## 1. Introduction # 1. Introduction This section provides an overview of the current system capabilities, business context, and architectural constraints relevant to order management and CSV import functionality. It defines the scope, objectives, and limitations of the system as they pertain to order creation, payment processing, and notification services. ## 1.1 Purpose The purpose of this document is to specify the requirements, constraints, and current limitations of the order management system, with a particular focus on bulk order creation and CSV import capabilities. This documentation is intended to guide system development, migration, and enhancement activities, ensuring alignment with business needs and technical realities. The content herein is based exclusively on validated system knowledge and requirements as of the latest update. ## 1.2 Scope This document covers the following areas: - Order creation and management workflows - Payment processing integration and constraints - Notification service integration and constraints - CSV/file-based order import requirements and current system limitations - Cross-service architectural dependencies and sequential processing patterns - Data model and API interface considerations The scope is limited to the current state of the system and explicitly excludes any features or capabilities not present or supported in the existing architecture. ## 1.3 System Overview The order management system is designed to handle order creation, payment processing, and notification delivery through REST API interfaces. The system architecture enforces the following key constraints: - **Single-entry order creation:** Orders can only be created one at a time via the REST API. There is no capability for bulk or batch order creation. [KB-146a6a29-932f-485d-96d6-6a92ee610336] - **No CSV/file-based order import:** The system does not provide any endpoint or mechanism to upload and process order data from files (CSV, Excel, etc.). [KB-146a6a29-932f-485d-96d6-6a92ee610336] - **Sequential processing:** All cross-service calls (Order → Payment → Notification) are executed sequentially, not in parallel. This impacts overall processing latency, especially for large volumes of orders. [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f], [KB-033639ab-c6f8-4f72-a373-bf76d05dd6cf], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] - **No batch payment or notification APIs:** Each order requires an individual payment API call and an individual notification API call. There is no support for batch or aggregated processing. [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a], [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-04a84995-0820-4319-c1582821058a] - **No progress tracking for batch operations:** The system does not provide mechanisms to track the progress of multi-item operations, as batch operations are not supported. [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] ## 1.4 Business Context There is significant demand from corporate customers for the ability to import large volumes of orders (ranging from 100 to 10,000 orders) via CSV files to improve operational efficiency. However, the current system architecture does not support this functionality, resulting in manual, one-at-a-time order creation processes that are inefficient and time-consuming. [KB-155b5f4a-d232-4166-bb96-ba158f86ceb1], [KB-1603dccf-0e13-426d-a4c3-527af9e69c16], [KB-161f44bf-9450-491f-b894-1fd70c185060] ## 1.5 Architectural Constraints The following architectural constraints are critical to understanding the system's current capabilities and limitations: | ID | Limitation | Impact Area | Severity | |---------|------------------------------------------------------------------------------------------------------------|----------------------|------------| | LIM-001 | Order creation is single-entry only. No bulk or batch order creation capability exists. | Order Service | High | | LIM-002 | No CSV/file-based order import functionality. No endpoint or mechanism to upload/process order data files. | Order Service | High | | LIM-003 | Payment processing handles one transaction at a time. No batch payment API exists. | Payment Service | High | | LIM-004 | Notifications are sent individually per order. No bulk notification capability exists. | Notification