Ingest Audit Evidence
Audit consumes signed audit events from Redis, verifies integrity, writes append-only audit rows to Postgres, manages DLQ, and exposes operator search and metrics.
Runtime
Section titled “Runtime”| Property | Value |
|---|---|
| Port | 9090 |
| Health/readiness | GET /health, GET /ready |
| Metrics | GET /metrics, GET /metrics.json |
| Search | GET /api/audit/search |
| DLQ | GET /api/audit/dlq, GET /api/audit/dlq/{id}, POST /api/audit/dlq/replay |
Consumer Behavior
Section titled “Consumer Behavior”Audit consumes caracal.audit.events with the audit-ingestor consumer group. On startup it drains pending entries for its consumer, periodically claims orphaned entries, retries until AUDIT_MAX_DELIVERIES, and moves permanent failures to caracal.audit.events.dlq.
Integrity Controls
Section titled “Integrity Controls”| Control | Meaning |
|---|---|
AUDIT_HMAC_KEY | Verifies producer-signed events in published modes. |
| Tamper checks | Detect content hash mismatch, chain breaks, and HMAC failures. |
| Append-only database role | Audit role cannot update or delete audit_events. |
| Retention | AUDIT_RETENTION_DAYS, partitions, and optional export watermarks. |
Readiness Signals
Section titled “Readiness Signals”| Signal | Meaning |
|---|---|
| DLQ threshold | AUDIT_READY_DLQ_MAX controls readiness tolerance. |
| Consumer lag | AUDIT_READY_LAG_MAX controls accepted stream lag. |
| PEL age | AUDIT_READY_PEL_OLDEST_SECS_MAX controls pending-entry staleness. |
Next Step
Section titled “Next Step”Use Automate Management when remote automation needs the same product-management operations available in Console.

