diff --git a/README.md b/README.md
index d338cf68..81146168 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,6 @@
 # deepevents.ai
 deepevents.ai main codebase
+
+## Modules
+
+- [Enterprise Tooling](enterprise-tooling/README.md)
diff --git a/enterprise-tooling-browser-demo.mp4 b/enterprise-tooling-browser-demo.mp4
new file mode 100644
index 00000000..f4aa0e80
Binary files /dev/null and b/enterprise-tooling-browser-demo.mp4 differ
diff --git a/enterprise-tooling/README.md b/enterprise-tooling/README.md
new file mode 100644
index 00000000..ae5cd6fa
--- /dev/null
+++ b/enterprise-tooling/README.md
@@ -0,0 +1,85 @@
+# Enterprise Tooling
+
+Self-contained MVP module for issue #19. It models institutional controls for university, research institute, and enterprise R&D customers: organization profiles, admin dashboards, role-based permissions, compliance tracking, integrations, audit logs, and productivity reports.
+
+## Capabilities
+
+- Creates institution profiles with verified domains, departments, SAML identity metadata, and allowed OAuth providers.
+- Assigns enterprise roles for owners, admins, department admins, lab managers, researchers, and auditors.
+- Maps roles to permission sets for project, billing, compliance, integration, and user-management actions.
+- Builds admin dashboards with project counts, public/private visibility, active users, usage totals, and compliance status.
+- Tracks funder and institutional compliance records with evidence links and due dates.
+- Defines integration manifests for SAML, OAuth, LMS, repository, webhook, and data-warehouse connections.
+- Exports ordered audit logs for governance and security review.
+- Produces department-level productivity reports across projects, peer reviews, and AI reviews.
+
+## Usage
+
+```bash
+cd enterprise-tooling
+npm test
+npm run demo
+npm run serve
+```
+
+```js
+import {
+  createOrganizationProfile,
+  assignEnterpriseRole,
+  buildAdminDashboard,
+} from "./src/enterprise.js";
+
+const organization = createOrganizationProfile({
+  organization_id: "org_1",
+  name: "Example University",
+  domains: ["example.edu"],
+  departments: [{ department_id: "bio", name: "Biology" }],
+  saml_entity_id: "https://idp.example.edu/saml",
+});
+
+const admin = assignEnterpriseRole({
+  user_id: "user_1",
+  organization_id: organization.organization_id,
+  role: "admin",
+});
+
+console.log(admin.permissions);
+console.log(buildAdminDashboard({ projects: [], users: [], usage_events: [] }));
+```
+
+## Runnable Demo
+
+`npm run demo` prints a complete enterprise workspace with an organization
+profile, SAML metadata, enterprise role assignments, admin dashboard metrics,
+compliance records, integration manifests, audit log, and productivity report.
+
+`npm run serve` starts a dependency-free local browser/API demo:
+
+- `GET /`
+- `GET /health`
+- `GET /demo-enterprise`
+
+Example:
+
+```bash
+open http://localhost:4318/
+curl http://localhost:4318/demo-enterprise
+```
+
+## Requirement Mapping
+
+| Issue requirement | Implementation |
+| --- | --- |
+| Organization admin dashboards | `buildAdminDashboard()` summarizes projects, users, usage, and compliance. |
+| Contributor analytics and productivity metrics | `buildProductivityReport()` groups project, peer-review, and AI-review activity by department. |
+| Usage stats | Dashboard usage totals cover storage and compute consumption. |
+| Compliance tracking | `createComplianceRecord()` stores mandates, requirements, evidence links, statuses, and due dates. |
+| Institutional identity | `createOrganizationProfile()` supports SAML entity metadata, verified domains, and OAuth providers. |
+| Role-based access controls | `assignEnterpriseRole()` and `canPerform()` map roles to project, billing, compliance, integration, and user-management permissions. |
+| Integrations | `buildIntegrationManifest()` models SAML, OAuth, LMS, repository, webhook, and data-warehouse connections. |
+| Audit logs | `exportAuditLog()` emits organization-filtered, time-ordered audit events. |
+| Local reviewer demo | `npm run demo` and `npm run serve` expose the full enterprise tooling workflow. |
+
+## Verification
+
+The test suite covers organization profiles, RBAC permissions, dashboards, compliance records, integration manifests, audit logs, and department productivity reports.
