Microservices¶
Target Architecture — Final-State Design
This page describes the final-state set of eleven independently deployable microservices under the ConnectSoft.Factory.Governance.* namespace. Each follows the ConnectSoft.MicroserviceTemplate Clean Architecture layout, runs on .NET 10 / ASP.NET Core, messages over MassTransit on Azure Service Bus, and persists to a per-service Azure SQL / PostgreSQL database via NHibernate.
The platform is realised as eleven microservices across seven bounded contexts. Every service owns its data (database-per-service), exposes a thin REST/gRPC surface, and communicates with peers through the canonical Event Envelope.
Service Catalogue¶
| Microservice | Responsibility | APIs | Events | Aggregate Roots | Store |
|---|---|---|---|---|---|
PolicyDefinitionService |
System of record (policy administration point) for versioned policy definitions and rules. | POST /policies |
PolicyDefined |
PolicyDefinition, PolicyRule |
Azure SQL / PostgreSQL |
PolicyEngineService |
Inline policy decision point (PDP) other platforms call; composes evaluation, decides gates, emits decisions. | POST /policies/evaluate |
PolicyDecisionRecorded |
PolicyDecision |
Azure SQL / PostgreSQL |
PolicyEvaluationService |
Deterministic RBAC/ABAC rule evaluation against a request context (subject, resource, action, classification, risk). | (internal gRPC) | PolicyDecisionRecorded |
PolicyDecision (read), PolicyRule (read) |
Azure SQL / PostgreSQL |
ApprovalService |
Human approval gates: create requests, route, approve/reject, timeout/escalation. | POST /approvals, POST /approvals/{approvalId}/approve, POST /approvals/{approvalId}/reject |
ApprovalRequested, ApprovalGranted, ApprovalRejected |
ApprovalRequest, ApprovalDecision |
Azure SQL / PostgreSQL |
AuditService |
Immutable, tamper-evident audit trail; query and export. | GET /audit |
AuditEntryRecorded |
AuditEntry |
Azure SQL / PostgreSQL + Blob (exports) |
ComplianceReportService |
Generate compliance reports and evidence bundles for frameworks. | POST /compliance/reports |
ComplianceReportGenerated |
ComplianceReport |
Azure SQL / PostgreSQL + Blob (evidence) |
SecurityFindingService |
Ingest, deduplicate, triage, and track security findings from scans. | POST /security-findings |
SecurityFindingRaised |
SecurityFinding |
Azure SQL / PostgreSQL |
SecretGovernanceService |
Govern secret references in Key Vault (never values); leakage detection and rotation policy. | (internal gRPC) | SecurityFindingRaised (leak) |
SecretReference |
Azure SQL / PostgreSQL + Azure Key Vault (references) |
TenantIsolationPolicyService |
Define and enforce tenant isolation rules (cross-tenant access, residency). | (internal gRPC) | PolicyDecisionRecorded |
TenantIsolationRule |
Azure SQL / PostgreSQL |
DataClassificationService |
Classify data/artifacts and drive handling policy from labels. | (internal gRPC) | DataClassified |
DataClassification |
Azure SQL / PostgreSQL |
RiskScoringService |
Compute composite risk scores for actions, artifacts, and tenants. | (internal gRPC) | RiskScored |
RiskScore |
Azure SQL / PostgreSQL |
API surface
The eight public REST endpoints are documented in full on APIs. Services marked (internal gRPC) are consulted inline by other platforms and by PolicyEngineService over gRPC (ConnectSoft.Extensions.ServiceModel.Grpc); they do not expose public REST.
Service Interaction¶
flowchart TB
Caller["Calling platform<br/>(Control Plane / Agent Mesh / DevOps / Knowledge)"]
Engine["PolicyEngineService"]
Eval["PolicyEvaluationService"]
Def["PolicyDefinitionService"]
Iso["TenantIsolationPolicyService"]
Class["DataClassificationService"]
Risk["RiskScoringService"]
Approval["ApprovalService"]
Audit["AuditService"]
Finding["SecurityFindingService"]
Secret["SecretGovernanceService"]
Compliance["ComplianceReportService"]
Caller -->|evaluate| Engine
Engine -->|load rules| Def
Engine -->|evaluate rules| Eval
Eval -->|isolation attrs| Iso
Eval -->|classification labels| Class
Eval -->|risk inputs| Risk
Engine -->|gate required| Approval
Engine -->|decision| Audit
Approval -->|decision| Audit
Finding -->|finding signal| Risk
Secret -->|leak finding| Finding
Compliance -->|read decisions| Audit
Compliance -->|read findings| FindingService Notes¶
PolicyEngineServiceis the only service in the request path for inline gating. It is stateless beyond thePolicyDecisionit records, horizontally scaled, and latency-budgeted (see Observability). It composes results fromPolicyEvaluationServiceand decides — based on the matched rules'gateattribute and the suppliedRiskScore— whether to returnAllow,Deny, orRequiresApproval.PolicyDefinitionServiceversions every policy and rule; a published definition is immutable (a change creates a new version), enabling deterministic replay of historical decisions.ApprovalServiceis the only stateful long-running domain (requests can stay open for hours/days); its timeouts are driven by theApprovalTimeoutWorker.AuditServiceis write-optimised and append-only; reads are served from indexed projections, and long-term evidence is exported to Blob by theAuditExportWorker.SecretGovernanceServicestores onlySecretReferencerows (vault URI, version, owner, rotation metadata). Secret material lives exclusively in Azure Key Vault.TenantIsolationPolicyService,DataClassificationService, andRiskScoringServiceare suppliers to the Policy context, feeding ABAC attributes and risk inputs into evaluation.
Cross-cutting concerns¶
All services share the factory baseline: OpenIddict-based OAuth2/JWT authentication, RBAC/ABAC authorization, tenant isolation via ConnectSoft.Extensions.Saas.* and ConnectSoft.Extensions.WebSecurity, structured audit via ConnectSoft.Extensions.AuditNet, Serilog + OpenTelemetry observability, and health checks (ConnectSoft.Extensions.Diagnostics.HealthChecks). See Security and Deployment.
Related¶
- Overview · Bounded Contexts · APIs · Workers · Events · Aggregate Roots · Storage
- Reference: Naming Conventions · Event Envelope