From de30150909a9a53240b0afd6159d3b76731f41fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pichai=20Takengrach=E2=80=8B?=
 <233528480+PichaiTK@users.noreply.github.com>
Date: Mon, 8 Jun 2026 17:10:54 +0700
Subject: [PATCH] Create audit.instructions.rst.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* https://github.com/PichaiTK-s/zero-trust-administrator/issues/178
* https://github.com/PichaiTK-s/zero-trust-administrator/pull/177
* https://github.com/PichaiTK-s/zero-trust-administrator/issues/179
> * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3371008437)
* https://github.com/PichaiTK-s/zero-trust-administrator/pull/177#discussion_r3371150089
* https://github.com/PichaiTK-s/zero-trust-administrator/pull/177#discussion_r3371156669
* https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3371008437
*> * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3371008437)
> * [.github/ISSUE_TEMPLATE/feature_request.md #176](https://github.com/PichaiTK-s/zero-trust-administrator/issues/176)
> * [.github/ISSUE_TEMPLATE/custom.yml #175](https://github.com/PichaiTK-s/zero-trust-administrator/issues/175)
> * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3370970171)
> * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3370963147)
> * > > Final Enterprise Flow:
>
> > > Cloudflare │ ▼ Frontend-App │ ▼ Security Center │ ▼ API Gateway │ ▼ Authentication Service User Service Audit Service Notification Service │ ▼ Kafka Event Bus │ ▼ Security Center Engine │ ├── Threat Detection ├── Incident Response ├── Risk Engine ├── Compliance Engine ├── PDPA Monitor └── SIEM Connector │ ▼ Grafana / Prometheus / Loki​
> > > ```
> > > > https://github.com/PichaiTK-s/zero-trust-administrator/pull/167#discussion_r3369796356
> > > ```tsx
> > > {
> > >   "scripts": {
> > >     "dev": "tsx watch server.ts",
> > >     "build": "tsc",
> > >     "start": "node dist/server.js"
> > >   }
> > > }
> > > ```
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > # Security Policy
> > > ## Supported Versions
> > > Use this section to tell people about which versions of your project are currently being supported with security updates.
> > > Version	Supported
> > > 5.1.x	✅
> > > 5.0.x	❌
> > > 4.0.x	✅
> > > < 4.0	❌
> > > ## Reporting a Vulnerability
> > > Use this section to tell people how to report a vulnerability.
> > > Tell them where to go, how often they can expect to get an update on a reported vulnerability, what to expect if the vulnerability is accepted or declined, etc.
> > > ## AI-powered device risk analysis (Risk Engine)
> > > Factors	Examples
> > > -​ OS_Version​	:Below_required:
> > > -​ Encryption​	:Disabled:
> > > -​ Location​	:Unusual_country:
> > > -​ Login​until​	:Late_at_night:
> > > -​ Jailbreak​ ​	:Detected:
> > > -​ App_Risk	:Dangerous_app:
> > > > Or, to use the new version of GitHub Issue Forms:
> > > > ```
> > > > .github/ISSUE_TEMPLATE/bug_report.yml
> > > > ```
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > There will be a UI form on GitHub.