diff --git a/enterprise-tooling/enterprise-tooling-browser-demo.mp4 b/enterprise-tooling/enterprise-tooling-browser-demo.mp4
new file mode 100644
index 00000000..f4aa0e80
Binary files /dev/null and b/enterprise-tooling/enterprise-tooling-browser-demo.mp4 differ
diff --git a/enterprise-tooling/package.json b/enterprise-tooling/package.json
new file mode 100644
index 00000000..91e2d0ae
--- /dev/null
+++ b/enterprise-tooling/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "@scibase/enterprise-tooling",
+  "version": "0.1.0",
+  "type": "module",
+  "private": true,
+  "scripts": {
+    "demo": "node ./src/demo.js",
+    "serve": "node ./src/server.js",
+    "test": "node --test"
+  }
+}
diff --git a/enterprise-tooling/src/demo.js b/enterprise-tooling/src/demo.js
new file mode 100644
index 00000000..3510bbd1
--- /dev/null
+++ b/enterprise-tooling/src/demo.js
@@ -0,0 +1,3 @@
+import { createDemoEnterpriseWorkspace } from "./enterprise.js"
+
+console.log(JSON.stringify(createDemoEnterpriseWorkspace(), null, 2))
diff --git a/enterprise-tooling/src/enterprise.js b/enterprise-tooling/src/enterprise.js
new file mode 100644
index 00000000..d316bbb5
--- /dev/null
+++ b/enterprise-tooling/src/enterprise.js
@@ -0,0 +1,295 @@
+const ROLES = new Set(["owner", "admin", "department-admin", "lab-manager", "researcher", "auditor"])
+const PERMISSIONS = new Set([
+  "project:read",
+  "project:write",
+  "project:archive",
+  "billing:read",
+  "billing:write",
+  "compliance:read",
+  "compliance:write",
+  "integration:manage",
+  "user:manage",
+])
+
+const ROLE_PERMISSIONS = {
+  owner: [...PERMISSIONS],
+  admin: [
+    "project:read",
+    "project:write",
+    "project:archive",
+    "billing:read",
+    "compliance:read",
+    "compliance:write",
+    "integration:manage",
+    "user:manage",
+  ],
+  "department-admin": ["project:read", "project:write", "compliance:read", "user:manage"],
+  "lab-manager": ["project:read", "project:write", "compliance:read"],
+  researcher: ["project:read", "project:write"],
+  auditor: ["project:read", "billing:read", "compliance:read"],
+}
+
+function requireString(value, field) {
+  if (typeof value !== "string" || value.trim() === "") {
+    throw new Error(`${field} is required`)
+  }
+  return value.trim()
+}
+
+function nonNegative(value, field) {
+  if (!Number.isFinite(value) || value < 0) throw new Error(`${field} must be non-negative`)
+  return Number(value.toFixed(2))
+}
+
+function sum(values) {
+  return values.reduce((total, value) => total + value, 0)
+}
+
+export function createOrganizationProfile({
+  organization_id,
+  name,
+  domains = [],
+  departments = [],
+  saml_entity_id,
+  allowed_oauth_providers = ["orcid", "google", "github", "linkedin"],
+}) {
+  return {
+    organization_id: requireString(organization_id, "organization_id"),
+    name: requireString(name, "name"),
+    domains: domains.map((domain) => requireString(domain, "domain").toLowerCase()),
+    departments: departments.map((department) => ({
+      department_id: requireString(department.department_id, "department.department_id"),
+      name: requireString(department.name, "department.name"),
+      cost_center: department.cost_center ?? null,
+    })),
+    saml_entity_id: saml_entity_id ? requireString(saml_entity_id, "saml_entity_id") : null,
+    allowed_oauth_providers,
+  }
+}
+
+export function assignEnterpriseRole({ user_id, organization_id, role, scope = "organization" }) {
+  if (!ROLES.has(role)) throw new Error(`Unsupported enterprise role: ${role}`)
+  return {
+    user_id: requireString(user_id, "user_id"),
+    organization_id: requireString(organization_id, "organization_id"),
+    role,
+    scope: requireString(scope, "scope"),
+    permissions: ROLE_PERMISSIONS[role],
+  }
+}
+
+export function canPerform(roleAssignment, permission) {
+  if (!PERMISSIONS.has(permission)) throw new Error(`Unsupported permission: ${permission}`)
