| System | Type (API/DB/Queue/etc) | Purpose | Auth model | Criticality | Evidence |
|---|---|---|---|---|---|
| [name] | [type] | [purpose] | [auth] | [high/med/low] | [file] |
| Store | Role | Access layer | Key risk | Evidence |
|---|---|---|---|---|
| [db/cache/etc] | [role] | [module] | [risk] | [file] |
- Credential sources: [env/secrets manager/config]
- Hardcoding checks: [result]
- Rotation or lifecycle notes: [known/unknown]
- Retry/backoff behavior: [implemented/none/partial]
- Timeout policy: [where configured]
- Circuit-breaker or fallback behavior: [if any]
- Logging around external calls: [yes/no + where]
- Metrics/tracing coverage: [yes/no + where]
- Missing visibility gaps: [list]
- [path/to/integration-wrapper]
- [path/to/config-or-env-template]
- [path/to/monitoring-or-logging-config]
Add only when needed:
- Endpoint-by-endpoint catalog
- Auth flow sequence diagrams
- SLA/SLO per integration
- Region/failover topology notes