> > >
> > >
> > > > [#158 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/158#discussion_r3369374856)
> > > > git fetch origin
> > > > git checkout 154-httpsgithubcompichaitk-sskills-hello-github-actionspull153discussion_r3369281209
> > >
> > >
> > >
> > > * [> https://github.com/PichaiTK-s/skills-hello-github-actions/pull/47#discussion_r3366619752 #48 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/issues/48#issue-4601880493)
> > > * [git fetch origin git checkout 48-httpsgithubcompichaitk-sskills-hello-github-actionspull47discussion_r3366619752 #50](https://github.com/PichaiTK-s/zero-trust-administrator/issues/50)
> > > * [git fetch origin git checkout 48-httpsgithubcompichaitk-sskills-hello-github-actionspull47discussion_r3366619752 #49](https://github.com/PichaiTK-s/zero-trust-administrator/issues/49)
> > > * [Create Security-center.ts #47 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/47#discussion_r3366619752)
> > > * [git fetch origin git checkout 53-httpsgithubcompichaitk-sskills-hello-github-actionspull52discussion_r3366737759 #54](https://github.com/PichaiTK-s/zero-trust-administrator/issues/54)
> > > * [Create CODEOWNERS #52 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/52#discussion_r3366740492)
> > > * [git fetch origin git checkout 69-httpsgithubcompichaitk-sskills-hello-github-actionspull68discussion_r3367069861 #70](https://github.com/PichaiTK-s/zero-trust-administrator/issues/70)
> > > * [Create based.rst.yml (#67) #68 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/68#discussion_r3367069861)
> > > * [Create audit-service.tsx #79 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/79#discussion_r3367189347)
> > > * [Create audit-service.tsx #79 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/79#discussion_r3367185040)
> > > * [Create Master.rst.yml #74 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/74#discussion_r3367109164)
> > > * [Create Master.rst.yml #74 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/74#discussion_r3367118162)
> > > * [Create CODEOWNERS #52 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/52#discussion_r3366737759)
> > > * [Create zero-trust-engine.ts #84 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/84#discussion_r3367244611)
> > > * [Create zero-trust-engine.ts #84 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/84#discussion_r3367249648)
> > > * [Create Zero-trust​-Advanced.rst.ts #91 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/91#discussion_r3367362685)
> > > * [Create Zero-trust​-Advanced.rst.ts #91 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/91#discussion_r3367372152)
> > > * [Create ZeroTrustStatus.tsx #112 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/112#discussion_r3367692684)
> > > * [Create ZeroTrustStatus.tsx #112 (review)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/112#pullrequestreview-4443163588)
> > > * [Create branch-strategy.rst.yml #116 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/116#discussion_r3367936214)
> > > * [Create branch-strategy.rst.yml #116 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/116#discussion_r3367946549)
> > > * [https://github.com/PichaiTK-s/skills-hello-github-actions/issues/118 #119](https://github.com/PichaiTK-s/zero-trust-administrator/issues/119)
> > > * [git fetch origin git checkout 117-httpsgithubcompichaitk-sskills-hello-github-actionspull116discussion_r3367936214 #118](https://github.com/PichaiTK-s/zero-trust-administrator/issues/118)
> > > * [git fetch origin git checkout 113-httpsgithubcompichaitk-sskills-hello-github-actionspull112discussion_r3367692684 #114](https://github.com/PichaiTK-s/zero-trust-administrator/issues/114)
> > > * [git fetch origin git checkout 75-httpsgithubcompichaitk-sskills-hello-github-actionspull74discussion_r3367109164 #76](https://github.com/PichaiTK-s/zero-trust-administrator/issues/76)
> > > * [75-httpsgithubcompichaitk-sskills-hello-github-actionspull74discussion_r3367109164 #77](https://github.com/PichaiTK-s/zero-trust-administrator/issues/77)
> > > * [git fetch origin git checkout 75-httpsgithubcompichaitk-sskills-hello-github-actionspull74discussion_r3367109164 #78](https://github.com/PichaiTK-s/zero-trust-administrator/issues/78)