Service | Medium | | LIM-005 | Cross-service calls are sequential. No parallel processing of payment and notification. | All Services | Medium | | LIM-006 | No progress tracking for batch operations. No mechanism to track progress of multi-item operations. | All Services | Medium | [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f], [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-04a84995-0820-4319-c1582821058a], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] ## 1.6 Document Structure The subsequent sections provide detailed requirements, data models, interface specifications, and compliance considerations, strictly based on the current system state and validated knowledge base content. --- **References:** [KB-146a6a29-932f-485d-96d6-6a92ee610336] [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f] [KB-033639ab-c6f8-4f72-a373-bf76d05dd6cf] [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c] [KB-04a84995-0820-4319-c1582821058a] [KB-155b5f4a-d232-4166-bb96-ba158f86ceb1] [KB-1603dccf-0e13-426d-a4c3-527af9e69c16] [KB-161f44bf-9450-491f-b894-1fd70c185060] ## 2. Functional Requirements ## 2. Functional Requirements This section specifies the functional requirements for the order management and CSV import features, as well as related constraints, strictly based on the provided context. ### 2.1 Order Creation - The system must allow creation of a single order by specifying customer information (name, email) and order details (item name, quantity, unit price). [KB-0e0f1dd0-0f46-4d13-a092-e3cdc6fdd205] - The total order amount must be automatically calculated as the sum of (quantity × unit price) for all items. [KB-0e0f1dd0-0f46-4d13-a092-e3cdc6fdd205] - Orders can only be created one at a time via the REST API; there is no bulk or batch order creation capability. [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f] ### 2.2 Order Listing and Detail - The system must support paginated listing of orders, with parameters for skip (default 0) and limit (default 20). [KB-0972bd0e-7d3f-4b2c-a364-813e023a3495] - Order detail view must fetch data from all relevant services in parallel: Order Service, Payment Service, Notification Service. [KB-16181d30-2dd3-421e-bab0-939cd85255d] ### 2.3 Order Status Management - The system must allow updating order status via API. Setting status to SHIPPED triggers a shipping notification. [KB-0972bd0e-7d3f-4b2c-a364-813e023a3495] - Order cancellation must trigger refund processing via Payment Service and a cancellation email via Notification Service. [KB-0972bd0e-7d3f-4b2c-a364-813e023a3495], [KB-186b33d7-f985-455b-8117-0cd019912510] ### 2.4 Payment Processing - Payment processing is strictly one transaction per order; no batch payment API exists. Each order requires an individual payment API call. [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a], [KB-10744011-e9ca-48b5-ac6d-4f9f3627b7e6] - Payment API request must include order_id, amount, and currency ("JPY"). [KB-1718c2d8-b71b-4113-9906-a6d9765958ff], [KB-186b33d7-f985-455b-8117-0cd019912510] - Amount limits: minimum 100 JPY, maximum 1,000,000 JPY per transaction. [KB-11739ab0-b209-41e4-b73e-7d7f-9629-a593b8fc96e5], [KB-01305cb3-d331-4b4b-ba02-69ada467b41d], [KB-10744011-e9ca-48b5-ac6d-4f9f3627b7e6] - Payment processing and notification are executed sequentially, not in parallel. [KB-033639ab-c6f8-4f72-a373-bf76d05dd6cf], [KB-150eb89c-77b0-415b-a547-3ed0502eec24] ### 2.5 Notification Processing - Notifications are sent individually per order; no bulk notification capability exists. Each notification requires a separate API call. [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a], [KB-06c5403a-d177-4525-b247-1d7ae37a86b8] - Notification Service rate limit: 10 notifications per second. [KB-06c5403a-d177-4525-b247-1d7ae37a86b8], [KB-01305cb3-d331-4b4b-ba02-69ada467b41d] - There is no progress tracking for batch operations, as batch operations are not supported. [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] ### 2.6 CSV Import and Batch Processing - The current system does not support CSV/file-based order import functionality. There is no endpoint or mechanism to upload and process order data from files (CSV, Excel, etc.). [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f], [KB-16181d30-2dd3-421e-bab0-939cd85255d] - There is no UI for bulk