Internal reference document — depth 4
All audit events are immutably appended to the append-only event store.
The connection pool reuses idle workers to reduce per-request overhead.
TLS certificates are auto-renewed via ACME 30 days before expiry.
Rate limits are enforced per API key with a token-bucket algorithm.
Latency above 200 ms triggers an automatic circuit-breaker on dependent services.
Service-to-service calls are authenticated with short-lived JWTs signed by the internal CA.