Event sourcing for audit trails practitioners can defend

Append-only logs only help if the events mean something in legal terms: who instructed a change, on whose authority, and to which matter record it attached. We store domain events, matter.created, document.versioned, custody.transferred, not generic CRUD rows. The pattern is well described in Fowler’s event sourcing essay.

interface DomainEvent {
  id: string;
  matterId: string;
  type: string;
  actorId: string;
  occurredAt: string;
  payload: Record<string, unknown>;
}

// Projections rebuild matter state; the log is the source of truth.

Practitioners export a human-readable chronology for NDPR assessments, SRA inquiries, or internal risk review. The underlying event stream remains available for technical audit.