Define governed platform event envelope
Some checks failed
Dependency Audit / dependency-audit (push) Has been cancelled
Module Matrix / module-matrix (push) Has been cancelled

This commit is contained in:
2026-07-10 17:48:33 +02:00
parent 0a130962d3
commit 81f0f649b5
3 changed files with 142 additions and 3 deletions

View File

@@ -58,6 +58,16 @@ Every `PlatformEvent` has:
- `correlation_id`: stable ID for the whole request, workflow, or job.
- `causation_id`: the event ID or external operation ID that caused this
event.
- `actor`: optional typed actor reference, for example user, API key, system
actor, delegated actor, or installer daemon.
- `tenant`: optional tenant reference when the event is tenant-scoped.
- `subject`: optional typed subject reference for the person, organization,
account, case, campaign, or other entity the event is about.
- `resource`: optional typed resource reference for the object changed or
observed by the event.
- `classification`: payload sensitivity, currently `public`, `internal`,
`confidential`, or `restricted`.
- `payload`: JSON-serializable module-owned event details.
The FastAPI app factory creates an event context for every request. It accepts
`X-Correlation-ID` or `X-Request-ID` when the value is a compact safe trace ID,
@@ -174,7 +184,10 @@ Campaign:
- Payloads must be JSON-serializable.
- Use stable IDs, not ORM objects.
- Include tenant ID when tenant-scoped.
- Include actor/principal references only as DTOs or primitive IDs.
- Include actor/principal, subject, and resource references only as typed DTOs
or primitive IDs.
- Set `classification` to the highest sensitivity needed by the envelope or
payload, not the lowest sensitivity of any individual field.
- Do not include secrets, raw message bodies, full recipient lists, or file
content.
- Put large evidence in owning module storage and reference it by ID.