A browser-based User Access Review (UAR) tool that matches employee records from an HR Source of Truth against satellite system exports (Okta, AWS IAM, SAP, etc.) to surface risk: terminated employees with active accounts, orphan accounts, and other access anomalies.
All processing happens client-side via WebAssembly (Go) and Web Workers — no data leaves the browser.
Builds the Go WASM engine and the Vite frontend inside the image, then serves the static bundle on port 8443:
docker compose up --build # build image and start
docker compose up -d # start in background
docker compose down # stop and removeOpen http://localhost:8443.
The compose service runs read-only, drops all Linux capabilities, and is capped at 128 MB / 0.5 CPU — see docker-compose.yml.
docker run -p 8443:8080 ghcr.io/cloudbun/floatbox:latestRequires Go 1.23+ and Node 22+.
npm install
make devmake build # Go WASM + Vite build → dist/- Upload — Drop a Source of Truth CSV (HR system export) and one or more satellite CSVs (Okta, AWS, SAP, etc.)
- Map Columns — Auto-detected or manually mapped to canonical fields (employee ID, name, email, status)
- Process — A Go WASM engine indexes the SoT, then Web Workers join each satellite file in parallel
- Review — Interactive report with risk scoring, filtering, bulk actions, and per-row review decisions
- Export — Download the completed review as CSV, XLSX, or a standalone HTML compliance report
The Export panel at the end of the review offers three outputs:
- CSV — raw records only, generated natively (no dependencies).
- XLSX — multi-sheet workbook, lazy-loads SheetJS on first use.
- Compliance Report — a self-contained HTML report with every record, risk scores, per-row review decisions, and the full audit log. Generated by
src/ts/utils/report-generator.tsand triggered from the "Compliance Report" button inExportPanel.
src/go/ Go WASM engine (join, conflict detection, risk scoring)
src/ts/ React frontend (Vite + Tailwind)
tests/ Playwright E2E and Vitest unit tests
public/ Static assets and compiled WASM binary
uar_sample_data/ Sample CSVs for testing
Drop the files from uar_sample_data/ into the app to exercise the full pipeline. See uar_sample_data/README.txt for built-in test scenarios (terminated employees, orphan accounts, fuzzy matches, etc.)