Skip to main content
Version: 1.2.0
Last Updated: 2026-02-15
Status: 🟡 In Progress (IT-01 Complete, Phase B Events Implemented)
This document defines all integration contracts for the IT (Information Technology) core module.

Overview

The IT module (IT-01 through IT-06) provides Information Technology management capabilities including asset management, support ticketing, vendor management, software licensing, security compliance, and procurement. This document specifies all events published, APIs exposed, and platform layers consumed.

Status Legend

  • Implemented - Fully implemented and tested
  • 📝 Planned - Specified but not yet implemented
  • 🟡 In Progress - Partially implemented

Event Contracts

IT-01: Asset Purchased Event

Event: it_asset_purchased
Publisher: IT (IT-01 Asset Management)
Subscribers: FA (Finance - asset capitalization)
Status: ✅ Implemented
Last Verified: 2026-02-15
Spec Reference: IT-01 IT Asset Management
Payload Schema:
Implementation:
Consumer Actions:
  • FA: Create fixed asset record for capitalization if cost exceeds threshold
  • FA: Record asset depreciation schedule

IT-01: Asset Assigned Event

Event: it_asset_assigned
Publisher: IT (IT-01 Asset Management)
Subscribers: PF-10 (Notifications), HR
Status: ✅ Implemented (channel: it_events, trigger on it_asset_assignments) Spec Reference: IT-01 IT Asset Management
Payload Schema:
Consumer Actions:
  • PF-10: Notify employee of new asset assignment
  • HR: Update employee equipment inventory

IT-01: Asset Maintenance Required Event

Event: it_asset_maintenance_required
Publisher: IT (IT-01 Asset Management)
Subscribers: FM (Facilities - for work orders), PF-10 (Notifications)
Status: 🟡 In Progress (DB triggers pending) Spec Reference: IT-01 IT Asset Management
Payload Schema:
Consumer Actions:
  • FM: Create work order for physical maintenance
  • PF-10: Notify IT manager of maintenance request

IT-01: Asset Disposed Event

Event: it_asset_disposed
Publisher: IT (IT-01 Asset Management)
Subscribers: FA (Finance), GR (Governance - for compliance tracking)
Status: ✅ Implemented
Last Verified: 2026-02-15
Spec Reference: IT-01 IT Asset Management
Payload Schema:
Implementation:
Consumer Actions:
  • FA: Remove from fixed asset register, record disposal transaction
  • GR: Log compliance record for data destruction (if applicable)

IT-02: Ticket Created Event

Event: it_ticket_created
Publisher: IT (IT-02 Support Ticketing)
Subscribers: PF-10 (Notifications)
Status: ✅ Implemented (channel: it_events, trigger on it_tickets INSERT)
Spec Reference: IT-02 IT Support & Ticketing
Payload Schema:
Consumer Actions:
  • PF-10: Notify IT support team of new ticket
  • PF-10: Send confirmation to requester

IT-02: Ticket Status Changed Event

Event: it_ticket_status_changed
Publisher: IT (IT-02 Support Ticketing)
Subscribers: PF-10 (Notifications)
Status: ✅ Implemented
Last Verified: 2026-02-15
Spec Reference: IT-02 IT Support & Ticketing
Payload Schema:
Implementation:
Consumer Actions:
  • PF-10: Notify requester of status change
  • PF-10: Notify assignee of assignment (if newly assigned)

IT-02: SLA Breached Event

Event: it_sla_breached
Publisher: IT (IT-02 Support Ticketing)
Subscribers: PF-10 (Notifications), IT-02 Dashboard
Status: 📝 Planned
Spec Reference: IT-02 IT Support & Ticketing
Payload Schema:
Consumer Actions:
  • PF-10: Alert IT manager and assigned technician
  • IT-02: Update SLA metrics on dashboard

IT-03: Contract Expiring Event

Event: it_contract_expiring
Publisher: IT (IT-03 Vendor Management)
Subscribers: PF-10 (Notifications)
Status: ✅ Implemented (channel: it_events, trigger when expiration within 90 days)
Spec Reference: IT-03 IT Vendor Management
Payload Schema:
Consumer Actions:
  • PF-10: Notify procurement and IT manager at 90/60/30/14/7 days

