feat: add domain event publishing to Party and InternalAccount services (#1313)

* feat: add domain event publishing to Party and InternalAccount services

Add outbox-pattern event publishing to Party and InternalBankAccount
services, which previously published no domain events.

Party service:
- Add PartyCreatedEvent and PartyUpdatedEvent to party_events.proto
- Add SaveInTx to Repository interface and persistence implementation
- Publish PartyCreatedEvent on RegisterParty (atomic with save)
- Publish PartyUpdatedEvent on UpdateParty (atomic with save)
- Create OutboxVerificationEventPublisher implementing VerificationEventPublisher
- Wire outbox worker in cmd/main.go with Kafka bootstrap support

InternalAccount service:
- Add internal_account_events.proto with FacilityCreatedEvent and BookingCreatedEvent
- Add SaveInTx to domain.Repository interface and persistence implementation
- Publish FacilityCreatedEvent on InitiateInternalAccount (atomic with save)
- Add SetOutboxPublisher method and WithOutboxPublisher option
- Wire outbox worker in cmd/main.go with Kafka bootstrap support

Shared:
- Add party.created.v1, party.updated.v1, party.verification-completed.v1 topic constants
- Add internal-account.facility-created.v1, internal-account.booking-created.v1 topic constants
- Update topics.yaml and topics_test.go for consistency

* refactor: move SaveInTx out of domain.Repository to preserve hexagonal boundary

domain.Repository is a pure domain port and must remain free of infrastructure
imports. *gorm.DB is an infrastructure detail that belongs in the service layer.

- Remove SaveInTx and gorm import from services/internal-account/domain/repository.go
- Define service.Repository interface in server.go that embeds domain.Repository
  and adds SaveInTx, mirroring the pattern used by the party service
- Update all constructors (NewService, NewServiceWithClients,
  NewServiceWithValuationFeatures, NewServiceFull) to accept service.Repository
- Update test helpers to use service.Repository instead of domain.Repository

---------

Co-authored-by: Ben Coombs <bjcoombs@users.noreply.github.com>

Author: bjcoombs

api/proto/meridian/events/v1/internal_account_events.proto

@@ -0,0 +1,95 @@
+syntax = "proto3";
+
+package meridian.events.v1;
+
+import "buf/validate/validate.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/meridianhub/meridian/api/proto/meridian/events/v1;eventsv1";
+
+// FacilityCreatedEvent is published when a new internal account facility is
+// initiated. Consumers can use this event to react to new internal account
+// creation, such as updating account registries or triggering provisioning.
+message FacilityCreatedEvent {
+  // event_id uniquely identifies this event instance
+  string event_id = 1 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // account_id uniquely identifies the internal account facility
+  string account_id = 2 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 255
+  }];
+
+  // account_code is the human-readable code for the account
+  string account_code = 3 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 100
+  }];
+
+  // account_type is the classification of the internal account (e.g., "NOSTRO", "VOSTRO")
+  string account_type = 4 [(buf.validate.field).string = {
+    max_len: 100
+  }];
+
+  // instrument_code is the instrument code for the facility (e.g., "GBP", "kWh")
+  string instrument_code = 5 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 50
+  }];
+
+  // correlation_id links related events across services
+  string correlation_id = 6 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // causation_id identifies the event or command that caused this event
+  string causation_id = 7 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // timestamp when the event was created
+  google.protobuf.Timestamp timestamp = 8 [(buf.validate.field).required = true];
+}
+
+// BookingCreatedEvent is published when a new booking (position keeping
+// transaction) is posted to an internal account. Consumers can use this
+// event to synchronise balances or trigger downstream processing.
+message BookingCreatedEvent {
+  // event_id uniquely identifies this event instance
+  string event_id = 1 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // account_id identifies the internal account receiving the booking
+  string account_id = 2 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 255
+  }];
+
+  // transaction_id identifies the position-keeping transaction associated with the booking
+  string transaction_id = 3 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 255
+  }];
+
+  // instrument_code is the instrument for this booking (e.g., "GBP", "kWh")
+  string instrument_code = 4 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 50
+  }];
+
+  // correlation_id links related events across services
+  string correlation_id = 5 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // causation_id identifies the event or command that caused this event
+  string causation_id = 6 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // timestamp when the event was created
+  google.protobuf.Timestamp timestamp = 7 [(buf.validate.field).required = true];
+}

api/proto/meridian/events/v1/party_events.proto

@@ -7,6 +7,89 @@ import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/meridianhub/meridian/api/proto/meridian/events/v1;eventsv1";
 
