> For the complete documentation index, see [llms.txt](https://wiki.fridays.bot/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://wiki.fridays.bot/documentation/white-paper/table-of-content.md).

# Table of Content

### **Table of Content**

**Technical White Paper — Table of Contents** Version 1.0 · July 2026 · fridays.bot

***

### Abstract

### 1. Introduction

* 1.1 Problem statement: the owner as the integration layer
* 1.2 Design thesis: outcomes over workflows, autonomy gated by approval
* 1.3 Scope of this paper and non-goals
* 1.4 Terminology (playbook, action, approval threshold, gateway, connector)

### 2. System Overview

* 2.1 High-level architecture diagram
* 2.2 Core components at a glance
* 2.3 Request lifecycle: trigger → plan → act → approve → audit
* 2.4 Trust boundaries and threat model summary

### 3. Integration Layer

* 3.1 Integration taxonomy: 15 categories, \~50 vendors
* 3.2 Transport decision rule: vendor MCP server vs. custom REST wrapper vs. unified API aggregator
  * 3.2.1 Vendor-official MCP servers (QuickBooks, Microsoft 365, Google Workspace)
  * 3.2.2 Custom REST/GraphQL wrappers
  * 3.2.3 Aggregators for high-friction categories (Finch/Merge for payroll-HR; Ayrshare-class for social)
* 3.3 MCP gateway: routing all vendor MCP traffic through Fridays for metering, policy, and approval interception
* 3.4 Webhook gateway: event ingestion, signature verification schemes per vendor, replay protection
* 3.5 Rate-limit governor: per-vendor quota modeling and adaptive backoff
* 3.6 Sandbox matrix: per-vendor test environments and CI integration
* 3.7 Partner-program and app-review constraints as architectural inputs

### 4. Identity, Auth, and Secrets

* 4.1 OAuth 2.0 / OIDC flows per vendor class; PKCE; incremental scope requests
* 4.2 OAuth callback service: multi-tenant redirect handling
* 4.3 Token vault: encryption at rest, envelope encryption, key rotation
* 4.4 Renewal cron farm: refresh-token lifecycle, revocation detection, re-auth UX
* 4.5 Least-privilege scope policy per playbook

### 5. Agent Orchestration

* 5.1 Playbook model: declarative goal + constraint spec vs. free-form agent loops
* 5.2 Planner/executor separation; plan caching and cost bounding
* 5.3 Tool-call mediation: every action as a typed, policy-checked gateway call
* 5.4 State management: idempotency keys, retries, partial-failure recovery
* 5.5 Multi-app transactions: saga pattern across vendors without distributed locks
* 5.6 Model selection and routing (capability tiers, cost/latency tradeoffs)
* 5.7 Context construction: business-state snapshots, PII minimization in prompts

### 6. The Approval Model

* 6.1 Action risk classification: money movement, external communication, record mutation
* 6.2 Threshold engine: static policy → learned per-owner thresholds
* 6.3 Approval feed: mobile UX, batching, expiry, delegation
* 6.4 Human-in-the-loop as a formal control (mapping to GDPR Art. 22 non-solely-automated processing)
* 6.5 Failure modes: approval timeout behavior, deny-and-explain, escalation

### 7. Auditability and Observability

* 7.1 Immutable action log: schema, hash chaining, retention
* 7.2 Per-action provenance: prompt, plan, tool calls, vendor responses
* 7.3 Owner-facing audit UI vs. compliance export
* 7.4 Metering: token spend and vendor API cost attribution per action
* 7.5 Telemetry, tracing, and SLOs

### 8. Security Architecture

* 8.1 Threat model: prompt injection via untrusted vendor data (email bodies, webhook payloads)
* 8.2 Injection defenses: content/instruction separation, tool allow-lists per playbook, output filtering
* 8.3 Tenant isolation: data, compute, and vector-store partitioning
* 8.4 Secrets and key management (KMS, HSM-backed roots)
* 8.5 Supply-chain: dependency policy for third-party MCP servers
* 8.6 SOC 2 Type II control mapping

### 9. Data Handling and Privacy

* 9.1 Data classification: financial records, communications, PII
* 9.2 Data minimization and retention policy per category
* 9.3 Sub-processor architecture (LLM providers, aggregators) and DPAs
* 9.4 Regional handling: GDPR, CCPA/CPRA; deletion propagation across connectors
* 9.5 Model-training boundary: customer data excluded from foundation-model training

### 10. Reliability Engineering

* 10.1 Availability model: degraded-mode behavior when a vendor API is down
* 10.2 Queueing and scheduling: cron farm, backpressure, priority classes
* 10.3 Disaster recovery: RPO/RTO targets, token-vault recovery procedure
* 10.4 Vendor API deprecation management

### 11. Evaluation and Quality

* 11.1 Playbook eval harness: golden datasets per playbook, regression gates
* 11.2 Action-correctness metrics: precision on money-moving actions, false-approval-request rate
* 11.3 Sandbox-based end-to-end tests across the vendor matrix
* 11.4 Production monitoring: approval-denial rate as a quality signal
* 11.5 Red-teaming: injection corpora, adversarial email/webhook suites

### 12. Compliance and AI Governance

* 12.1 EU AI Act: Art. 50 transparency obligations; content-marking timeline (Dec 2026)
* 12.2 FTC Act §5: substantiation of automation claims
* 12.3 GDPR Art. 22 and the approval model as meaningful human involvement
* 12.4 Colorado AI Act (SB 26-189, eff. Jan 2027): workflow-automation carve-out analysis
* 12.5 AI disclosure surface: disclaimer page, in-product labeling, llms.txt

### 13. Performance and Cost Model

* 13.1 Inference cost per action: bounding via plan caching and model tiering
* 13.2 Vendor API cost pass-through analysis
* 13.3 Latency budget per playbook class (interactive vs. background)
* 13.4 Unit economics: gross-margin sensitivity to token prices

### 14. Roadmap

* 14.1 Category expansion sequencing (payments → e-commerce/POS → payroll → social)
* 14.2 Accountant/bookkeeper collaboration surface
* 14.3 Public API and third-party playbooks

### 15. Related Work

* 15.1 Workflow automation platforms (Zapier, Make, n8n)
* 15.2 Suite-native assistants (Intuit Assist, Zoho Zia, Microsoft Copilot)
* 15.3 Agent frameworks and MCP ecosystem

### 16. Conclusion

### Appendices

* A. Per-vendor integration reference (transport, auth, webhooks, rate limits)
* B. Action risk-classification table
* C. Audit log schema
* D. Glossary
* E. References

***

*Status: ToC draft for review. Sections 3–8 are the technical core; 12 pulls from the existing AI-disclaimer regulatory mapping.*


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://wiki.fridays.bot/documentation/white-paper/table-of-content.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