> > > * [git fetch origin git checkout 80-httpsgithubcompichaitk-sskills-hello-github-actionspull79discussion_r3367185040 #81](https://github.com/PichaiTK-s/zero-trust-administrator/issues/81)
> > > * [git fetch origin git checkout 85-httpsgithubcompichaitk-sskills-hello-github-actionspull84discussion_r3367244611 #86](https://github.com/PichaiTK-s/zero-trust-administrator/issues/86)
> > > * [git fetch origin git checkout 85-httpsgithubcompichaitk-sskills-hello-github-actionspull84discussion_r3367244611 #87](https://github.com/PichaiTK-s/zero-trust-administrator/issues/87)
> > > * [git fetch origin git checkout 92-httpsgithubcompichaitk-sskills-hello-github-actionspull91discussion_r3367362685 #93](https://github.com/PichaiTK-s/zero-trust-administrator/issues/93)
> > > * [git fetch origin git checkout 123-httpsgithubcompichaitk-sskills-hello-github-actionspull122discussion_r3367996223 #125](https://github.com/PichaiTK-s/zero-trust-administrator/issues/125)
> > > * [Create .github.rst.md #122 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/122#discussion_r3367996223)
> > > * [git fetch origin git checkout 127-httpsgithubcompichaitk-sskills-hello-github-actionspull126discussion_r3368028892 #128](https://github.com/PichaiTK-s/zero-trust-administrator/issues/128)
> > > * [Update dependabot.yml #126 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/126#discussion_r3368028892)
> > > * [Create dependabot-auto-merge.yml #129 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/129#discussion_r3368063828)
> > > * [git fetch origin git checkout 130-httpsgithubcompichaitk-sskills-hello-github-actionspull129discussion_r3368063828 #131](https://github.com/PichaiTK-s/zero-trust-administrator/issues/131)
> > > * [.github/ISSUE_TEMPLATE/bug_report.yml PichaiTK/Type.text#14](https://github.com/PichaiTK/Type.text/issues/14)
> > > * [.github/ISSUE_TEMPLATE/bug_report.yml PichaiTK/Type.text#15](https://github.com/PichaiTK/Type.text/issues/15)
> > > * [.github/ISSUE_TEMPLATE/feature_request.yml PichaiTK/Type.text#16](https://github.com/PichaiTK/Type.text/issues/16)
> > > * [.github/ISSUE_TEMPLATE/custom_issue.yml PichaiTK/Type.text#17](https://github.com/PichaiTK/Type.text/issues/17)
> > > * [.github/ISSUE_TEMPLATE/config.yml PichaiTK/Type.text#18](https://github.com/PichaiTK/Type.text/issues/18)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md PichaiTK/Type.text#20](https://github.com/PichaiTK/Type.text/issues/20)
> > > * [.github/ISSUE_TEMPLATE/custom.yml PichaiTK/Type.text#21](https://github.com/PichaiTK/Type.text/issues/21)
> > > * [.github/ISSUE_TEMPLATE/feature_request.ym PichaiTK/Type.text#22](https://github.com/PichaiTK/Type.text/issues/22)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md #135](https://github.com/PichaiTK-s/zero-trust-administrator/issues/135)
> > > * [.github/ISSUE_TEMPLATE/custom.yml #136](https://github.com/PichaiTK-s/zero-trust-administrator/issues/136)
> > > * [.github/ISSUE_TEMPLATE/feature_request.yml #137](https://github.com/PichaiTK-s/zero-trust-administrator/issues/137)
> > > * [Create config.yml #133 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/133#discussion_r3368734012)
> > > * [Create config.yml #133 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/133#issuecomment-4641397876)
> > > * [Create config.yml #133 (review)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/133#pullrequestreview-4444382090)
> > > * [Create api-gateway.json #138 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/138#discussion_r3368870480)
> > > * [Create api-gateway.json #138 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/138#discussion_r3368876043)
> > > * [Create api-gateway.json #138 (review)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/138#pullrequestreview-4444536930)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md #140](https://github.com/PichaiTK-s/zero-trust-administrator/issues/140)
> > > * [.github/ISSUE_TEMPLATE/custom.yml #141](https://github.com/PichaiTK-s/zero-trust-administrator/issues/141)
> > > * [Create Frontend-App.rst.ts.tsx #142 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/142#discussion_r3369066664)
