Service Catalog¶
Verity is composed of purpose-built microservices organised into four domains: Ingestion, Analytics, Decision, and Audit & Compliance. A central API Gateway and Dashboard UI tie the platform together.
Architecture Overview¶
graph TB
subgraph Ingestion
C1[Connector: Azure AD]
C2[Connector: Snowflake]
C3[Connector: Databricks]
C4[Connector: Fabric]
IW[Ingest Worker]
NE[Normalise Engine]
end
subgraph Analytics
DE[Decay Engine]
end
subgraph Decision
RG[Review Generator]
WE[Workflow Engine]
RM[Remediation Service]
end
subgraph Audit & Compliance
AW[Audit Writer]
CR[Compliance Reporter]
end
subgraph Presentation
AG[API Gateway]
UI[Dashboard UI]
end
C1 & C2 & C3 & C4 -->|raw events| IW
IW -->|normalised events| NE
NE -->|principals, assets, grants| DE
DE -->|scores| RG
RG -->|review packets| WE
WE -->|revoke decisions| RM
WE -->|audit records| AW
AW --> CR
AG --> UIService Directory¶
| Service | Type | Port | Domain | Description |
|---|---|---|---|---|
| API Gateway | API | 8000 | Presentation | FastAPI REST API — auth, CRUD, scores, reviews, audit |
| Connector: Azure AD | Worker | — | Ingestion | Extracts users, groups & app permissions via Microsoft Graph |
| Connector: Snowflake | Worker | — | Ingestion | Extracts grants & query history from ACCOUNT_USAGE views |
| Connector: Databricks | Worker | — | Ingestion | Extracts Unity Catalog permissions & audit logs |
| Connector: Fabric | Worker | — | Ingestion | Extracts workspace, lakehouse & warehouse permissions |
| Ingest Worker | Consumer | — | Ingestion | Validates, deduplicates & enriches raw connector events |
| Normalise Engine | Consumer | — | Ingestion | Identity resolution, asset classification, DB upserts |
| Decay Engine | Worker | — | Analytics | Computes access-decay scores (6-factor weighted model) |
| Review Generator | Consumer | — | Decision | Builds evidence-backed review packets for approvers |
| Workflow Engine | Worker | — | Decision | Temporal durable workflows for access-review lifecycle |
| Remediation Service | Worker | — | Decision | Executes revocation decisions back into source systems |
| Audit Writer | Consumer | — | Audit | Appends immutable audit records to ClickHouse |
| Compliance Reporter | Worker | — | Audit | Generates GDPR, SOX, SOC 2, HIPAA & PCI-DSS reports |
| Dashboard UI | UI | 5173 | Presentation | React + TypeScript SPA for operators and reviewers |
Kafka Topic Map¶
| Topic | Producer | Consumer(s) |
|---|---|---|
verity.events.raw.{platform} |
Connectors | Ingest Worker |
verity.events.normalised |
Ingest Worker | Normalise Engine |
verity.identity.resolve |
Normalise Engine | (internal) |
verity.asset.classify |
Normalise Engine | (internal) |
verity.scores.updated |
Decay Engine | Review Generator |
verity.reviews.created |
Review Generator | Workflow Engine |
verity.remediations.completed |
Remediation Service | Audit Writer |
verity.audit.all |
Workflow Engine | Audit Writer |
Running Services Locally¶
All services can be started via Docker Compose:
Refer to the Getting Started guide for full setup instructions.