Implement durable store contract and registration roadmap

2026-06-15 16:33:24 +02:00
parent 05596146c8
commit 2c94b40fc4
16 changed files with 1906 additions and 472 deletions
--- a/docs/contracts.md
+++ b/docs/contracts.md
@@ -89,6 +89,24 @@ without emitting outbox events.
 Local audit records may be exported as identity-canon `Evidence Source`
 references. Durable platform audit custody remains outside user-engine.

+## Durable Store Contract
+
+`UserEngineService` depends on the `UserEngineStore` protocol, not the
+in-memory adapter's concrete collections. Store implementations must expose
+schema readiness, logical record accessors, audit-log reads, pending-outbox
+reads, adapter-neutral record counts, and a `transaction` context for atomic
+mutations.
+
+Mutating writes happen after validation and authorization, inside the store
+transaction. Domain changes, local mutation audit records, and outbox events
+must commit or roll back together. Authorization-denial audit records must
+remain durable without outbox events, including when a denial occurs inside a
+composed mutation that rolls back other writes.
+
+Postgres-specific connection handling, SQL, locks, credentials, tenant
+isolation primitives, backup, restore, and platform observability remain
+adapter or provider concerns outside the domain service.
+
 ## Migration Contract

 The isolated store exposes `SCHEMA_VERSION = 0001_initial` and a `migrate`