I need a full-stack solution that enforces a strict least-privilege model on every managed endpoint while remaining fully SOX compliant. The software must install an agent on Windows and Linux machines, broker just-in-time elevation requests, and roll them back automatically once the approved task is complete. A web-based console should let me define granular policies, review real-time activity, and export evidence for auditors without extra scripting. Key expectations • Endpoint agent that hooks into the OS to intercept privilege escalation attempts, validates them against central policy, and allows or denies in milliseconds. • Central service (API + database) that stores policies, logs, and audit trails in a way that satisfies SOX retention requirements. • Responsive UI where administrators create roles, assign least-privilege access rules, and search historical events. • Integration touch-points for Active Directory / LDAP and SIEM forwarding so we can reuse existing identity and monitoring stacks. • Installer packages, versioned builds, and a short deployment guide so my team can roll it out in production unassisted. Acceptance criteria 1. An administrator can assign a user the right to run a specific binary with elevated privileges on a single machine and see it enforced within 30 seconds. 2. All elevation events are written to an immutable audit log that can be exported in CSV or JSON, showing who, what, when, and the approving policy. 3. SOX reporting template passes a sample audit (segregation of duties, change traceability, retention). Code may be in any modern stack you’re comfortable with—Go, .NET, Java, or Rust on the backend, React or Angular on the UI—so long as it is containerised for easy CI/CD. If you have prior experience building security agents or kernel-level hooks, make sure to highlight it when you respond along with a quick outline of your proposed architecture and timeline.