+// PartyCreatedEvent is published when a new party is registered in the system.
+// Consumers can use this event to react to new party creation, such as
+// initialising downstream records or triggering onboarding workflows.
+message PartyCreatedEvent {
+  // event_id uniquely identifies this event instance
+  string event_id = 1 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // party_id identifies the newly created party
+  string party_id = 2 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // party_type identifies the classification of the party (e.g., "INDIVIDUAL", "ORGANISATION")
+  string party_type = 3 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 100
+  }];
+
+  // legal_name is the registered legal name of the party
+  string legal_name = 4 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 500
+  }];
+
+  // status is the initial lifecycle status of the party
+  string status = 5 [(buf.validate.field).string = {
+    max_len: 50
+  }];
+
+  // correlation_id links related events across services
+  string correlation_id = 6 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // causation_id identifies the event or command that caused this event
+  string causation_id = 7 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // timestamp when the event was created
+  google.protobuf.Timestamp timestamp = 8 [(buf.validate.field).required = true];
+}
+
+// PartyUpdatedEvent is published when an existing party's details are modified.
+// Consumers can use this event to synchronise derived records with updated party data.
+message PartyUpdatedEvent {
+  // event_id uniquely identifies this event instance
+  string event_id = 1 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // party_id identifies the party that was updated
+  string party_id = 2 [(buf.validate.field).string = {
+    uuid: true
+  }];
+
+  // party_type identifies the classification of the party
+  string party_type = 3 [(buf.validate.field).string = {
+    min_len: 1
+    max_len: 100
+  }];
+
+  // status is the current lifecycle status of the party after the update
+  string status = 4 [(buf.validate.field).string = {
+    max_len: 50
+  }];
+
+  // correlation_id links related events across services
+  string correlation_id = 5 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // causation_id identifies the event or command that caused this event
+  string causation_id = 6 [(buf.validate.field).string = {
+    max_len: 255
+  }];
+
+  // timestamp when the event was created
+  google.protobuf.Timestamp timestamp = 7 [(buf.validate.field).required = true];
+}
+
 // PartyVerificationCompletedEvent is published when a KYC/AML verification
 // transitions to a terminal state (APPROVED, REJECTED, or MANUAL_REVIEW).
 // This event enables downstream services to react to verification outcomes,

services/internal-account/adapters/persistence/repository.go

@@ -162,6 +162,12 @@ func (r *Repository) Save(ctx context.Context, account domain.InternalAccount) e
 	})
 }
 
+// SaveInTx persists a new or updated account within the provided transaction.
+// The caller is responsible for managing the transaction boundary.
+func (r *Repository) SaveInTx(ctx context.Context, account domain.InternalAccount, tx *gorm.DB) error {
+	return r.WithTx(tx).Save(ctx, account)
+}
+
 // FindByID retrieves an account by its UUID.
 func (r *Repository) FindByID(ctx context.Context, id uuid.UUID) (domain.InternalAccount, error) {
 	var account domain.InternalAccount

services/internal-account/cmd/main.go

@@ -21,6 +21,8 @@ import (
 	"github.com/meridianhub/meridian/shared/platform/bootstrap"
 	"github.com/meridianhub/meridian/shared/platform/defaults"
 	"github.com/meridianhub/meridian/shared/platform/env"
+	"github.com/meridianhub/meridian/shared/platform/events"
+	"github.com/meridianhub/meridian/shared/platform/kafka"
 	"github.com/meridianhub/meridian/shared/platform/observability"
 	"github.com/meridianhub/meridian/shared/platform/ports"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
@@ -88,6 +90,10 @@ func run(logger *slog.Logger) error {
 	// Create repository
 	repo := persistence.NewRepository(db)
 
+	// Create outbox repository and publisher for event publishing
+	outboxRepo := events.NewPostgresOutboxRepository(db)
+	outboxPublisher := events.NewOutboxPublisher("internal-account")
+
 	// Get Kubernetes namespace from environment (defaults to "default")
 	namespace := env.GetEnvOrDefault("K8S_NAMESPACE", "default")
 
@@ -106,8 +112,35 @@ func run(logger *slog.Logger) error {
 		return fmt.Errorf("failed to create service: %w", err)
 	}
 
+	// Wire outbox publisher for domain event publishing
+	internalAccountService.SetOutboxPublisher(outboxPublisher, db)
+
 	logger.Info("service initialized with external clients")
 
+	// Start outbox worker for Kafka event delivery (optional - depends on KAFKA_BOOTSTRAP_SERVERS)
+	var outboxWorkerStop func()
+	bootstrapServers := env.GetEnvOrDefault("KAFKA_BOOTSTRAP_SERVERS", "")
+	if bootstrapServers != "" {
+		producer, err := kafka.NewProtoProducer(kafka.ProducerConfig{
+			BootstrapServers: bootstrapServers,
+			ClientID:         "internal-account-outbox-worker",
+			Acks:             "all",
+			Retries:          3,
+			Compression:      "snappy",
+		})
+		if err != nil {
+			logger.Warn("failed to create Kafka producer for outbox worker - events will be persisted but not published",
+				"error", err)
+		} else {
+			w := events.NewWorker(outboxRepo, producer, events.DefaultWorkerConfig("internal-account"), logger)
+			w.Start(ctx)
+			outboxWorkerStop = w.Stop
+			logger.Info("outbox worker started")
+		}
+	} else {
+		logger.Warn("KAFKA_BOOTSTRAP_SERVERS not configured, outbox worker disabled - events will be persisted but not published")
+	}
+
 	// Initialize auth interceptor (optional - based on AUTH_ENABLED)
 	authConfig := bootstrap.DefaultAuthConfig(logger)
 	authInterceptor, err := bootstrap.NewAuthInterceptor(ctx, authConfig)
@@ -241,6 +274,13 @@ func run(logger *slog.Logger) error {
 		return nil
 	})
 
+	if outboxWorkerStop != nil {
+		orchestrator.AddCleanup(func() error {
+			outboxWorkerStop()
+			return nil
+		})
+	}
+
 	for _, cleanup := range svcClients.cleanupFuncs {
 		fn := cleanup // capture for closure
 		orchestrator.AddCleanup(func() error {