Context
BSFG transports durable facts across independent zones (Enterprise, IDMZ, Plants). The boundary layer must guarantee:
- durable append before transmission
- replayability after network partition
- deterministic audit reconstruction
- zone autonomy
The buffering substrate therefore determines whether the system naturally preserves audit-grade historical evidence or behaves primarily as a task queue.
Options Considered
| Option | Description | Benefits | Drawbacks |
|---|---|---|---|
| Queue-centric messaging | Traditional broker queues (consume-and-delete semantics). |
- simple task dispatch
- mature tooling
|
- history disappears after consumption
- weak audit reconstruction
- replay requires external archiving
| | Database-backed event table | Append events into relational database tables. |
- familiar infrastructure
- SQL querying
|
- poor streaming characteristics
- operational coupling with application schema
- limited replay semantics
| | Log-centric streaming substrate (Selected) | Append-only fact streams retained for replay. |
- deterministic history
- natural replay
- fits compliance-by-design
- supports asynchronous replication
|
- requires retention governance
- log growth must be managed
|
Decision
BSFG will use a log-centric fact transport. Facts are appended to retained streams and replicated between zones.
Each zone operates its own JetStream domain containing a small fixed set of streams:
- facts.operational
- facts.audit
- facts.documents
Streams are partitioned by subject prefix rather than proliferating streams.
Consequences
Benefits:
- durable fact history
- deterministic replay across partitions
- compliance-friendly audit reconstruction
- clear separation between transport and interpretation
Tradeoffs:
- log retention must be governed
- large artifacts must be stored out-of-band in object storage