Trust and deployment

Trust starts below the interface.

A credible finance answer needs more than fluent language. It needs an approved definition, an authorised route to the data, a deterministic calculation and enough source context for finance to challenge the result. Précis is designed around that chain.

  • Governed definitions
  • Customer environment
  • Scope-checked tools
  • Traceable results
Précis Figure to source
Figure cited
38.5% gross margin
Q1 2026 actual gross margin, recalculated from governed revenue and direct-cost definitions.
Trace to source
  1. Governed definition
    Gross margin recalculated from approved revenue and direct-cost definitions.
    catalogue/pnl.yml · gross_margin_pct
    38.5%
  2. Authorised semantic query
    Q1 actuals resolved within the caller's scenario and organisational scope.
    semantic.v_pnl · scope merged before retrieval
    Q1 2026
  3. Permitted source context
    The response retains the dimensions available for finance review.
    Actuals · period · account · cost centre
Source ledger row
PeriodScenarioAccountCost centreAmount
2026-Q1Actuals4000 RevenueCC-1001,816,420 EUR

Customer environment

One customer, one deployment, one explicit perimeter.

Précis is designed as a single-tenant deployment in the customer's AWS, Azure or GCP environment, in a region the customer selects. The application and data services sit behind customer-approved ingress; databases and internal services do not need public endpoints.

Source systems remain the systems of record. Précis uses ClickHouse for analytical reads and planning data and PostgreSQL for platform state. The full Précis application uses outbound TLS to the customer's selected supported language-model provider; optional web access can be disabled and restricted per deployment. The standalone Finance MCP server has no model-provider egress of its own.

Customer environment
Systems of record ERP · EPM · warehouse · files Customer-owned sources
Governed data layer Semantic views · catalogue Definitions and analytical state
Précis application Tools · permissions · workflow Customer-approved ingress
Application egress · controlled outbound TLS Customer-selected supported model provider Customer account, API key and contract
The application and data services stay within the deployment perimeter. Only configured context and authorised results cross the explicit model-provider route.

Bring your own model provider

Your model provider, account and contract.

Précis keeps the model relationship under the customer's control, but the route differs by surface.

Précis Finance MCP

  • The self-hosted server does not select or call a language model.
  • Your chosen MCP client or host controls the model relationship and provider contract.
  • Précis receives authorised tool calls and returns only the permitted finance result.

Précis application

  • A supported provider is configured for the deployment.
  • You use your own provider account, API key and contract.
  • Précis reads the key from your secret store; it does not proxy or resell model capacity.

For application model calls, only the context needed for the interaction can cross the configured outbound TLS route: conversation and task instructions, tool schemas, authorised tool results and file content the user explicitly selects. Database credentials, platform secrets, unattached files and raw source rows not selected by an authorised operation remain outside that model request.

Governed finance layer

The model handles language. Finance logic produces the figure.

Metrics, statement layouts, hierarchies, scenarios and aggregation behaviour live in governed catalogue definitions over semantic views. A client asks for a named finance operation; deterministic code applies the approved definition to the permitted data.

The language model does not estimate a missing number or calculate a financial statement in prose. When the requested definition or data is absent, the correct response is to say so.

What is a finance semantic layer? →
Raw financial tables require inferred meaning, while semantic views and a finance catalogue provide a governed definition before any client retrieves the result.

Enforced at the tool boundary

Authentication opens the session. Authorisation still governs every call.

Précis delegates authentication to an OpenID Connect issuer: the bundled Keycloak reference configuration or a customer's external OIDC provider. The server validates signed tokens and resolves the caller to a platform identity.

Authorisation is enforced before a tool body runs. An access profile can grant specific finance data domains and scenarios, then narrow them by dimension—for example, to one division. The engine intersects the requested filters with that permitted scope before retrieval. The user or agent cannot remove or widen it. The application, Excel add-in and external MCP transport converge on the same permission gate.

  1. 01Verify identityIssuer, signature, audience and expiry
  2. 02Check the toolDeclared read, write or admin access
  3. 03Resolve scopeFinance domain, scenario and dimensions
  4. 04Merge before queryThe request cannot widen access
  5. 05Return contextOnly the permitted result and detail
The access decision happens before retrieval and is shared by the application, Excel add-in and external MCP transport.

Different surfaces, explicit permissions

Read access is not a hidden route to write access.

Read surfaces

  • Précis Finance MCP and hosted Excel functions are read-only by construction.
  • They expose statements, metrics, comparisons, hierarchy discovery and permitted detail.
  • They cannot create plans, commit changes or call the commercial write surface.

Write workflows

  • The full platform contains planning and workflow capabilities.
  • Writes pass declared tool permissions, scenario and period checks, and human approval gates.
  • The agent receives no direct database credentials or unmediated write path.

Evidence behind the answer

A useful total has a route back to detail.

Results retain the definition and available dimensions needed to understand the figure: scenario, period, account, cost centre and other approved context. Finance can move from a statement or metric towards the permitted source detail without asking a model to reconstruct the calculation.

Security denials, profile changes and administrative actions have durable audit records. Tool execution is also traced.

Reporting a vulnerability

Please report security issues privately.

For the source-available engine, use GitHub private vulnerability reporting in the Précis Finance MCP repository. Do not open a public issue for a suspected security problem.

Report privately →

Bring the architecture and security questions early.

We can walk through the deployment, model-provider, identity, access and evidence boundaries against your requirements.