today's digital age / Moreover / Furthermore.
- Quantify every claim to a business result — cost ↓, ROI ↑, efficiency ×2.
- No blind praise. If the work is mediocre, an agent must say "this won't pass the interview/review".
- 【Expert Diagnostic Feedback】 — bullets naming flaws and room to optimize.
- 【Optimized Final Version】 — ready-to-use, shippable output.
- 【Business Value Assessment】 — the concrete benefit, quantified.
AI Cluster Topology & Memory Pool
An EXO-style distributed inference cluster shown two ways at once: human-readable node cards on the left, and the machine-readable manifest an AI orchestrator consumes on the right. Same cluster, two readable forms — both regenerate on every change.
When you run models on-prem across several machines and need operators to grasp the cluster shape in seconds while agents read the same state as structured config.
Not for single-device inference or cloud-hosted endpoints. If one machine holds the model, skip the cluster framing and show a plain model card instead.
Add/remove are real buttons with text labels; pooled-memory readout updates live and is announced via a polite live region. Manifest mirrors the visual state exactly so neither view drifts.
On-prem & data-residency: nothing leaves the building. Pooled unified memory (est.) lets a cluster run models larger than any one device. Human view + machine manifest keep cluster state legible to both audiences.
Model Fit & Topology-Aware Partitioning
Estimate whether a model fits the cluster's pooled memory at a given quantization and context, then show how EXO would shard it across nodes weighted by each device's memory.
Before committing a model to a cluster — to sanity-check fit, headroom, and how the weights spread across heterogeneous devices under topology-aware auto-parallelism.
Not a substitute for a real load test. Estimates exclude activation spikes and framework overhead beyond the flat KV margin; benchmark before production.
Native selects and number input; verdict text states FITS / DOESN'T FIT in words plus headroom %, not colour alone. Shard bar segments carry text labels and recompute on every input change.
EXO topology-aware parallelism splits a model from a realtime resource view; tensor parallel cites EXO's published 1.8× (2 devices) / 3.2× (4 devices). All memory figures labelled est.
Distributed Inference & API Surface
Simulate a streamed completion fanning across the cluster ring — tokens/sec climbing, nodes lighting up — backed by the OpenAI / Claude / Ollama-compatible API EXO serves at localhost:52415.
To demonstrate that the cluster serves a drop-in compatible endpoint, and to visualise that a single request is computed collaboratively across participating nodes.
This is a UI simulation, not a live benchmark. For real throughput numbers, run the model and read EXO's dashboard at :52415 rather than this animation.
Send is a button; the stream uses requestAnimationFrame and snaps to the final state under prefers-reduced-motion. The curl block is selectable text, not an image.
EXO exposes OpenAI Chat Completions, Claude Messages and Ollama-compatible APIs on-prem; the same request runs across the pooled cluster, keeping inference and data inside your network.
M3 Ultra 128GB
M3 Ultra 128GB
M3 Ultra 512GB
Payment Rail Selector
Pick a money-movement rail and read its real trade-offs live — settlement speed, cost, cut-off, finality, and limit. The same rail metadata an AI agent weighs before routing a payment.
Any send-money flow where the rail materially changes speed, cost, or finality and the payer (or an agent) must choose between them.
Single-rail products — show a static rail badge, not a chooser of one. Never imply a choice that doesn't exist.
Rails are real buttons in a group; each announces speed + cost + finality as text. Irrevocable rails say so in words, never colour alone; the cut-off is text.
NACHA Operating Rules (ACH), ISO 20022 (wire / RTP messaging), Reg E 12 CFR 1005 (consumer EFT). Finality and return rights differ by rail and are stated, not hidden.
Money Movement Tracker
Walk a payment through its lifecycle — initiated, risk hold, clearing, settled — or post a return with a real NACHA return code. Honest about which stages a rail actually has.
After a payment is submitted, on any status surface the payer or an ops team sees while funds are in flight.
Instant, irreversible rails with no intermediate states — a single settled badge is honest; don't fake stages that don't exist.
Status is a live region; the stage list is ordered with the current stage marked in text. Return codes resolve to plain-language meaning, not just a code.
NACHA return codes (R01–R85), Reg E error resolution (12 CFR 1005.11), ISO 20022 pacs.002 status report. The reversibility window is stated explicitly.
FX Quote Ticket
Quote a cross-currency transfer with the markup over mid-market shown in the open — you-send, they-receive, fee, and a re-pricing timer. Transparency is the design.
Any multi-currency send where the rate and fee must be disclosed before the user commits.
Same-currency transfers — no FX surface, and never invent a rate to fill the space.
