08 — Event System

Deep dive on the eventing backbone as a product surface. The internal bus already exists (ADR-0006 outbox + NATS); this exposes it as change feeds, webhooks, and the trigger source for Functions — the nervous system of the programmable platform.


1. The event backbone, productized

flowchart TB
    classDef s fill:#fde68a,stroke:#b45309,color:#111827;
    classDef b fill:#fbcfe8,stroke:#be185d,color:#111827;
    classDef o fill:#bbf7d0,stroke:#15803d,color:#111827;
    src["domain mutations → transactional outbox (ADR-0006)"]:::s --> bus{{"NATS JetStream"}}:::b
    bus --> feed["Change-feed / stream API (cursor-based)"]:::o
    bus --> hook["Signed webhooks (retried, DLQ)"]:::o
    bus --> fn["Functions triggers (01 §2)"]:::o
    bus --> audit["Audit lake + SIEM export"]:::o
    bus --> notif["in-app / email notifications"]:::o

All five consumers ride one outbox-sourced, at-least-once, idempotent bus (ADR-0006) — no new core infra, just exposed surfaces.


2. Sub-features

EV-1 — Change-feed / event-stream API

Why Complexity Dependencies Resume
lets external systems react to file activity; integration backbone M bus (ADR-0006), cursor design (ADR-0024) Medium-high

EV-2 — Signed webhooks

Why Complexity Dependencies Resume
the universal integration primitive; expected of any platform S–M bus, delivery worker Medium (signing + reliable delivery details)

EV-3 — Event catalog & schema (Published Language)

Why Complexity Dependencies Resume
makes the event surface trustworthy + non-breaking S proto/codegen (ADR-0003) Low-medium

EV-4 — Audit lake & SIEM export

Why Complexity Dependencies Resume
enterprise security/compliance integration M bus, transparency log (02) Medium

3. Design notes

Scaling: the notifier/webhook tier is stateless and NATS-sharded by tenant; webhook delivery is a bounded, retrying worker pool (sync/10); the change feed reuses the journal + cursor, so it scales with the (sharded) metadata store (storage/08).


Priorities within events

EV-2 (webhooks) + EV-1 (change feed) first — cheap on the existing bus, unlock all integration + Functions. EV-4 is the enterprise security tie-in; EV-3 is the contract hygiene that makes the rest safe.