Domain: audit
Curated entry point for the
auditbounded context.
Owner
Founder + Risk Officer + agents (Phase 1). The audit log is regulated content; the Risk Officer signs off on retention and immutability posture.
Mission
Owns the firm-wide audit log: a per-row hash-chained queryable log in Postgres for the operational audit, with near-real-time async replication to AWS S3 with Object Lock COMPLIANCE retention for tamper-evident regulatory archival. Boundary: audit records events; it does not generate them - every other domain produces audit-relevant events that audit consumes, hash-chains, and persists.
Code paths
- Application code:
apps/api/src/modules/audit/ - Domain logic (pure):
packages/domain/audit/(hash-chain implementation) - Contracts:
packages/contracts/events/audit.ts - Database schemas owned:
audit(AuditEvent, AuditChain, ArchivalCheckpoint) - S3 archival:
astrix-prod-audit-logbucket per Q-E10
PRD chapters that touch this domain
13-compliance-legal.md- regulatory retention obligations16-open-questions.md- Q-E7 (audit log storage: Postgres + hash chain + S3 Object Lock; replication SLO), Q-E10 (per-bucket policy)12-non-functional.md- audit-log RPO/RTO targets09-admin-backoffice.md- admin search of audit events
TDD chapters
(Empty - will populate.)
ADRs that affected this domain
- ADR-0001 (transversally applies)
Service interfaces this domain exposes
export interface AuditService {
// recordEvent(event: AuditEvent): Promise<AuditEntry>
// searchEvents(query: AuditQuery): Promise<AuditEntry[]>
// verifyChain(fromTimestamp, toTimestamp): Promise<ChainVerificationResult>
// exportRange(fromTimestamp, toTimestamp): Promise<ExportJobId>
// (full surface defined during audit TDD)
}
Events this domain produces / consumes
| Direction | Topic | Schema |
|---|---|---|
| consumes | * (all <domain>.*.audit topics) | The audit module subscribes to a curated set of audit-relevant events from every domain |
| produces | audit.entry.recorded | Confirmation that an event was hash-chained and written |
| produces | audit.archive.checkpoint | Periodic checkpoint of "everything up to offset N is archived to S3" |
| produces | audit.chain.broken | (Critical alert) Hash-chain integrity check failed |
External integrations
- AWS S3 with Object Lock COMPLIANCE (per Q-E10) - immutable archival
- MinIO - non-prod equivalent
Runbooks for this domain
(Empty - will populate. Expected high-priority: hash-chain broken, replication-lag-exceeds-60s, S3 Object Lock retention failure.)
On-call
To be filled in Section 17.6. Hash-chain integrity is Sev 0; replication lag is Sev 1.
Cross-domain dependencies
- This domain consumes events from: every other domain (it is a leaf consumer).
- This domain emits events consumed by:
admin(operational audit search),notifications(Sev 0 hash-chain-broken alert). - No synchronous outbound dependencies.