Files

Christian Galo 195cd348a9 Update design to use schemas per module and revert to using industry

aligned terminology for discounts and coupons and promo codes.

2026-04-01 03:08:35 -05:00

architecture.md

Update design to use schemas per module and revert to using industry

2026-04-01 03:08:35 -05:00

companion.md

Update design to use schemas per module and revert to using industry

2026-04-01 03:08:35 -05:00

interfaces.md

Update design to use schemas per module and revert to using industry

2026-04-01 03:08:35 -05:00

model.md

Update design to use schemas per module and revert to using industry

2026-04-01 03:08:35 -05:00

README.md

Update design to use schemas per module and revert to using industry

2026-04-01 03:08:35 -05:00

README.md

Audit

Type: Cross-cutting Schema: audit Tables: 5 Primary source: documents/doc-20-audit-log-architecture.md Decisions: 15, 23, 44, 77, 78, 79, 80, 81, 82, 83, 84, 96, 113, 114

Purpose

The audit module is the system's immutable observational record — an append-only event store that captures who did what, when, and to what across every module in the data model. It is architecturally distinctive in its one-directional relationship to the rest of the system: audit observes all modules, but no module depends on audit. This asymmetry is by design (Decision 96); merging audit with integration was explicitly rejected because compliance observation and external connectivity serve fundamentally different institutional purposes, despite sharing certain structural patterns such as the transactional outbox. The module encompasses the full audit lifecycle: event capture with polymorphic entity and actor references, five-tier retention classification, legal hold mechanisms for preservation obligations, a partition lifecycle pipeline from hot storage through archival, and a transactional outbox for external event delivery.

Tables

Table	Purpose
`audit_logs`	Append-only event store for all system actions. Partitioned monthly by `created_at`. Composite PK `(log_id, created_at)`. Five retention tiers classify events at write time.
`audit_retention_policies`	Static configuration table mapping each retention tier to its hot, warm, cold, and frozen storage durations. Seeded at deployment.
`audit_legal_holds`	Legal preservation obligations that block automated archival or anonymization of audit data within scope. Complements `retention_holds` in the identity module (different targets, same compliance family).
`audit_archive_manifest`	Operational metadata tracking each audit partition's lifecycle state as it transitions through hot, warm, cold, and frozen storage tiers.
`audit_outbox`	Transactional outbox for delivering audit events to external consumers (SIEM, analytics, compliance reporting). Guarantees at-least-once delivery via same-transaction INSERT.

Quick Links

Model Reference -- DDL and table descriptions
Architecture -- Deep-dive documentation
Module Companion -- Decisions and open issues
Interfaces -- Cross-module dependencies