Skip to content
AskFlorence
Main Navigation ArchitectureFlorence AIAgentsMembersAgent PlatformValidationInfrastructure

Appearance

Sidebar Navigation

Overview

Home

Glossary

System Architecture

Consumer & Agent Flow

Florence AI

Overview

Principles

Runtime

Tool surface

Adding a tool

Tool registry

Knowledge: SBC scenarios & CSR

Voice

Evals & observability

Provider risk & portability

Outage playbook

Roadmap

Build plan

Agents

Overview

Workflows & pain points

Members

Overview

Medicaid coverage gap

Carriers

Overview

Marketplaces

Overview

Agency

Overview

Regulations

Overview

Agent Platform

Overview

Auth Architecture

MongoDB Permissioning

Compliance Model

Data Models

Data Sources

Overview

CMS Marketplace API

CMS dependency map

PUF Data

State Subsidies

SBE Ingestion Playbook

SBE State Watchouts + Decisions

CA Phase C/D Playbook

NY Phase C/D Playbook

Validation

Overview

Methodology

APTC Formula

California 2026

New York 2026

CAPS Formula

Scenario Results

Infrastructure

Account Inventory

AWS Setup Runbook

AWS Organizations

CloudTrail

GuardDuty

Security Hub

Config

CloudFront + WAFv2

Data sources & ingest

Phase 4 DNS

Change Log

Vulnerability Management

MongoDB Setup

Access Control

Data Classification

Documentation Hosting

Post-deploy Smoke

Development

Preflight (local CI mirror)

Testing strategy

Compliance

Overview (auditor entry point)

SOC 2 Control Mapping

HIPAA Control Mapping

CMS EDE Appendix A Mapping

Risk Assessment

Encryption Policy

Data Retention Policy

Privacy Impact Assessment

Consent Capture & Versioning

Incident Response Plan

Access Control Policy

Marketing vs. Portal Analytics

Vendor / Subprocessor Register

Dependency Vulnerability Policy

BAA / Compliance Evidence

Compliance-Automation Integration

Compliance-Automation Vendor Evaluation

Penetration Test Reports

Architecture

Portal entry handoff

Mobile app strategy

Deferred architecture decisions

Session cookie architecture

Share flows

Decisions (ADRs)

Index

0001 — Atlas project isolation

0002 — Append-only audit log

0003 — Narrow-scoped Mongo users

0004 — Cross-cluster Atlas PrivateLink

0005 — Delayed-job architecture

0006 — Mongo user simplification

0007 — Terraform owns ECS task def

0008 — E2E testing strategy

0009 — Self-hosted analytics + observability (superseded)

0010 — PostHog HIPAA Cloud (supersedes 0009)

Runbooks

Security Incident Response

Break-Glass Root Login

Onboard Team Member

Offboard Team Member

Atlas user provisioning

Deploy via Terraform (ENG-277)

Rollback via Terraform (ENG-277)

S3 data bucket migration (planned Phase 11)

Access Reviews

2026-Q2 Review

Session log

Index

2026-04-23 — Phase 10 DNS cutover

2026-04-22 — Phase 8 prod AWS mirror

2026-04-22 — Phase 7 Atlas VPC peering

2026-04-22 — Phase 6 CloudFront + WAF

2026-04-21 — Phase 5 staging go-live

2026-04-17 — Atlas staging

Briefs

Index

Member portal plan (ENG-187)

2026-04-16/17 handoff

2026-04-17 Atlas handoff

System briefing (2026-04-17)

Creative AdBundance proposal brief

Creative AdBundance analytics brief

ElevenLabs RN integration research

Policies

Overview

On this page

ADR 0002 — Append-only enforcement of agent_audit_log at the DB layer ​

Status ​

Accepted — 2026-04-17.

Context ​

The agent_audit_log collection records every auth event, admin action, and data change that touches agent or member records starting in Phase 5. HIPAA §164.312(b) requires audit controls that record and examine activity on systems containing ePHI. CMS EDE Audit Program Appendix A § 9 requires access-control logging with a retention window. SOC 2 CC7.2 asks the entity to detect anomalies — which only works if the log cannot be tampered with after the fact.

The naive implementation would grant the agent portal's Mongo user readWrite on agent_audit_log and rely on application code to never call updateOne or deleteOne against it. That leaves two failure modes:

  1. A future code path (or a LLM-written migration) silently mutates the log.
  2. A compromised app-layer credential lets an attacker rewrite their own trail.

Both defeat the audit function.

Decision ​

Mutability of agent_audit_log is blocked at the database permission layer, not in application code. The Mongo roles that write to the collection (role_writer_agents, role_admin_agents) hold only FIND and INSERT privileges on it — no UPDATE, no REMOVE. Reads for compliance use role_audit_reader which has FIND only.

No Mongo user issued to the application can mutate or delete from the audit log. The only way to tamper is to escalate to an Atlas-admin credential, which is not held by any app-tier user and is not stored in any env file.

Consequences ​

Positive:

  • Tamper-resistance is a property of the schema permission model, independent of application code correctness.
  • Reviewers (SOC 2, HIPAA, EDE) can verify the property by reading the Atlas role JSON, not by reading every app route.
  • Bugs in application code cannot accidentally corrupt the log.

Accepted costs:

  • Probe rows written during verification cannot be cleaned up without revoking the append-only guarantee. We leave them; they age out with the collection's retention window (target 6-10 years, to be enforced via TTL index in Phase 5).
  • Schema evolution of the log (e.g. adding a new field to historic records) requires an Atlas-admin credential, which is an intentional break-glass operation.

Alternatives considered ​

  • App-layer enforcement only — rejected; see Context.
  • Write the audit trail to an external immutable store (CloudWatch, S3 Object Lock, Atlas App Services) — viable and complementary, not a replacement. Will be revisited when the AWS migration completes; at that point we may mirror agent_audit_log inserts into CloudWatch Logs with a retention lock for defense in depth. This ADR does not preclude that.

References ​

  • Issue #56 — MongoDB permissioned users setup
  • ADR 0003 — Narrow-scoped MongoDB users per Issue #56
  • HIPAA 45 CFR §164.312(b) — Audit controls
  • CMS EDE Audit Program Appendix A § 9 — Access Control Logging
  • SOC 2 TSC 2017 — CC7.2
Pager
Previous page0001 — Atlas project isolation
Next page0003 — Narrow-scoped Mongo users

AskFlorence Internal Documentation. Not for public distribution.

AskFlorence

Internal Documentation

Access restricted. Not for public distribution.