> > > * [Create Frontend-App.rst.ts.tsx #142 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/142#discussion_r3369074113)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md #144](https://github.com/PichaiTK-s/zero-trust-administrator/issues/144)
> > > * [.github/ISSUE_TEMPLATE/custom.yml #145](https://github.com/PichaiTK-s/zero-trust-administrator/issues/145)
> > > * _Originally posted by Pichai Takengrach​ (Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK))) in​ [https://github.com/PichaiTK-s/skills-hello-github-actions/pull/146#discussion_r3369116369​](https://github.com/PichaiTK-s/skills-hello-github-actions/pull/146#discussion_r3369116369%E2%80%8B)_
> > > * [.github/ISSUE_TEMPLATE/custom.yml #156](https://github.com/PichaiTK-s/zero-trust-administrator/issues/156)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md #155](https://github.com/PichaiTK-s/zero-trust-administrator/issues/155)
> > > * _Originally posted by Pichai Takengrach​ (Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK))) in [Update and rename feature_request.md to feature_request.rst.md #153 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/153#discussion_r3369281209)_
> > > * [.github/ISSUE_TEMPLATE/custom.yml #149](https://github.com/PichaiTK-s/zero-trust-administrator/issues/149)
> > > * [.github/ISSUE_TEMPLATE/bug_report.md #148](https://github.com/PichaiTK-s/zero-trust-administrator/issues/148)
> > > * [.github/ISSUE_TEMPLATE/config.yml #151](https://github.com/PichaiTK-s/zero-trust-administrator/issues/151)
> > > * [.github/ISSUE_TEMPLATE/feature_request.yml #150](https://github.com/PichaiTK-s/zero-trust-administrator/issues/150)
> > > * [Create Final-Enterprise-Flow.bash.rst.json.tsx.tsx #169 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/169#discussion_r3370743040)
> > > * [Create Final-Enterprise-Flow.bash.rst.json.tsx.tsx #169 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/169#discussion_r3370748762)
> > > * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3371008437)
> > > * [.github/ISSUE_TEMPLATE/feature_request.md #176](https://github.com/PichaiTK-s/zero-trust-administrator/issues/176)
> > > * [.github/ISSUE_TEMPLATE/custom.yml #175](https://github.com/PichaiTK-s/zero-trust-administrator/issues/175)
> > > * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3370970171)
> > > * [Create compliance.controller.tsx.ts.rst #173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3370963147)
> > > * [.github/ISSUE_TEMPLATE/feature_request.yml #171](https://github.com/PichaiTK-s/zero-trust-administrator/issues/171)
> > > * [> Final Enterprise Flow: #170](https://github.com/PichaiTK-s/zero-trust-administrator/issues/170)
> > > * [.github/ISSUE_TEMPLATE/config.yml #172](https://github.com/PichaiTK-s/zero-trust-administrator/issues/172)
> > > * 49699333​+dependabot​[bot]​@users.noreply.github.com​
> > > * [> Or, to use the new version of GitHub Issue Forms: #159](https://github.com/PichaiTK-s/zero-trust-administrator/issues/159)
> > > * [Create bug_report.rst.yml #158 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/158#discussion_r3369381550)
> > > * [Create bug_report.rst.yml #158 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/158#discussion_r3369374856)
> > > * [Update server.ts #146 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/146#discussion_r3369116369)
> > > * 233528480​[+PichaiTK@users.noreply.github.com](mailto:+PichaiTK@users.noreply.github.com)​
> > > * @types/node
> > > * @types/express
> > > * @types/cors
> > > * @types/morgan
> > > * @PichaiTK/apps
> > > * @PichaiTK/packages
> > > * @PichaiTK/security
> > > * @PichaiTK/compliance
> > > * @PichaiTK/.github
> > > * Pichai Takengrach​ (Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK)))
> > >
> > > _Originally posted by Pichai Takengrach​ (Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK))) in [#158 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/158#discussion_r3369381550)_
> > > _Originally posted by Pichai Takengrach​ (Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK))) in [#167 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/167#discussion_r3369798843)_
> >
> >
> > _Originally posted by Pichai Takengrach​ (Pichai Takengrach​ (@PichaiTK)) in [#169 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/169#discussion_r3370748762)_
>
