all.sourceAllSource
Audit & Compliance

Audit trails that
regulators actually trust

Immutable event history with cryptographic integrity. Reconstruct any past state in seconds, not days. SOC2-ready event sourcing with RBAC, policy enforcement, and full provenance.

Start freeRead the docs

Built for compliance from day one

Immutable Append-Only Log

Every event is permanently recorded. No updates, no deletes, no tampering. The WAL ensures every write survives crashes with CRC32 checksums and configurable fsync.

CRC32 Cryptographic Checksums

Every WAL entry is checksummed at write time. Detect any bit-level corruption or tampering during recovery. Auditors can verify data integrity independently.

Time-Travel Reconstruction

Reconstruct the exact state of any entity at any past timestamp with as_of queries. Answer regulator questions in seconds, not weeks of manual log trawling.

RBAC: 4 Roles, 7 Permissions

Admin, Developer, ReadOnly, and ServiceAccount roles with fine-grained permissions. Control who can ingest, query, manage schemas, and access projections.

Policy Enforcement Engine

Define custom authorization policies beyond RBAC. Enforce data retention rules, access windows, IP restrictions, and tenant-specific compliance requirements.

Full Event Provenance

Every event carries metadata: who created it, when, from which service, with what API key. Complete chain of custody from ingestion to query.

Reconstruct any past state

One API call to answer "what was the state at time X?"

compliance-audit.sh
# Reconstruct account state at the time of the audit
curl -s https://api.all-source.xyz/api/v1/events/query \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "entity_id": "account-7291",
    "as_of": "2026-01-15T09:30:00Z",
    "event_type": "compliance.*"
  }' | jq '.events | length'

# Response: 1,247 events — full history up to audit timestamp
# Every event has: who, when, what, from which service, CRC32 checksum

# Verify data integrity across the entire event log
curl -s https://api.all-source.xyz/api/v1/events/query \
  -H "Authorization: Bearer $API_KEY" \
  -d '{
    "entity_id": "account-7291",
    "include_checksums": true
  }' | jq '.events[] | .checksum' | wc -l

# 1,247 checksums — every single event is independently verifiable

Stop dreading audit season

With immutable events, cryptographic checksums, and instant time-travel, your next audit takes hours instead of weeks.

Start freeCompare to EventStoreDB
DocumentationAPI ReferenceGitHub