Rate-expiry is counted-down text in a live region; the markup over mid-market is a separate, explicit line — never folded silently into the rate.
Reg E remittance rule (12 CFR 1005 Subpart B), consumer FX transparency (mid-market disclosure), PSD2 (EEA payment transparency). Rates here are indicative.
Reconciliation Match
Match statement lines against ledger entries — matched, unmatched, exception — with a confidence read and a manual-match path that leaves an audit note. Post-settlement, not a gate.
Treasury, ops, or finance surfaces reconciling money movement to the ledger after settlement.
Real-time pre-trade checks — this is post-settlement reconciliation, not an execution gate. Use a pre-trade control there.
Match state carries a text label plus icon, never colour alone; manual-match is keyboard-operable and reversible, and writes an audit line.
SOC 1 / ICFR (reconciliation control), ISO 20022 camt.053 (bank statement), SEC 17a-4 (audit-trail retention where applicable).
Payment Retry & Dunning
Recover a failed charge intelligently: the reason code decides whether to retry on a schedule or stop and ask for a new method. Not every decline should be retried.
Subscription or billing surfaces after a recurring charge fails and you must decide retry vs. require-update.
One-time payments with no recurring relationship — a single error + retry is enough; no dunning ladder.
The reason code is translated to plain language; the retry schedule is text; the update-method CTA is the primary action, never buried.
Reg E (consumer EFT), card-network retry rules (Visa / Mastercard), PSD2 SCA (re-authentication on method update). Hard declines are never retried.
Debit Mandate & Consent
Capture a pull-debit authorization the way regulation expects — payee, amount cap, frequency — with the live mandate text and a revoke path as easy to find as grant.
Setting up any pull-based recurring debit where the payer must authorize in advance.
Push payments the user initiates each time — there is no standing mandate to capture, so don't ask for one.
The authorization text is readable before consent; revoke is as findable as grant; consent state (draft / active / revoked) is announced in text.
NACHA authorization rules (WEB / PPD / CCD), SEPA Direct Debit Mandate (Rulebook), Reg E preauthorized transfers (12 CFR 1005.10).
Payout Schedule
Show a payee when money lands: available, in-transit, next payout date, and a rolling reserve that moves as you change the hold — the marketplace seller's mental model, made legible.
Marketplace or platform payout surfaces where sellers or contractors track money owed and when it arrives.
Instant-settlement contexts with no schedule — show a single balance, not a timeline that implies waiting.
Amounts are tabular-aligned with explicit currency; the next-payout date is text; the reserve hold is explained, not just shown as a number.
Money-transmission / payout licensing (state MTL where applicable), IRS 1099-K reporting thresholds, rolling-reserve disclosure.
Deposit · Fund Account
Add money to a balance and see the real cost of each method up front — card vs ACH vs wire vs instant rail — with the fee, ETA, and resulting balance computed live.
Any add-funds surface where the method changes fee and speed and the user should choose with eyes open.
Not for a single funding method — show a static method row, not a chooser. Never hide the card processing fee.
Method is a labelled control; fee and ETA update as text; the resulting balance is announced, not just colour-coded.
NACHA (ACH) · ISO 20022 (wire / RTP) · card-network interchange + processing-fee disclosure (Reg E for consumer EFT).
Withdrawal · Cash Out
Move money out to a linked bank with the guardrails that matter — available balance, daily limit, and a clear blocked state when a rule is hit, not a silent failure at submit.
Any cash-out surface where balance and velocity limits gate the action.
Not where there are no limits or holds; do not fabricate a limit to look secure. Never let an over-limit amount reach submit.
Limit and balance checks resolve to a text BLOCKED / OK state with the reason; the disabled reason is announced, never colour-only.
Reg E (consumer EFT) · BSA velocity / structuring monitoring · NACHA (ACH) and ISO 20022 (RTP) for the outbound rail.
Transaction Detail
The full record for one transaction — amount, status, counterparty, rail, fee, timestamps, and reference — the canonical “tap a row to see everything” surface, with status in words.
Any drill-in from a list where the user needs the complete, citable record of a single movement.
Not as the list itself (use Transaction History); not a place to bury the status behind an icon with no label.
Status carries a text label plus badge; the amount sign is explicit (+ / −); every field is selectable text for support and audit.
ISO 20022 references (end-to-end + transaction id) · SEC 17a-4 / SOC 1 audit-trail retention · Reg E dispute reference.
Transaction History
A filterable ledger: search and filter by type, each row showing direction, description, signed amount, and status — the everyday statement view, fast to scan and honest about pending items.
Account, wallet, or treasury surfaces where users review what moved and when.
