Logical components
- Fastify API: deterministic `/decision`, `/can-proceed`, `/health`, `/audit/decisions` endpoints under `/v1`.
- PostgreSQL: append-only `decisions` table storing decision records.
- Nginx: terminates TLS, serves docs/status static assets, proxies `/api` to Fastify.
- License Guard: global middleware enforcing time-based access.
Data flow
- Request hits Nginx → Fastify.
- Request context + rate limiting + license guard run before business logic.
- Decision route evaluates rules, persists outcome, returns ALLOW/BLOCK payload.
- Audit route retrieves persisted records read-only.
Persistence model
Single database schema (`schema.sql`) enforced with checksum at startup to prevent drift. No automatic migrations beyond this check.
Networking
All traffic terminates at TLS (port 443). HTTP (port 80) performs strict redirects. `api.precion.io` proxies to Fastify at `127.0.0.1:3000`.