+  return roleAssignment.permissions.includes(permission)
+}
+
+export function buildAdminDashboard({
+  projects = [],
+  users = [],
+  usage_events = [],
+  compliance_records = [],
+} = {}) {
+  const privateProjects = projects.filter((project) => project.visibility === "private").length
+  const publicProjects = projects.filter((project) => project.visibility === "public").length
+  const activeUsers = users.filter((user) => user.status === "active").length
+  const storageGb = nonNegative(sum(usage_events.map((event) => event.storage_gb ?? 0)), "storage_gb")
+  const computeHours = nonNegative(sum(usage_events.map((event) => event.compute_hours ?? 0)), "compute_hours")
+  const complianceOpen = compliance_records.filter((record) => record.status !== "resolved").length
+
+  return {
+    project_count: projects.length,
+    private_projects: privateProjects,
+    public_projects: publicProjects,
+    active_users: activeUsers,
+    inactive_users: users.length - activeUsers,
+    usage: { storage_gb: storageGb, compute_hours: computeHours },
+    compliance: {
+      total_records: compliance_records.length,
+      open_records: complianceOpen,
+      resolved_records: compliance_records.length - complianceOpen,
+    },
+  }
+}
+
+export function createComplianceRecord({
+  record_id,
+  project_id,
+  mandate,
+  requirement,
+  status = "open",
+  evidence = [],
+  due_date,
+}) {
+  return {
+    record_id: requireString(record_id, "record_id"),
+    project_id: requireString(project_id, "project_id"),
+    mandate: requireString(mandate, "mandate"),
+    requirement: requireString(requirement, "requirement"),
+    status: requireString(status, "status"),
+    evidence: evidence.map((item) => ({
+      type: requireString(item.type, "evidence.type"),
+      url: requireString(item.url, "evidence.url"),
+    })),
+    due_date: requireString(due_date, "due_date"),
+  }
+}
+
+export function buildIntegrationManifest({
+  integration_id,
+  provider,
+  type,
+  scopes = [],
+  webhook_url,
+  field_mappings = {},
+}) {
+  const supportedTypes = new Set(["saml", "oauth", "webhook", "lms", "repository", "data-warehouse"])
+  if (!supportedTypes.has(type)) throw new Error(`Unsupported integration type: ${type}`)
+  return {
+    integration_id: requireString(integration_id, "integration_id"),
+    provider: requireString(provider, "provider"),
+    type,
+    scopes: scopes.map((scope) => requireString(scope, "scope")),
+    webhook_url: webhook_url ? requireString(webhook_url, "webhook_url") : null,
+    field_mappings,
+    status: "configured",
+  }
+}
+
+export function exportAuditLog({ organization_id, events = [] }) {
+  return events
+    .filter((event) => event.organization_id === organization_id)
+    .map((event) => ({
+      audit_id: requireString(event.audit_id, "event.audit_id"),
+      organization_id,
+      actor_id: requireString(event.actor_id, "event.actor_id"),
+      action: requireString(event.action, "event.action"),
+      target_id: requireString(event.target_id, "event.target_id"),
+      created_at: requireString(event.created_at, "event.created_at"),
+      metadata: event.metadata ?? {},
+    }))
+    .sort((a, b) => a.created_at.localeCompare(b.created_at))
+}
+
+export function buildProductivityReport({ projects = [], peer_reviews = [], ai_reviews = [] } = {}) {
+  const byDepartment = {}
+  for (const project of projects) {
+    const department = project.department ?? "unassigned"
+    const bucket = byDepartment[department] ?? {
+      projects: 0,
+      public_projects: 0,
+      peer_reviews: 0,
+      ai_reviews: 0,
+    }
+    bucket.projects += 1
+    if (project.visibility === "public") bucket.public_projects += 1
+    byDepartment[department] = bucket
+  }
+
+  for (const review of peer_reviews) {
+    const department = review.department ?? "unassigned"
+    byDepartment[department] ??= { projects: 0, public_projects: 0, peer_reviews: 0, ai_reviews: 0 }
