Audit Service — Service Readiness
Status: populated Owner: TBD Last updated: 2026-04-18 Companion: Service Template · DEFINITION_OF_DONE
1. Readiness gate overview
The Audit Service is a platform-critical compliance service. It must be live before any other service goes to production (S0). Production deploy is blocked until all gates are green.
2. Gate checklist
Gate 1 — Documentation
| Check | Status | Verifier |
|---|---|---|
| All 17 canonical docs populated (not stubs) | ☐ | Tech Lead |
EPICS.md + USER_STORIES.md in Jira | ☐ | Product Owner |
SECURITY_MODEL.md reviewed and signed | ☐ | Security Lead + Compliance Officer |
| Chain integrity verification procedure documented | ☐ | SRE |
Gate 2 — Code quality
| Check | Status | Verifier |
|---|---|---|
| TypeScript strict; zero errors | ☐ | CI |
| ESLint: zero violations; hexagonal import rules pass | ☐ | CI |
| Unit test coverage ≥ 80 % (domain + application) | ☐ | CI |
| Integration test coverage ≥ 70 % | ☐ | CI |
test/integration/tenant-isolation.spec.ts green | ☐ | CI — mandatory |
test/integration/outbox.spec.ts green | ☐ | CI — mandatory |
test/integration/inbox.spec.ts green | ☐ | CI — mandatory |
Deduplication test: duplicate source_event_id silently skipped | ☐ | CI — mandatory |
| Chain-hash correctness test | ☐ | CI — mandatory |
| Pact consumer tests green | ☐ | CI |
Gate 3 — Security and compliance
| Check | Status | Verifier |
|---|---|---|
audit_app DB role: UPDATE/DELETE on audit_entries verified revoked | ☐ | DBA |
| RLS + JWT-scoped queries verified (cross-tenant query returns 403) | ☐ | Security Lead |
| Export signed URL TTL enforced | ☐ | Security Lead |
Meta-audit: bulk export request creates AuditEntry | ☐ | Compliance Officer |
| 7-year retention partition policy applied and tested | ☐ | DBA |
| GDPR disclosure endpoint returns patient-scoped entries only | ☐ | Compliance Officer |
Gate 4 — Observability
| Check | Status | Verifier |
|---|---|---|
| OTEL traces visible in Grafana Tempo | ☐ | SRE |
| Key Prometheus metrics publishing | ☐ | SRE |
| Grafana dashboards deployed | ☐ | SRE |
AuditIngestionStopped alert configured and tested | ☐ | SRE |
AuditChainIntegrityFailed alert configured — CRITICAL severity | ☐ | SRE |
| Chain integrity job scheduled and producing metrics | ☐ | SRE |
| DLQ alert configured | ☐ | SRE |
Gate 5 — Operations
| Check | Status | Verifier |
|---|---|---|
| Canary deploy (5 %, 30 min) in staging; rollback verified | ☐ | SRE |
| Wildcard NATS consumer verified for all source service streams | ☐ | Platform Eng |
| Export file upload to object storage verified in staging | ☐ | SRE |
Pod disruption budget minAvailable=1 set | ☐ | SRE |
| On-call rotation assigned | ☐ | Engineering Manager |
SERVICE_RISK_REGISTER.md CRITICAL/HIGH risks mitigated | ☐ | Tech Lead |
3. Sign-off matrix
| Gate | Required signers |
|---|---|
| 1 — Documentation | Tech Lead, Product Owner, Compliance Officer |
| 2 — Code quality | CI + Tech Lead |
| 3 — Security | Security Lead, DBA, Compliance Officer |
| 4 — Observability | SRE Lead |
| 5 — Operations | SRE Lead, Engineering Manager |
4. Readiness levels
| Level | Description | Target |
|---|---|---|
| L1 | Service boots; wildcard NATS consumer active; INSERT to Postgres working | M0 |
| L2 | All platform events ingested; query API live; chain-hash verified | M0 |
| L3 | Export jobs working; GDPR disclosure endpoint live; 7-year partition policy applied | M1 |
| L4 | Full SLO-governed; chaos-tested; all gates green | M1 |