Story: Service accounts and audit
Table of Contents
This page documents a story in Sprint 11. It captures the goal, current status, acceptance criteria, and the tasks that compose it.
Goal
Give services their own identities and separate audit fields for
who at the database layer (modified_by) from who at the
application layer (performed_by).
Status
| Field | Value |
|---|---|
| State | DONE |
| Parent sprint | Sprint 11 |
| Now | Completed 2026-02-04. |
| Waiting on | None. |
| Next | None. |
| Last touched | 2026-02-04 |
Acceptance
- Account types: user / service / algorithm / LLM.
- Service accounts authenticate via session, no password.
performed_byon 42 domain tables via codegen.- Telemetry async-sink deadlock fixed.
- Tenant-aware pool fails fast on missing tenant.
Tasks
| Task | State | Start | End | Description |
|---|---|---|---|---|
| Add system accounts for services | DONE | 2026-05-19 | 2026-02-04 | account_type classifications (user / service / algorithm / LLM); session-only authentication for service accounts; performed_by audit field across 42 tables (codegen-driven); telemetry async-sink deadlock fix; tenant_aware_pool fail-fast. |
Decisions
- Split modified_by from performed_by
modified_byis the database user (often shared);performed_byis the actual application actor (the human via Qt, or the service account). Audit needs both.
Out of scope
- Per-service rate limits or quotas.
See also
None.