+    byDepartment[department].peer_reviews += 1
+  }
+  for (const review of ai_reviews) {
+    const department = review.department ?? "unassigned"
+    byDepartment[department] ??= { projects: 0, public_projects: 0, peer_reviews: 0, ai_reviews: 0 }
+    byDepartment[department].ai_reviews += 1
+  }
+
+  return Object.entries(byDepartment)
+    .map(([department, metrics]) => ({ department, ...metrics }))
+    .sort((a, b) => b.projects - a.projects || a.department.localeCompare(b.department))
+}
+
+export function createDemoEnterpriseWorkspace() {
+  const organization = createOrganizationProfile({
+    organization_id: "org_example",
+    name: "Example University",
+    domains: ["example.edu"],
+    departments: [
+      { department_id: "biology", name: "Biology", cost_center: "BIO-100" },
+      { department_id: "physics", name: "Physics", cost_center: "PHY-200" },
+    ],
+    saml_entity_id: "https://idp.example.edu/saml",
+  })
+  const roles = [
+    assignEnterpriseRole({ user_id: "owner_ada", organization_id: organization.organization_id, role: "owner" }),
+    assignEnterpriseRole({ user_id: "admin_grace", organization_id: organization.organization_id, role: "admin" }),
+    assignEnterpriseRole({ user_id: "auditor_lin", organization_id: organization.organization_id, role: "auditor" }),
+  ]
+  const compliance = [
+    createComplianceRecord({
+      record_id: "comp_nih",
+      project_id: "project_atlas",
+      mandate: "NIH Data Management and Sharing Policy",
+      requirement: "Dataset must be deposited in an approved repository.",
+      evidence: [{ type: "repository", url: "https://example.edu/datasets/project_atlas" }],
+      due_date: "2026-06-01",
+    }),
+  ]
+  const projects = [
+    { project_id: "project_atlas", visibility: "private", department: "biology" },
+    { project_id: "project_quantum", visibility: "public", department: "physics" },
+    { project_id: "project_methods", visibility: "public", department: "biology" },
+  ]
+  const users = [
+    { user_id: "owner_ada", status: "active" },
+    { user_id: "admin_grace", status: "active" },
+    { user_id: "auditor_lin", status: "inactive" },
+  ]
+  const usage_events = [
+    { storage_gb: 120.5, compute_hours: 44 },
+    { storage_gb: 30.25, compute_hours: 12 },
+  ]
+  const integrations = [
+    buildIntegrationManifest({
+      integration_id: "int_saml",
+      provider: "Example IdP",
+      type: "saml",
+      scopes: ["sso:read"],
+      webhook_url: "https://scibase.example.edu/webhooks/saml",
+    }),
+    buildIntegrationManifest({
+      integration_id: "int_canvas",
+      provider: "Canvas LMS",
+      type: "lms",
+      scopes: ["courses:read", "assignments:write"],
+      field_mappings: { course_id: "project.department" },
+    }),
+  ]
+  const audit_log = exportAuditLog({
+    organization_id: organization.organization_id,
+    events: [
+      {
+        audit_id: "audit_invite",
+        organization_id: organization.organization_id,
+        actor_id: "admin_grace",
+        action: "user.invite",
+        target_id: "researcher_new",
+        created_at: "2026-05-14T01:00:00.000Z",
+      },
+      {
+        audit_id: "audit_integration",
+        organization_id: organization.organization_id,
+        actor_id: "owner_ada",
+        action: "integration.configure",
+        target_id: "int_saml",
+        created_at: "2026-05-14T02:00:00.000Z",
+      },
+    ],
+  })
+
+  return {
+    organization,
+    roles,
+    dashboard: buildAdminDashboard({ projects, users, usage_events, compliance_records: compliance }),
+    compliance,
+    integrations,
+    audit_log,
+    productivity: buildProductivityReport({
+      projects,
+      peer_reviews: [{ department: "biology" }, { department: "physics" }],
+      ai_reviews: [{ department: "biology" }, { department: "biology" }],
+    }),
+  }
+}
diff --git a/enterprise-tooling/src/server.js b/enterprise-tooling/src/server.js
