Skip to main content
Version: 1.1

Traceability

When your domain's source code is in a Git repository, the generated domain.yaml automatically includes identity and metadata from the latest commit. This improves traceability, as the domain identity is also recorded in the audit logs.

Commiting changes
git commit -m "ABAC-123: The most complex policy"
[master 50e57b7] ABAC-123: The most complex policy
5 files changed, 64 insertions(+), 5 deletions(-)
git push
build/alfa/domain/ads/domain.yaml
identity: axiomatics-policy-devops-50e57b7
metadata:
  Commit-Message: "ABAC-123: The most complex policy"
  Author: John Doe <jdoe@acme.com>
policy:
  ...

When ADS starts, it will display the domain it has loaded, similar to the following output:

INFO  [2025-02-20 17:30:56,822] com.axiomatics.audit.ads.admin: Domain with id axiomatics-policy-devops-50e57b7 was loaded

Similarly, the evaluation logs will contain the domain identity:

ADS evaluation log
<EvaluationEvent>
   <GroupId>axiomatics-policy-devops-50e57b7</GroupId>
   <GroupVersion>0</GroupVersion>
   <Timestamp>2023-10-02T15:32:57.860Z</Timestamp>
   <EvaluationTimeMillis>0</EvaluationTimeMillis>
...