Bounded Contexts¶

Target Architecture — Final-State Design

This page describes the final-state domain decomposition of the Governance, Security & Compliance Platform into seven bounded contexts under the ConnectSoft.Factory.Governance.* namespace, following the Clean Architecture and DDD conventions in Naming Conventions.

The platform is decomposed into seven bounded contexts. Each owns its aggregate roots, its database (database-per-service), and its slice of the policy and trust responsibilities. Contexts communicate only through commands and canonical domain events — never by reaching into one another's stores.

Context Map¶

flowchart TB
    Policy["Policy Context<br/>PolicyDefinition · PolicyRule · PolicyDecision"]
    Approval["Approval Context<br/>ApprovalRequest · ApprovalDecision"]
    Audit["Audit Context<br/>AuditEntry"]
    Compliance["Compliance Context<br/>ComplianceReport"]
    Security["Security Context<br/>SecurityFinding · SecretReference"]
    Isolation["Isolation &amp; Classification Context<br/>TenantIsolationRule · DataClassification"]
    Risk["Risk Context<br/>RiskScore"]

    Policy -->|"requires human gate"| Approval
    Policy -->|"records decision"| Audit
    Approval -->|"records decision"| Audit
    Isolation -->|"supplies rules &amp; labels"| Policy
    Risk -->|"supplies risk inputs"| Policy
    Security -->|"raises findings"| Risk
    Compliance -->|"reads decisions, findings, audit"| Audit
    Compliance -->|"reads findings"| Security

Hold "Alt" / "Option" to enable pan & zoom

Relationship styles. The Policy context is the customer/supplier upstream for Approval (Policy decides a gate is needed; Approval fulfils it). Isolation & Classification and Risk are suppliers to Policy (they provide ABAC attributes and risk inputs). Audit is a published-language sink that every context writes to via the canonical Event Envelope. Compliance is a conformist consumer that reads from Audit, Security, and Policy to assemble evidence.

Context Catalogue¶

Bounded Context	Responsibility	Microservices	Aggregate Roots
Policy	Author, version, and evaluate policy-as-code (RBAC/ABAC); record decisions.	`PolicyDefinitionService`, `PolicyEngineService`, `PolicyEvaluationService`	`PolicyDefinition`, `PolicyRule`, `PolicyDecision`
Approval	Human approval gates: requests, routing, timeout/escalation, decisions.	`ApprovalService`	`ApprovalRequest`, `ApprovalDecision`
Audit	Immutable, tamper-evident audit trail and exports.	`AuditService`	`AuditEntry`
Compliance	Compliance reporting and evidence bundles for frameworks.	`ComplianceReportService`	`ComplianceReport`
Security	Security findings and secret-reference governance.	`SecurityFindingService`, `SecretGovernanceService`	`SecurityFinding`, `SecretReference`
Isolation & Classification	Tenant isolation rules and data classification labels.	`TenantIsolationPolicyService`, `DataClassificationService`	`TenantIsolationRule`, `DataClassification`
Risk	Composite risk scoring for actions, artifacts, and tenants.	`RiskScoringService`	`RiskScore`

Context Responsibilities in Detail¶

Policy¶

The heart of the platform and the policy decision point (PDP). PolicyDefinitionService is the system of record for versioned policy definitions and rules (the policy administration point). PolicyEvaluationService evaluates rules against a request context (subject, resource, action, environment, classification, risk) and produces a PolicyDecision. PolicyEngineService is the inline gateway other platforms call; it composes evaluation, decides whether a human gate is needed, and emits the decision. Governs agent permissions, artifact policy, deployment gates, cost budgets, and prompt safety.

Approval¶

Owns the human-in-the-loop lifecycle. When a PolicyDecision flags a gate, the Approval context raises an ApprovalRequest, routes it to authorized approvers, enforces timeouts and escalation, and records each ApprovalDecision. Governs the human approval domain.

Audit¶

The append-only, tamper-evident system of record for governance-relevant actions. Every other context writes AuditEntry records (via ConnectSoft.Extensions.AuditNet); the context owns hash-chaining and long-term export to Blob. Governs compliance evidence capture.

Compliance¶

Assembles point-in-time compliance reports and evidence bundles by reading decisions, findings, and audit entries. Maps controls to framework requirements (GDPR/SOC 2/HIPAA-style policy packs). Governs compliance evidence production.

Security¶

Two concerns under one trust umbrella. SecurityFindingService ingests, deduplicates, and tracks SecurityFindings from scans. SecretGovernanceService governs SecretReferences — pointers into Azure Key Vault, never secret values — and drives leakage detection and rotation. Governs the secrets domain.

Isolation & Classification¶

Defines the boundaries. TenantIsolationPolicyService owns TenantIsolationRules (cross-tenant access, residency), backed by ConnectSoft.Extensions.Saas.*/ConnectSoft.Extensions.WebSecurity. DataClassificationService owns DataClassification labels that drive handling policy. Governs tenant isolation and memory access.

Risk¶

Computes composite RiskScores from findings, classifications, and behavioural signals, feeding risk-adaptive gates back into the Policy context. Governs the risk inputs to cost budgets and prompt safety.

Overview · Microservices · Aggregate Roots · Events
Reference: Naming Conventions · Event Envelope · Metadata Schema