new file mode 100644
index 00000000..ec3bea1b
--- /dev/null
+++ b/enterprise-tooling/src/server.js
@@ -0,0 +1,93 @@
+import http from "node:http"
+import { fileURLToPath } from "node:url"
+import { createDemoEnterpriseWorkspace } from "./enterprise.js"
+
+const DEFAULT_PORT = 4318
+
+function sendJson(response, statusCode, payload) {
+  response.writeHead(statusCode, { "content-type": "application/json; charset=utf-8" })
+  response.end(JSON.stringify(payload, null, 2))
+}
+
+function sendHtml(response, html) {
+  response.writeHead(200, { "content-type": "text/html; charset=utf-8" })
+  response.end(html)
+}
+
+function renderDemoPage() {
+  return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>SCIBASE Enterprise Tooling Demo</title>
+  <style>
+    :root { font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; color: #172033; background: #f7f8fb; }
+    body { margin: 0; }
+    main { max-width: 1120px; margin: 0 auto; padding: 28px; }
+    header { display: flex; align-items: center; justify-content: space-between; gap: 20px; margin-bottom: 18px; }
+    h1 { margin: 0; font-size: 28px; line-height: 1.15; }
+    h2 { margin: 0 0 12px; font-size: 20px; }
+    button { border: 0; border-radius: 6px; background: #334155; color: white; padding: 10px 14px; font-weight: 700; cursor: pointer; }
+    .grid { display: grid; grid-template-columns: 1fr 1fr; gap: 16px; }
+    .panel { background: white; border: 1px solid #d9dfeb; border-radius: 8px; padding: 16px; box-shadow: 0 1px 2px rgba(20, 30, 50, .06); }
+    .wide { grid-column: 1 / -1; }
+    .cards { display: grid; grid-template-columns: repeat(3, minmax(0, 1fr)); gap: 10px; }
+    .card { border-left: 4px solid #334155; background: #f8fafc; border-radius: 6px; padding: 10px 12px; }
+    .muted { color: #607089; font-size: 13px; }
+    .metric { display: inline-block; border: 1px solid #cbd5e1; border-radius: 999px; padding: 6px 10px; margin: 0 8px 8px 0; background: #f8fafc; }
+    pre { margin: 0; max-height: 280px; overflow: auto; background: #101828; color: #d6e4ff; padding: 12px; border-radius: 6px; font-size: 12px; }
+    @media (max-width: 820px) { main { padding: 18px; } header, .grid, .cards { display: grid; grid-template-columns: 1fr; } }
+  </style>
+</head>
+<body>
+  <main>
+    <header>
+      <div>
+        <h1>Enterprise Tooling</h1>
+        <div class="muted">Live browser proof: SAML org profile, RBAC, admin dashboard, compliance, integrations, audit log, productivity.</div>
+      </div>
+      <button id="refresh" type="button">Run Demo API</button>
+    </header>
+    <section class="grid">
+      <div class="panel"><h2 id="org">Loading...</h2><div id="domains"></div></div>
+      <div class="panel"><h2>Dashboard</h2><div id="dashboard"></div></div>
+      <div class="panel wide"><h2>Roles & Integrations</h2><div class="cards" id="cards"></div></div>
+      <div class="panel"><h2>Compliance & Audit</h2><div id="audit"></div></div>
+      <div class="panel"><h2>Raw API Payload</h2><pre id="payload"></pre></div>
+    </section>
+  </main>
+  <script>
+    async function loadDemo() {
+      const response = await fetch("/demo-enterprise");
+      const data = await response.json();
+      document.getElementById("org").textContent = data.organization.name;
+      document.getElementById("domains").innerHTML = data.organization.domains.map((domain) => '<span class="metric">' + domain + '</span>').join("") + '<div class="muted">' + data.organization.saml_entity_id + '</div>';
+      document.getElementById("dashboard").innerHTML = Object.entries(data.dashboard).filter(([, value]) => typeof value !== "object").map(([key, value]) => '<span class="metric">' + key.replaceAll("_", " ") + ': <strong>' + value + '</strong></span>').join("");
+      document.getElementById("cards").innerHTML = [...data.roles, ...data.integrations].map((item) => '<div class="card"><strong>' + (item.role || item.provider) + '</strong><div>' + (item.user_id || item.type) + '</div><div class="muted">' + (item.permissions || item.scopes || []).join(", ") + '</div></div>').join("");
