Audit Service — AI Integration
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · AI Gateway Service
N/A for this service
The Audit Service makes no AI/ML model calls and does not integrate with the AI Gateway Service as a caller.
Rationale
| Reason | Detail |
|---|---|
| Append-only immutability | The audit store is write-once by design. Injecting AI-generated content or AI-modified records would violate the tamper-evident guarantee that is the service's entire purpose. |
| No inference tasks | The service performs deterministic, rule-based operations: event normalisation, SHA-256 chain-hash computation, filter-based querying, and NDJSON/CSV export. None of these benefit from AI assistance. |
| Separation of concerns | If a future compliance feature requires AI-assisted anomaly detection (e.g., "flag suspicious access patterns"), that capability belongs to a dedicated analytics service or population-health-service — not in the audit write path. |
| Security surface | Introducing an outbound AI call from the audit service would add a new network dependency that could be used as an exfiltration vector; the audit service's attack surface must be minimised. |
Passive consumer of AI events
The audit service consumes ai.* domain events produced by ai-gateway-service (e.g., ai_gateway.assist.completed.v1, ai_gateway.decision.accepted.v1). It stores these as immutable AuditEntry rows alongside all other platform events. This is not an AI integration — it is standard event ingestion.
| Event consumed | Stored as |
|---|---|
ai_gateway.assist.requested.v1 | AuditEntry { eventType: AI_ASSIST_REQUESTED } |
ai_gateway.assist.completed.v1 | AuditEntry { eventType: AI_ASSIST_COMPLETED } |
ai_gateway.decision.accepted.v1 | AuditEntry { eventType: AI_DECISION_ACCEPTED } |
ai_gateway.decision.rejected.v1 | AuditEntry { eventType: AI_DECISION_REJECTED } |
ai_gateway.moderation.flagged.v1 | AuditEntry { eventType: AI_MODERATION_FLAGGED } |
If this assessment changes (e.g., an anomaly-detection feature is added), update this document and the SERVICE_RISK_REGISTER.md to reflect the new AI call with HITL policy, moderation requirements, and PHI handling.