IT-04: License Created Event

Event: it_license_created
Publisher: IT (IT-04 Software License Management)
Subscribers: FA (Finance - for cost tracking)
Status: 📝 Planned
Spec Reference: IT-04 Software License Management
Payload Schema:
Security Notes:
  • license_key is a sensitive credential and MUST NOT be logged or exposed in error messages
  • Consider storing a reference ID instead of the actual key in event payloads
  • Mask license_key in all observability and debugging outputs
Consumer Actions:
  • FA: Record software asset/expense

IT-04: License Expiring Event

Event: it_license_expiring
Publisher: IT (IT-04 Software License Management)
Subscribers: PF-10 (Notifications)
Status: ✅ Implemented (channel: it_events, trigger when expiry within 90 days)
Spec Reference: IT-04 Software License Management
Payload Schema:
Consumer Actions:
  • PF-10: Notify IT manager and procurement at 90/60/30/14/7 days

IT-04: License Renewed Event

Event: it_license_renewed
Publisher: IT (IT-04 Software License Management)
Subscribers: FA (Finance - for renewal costs)
Status: ✅ Implemented
Last Verified: 2026-02-15
Spec Reference: IT-04 Software License Management
Payload Schema:
Implementation:
Consumer Actions:
  • FA: Record renewal expense

IT-04: License Compliance Alert Event

Event: it_license_compliance_alert
Publisher: IT (IT-04 Software License Management)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned
Spec Reference: IT-04 Software License Management
Payload Schema:
Consumer Actions:
  • PF-10: Alert IT manager and compliance officer
  • IT-04: Update compliance dashboard

IT-05: Security Incident Created Event

Event: it_security_incident_created
Publisher: IT (IT-05 Security & Compliance)
Subscribers: GR (Governance & Risk), PF-10 (Notifications)
Status: 📝 Planned
Spec Reference: IT-05 IT Security & Compliance
Payload Schema:
Consumer Actions:
  • GR: Log compliance incident for regulatory reporting
  • PF-10: Alert security team and management based on severity

IT-05: Critical Vulnerability Detected Event

Event: it_critical_vulnerability_detected
Publisher: IT (IT-05 Security & Compliance)
Subscribers: GR (Governance), PF-10 (Notifications)
Status: 📝 Planned
Spec Reference: IT-05 IT Security & Compliance
Payload Schema:
Consumer Actions:
  • GR: Track for compliance reporting
  • PF-10: Alert security team (critical = immediate)

IT-05: Patch Deployment Overdue Event

Event: it_patch_deployment_overdue
Publisher: IT (IT-05 Security & Compliance)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned
Spec Reference: IT-05 IT Security & Compliance
Payload Schema:
Consumer Actions:
  • PF-10: Alert IT security team and manager

IT-06: Purchase Request Submitted Event

Event: it_purchase_request_submitted
Publisher: IT (IT-06 Procurement)
Subscribers: FW-34 (Approval Workflows), PF-10 (Notifications)
Status: ✅ Implemented (channel: it_events, trigger when approval_status = submitted)
Spec Reference: IT-06 IT Procurement
Payload Schema:
Consumer Actions:
  • FW-34: Initiate approval workflow based on cost thresholds
  • PF-10: Notify approvers

IT-06: Purchase Request Approved Event

Event: it_purchase_request_approved
Publisher: IT (IT-06 Procurement)
Subscribers: FA-04 (Purchase Orders), PF-10 (Notifications)
Status: ✅ Implemented (channel: it_events, trigger when approval_status = approved)
Spec Reference: IT-06 IT Procurement
Payload Schema:
Consumer Actions:
  • FA-04: Create purchase order
  • PF-10: Notify requester of approval

IT-06: Purchase Request Received Event

Event: it_purchase_request_received
Publisher: IT (IT-06 Procurement)
Subscribers: IT-01 (Asset creation), PF-10 (Notifications)
Status: 📝 Planned
Spec Reference: IT-06 IT Procurement
Payload Schema:
Consumer Actions:
  • IT-01: Create asset records for received hardware
  • PF-10: Notify requester of receipt

API Contracts

IT-01: Asset Lookup API

Endpoint: GET /api/v1/it/assets/{asset_id}
Method: GET
Provider: IT (IT-01 Asset Management)
Consumer: IT-02 (ticket linking), IT-05 (security tracking)
Status: 📝 Planned
Spec Reference: IT-01 IT Asset Management
Purpose: Lookup IT asset details for ticket linking and security tracking. Request:
Path Parameters:
  • asset_id (required): UUID of asset
Response Schema (200 OK):
Error Codes:
  • 404 Not Found: Asset not found
  • 403 Forbidden: User does not have access to asset
  • 500 Internal Server Error: Internal IT error
Authentication: JWT required, RLS enforces organization isolation
Rate Limiting: 100 requests/minute per organization
Version: v1.0.0 (planned)