order import (no CSV upload, no drag-and-drop, no batch creation form). [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f] - The orders table schema does not include batch_id, csv_source, or bulk_import_group columns; batch import tracking is not possible. [KB-0f930ddc-1f3a-4014-a015-49fe1808f8d8], [KB-02c65582-456a-4ebf-b934-b7e08bd16081] ### 2.7 System Limitations | ID | Limitation | Severity | |---------|-----------------------------------------------------------------------------------------------------|------------| | LIM-001 | Order creation is single-entry only. No bulk or batch order creation capability exists. | High | | LIM-002 | No CSV/file-based order import functionality. No endpoint or mechanism to upload/process files. | High | | LIM-003 | Payment processing handles one transaction at a time. No batch payment API exists. | High | | LIM-004 | Notifications are sent individually per order. No bulk notification capability exists. | Medium | | LIM-005 | Cross-service calls are sequential. No parallel processing of payment and notification. | Medium | | LIM-006 | No progress tracking for batch operations. No mechanism to track progress of multi-item operations. | Medium | [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] --- **Note:** All requirements above are strictly derived from the provided context. No CSV import or batch processing functionality is available in the current system. Any feature requiring bulk operations will require architectural changes across multiple services. ## 3. Non-Functional Requirements # 3. Non-Functional Requirements This section defines the non-functional requirements for the system, including performance, security, reliability, and architectural constraints. All requirements are derived strictly from the provided context. --- ## 3.1 Performance Requirements | Metric | Target | Measurement Method | |---------------------------------|-------------------------------|------------------------------| | API response time (p50) | < 200ms | Application metrics | | API response time (p95) | < 500ms | Application metrics | | API response time (p99) | < 1,000ms | Application metrics | | Page load time (initial) | < 2 seconds | Lighthouse measurement | | Page load time (subsequent) | < 1 second | Client-side metrics | | System availability | 99.9% (8.77 hrs/year max) | Uptime monitoring | | Concurrent users | 500+ simultaneous | Load testing | | Database query time (avg) | < 100ms | RDS Performance Insights | | API throughput | > 1,000 requests/minute | Load testing | **Reference:** [KB-0d9e59c7-0414-46c2-b302-2f4cbc1e9e88] --- ## 3.2 Security Requirements - **Authentication**: OAuth 2.0 Resource Server with Azure AD integration is required. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **Authorization**: Method-level authorization using @PreAuthorize and SpEL expressions. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **CSRF Protection**: SameSite cookies and CSRF tokens. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **CORS Policy**: Whitelist-based origin validation. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **Content Security Policy**: Strict CSP headers enforced. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **Rate Limiting**: Bucket4j with Redis backend. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **Session Management**: Stateless (JWT) with Redis token blacklist. [KB-0910e88e-c115-4412-a137-d96b5c1a2082] - **Multi-Factor Authentication (MFA)**: Required for web login, VPN, AWS Console, administrative actions, PHI bulk export, and emergency access. [KB-131c1759-15a3-44df-a1d7-6ebd04de62ff] - **Error Handling**: Error responses in production must never contain PHI, stack traces, SQL queries, internal file paths, server names, or framework version information. [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4], [KB-140ca7f3-3348-4419-b06b-89561882a35e] - **Encryption**: - At rest (database): AWS RDS encryption (AES-256) - At rest (files): S3 SSE-KMS (AES-256) - At rest (field-level): JPA AttributeConverter + AES-256-GCM - In transit: TLS 1.3 for all communications - Key management: AWS KMS (customer-managed CMKs) - Data masking (dev/test): Faker-based synthetic data pipeline [KB-116f84fb-2eec-4493-9762-414a92624981] - **Audit Logging**: Comprehensive audit controls, including PHI