Shipped decisions
Rationale for the design choices behind Wrkbelt's current architecture. Each page describes a present-tense architectural property and explains why it is shaped this way.
In this section
- Audit writes are two-tier (sync + async) — why the audit service splits sensitive vs. routine writes
- Authorization is dual-check — why both session-permission and target-org-permission have to hold
- PLATFORM is its own OrgType — why platform admin authority lives in the org-type discriminator
- Impersonation is dual-identity — why the audit trail records both the support engineer and the impersonated user