Skip to content

BFF Audit Authority Policy (Odoo-Aligned)

Purpose

Define a permanent, system-level policy for mutation tracking of article and product content.

Policy Statement

  • The GraphQL BFF is the only approved gateway for content mutation.
  • Odoo is the authoritative audit system for create/update/delete accountability.
  • Local markdown files in oves-sites are editorial staging artifacts, not authoritative audit records.

Mandatory Audit Fields on Mutable Entities

For Article, ArticleCollection, Product, and ProductCollection:

  • createdAt
  • createdBy
  • updatedAt
  • updatedBy

Notes:

  • updatedAt alone is insufficient for accountability.
  • createdBy/updatedBy must represent authenticated actor identity derived server-side.

Identity Source of Truth

  • Actor identity must be resolved from authenticated request context in BFF (session/JWT/SSO principal).
  • Client payload must never provide authoritative identity values.
  • If actor identity is unavailable, BFF must apply a deterministic fallback (for example system:bff) and emit an operational warning.

Non-Public Accountability Rule

  • Real editor credentials/identities are operational data and must not be stored in public article markdown metadata.
  • Public-facing author may be editorial brand or pseudonym and is separate from internal actor identity.

Enforcement Requirements

  • All create/update/delete and relationship mutations must stamp/update audit fields.
  • Relationship mutations (for example article collection membership updates) must update parent updatedAt and updatedBy.
  • Schema and resolver behavior must be covered by tests.

Implementation Guidance

  • Do not accept createdBy/updatedBy in GraphQL mutation input objects.
  • Set audit fields in resolver/service layer only.
  • Keep Odoo as the final source for operational audit history.