access, modification, and administrative events, with retention up to 8 years depending on event type. [KB-059dda76-1df0-4539-a60b-e504ba4e11ea], [KB-122ffdd6-c824-4443-8d2b-baab3d94a6ec] --- ## 3.3 Reliability and Availability - **System Availability**: 99.9% uptime required. [KB-0d9e59c7-0414-46c2-b302-2f4cbc1e9e88] - **Incident Response**: Incident response plan is documented and tested. Incident response team is identified, and post-incident review is required. [KB-052c37cd-e1b9-4e3f-8d87-e4cff20e9718] - **Contingency Plan**: Documented and tested as per §164.308(a)(7). [KB-052c37cd-e1b9-4e3f-8d87-e4cff20e9718] - **Backup and Disaster Recovery**: Backup restoration is tested monthly, read replica promotion quarterly, and full DR failover semi-annually. [KB-0ad2d5a6-1c32-426e-b9db-8c8bd6d32e36] - **Alerting**: Automated alerting for service outages, error rates, and resource utilization. Escalation procedures are defined. [KB-07666b95-1860-4b27-ad63-b0c0bc85ccdb], [KB-0df4e572-817c-4ff3-92c9-d5e90da97450] --- ## 3.4 Data Integrity - **Data Validation**: Strict validation of all input data, including email format (RFC 5322), required fields, and referential integrity. [KB-0e2a39a2-11b3-4281-9a62-81f7f1d6ca96], [KB-0368630b-7eb5-445e-aa3b-de044dd2e57a] - **Audit Trail**: All PHI access, modifications, and disclosures are logged with user ID, patient ID, and action details. [KB-122ffdd6-c824-4443-8d2b-baab3d94a6ec], [KB-18c8f572-9d5c-46d5-ac28-661771bd7e5b] - **Data Migration**: Parallel run and data integrity verification are required during migration. [KB-0a1640fc-d3df-49cb-8191-220e34d8af3f], [KB-05e90e5d-09da-4f67-85af-8f2be11cd2ce] --- ## 3.5 System and Architectural Constraints | Limitation ID | Description | Impact Area | Severity | |---------------|---------------------------------------------------------------------------------------------------|---------------------|----------| | LIM-001 | Order creation is single-entry only. No bulk or batch order creation capability exists. | Order Service | High | | LIM-002 | No CSV/file-based order import functionality. | Order Service | High | | LIM-003 | Payment processing handles one transaction at a time. No batch payment API exists. | Payment Service | High | | LIM-004 | Notifications are sent individually per order. No bulk notification capability exists. | Notification Service| Medium | | LIM-005 | Cross-service calls are sequential. No parallel processing of payment and notification. | All Services | Medium | | LIM-006 | No progress tracking for batch operations. | All Services | Medium | **Reference:** [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a], [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c] --- ## 3.6 Compliance - **HIPAA**: All requirements for access control, audit logging, encryption, and breach notification are implemented per 45 CFR §164. [KB-0f3989d4-36c1-4054-923c-c250f04c3ec3], [KB-116f84fb-2eec-4493-9762-414a92624981], [KB-16e42083-f456-49a3-959d-419cdb9fc31d] - **Data Retention**: Audit logs and PHI access events are retained for 7–8 years, depending on event type. [KB-059dda76-1df0-4539-a60b-e504ba4e11ea] - **Data Masking**: All non-production environments must use de-identified data. [KB-03f9d790-a1e6-46b9-8aeb-0fc45505be6a], [KB-116f84fb-2eec-4493-9762-414a92624981] --- ## 3.7 Maintainability and Extensibility - **Versioning**: URI-based versioning with major version in the path (e.g., /v1/patients). Only two active major versions are supported at any time. Deprecation notice is required at least 6 months in advance. [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4], [KB-140ca7f3-3348-4419-b06b-89561882a35e] - **Backward Compatibility**: Minor and patch changes must be backward-compatible. [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4] --- ## 3.8 Usability - **Accessibility**: React UI must meet WCAG 2.1 AA compliance. [KB-0a1640fc-d3df-49cb-8191-220e34d8af3f] - **Error Messaging**: User-facing error messages must not leak sensitive details and must be actionable. [KB-140ca7f3-3348-4419-b06b-89561882a35e] --- ## 3.9 Known Technical Limitations - No bulk order import UI (no CSV upload, drag-and-drop, or batch creation form). - N+1 API pattern for payments/notifications due to lack of list-all endpoints. - Client-side aggregation only for dashboard statistics. - No