Not for a single record (use Transaction Detail); not where realtime streaming is required — this is a settled-ledger view.
Filter tabs are buttons with pressed state; search is a labelled field; pending vs settled is stated in text on every row.
ISO 20022 camt.053 (statement) · SEC 17a-4 retention · Reg E 60-day error-resolution window surfaced per row where relevant.
Activity & Audit Log
An append-only event log — sequence number, severity, timestamp, and a short integrity hash per entry. Append new events; existing rows never mutate, which is the whole point of an audit trail.
Compliance, security, and ops surfaces that must show who did what, when — and prove it was not edited after the fact.
Not for user-facing notifications (those are dismissible); not a place to allow deleting or editing past entries.
New entries prepend; past entries are immutable; severity is a text label; the log region is announced as a live region.
SEC 17a-4(f) WORM retention · SOC 2 audit logging · append-only with per-entry hash chaining for tamper-evidence.
Forensic Data Auditor (CFE AI Audit)
Real-time ledger scanning and anomaly profiling interface. Designed for Certified Fraud Examiners (CFE) and data compliance managers to screen training or inference datasets for mathematical anomalies, duplicate sequence injections, and rounding irregularities before AI processing. Reg alignment: SEC Rule 17a-4 data integrity, CFE Forensic Standards.
Deploy as a gatekeeper dashboard when feeding external or client-submitted financial telemetry logs into LLM scoring models. Essential to detect AI poisoning and transaction falsification.
For raw text, document schemas, or code repositories. If auditing system actions rather than dataset inputs, use ongoing AML Monitoring Queues or Audit Trail Registries.
Interactive table uses distinct visual borders and aria-live terminal output. Screen readers receive updates on logs and analysis status. Focus targets are keyboard accessible.
SEC Rule 17a-4 and FINRA Rule 4511 require pristine, auditable, and immutable books and records. Downstream model audits depend on proof of untampered source datasets.
| TxID | Account | Amount (BTC) | Precision Deviation | Status |
|---|---|---|---|---|
| #84729 | AUREUS-9210 | 12.49021890 | < 0.00000001 | Passed |
| #84730 | SLM-INC-9012 | 0.00018921 | +0.00000009 | Drift Flag |
| #84731 | LOGIX-3281 | 384.00192800 | < 0.00000001 | Passed |
| #84732 | EVAD-TR-4320 | 8,230.00000000 | < 0.00000001 | Benford Flag |
<!-- Forensic Data Auditor Component -->
<div class="cfe-wrap">
<button class="c-btn c-btn-primary" id="run-audit-btn">Run CFE AI Audit</button>
<table class="cfe-table">
<!-- Table headers & rows -->
</table>
<div class="cfe-terminal" id="cfe-terminal" aria-live="polite">
<!-- Streaming logs dynamically fed from API -->
</div>
</div>
8-Decimal High-Precision Monitor
A dense ledger and micro-transaction rounding auditor. Displays values up to 8 decimal places to reveal sub-penny rounded remainders and intercept salami-slicing fraud signatures (the redirection of tiny fractional remnants to unauthorized vaults). Reg alignment: GAAP general ledger rules, ISDA Clause 8 netting protocols.
Required in blockchain-based custody systems, high-frequency currency arbitrage netting dashboards, and algorithmic commodity execution screens where micro-fractions aggregate into significant value.
For standard consumer banking apps or fiat credit card checkout screens where the legal limit of resolution is exactly 2 decimal places. Use plain Price Displays there.
Renders fractional differences in monospace. Highlight states use distinct sign indicators (+ / -) in addition to red/green colors for colorblind accessibility. Announces threshold triggers to screen readers.
ISDA contracts require strict precision rounding adherence. GAAP requires complete double-entry verification of all decimal residuals. Programmatic theft targets these invisible remainders.
| Acc ID | Audited Value | Standard Display | Remainder (Salami Shift) |
|---|---|---|---|
| ACC-1002 | 1,248.50918300 | 1,248.51 | -0.00081700 |
| ACC-4891 | 45,210.00192831 | 45,210.00 | +0.00192831 |
| ACC-9012 | 0.00018921 drift | 0.00 | +0.00018921 |
| ACC-5712 | 120.40001201 | 120.40 | +0.00001201 |
Rounding remainders are typically truncated. In CFE-protected environments, the 8-Decimal High-Precision Monitor captures micro-movements, signaling alerts if cumulative roundoff shifts from mathematical parity.