IT-01: Asset Search API

Endpoint: GET /api/v1/it/assets
Method: GET
Provider: IT (IT-01 Asset Management)
Consumer: IT-02, IT-04, IT-05, IT-06
Status: 📝 Planned
Spec Reference: IT-01 IT Asset Management
Purpose: Search and filter IT assets. Request:
Query Parameters:
  • asset_type (optional): Filter by asset type
  • status (optional): Filter by status
  • site_id (optional): Filter by site
  • assigned_to (optional): Filter by assigned employee ID
  • search (optional): Search by asset tag, name, or serial number
  • page (optional): Page number (default: 1)
  • page_size (optional): Results per page (default: 50, max: 100)
Response Schema (200 OK):
Authentication: JWT required, RLS enforces organization isolation
Rate Limiting: 100 requests/minute per organization
Version: v1.0.0 (planned)

IT-03: Vendor Lookup API

Endpoint: GET /api/v1/it/vendors/{vendor_id}
Method: GET
Provider: IT (IT-03 Vendor Management)
Consumer: IT-01, IT-04, IT-06
Status: 📝 Planned
Spec Reference: IT-03 IT Vendor Management
Purpose: Lookup IT vendor details for asset, license, and procurement linking. Request:
Path Parameters:
  • vendor_id (required): UUID of vendor
Response Schema (200 OK):
Error Codes:
  • 404 Not Found: Vendor not found
  • 403 Forbidden: User does not have access to vendor
  • 500 Internal Server Error: Internal IT error
Authentication: JWT required, RLS enforces organization isolation
Rate Limiting: 100 requests/minute per organization
Version: v1.0.0 (planned)

IT-04: License Compliance Check API

Endpoint: Database function it_check_license_compliance()
Provider: IT (IT-04 Software License Management)
Consumer: IT-04 dashboard, scheduled compliance checks
Status: 📝 Planned
Spec Reference: IT-04 Software License Management
Purpose: Check license compliance for a software license or all licenses. Function Signature:
Usage Example:
Security Notes:
  • Function is SECURITY DEFINER to avoid RLS recursion
  • Always uses SET search_path = public for security
  • Returns only licenses within organization context
Version: v1.0.0 (planned)

Platform Integration Layer Usage

Platform Layers Used by IT Module


Internal IT Module Integrations

The IT module has several internal integrations between its own specs:

Cross-Core Dependencies

IT Module Depends On:

  • PF-01 (Organizations & Sites): Multi-tenant context for all IT entities
  • PF-02 (RBAC): Role-based access control for IT functions
  • HR-01 (Employee Directory): Employee lookup for asset assignment
  • FA-04 (Purchase Orders): PO creation from approved IT purchases

Cores That Depend on IT Module:

  • FM (Facilities): May receive IT asset maintenance requests
  • GR (Governance): Receives security incidents and compliance data
  • FA (Finance): Receives asset capitalization and expense data

Event Summary Table


API Summary Table


IT-08 Events (Onboarding/Offboarding)

IT-08: Provisioning Started Event

Event: it_provisioning_started
Publisher: IT (IT-08)
Subscribers: HR-03, PF-10
Status: ✅ Implemented
Last Verified: 2026-02-15
Implementation:

IT-08: Provisioning Completed Event

Event: it_provisioning_completed
Publisher: IT (IT-08)
Subscribers: HR-03, PF-10
Status: ✅ Implemented
Last Verified: 2026-02-15
Implementation: Same trigger as above; fires when status changes to ‘completed’.

IT-08: Account Provisioned Event

Event: it_account_provisioned
Publisher: IT (IT-08)
Subscribers: PF-10, Audit
Status: ✅ Implemented
Last Verified: 2026-02-15
Implementation:

IT-08: Account Deactivated Event

Event: it_account_deactivated
Publisher: IT (IT-08)
Subscribers: PF-10, Audit, GR
Status: ✅ Implemented
Last Verified: 2026-02-15
Implementation: Same trigger as above; fires when status changes to ‘deactivated’.

Last Updated: 2026-02-15
Next Review: After IT-02 Implementation