real-time updates (polling-based, WebSocket not implemented). - Single-language (Japanese) UI; no i18n framework. **Reference:** [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f], [KB-017cfb36-bd85-4935-a73e-91861c478baa] --- ## 3.10 Summary Table: Non-Functional Requirements | Category | Requirement/Constraint | Reference(s) | |----------------------|--------------------------------------------------------------------------------------------------------|------------------------------------------------| | Performance | See section 3.1 above | [KB-0d9e59c7-0414-46c2-b302-2f4cbc1e9e88] | | Security | See section 3.2 above | [KB-0910e88e-c115-4412-a137-d96b5c1a2082], [KB-116f84fb-2eec-4493-9762-414a92624981] | | Reliability | See section 3.3 above | [KB-052c37cd-e1b9-4e3f-8d87-e4cff20e9718] | | Data Integrity | See section 3.4 above | [KB-0368630b-7eb5-445e-aa3b-de044dd2e57a] | | Architectural Limits | See section 3.5 above | [KB-146a6a29-932f-485d-96d6-6a92ee610336] | | Compliance | See section 3.6 above | [KB-0f3989d4-36c1-4054-923c-c250f04c3ec3] | | Maintainability | See section 3.7 above | [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4] | | Usability | See section 3.8 above | [KB-0a1640fc-d3df-49cb-8191-220e34d8af3f] | | Known Limitations | See section 3.9 above | [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f] | --- ## 4. Architecture ## 4. Architecture ### 4.1 Architectural Overview The current EC site order management system is architected as a React single-page application (SPA) frontend interfacing with three backend microservices via REST APIs. All inter-service communication is synchronous REST over HTTP, with no message broker or asynchronous event bus. The backend stack includes Spring Boot applications deployed to ECS Fargate, with supporting components such as PostgreSQL, CloudWatch, and Elasticsearch for audit storage and analysis. The legacy system utilized Visual Basic 6.0, SQL Server 2012, and MS Access, but migration is underway to modern cloud-native technologies. [KB-050d0be4-11bc-4945-80e4-1f59d3187e45], [KB-0e90d327-2678-405f-b35a-294b5435dc66], [KB-03d0d4be-6781-4fc5-af90-de8b326616c0], [KB-0633e923-f925-4ff5-a5d6-d30346c26a5e], [KB-1a54c453-d6ee-488f-bbdc-311c467a9661], [KB-17a58f06-2387-412d-bf37-2f4d751e1d7e], [KB-09660b4f-7cb4-4737-8c90-b5cf64ef0554] #### Key Building Blocks - **Frontend:** React SPA - **Backend:** Spring Boot microservices (Order Service, Payment Service, Notification Service) - **Containerization:** ECS Fargate - **Database:** PostgreSQL 16 (AWS RDS) - **Audit Storage:** PostgreSQL audit_log table, CloudWatch Logs, Elasticsearch - **Legacy:** Visual Basic 6.0, SQL Server 2012, MS Access (being decommissioned) ### 4.2 Service Architecture and Interfaces #### Service Interaction Pattern | Pattern | Usage | Timeout | |--------------------|---------------------|-----------------| | Synchronous REST | All services | 30s (payment), 10s (notification/webhook) | | Webhook (REST) | Payment → Order | 10s | - No asynchronous communication or message broker. - All cross-service calls are sequential; parallel processing is not implemented. [KB-0d7daadd-e958-4592-900a-55db91f8aa55], [KB-033639ab-c6f8-4f72-a373-bf76d05dd6cf], [KB-150eb89c-77b0-415b-a547-3ed0502eec24] #### Core Service APIs | Service | Endpoint(s) | Functionality | |-------------------|----------------------------------------------|------------------------------------------------| | Order Service | /api/v1/orders, /api/v1/orders/{order_id} | Single order creation, status updates, cancellation | | Payment Service | /api/v1/payments, /api/v1/payments/order/{oid}, /api/v1/payments/refund | Payment processing (single order), refund | | Notification Service | /api/v1/notifications/email | Single notification per API call | - Each order, payment, and notification is processed individually; batch or bulk APIs are not available. [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c], [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a], [KB-146a6a29-932f-485d-96d6-6a92ee610336], [KB-04a84995-0820-4319-c1582821058a], [KB-1718c2d8-b71b-4113-9906-a6d9765958ff], [KB-186b33d7-f985-455b-8117-0cd019912510] #### Data Model Constraints - **Order Table:** No batch_id, csv_source, or bulk_import_group columns; batch tracking is not