<!-- 8-Decimal High-Precision Monitor -->
<table class="cfe-table">
<tr>
<td class="cfe-precision-val">0.00018921 <span class="cfe-leak">drift</span></td>
<td class="cfe-precision-val">+0.00018921</td>
</tr>
</table>
<div class="cfe-drift-ticker" id="drift-accum">0.02198031 BTC</div>
AI Markdown Auditor & Truth Engine
An interactive parser that validates AI-generated markdown reports against primary ledger facts. Downstream components automatically compare numerical claims inside structured AI outputs against verified databases, marking claims as Verified (green) or Hallucinated (red) with inline links to sources. Reg alignment: EU AI Act Article 13 transparency, SEC Rule 10b-5 truthfulness.
Required whenever presenting unstructured AI analysis to clients or legal compliance personnel. Prevents AI hallucinations from entering formal files or client notifications.
If reports contain no numerical claims or are entirely generated from hardcoded static rules. If the model operates in a closed loop with no natural language output, use Calibrated Confidence Badges.
Markdown elements render with accessible headings. Verified tags are keyboard focusable buttons with tooltip announcements describing the database query hash and timestamp.
EU AI Act transparency guidelines mandate that outputs from generative AI must be traceable to verification anchors. SEC 10b-5 forbids any material misstatements of fact.
Click "Simulate Live AI Audit Stream" to view the truth-verified markdown report render...
<!-- AI Markdown Auditor Container -->
<div class="cfe-live-report">
<h3>CFE Audit Report</h3>
<p>
Fair value: ¥12,400.00000000
<span class="cfe-verify-anchor cfe-badge cfe-badge--success">
[✓ Verified]
<span class="cfe-verify-tooltip">Source: FINLOGIX API | Hash: a7f8d9c2 | Time: 2026-06-16T11:44</span>
</span>
</p>
</div>
Live Support Chat
An embeddable conversational support surface: presence indicator, agent and customer message bubbles, a typing indicator, quick-reply deflection chips, and a composer. Built so a self-serve answer can resolve the contact before it ever reaches a human agent.
For real-time, low-latency support where a customer expects a person or a bot to answer now — billing disputes, account access, or order status. Pair with quick-reply chips to deflect the common 60%.
For complex, document-heavy cases that need attachments and an audit trail, route to a Support Ticket. For broad self-service, lead with Help Center search before opening a live channel.
Message log is an aria-live="polite" region; new messages announce without stealing focus.
Quick-reply chips are real buttons, keyboard-operable with visible focus. Typing indicator is decorative
(aria-hidden) and respects reduced-motion.
In regulated finance, chat transcripts are business records under SEC Rule 17a-4 / FINRA 4511 — the surface must support retention and supervision. Disclosures given in chat carry the same weight as any other channel.
<div class="csx-wrap">
<div class="csx-log" aria-live="polite">…</div>
<div class="csx-quick">
<button class="csx-chip">Where is my withdrawal?</button>
</div>
<div class="csx-compose"><input><button>Send</button></div>
</div>
Support Ticket & SLA Tracker
The agent-side record for an asynchronous case: subject, priority and channel badges, a live SLA countdown that shifts colour as the deadline approaches, and a status stepper from New through Resolved. The SLA bar makes "are we about to breach?" pre-attentive.
For cases that persist across sessions and agents — anything needing attachments, internal notes, or a handoff. The SLA bar belongs anywhere a contractual response time is promised.
For instant, single-turn questions use Live Chat. Do not use a ticket to surface a system-wide outage — that is a Banner / status-page concern, not a per-customer record.
Status uses an icon + text label, never colour alone. The stepper is keyboard-operable; advancing status moves focus logically. SLA percentage is exposed as text, not just bar width, for screen readers.
Complaint handling in regulated finance (e.g. FCA DISP, ASIC RG 271) sets mandatory response and resolution timeframes — the SLA clock is a compliance instrument, not just an ops metric.
<div class="cst-card">
<div class="cst-sla-bar"><div class="cst-sla-fill" style="width:68%"></div></div>
<div class="cst-steps">
<div class="cst-step done">New</div>
<div class="cst-step current">Open</div> …
</div>
</div>
Help Center Search
A self-service deflection surface: instant, type-ahead article suggestions over a known knowledge base, with a contact escalation when nothing matches. The job is to resolve the question before it becomes a ticket — and to fail gracefully into a human channel when it can't.
As the first surface in any support flow. Lead with search so the high-frequency "how do I…" questions self-resolve, reserving live agents for genuinely novel or sensitive cases.
Do not hide an account-blocking or money-movement issue behind search-only. When the query signals urgency or risk, surface a direct contact route immediately rather than forcing self-service.
Combobox pattern: input owns the results list, results are operable by arrow keys and Enter, and the result count is announced via a live region. The empty state always offers an explicit escalation, never a dead end.