+      document.getElementById("audit").innerHTML = [...data.compliance, ...data.audit_log].map((item) => '<div class="card"><strong>' + (item.mandate || item.action) + '</strong><div class="muted">' + (item.requirement || item.actor_id + " -> " + item.target_id) + '</div></div>').join("");
+      document.getElementById("payload").textContent = JSON.stringify(data, null, 2);
+    }
+    document.getElementById("refresh").addEventListener("click", loadDemo);
+    loadDemo();
+  </script>
+</body>
+</html>`;
+}
+
+export function createEnterpriseDemoServer() {
+  return http.createServer((request, response) => {
+    const url = new URL(request.url ?? "/", "http://localhost")
+    if (request.method === "GET" && url.pathname === "/") return sendHtml(response, renderDemoPage())
+    if (request.method === "GET" && url.pathname === "/health") return sendJson(response, 200, { status: "ok", service: "enterprise-tooling" })
+    if (request.method === "GET" && url.pathname === "/demo-enterprise") return sendJson(response, 200, createDemoEnterpriseWorkspace())
+    sendJson(response, 404, { error: "Not found", routes: ["GET /", "GET /health", "GET /demo-enterprise"] })
+  })
+}
+
+if (process.argv[1] && fileURLToPath(import.meta.url) === process.argv[1]) {
+  const port = Number(process.env.PORT || DEFAULT_PORT)
+  createEnterpriseDemoServer().listen(port, () => {
+    console.log(`Enterprise tooling demo listening on http://localhost:${port}`)
+  })
+}
diff --git a/enterprise-tooling/test/enterprise.test.js b/enterprise-tooling/test/enterprise.test.js
new file mode 100644
index 00000000..6afba6d9
--- /dev/null
+++ b/enterprise-tooling/test/enterprise.test.js
@@ -0,0 +1,178 @@
+import assert from "node:assert/strict"
+import test from "node:test"
+import { createEnterpriseDemoServer } from "../src/server.js"
+import {
+  assignEnterpriseRole,
+  buildAdminDashboard,
+  buildIntegrationManifest,
+  buildProductivityReport,
+  canPerform,
+  createComplianceRecord,
+  createDemoEnterpriseWorkspace,
+  createOrganizationProfile,
+  exportAuditLog,
+} from "../src/enterprise.js"
+
+test("creates institutional profiles with SAML and department metadata", () => {
+  const profile = createOrganizationProfile({
+    organization_id: "org_1",
+    name: "Example University",
+    domains: ["Example.edu"],
+    departments: [{ department_id: "bio", name: "Biology", cost_center: "CC-100" }],
+    saml_entity_id: "https://idp.example.edu/saml",
+  })
+
+  assert.equal(profile.domains[0], "example.edu")
+  assert.equal(profile.departments[0].cost_center, "CC-100")
+  assert.equal(profile.saml_entity_id, "https://idp.example.edu/saml")
+})
+
+test("assigns role-based enterprise permissions", () => {
+  const admin = assignEnterpriseRole({
+    user_id: "user_1",
+    organization_id: "org_1",
+    role: "admin",
+  })
+  const researcher = assignEnterpriseRole({
+    user_id: "user_2",
+    organization_id: "org_1",
+    role: "researcher",
+  })
+
+  assert.equal(canPerform(admin, "integration:manage"), true)
+  assert.equal(canPerform(researcher, "integration:manage"), false)
+  assert.throws(
+    () => assignEnterpriseRole({ user_id: "u", organization_id: "o", role: "unknown" }),
+    /Unsupported enterprise role/,
+  )
+})
+
+test("builds admin dashboards from projects, users, usage, and compliance", () => {
+  const dashboard = buildAdminDashboard({
+    projects: [
+      { project_id: "p1", visibility: "public" },
+      { project_id: "p2", visibility: "private" },
+    ],
+    users: [
+      { user_id: "u1", status: "active" },
+      { user_id: "u2", status: "inactive" },
+      { user_id: "u3", status: "active" },
+    ],
+    usage_events: [
+      { storage_gb: 12.5, compute_hours: 3 },
+      { storage_gb: 2.5, compute_hours: 7 },
+    ],