possible. [KB-0f930ddc-1f3a-4014-a015-49fe1808f8d8], [KB-02bc6ee3-521e-4ebf-b934-b7e08bd16081] - **Payment Table:** 1:1 unique constraint on order_id; batch grouping not supported. Amount per transaction: minimum 100 JPY, maximum 1,000,000 JPY. [KB-11739ab0-b209-41e4-b73e-7d7e0c4338b2], [KB-10744011-e9ca-48b5-ac6d-4f9f3627b7e6] ### 4.3 Architectural Constraints and Limitations | ID | Limitation | Impact Area | Severity | |---------|------------------------------------------------------------------------------------------------------------|----------------------|------------| | LIM-001 | Single-entry order creation only; no bulk/batch capability. | Order Service | High | | LIM-002 | No CSV/file-based order import; no endpoint for file upload or processing. | Order Service | High | | LIM-003 | Payment processing is one transaction at a time; no batch payment API. | Payment Service | High | | LIM-004 | Notifications sent individually per order; no bulk notification API. | Notification Service | Medium | | LIM-005 | Cross-service calls are sequential; no parallel processing of payment and notification. | All Services | Medium | | LIM-006 | No progress tracking for batch operations; no mechanism for multi-item operation progress. | All Services | Medium | - Bulk order import, batch payment, and batch notification are not supported. - CSV import UI is not implemented; “CSVインポート(未実装)” button is disabled. [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f], [KB-16181d30-2dd3-421e-bab0-939cd85255d2], [KB-146a6a29-932f-485d-96d6-6a92ee610336] ### 4.4 Performance and Scalability - All order creation, payment, and notification flows are sequential. For large volumes (e.g., 10,000 orders), 10,000 API calls are required, resulting in extremely slow processing. - Notification Service is rate-limited to 10 requests/second; sending 10,000 notifications requires at least 1,000 seconds (~17 minutes). - No retry or circuit breaker for cross-service calls; failures are logged but not retried. [KB-150eb89c-77b0-415b-a547-3ed0502eec24], [KB-04a84995-0820-4319-c1582821058a], [KB-01305cb3-d331-4b4b-ba02-69ada467b41d] ### 4.5 Security Architecture - Authentication: OAuth 2.0 Resource Server with Azure AD - Authorization: Method-level @PreAuthorize with SpEL - Session Management: Stateless JWT with Redis token blacklist - Encryption: AES-256 for database, S3, and field-level; TLS 1.3 for all communications - Audit Logging: Comprehensive audit trail in PostgreSQL, CloudWatch, Elasticsearch - Error Handling: Production error responses must not contain PHI, stack traces, SQL queries, internal paths, or server names [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4], [KB-116f84fb-2eec-4493-9762-414a92624981], [KB-05741ca9-5822-4eb0-91b0-d660322e06d0], [KB-0910e88e-c115-4412-a137-d96b5c1a2082], [KB-140ca7f3-3348-4419-b06b-89561882a35] ### 4.6 Migration and Legacy System Context - Migration from VB6/SQL Server/MS Access to Spring Boot/PostgreSQL/AWS RDS is ongoing. - Legacy system is maintained until decommissioning; contact architecture@dentalcarepro.com for details. [KB-02bc6ee3-521e-4ebf-b934-b7e08bd16081], [KB-03d0d4be-6781-4fc5-af90-de8b326616c0], [KB-17a58f06-2387-412d-bf37-2f4d751e1d7e] --- **References:** [KB-050d0be4-11bc-4945-80e4-1f59d3187e45] [KB-0e90d327-2678-405f-b35a-294b5435dc66] [KB-03d0d4be-6781-4fc5-af90-de8b326616c0] [KB-0633e923-f925-4ff5-a5d6-d30346c26a5e] [KB-1a54c453-d6ee-488f-bbdc-311c467a9661] [KB-17a58f06-2387-412d-bf37-2f4d751e1d7e] [KB-09660b4f-7cb4-4737-8c90-b5cf64ef0554] [KB-0d7daadd-e958-4592-900a-55db91f8aa55] [KB-033639ab-c6f8-4f72-a373-bf76d05dd6cf] [KB-150eb89c-77b0-415b-a547-3ed0502eec24] [KB-05b70fbd-4026-4ac9-b1e2-e21dabe7da5c] [KB-0a7d4d64-4d48-4214-94eb-2f3f278ec66a] [KB-146a6a29-932f-485d-96d6-6a92ee610336] [KB-04a84995-0820-4319-c1582821058a] [KB-1718c2d8-b71b-4113-9906-a6d9765958ff] [KB-186b33d7-f985-455b-8117-0cd019912510] [KB-0f930ddc-1f3a-4014-a015-49fe1808f8d8] [KB-02bc6ee3-521e-4ebf-b934-b7e08bd16081] [KB-11739ab0-b209-41e4-b73e-7d7e0c4338b2] [KB-10744011-e9ca-48b5-ac6d-4f9f3627b7e6] [KB-0a36efdc-f63e-4c6b-8191-220e34d8af3f] [KB-16181d30-2dd3-421e-bab0-939cd85255d2] [KB-10300d8a-a98a-4726-9be3-3957c2fe7bf4] [KB-116f84fb-2eec-4493-9762-414a92624981] [KB-05741ca9-5822-4eb0-91b0-d660322e06d0] [KB-0910e88e-c115-4412-a137-d96b5c1a2082] [KB-140ca7f3-3348-4419-b06b-89561882a35]