Skip to main content

Events & audit

Canonical rules: event-naming, events-append-only, audit-critical.

Domain events

Modules communicate via append-only domain events published through a transactional outbox. Never make HTTP calls between apps for state changes — see no-cross-app-imports.

  • Publisher: @constellation-platform/events — call publish(tx, { eventType, payload, meta }) inside the same transaction as the mutation.
  • Naming: <schema>.<entity>.<verb-past-tense> — see event-naming for examples and legacy exceptions.
  • Stability: events shipped to subscribers are append-only contracts — see events-append-only for additive vs. breaking change rules.

Audit log

Security-critical mutations (permission changes, role assignments, authentication failures, clearance changes, tenant administration) use auditCritical() from @constellation-platform/audit. It writes the audit row AND publishes an audit.entry.created outbox event in the current transaction, so audit + downstream SIEM / compliance pipelines are kept in lockstep with the mutation.

See audit-critical for the canonical rule. The Tamper-evident chain page covers the hash-chain design; Operations covers retention; Architecture covers the canonical row model. The full spec entry point is Universal Audit Log Specification.