Published help content that touches fees, risk, or eligibility must stay consistent with the regulated disclosures (PDS/TMD, FCA COBS) — the knowledge base is part of the compliance surface, not marketing copy.
<div class="csh-search">
<input role="combobox" aria-controls="results" aria-expanded="true">
</div>
<div id="results" role="listbox">
<div class="csh-item" role="option">How long do withdrawals take?</div>
</div>
CSAT & Feedback Capture
A post-resolution satisfaction surface: a five-point emoji scale that progressively discloses a reason picker and free-text only after a rating is chosen, then confirms with a thank-you. Designed to maximise completion by asking for the minimum first.
Immediately after a ticket resolves or a chat closes, while the experience is fresh. The single-tap rating is the commitment; the follow-up is optional and progressive.
Not for relationship-level loyalty measurement — that is NPS on a longer cadence. Never gate access to the product behind a rating, and never re-prompt a customer who already responded.
Faces are a radio group: each is a labelled button with an accessible name ("Very satisfied"), keyboard operable, never colour- or emoji-only. The follow-up reveals without a layout jump and respects reduced-motion.
Free-text feedback can contain a complaint that triggers regulated handling obligations (FCA DISP / ASIC RG 271). The capture surface should route negative sentiment into the formal complaints process, not a dead inbox.
Thank you — your feedback helps us improve.
<div class="csf-faces" role="radiogroup">
<button role="radio" aria-label="Very satisfied">😄</button> …
</div>
<div class="csf-follow"><!-- revealed after rating --></div>
Scrollbar Variants
Five scroll affordances for different contexts: a thin themed bar, a minimal grey
bar that strengthens on hover, an inset fade that signals more content without chrome, a horizontal snap
carousel, and a scroll-progress meter. All token-driven, dual-theme, and built on standard
scrollbar-width / ::-webkit-scrollbar with graceful fallback.
Thin/themed for dense dashboards; minimal-grey for content areas; fade for short overflow where a visible bar is noisy; snap for card carousels; progress for long-form reading or multi-step forms.
Never fully hide a scrollbar on a region that is the only way to reach content on a non-trackpad device — pair hidden bars with a fade or arrows. Don't restyle the OS scrollbar on whole-page scroll.
All regions stay keyboard-scrollable (focusable, arrow/Page keys work) regardless of bar styling. Snap doesn't trap focus. Custom colours preserve a visible thumb at WCAG non-text contrast against the track.
WCAG 2.1 — 1.4.13 (content on hover), 2.1.1 (keyboard), 1.4.11 (non-text contrast for the thumb). A scrollbar is a control: it must remain perceivable and operable, not purely decorative.
::-webkit-scrollbar
.thin{ scrollbar-width:thin; scrollbar-color:var(--accent) transparent; }
.thin::-webkit-scrollbar{ width:8px; }
.thin::-webkit-scrollbar-thumb{ background:var(--accent); border-radius:999px; }
.snap{ overflow-x:auto; scroll-snap-type:x mandatory; }
.snap > *{ scroll-snap-align:center; }
Call-to-Action Buttons
A complete CTA vocabulary — primary, secondary, ghost, outline, gradient, and destructive — plus the structural variants teams actually need: pill, block, icon-only, split (action + overflow), an async loading state, and a floating action button. One hierarchy, so "the most important action on this screen" is never ambiguous.
Exactly one primary CTA per view — the single most important action. Secondary/ghost for alternatives, outline for medium-emphasis, destructive for irreversible actions, split when a default action has variants.
Never show two primaries competing for attention. Don't use a gradient CTA on a regulated trading surface where it could imply urgency or inducement — reserve it for marketing contexts. Icon-only needs a tooltip + label.
Every CTA is a real <button> / <a> with a text accessible name
(icon-only
uses aria-label). Loading sets aria-busy and disables re-submit. Focus is always
visible; hit area meets 44px where touch is expected.
WCAG 2.1 — 2.5.5 / 2.5.8 target size, 2.4.7 focus visible, 4.1.2 name-role-value. In finance, a CTA that commits an order or moves money must not pre-tick, auto-submit, or use pressure language (FCA COBS, ASIC RG 234).
<button class="cta-btn cta--primary">Primary action</button>
<button class="cta-btn cta--outline">Outline</button>
<button class="cta-btn cta--icon" aria-label="Add to watchlist">★</button>
<!-- loading: set aria-busy="true" and swap to a spinner -->
That's the system. Here's the person who built it.
150 components shipping at an ASIC-regulated broker for 100K+ traders across 40+ jurisdictions. If your team is hiring a senior or principal product designer, the recruiter brief is the fastest read.