{"overview":"# Audit Service Overview\n\nThe Audit Service in the Vivified platform ensures compliance with HIPAA regulations by providing structured logging utilities and auditing sensitive operations. This service is designed to log events with various levels of detail and supports future extensions to persist logs to an append-only store with specific retention policies.\n\n## Features\n\n- Structured logging for sensitive operations.\n- Simple decorator for auditing actions.\n- Support for various audit categories such as system, security, compliance, and user actions.\n- Future support for append-only storage and data retention policies.\n\n!!! note \"HIPAA Compliance\"\n The audit service is designed to comply with HIPAA regulations, ensuring that all logged data is handled securely and with the necessary retention policies.\n\n## Architecture\n\n```mermaid\ngraph TD;\n A[Audit Event] --> B{Audit Levels};\n B -->|Minimal| C[Log to Console];\n B -->|Standard| D[Log to File];\n B -->|Detailed| E[Send to Central Logging Service];\n B -->|Comprehensive| F[Persist to Audit Database];\n```\n\n## Security Considerations\n\n!!! warning \"Security\"\n Ensure that all access to audit logs is restricted to authorized personnel only. Regular audits should be conducted to verify the integrity and security of the logged data.","api":"# API Reference\n\nThe Audit Service does not expose a direct API for external use. Instead, it is integrated into the platform to automatically handle logging as per the predefined categories and levels.\n\n### AuditCategory Enum\n\n```python\nfrom enum import Enum\n\nclass AuditCategory(str, Enum):\n SYSTEM = \"system\"\n SECURITY = \"security\"\n COMPLIANCE = \"compliance\"\n USER_ACTION = \"user_action\"\n```\n\n- **SYSTEM**: Logs related to system operations.\n- **SECURITY**: Logs related to security events.\n- **COMPLIANCE**: Logs ensuring compliance with legal requirements.\n- **USER_ACTION**: Logs tracking user actions.","config":"# Configuration Guide\n\nThe audit service configuration is defined within the codebase and can be adjusted as per the operational requirements.\n\n## Configuration Options\n\n| Option | Description | Default Value |\n|-----------------|----------------------------------|---------------|\n| `AuditLevel` | Level of detail for audit logs | `MINIMAL` |\n| `RetentionPolicy` | Retention policy for audit logs | `None` |\n\nTo change the configuration, update the `AuditLevel` within the `service.py` file:\n\n```python\nfrom .service import AuditLevel\n\ncurrent_audit_level = AuditLevel.STANDARD\n```\n\n!!! tip \"Retention Policy\"\n Implement a retention policy in later phases to ensure compliance with HIPAA's data retention requirements.","examples":"# Usage Examples\n\nThe following examples demonstrate how to use the audit service in various scenarios.\n\n## Logging an Audit Event\n\n=== \"Python\"\n ```python\n from .service import AuditEvent, AuditCategory\n\n event = AuditEvent(\n event_type=\"access\",\n category=AuditCategory.SECURITY,\n action=\"login_attempt\",\n result=\"success\",\n description=\"User login successful\",\n user_id=\"user-123\"\n )\n logger.info(json.dumps(event.__dict__))\n ```\n\n=== \"curl\"\n ```bash\n curl -X POST \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"event_type\": \"access\",\n \"category\": \"security\",\n \"action\": \"login_attempt\",\n \"result\": \"success\",\n \"description\": \"User login successful\",\n \"user_id\": \"user-123\"\n }' \\\n http://your-audit-service-endpoint/log\n ```\n\n## Troubleshooting\n\n### Common Issues\n\n- **Logs not being recorded**: Ensure the logger is correctly configured and the appropriate audit level is set.\n- **Unauthorized access attempts**: Regularly review logs for any unauthorized access attempts, and ensure security protocols are enforced.\n\n!!! note \"Debug Mode\"\n Enable debug mode in the logging configuration to capture more detailed logs during troubleshooting."}