Architecture Decision Records (ADRs)
This section captures significant architectural decisions for RiskFlow. ADRs are short, durable records of what we decided and why, so future contributors do not re-litigate settled choices.
Index
| ADR | Title | Status |
|---|---|---|
| 003 — Vendor identity | Vendors are not Users; per-org links via VendorOrgLink | Accepted |
| 004 — 404 over 403 | Return 404 for cross-tenant resource misses | Accepted |
| 005 — Unified signatures | Single polymorphic Signature table for PnP and BAA; SHA-256 hash + DocumentVersion | Accepted |
Format
Each ADR follows a lightweight template:
- Status — Proposed, Accepted, Deprecated, or Superseded
- Context — The problem or forces at play
- Decision — What we chose
- Consequences — Trade-offs, follow-ups, and things to avoid
Related domain vocabulary lives in CONTEXT.md at the repo root.