> _Originally posted by Pichai Takengrach​ (@PichaiTK) in [#173 (comment)](https://github.com/PichaiTK-s/zero-trust-administrator/pull/173#discussion_r3370970171)_

233528480​+PichaiTK@users.noreply.github.com​

_Originally posted by @PichaiTK in https://github.com/PichaiTK-s/zero-trust-administrator/pull/177#discussion_r3371156669_
---
 .../audit.instructions.rst.md                 | 210 ++++++++++++++++++
 1 file changed, 210 insertions(+)
 create mode 100644 .github/instructions/repository.instructions.md/security.instructions.md/pdpa.instructions.md/frontend.instructions.md/backend.instructions.md/zero-trust.instructions.md/audit.instructions.rst.md

diff --git a/.github/instructions/repository.instructions.md/security.instructions.md/pdpa.instructions.md/frontend.instructions.md/backend.instructions.md/zero-trust.instructions.md/audit.instructions.rst.md b/.github/instructions/repository.instructions.md/security.instructions.md/pdpa.instructions.md/frontend.instructions.md/backend.instructions.md/zero-trust.instructions.md/audit.instructions.rst.md
new file mode 100644
index 0000000..abd0db4
--- /dev/null
+++ b/.github/instructions/repository.instructions.md/security.instructions.md/pdpa.instructions.md/frontend.instructions.md/backend.instructions.md/zero-trust.instructions.md/audit.instructions.rst.md
@@ -0,0 +1,210 @@
+# AI-HUB-ENTERPRISE Repository Instructions
+
+## Project Overview
+
+Enterprise-grade AI Platform implementing:
+
+* Zero Trust Architecture
+* Cloud Native Infrastructure
+* AI Governance
+* DevSecOps
+* PDPA Compliance
+* GDPR
+* ISO27001
+* SOC2
+
+## Repository Rules
+
+* TypeScript First
+* Security First
+* Compliance First
+* Test Driven Development
+* Infrastructure as Code
+* Audit Everything
+
+## Architecture
+
+Frontend → API Gateway → Services → Event Bus → Data Layer
+
+## Standards
+
+* pnpm workspace
+* Turborepo
+* Docker
+* Kubernetes
+* Terraform
+
+## Pull Request Requirements
+
+* Tests Passing
+* Security Scan Passing
+* No Secrets
+* Audit Logging Implemented
+* Documentation Updated
+
+# Security Instructions
+
+## Zero Trust Principles
+
+* Never trust by default
+* Verify explicitly
+* Least privilege access
+* Continuous validation
+
+## Authentication
+
+Required:
+
+* OAuth2
+* OIDC
+* WebAuthn
+* MFA
+
+## Authorization
+
+Required:
+
+* RBAC
+* ABAC
+* Policy Enforcement
+
+## Security Controls
+
+* Audit Logging
+* Threat Detection
+* Session Monitoring
+* Device Trust Validation
+
+## Forbidden
+
+* Hardcoded Secrets
+* Plaintext Credentials
+* Disabled Authentication
+* Excessive Permissions
+
+# PDPA Compliance Instructions
+
+## Thailand PDPA Requirements
+
+All systems must:
+
+* Minimize data collection
+* Encrypt sensitive data
+* Log access events
+* Support consent management
+* Support data deletion requests
+* Support data export requests
+
+## Personal Data
+
+Protect:
+
+* Names
+* Addresses
+* Phone Numbers
+* Email Addresses
+* Government IDs
+
+## Retention
+
+Data retention must be documented.
+
+## Audit
+
+Every personal data access must be logged.
+
+## Incident Response
+
+Personal data breaches must be reportable.
+
+# Frontend Instructions
+
+Technology:
+- Next.js
+- React
+- TypeScript
+- Tailwind
+
+Requirements:
+- RBAC UI Controls
+- MFA Support
+- Accessibility
+- Security Headers
+- CSP Compatible
+
+Pages:
+- Dashboard
+- Security Center
+- Audit Center
+- Compliance Center
+- AI Console
+
+Forbidden:
+- Local Storage Secrets
+- Hardcoded Tokens
+
+# Backend Instructions
+
+Services:
+- API Gateway
+- Auth Service
+- User Service
+- Audit Service
+- Notification Service
+
+Requirements:
+- OpenAPI
+- Audit Logs
+- Rate Limiting
+- Input Validation
+- Structured Logging
+
+Must Support:
+- OAuth2
+- OIDC
+- WebAuthn
+- Kafka Events
+
+# Zero Trust Instructions
+
+Architecture:
+
+Cloudflare
+↓
+API Gateway
+↓
+Authentication
+↓
+Authorization
+↓
+Microservices
+↓
+Data Layer
+
+Rules:
+
+- Verify every request
+- Verify device trust
+- Verify session trust
+- Verify user trust
+- Continuous monitoring
+- Risk-based access control
+
+# Audit Instructions
+
+Every service must:
+
+- Generate audit events
+- Use correlation IDs
+- Store immutable logs
+- Export to SIEM
+
+Required Fields:
+
+- timestamp
+- userId
+- action
+- resource
+- ipAddress
+- deviceId
+- result