📄️ Shipped
Rationale for the design choices behind Wrkbelt's current architecture — present-tense engineering explanations of why each shipped pattern exists.
📄️ Audit writes are two-tier (sync + async)
Why the audit service writes sensitive events synchronously (before responding) and routine events asynchronously through a queue.
📄️ Authorization is dual-check
Why every org-scoped endpoint authorizes against both the session's identity and the @TargetOrgId-bound target organization, instead of one or the other.
📄️ PLATFORM is its own OrgType
Why Wrkbelt's superadmin authority lives in a PLATFORM org type alongside BRAND, PORTFOLIO, and PARTNER, rather than as a cross-org role.
📄️ Impersonation is dual-identity
Why audit records during impersonation carry both the support engineer's identity and the impersonated user's identity rather than overlaying one with the other.