+    compliance_records: [
+      { status: "open" },
+      { status: "resolved" },
+    ],
+  })
+
+  assert.equal(dashboard.project_count, 2)
+  assert.equal(dashboard.private_projects, 1)
+  assert.equal(dashboard.active_users, 2)
+  assert.deepEqual(dashboard.usage, { storage_gb: 15, compute_hours: 10 })
+  assert.equal(dashboard.compliance.open_records, 1)
+})
+
+test("creates compliance records and integration manifests", () => {
+  const compliance = createComplianceRecord({
+    record_id: "comp_1",
+    project_id: "project_1",
+    mandate: "NIH Data Management and Sharing Policy",
+    requirement: "Dataset must be deposited in an approved repository.",
+    evidence: [{ type: "repository", url: "https://example.edu/datasets/project_1" }],
+    due_date: "2026-06-01",
+  })
+  const manifest = buildIntegrationManifest({
+    integration_id: "int_1",
+    provider: "Canvas LMS",
+    type: "lms",
+    scopes: ["courses:read", "assignments:write"],
+    webhook_url: "https://scibase.example.edu/webhooks/canvas",
+    field_mappings: { course_id: "project.department" },
+  })
+
+  assert.equal(compliance.evidence[0].type, "repository")
+  assert.equal(manifest.status, "configured")
+  assert.equal(manifest.field_mappings.course_id, "project.department")
+})
+
+test("exports ordered audit logs for an organization", () => {
+  const logs = exportAuditLog({
+    organization_id: "org_1",
+    events: [
+      {
+        audit_id: "audit_2",
+        organization_id: "org_1",
+        actor_id: "admin",
+        action: "project.archive",
+        target_id: "p2",
+        created_at: "2026-05-13T12:00:00.000Z",
+      },
+      {
+        audit_id: "audit_1",
+        organization_id: "org_1",
+        actor_id: "owner",
+        action: "user.invite",
+        target_id: "user_4",
+        created_at: "2026-05-13T10:00:00.000Z",
+      },
+      {
+        audit_id: "audit_3",
+        organization_id: "org_2",
+        actor_id: "owner",
+        action: "ignored",
+        target_id: "x",
+        created_at: "2026-05-13T09:00:00.000Z",
+      },
+    ],
+  })
+
+  assert.deepEqual(
+    logs.map((log) => log.audit_id),
+    ["audit_1", "audit_2"],
+  )
+})
+
+test("builds department productivity reports", () => {
+  const report = buildProductivityReport({
+    projects: [
+      { project_id: "p1", department: "biology", visibility: "public" },
+      { project_id: "p2", department: "biology", visibility: "private" },
+      { project_id: "p3", department: "physics", visibility: "public" },
+    ],
+    peer_reviews: [{ department: "biology" }, { department: "physics" }],
+    ai_reviews: [{ department: "biology" }, { department: "biology" }],
+  })
+
+  assert.equal(report[0].department, "biology")
+  assert.equal(report[0].projects, 2)
+  assert.equal(report[0].peer_reviews, 1)
+  assert.equal(report[0].ai_reviews, 2)
+})
+
+test("creates and serves a runnable enterprise demo workspace", async () => {
+  const workspace = createDemoEnterpriseWorkspace()
+  assert.equal(workspace.organization.organization_id, "org_example")
+  assert.equal(workspace.roles.length, 3)
+  assert.equal(workspace.dashboard.project_count, 3)
+  assert.equal(workspace.integrations.length, 2)
+
+  const server = createEnterpriseDemoServer()
+  await new Promise((resolve) => server.listen(0, "127.0.0.1", resolve))
+  const { port } = server.address()
+
+  try {
+    const pageResponse = await fetch(`http://127.0.0.1:${port}/`)
+    assert.equal(pageResponse.status, 200)
+    assert.match(await pageResponse.text(), /Enterprise Tooling/)
+
+    const demoResponse = await fetch(`http://127.0.0.1:${port}/demo-enterprise`)
+    const payload = await demoResponse.json()
+    assert.equal(demoResponse.status, 200)
+    assert.equal(payload.organization.name, "Example University")
+  } finally {
+    await new Promise((resolve, reject) => server.close((error) => (error ? reject(error) : resolve())))
+  }
+})