@mytechtoday/augment-extensions 1.3.0 → 1.4.0

package/augment-extensions/domain-rules/software-architecture/examples/banking-layered.md

@@ -1,961 +1,961 @@
-# Banking Application Architecture Example
-
-## Overview
-
-This document provides a comprehensive example of a banking application built with layered architecture, focusing on security, compliance, and data integrity.
-
----
-
-## System Context
-
-### Business Requirements
-
-**Functional Requirements**
-- Account management (checking, savings, credit)
-- Fund transfers (internal and external)
-- Transaction history and statements
-- Bill payments and recurring payments
-- Loan applications and management
-- Customer authentication and authorization
-- Fraud detection and alerts
-- Regulatory reporting
-
-**Non-Functional Requirements**
-- **Security**: Multi-factor authentication, encryption at rest and in transit
-- **Compliance**: SOX, PCI DSS, GDPR, Basel III
-- **Availability**: 99.95% uptime (4.38 hours downtime/year)
-- **Data Integrity**: ACID transactions, zero data loss
-- **Auditability**: Complete audit trail for all transactions
-- **Performance**: Transaction processing < 500ms
-
-### Scale Metrics
-- 500,000 active customers
-- 1 million accounts
-- 100,000 transactions per day
-- $10 billion in assets under management
-- 24/7 operation with global presence
-
----
-
-## Architecture Overview
-
-### Layered Architecture Pattern
-
-**Four-Tier Architecture**
-
-```
-┌─────────────────────────────────────────────────────────────┐
-│                    Presentation Layer                        │
-│         Web UI, Mobile Apps, ATM Interface, APIs             │
-└─────────────────────────────────────────────────────────────┘
-                              │
-┌─────────────────────────────────────────────────────────────┐
-│                    Application Layer                         │
-│    Use Cases, Orchestration, Transaction Coordination        │
-│    (Account Service, Transfer Service, Loan Service)         │
-└─────────────────────────────────────────────────────────────┘
-                              │
-┌─────────────────────────────────────────────────────────────┐
-│                      Domain Layer                            │
-│    Business Logic, Domain Models, Business Rules             │
-│    (Account, Transaction, Customer, Loan)                    │
-└─────────────────────────────────────────────────────────────┘
-                              │
-┌─────────────────────────────────────────────────────────────┐
-│                  Infrastructure Layer                        │
-│    Database, External Services, Messaging, Security          │
-│    (PostgreSQL, Redis, Kafka, SWIFT, ACH)                    │
-└─────────────────────────────────────────────────────────────┘
-```
-
-### Layer Responsibilities
-
-**1. Presentation Layer**
-- Web application (React)
-- Mobile apps (iOS, Android)
-- ATM interface
-- Admin portal
-- RESTful APIs
-- Input validation
-- Session management
-
-**2. Application Layer**
-- Account management use cases
-- Transfer orchestration
-- Loan processing workflows
-- Transaction coordination
-- Event publishing
-- External service integration
-
-**3. Domain Layer**
-- Account entity and business rules
-- Transaction processing logic
-- Interest calculation
-- Overdraft protection
-- Fraud detection rules
-- Loan approval logic
-
-**4. Infrastructure Layer**
-- PostgreSQL database (ACID compliance)
-- Redis cache (session, rate limiting)
-- Kafka message broker (event streaming)
-- SWIFT integration (international transfers)
-- ACH integration (domestic transfers)
-- HSM (Hardware Security Module) for encryption
-
----
-
-## Technology Stack
-
-### Presentation Layer
-- **Web**: React, TypeScript, Material-UI
-- **Mobile**: React Native
-- **API**: Node.js, Express, GraphQL
-
-### Application Layer
-- **Language**: Java 17
-- **Framework**: Spring Boot 3.x
-- **Security**: Spring Security, OAuth 2.0
-
-### Domain Layer
-- **Language**: Java 17
-- **Patterns**: Domain-Driven Design (DDD)
-- **Validation**: Bean Validation (JSR 380)
-
-### Infrastructure Layer
-- **Database**: PostgreSQL 15 (primary), PostgreSQL replicas (read)
-- **Cache**: Redis Cluster
-- **Message Broker**: Apache Kafka
-- **Search**: Elasticsearch (transaction search)
-- **File Storage**: AWS S3 (statements, documents)
-
-### Security & Compliance
-- **Authentication**: OAuth 2.0, OpenID Connect
-- **MFA**: TOTP, SMS, Biometric
-- **Encryption**: AES-256 (at rest), TLS 1.3 (in transit)
-- **HSM**: Thales Luna HSM
-- **Audit**: Splunk, custom audit tables
-
-### Infrastructure
-- **Hosting**: AWS (multi-region)
-- **Container**: Docker, Kubernetes (EKS)
-- **Load Balancer**: AWS ALB
-- **CDN**: CloudFront
-- **Monitoring**: Datadog, CloudWatch
-
----
-
-## Implementation Details
-
-### 1. Domain Layer - Account Entity
-
-**Rich Domain Model**
-
-```java
-// src/main/java/com/bank/domain/account/Account.java
-package com.bank.domain.account;
-
-import com.bank.domain.common.Money;
-import com.bank.domain.transaction.Transaction;
-import javax.validation.constraints.*;
-import java.math.BigDecimal;
-import java.time.LocalDateTime;
-import java.util.ArrayList;
-import java.util.List;
-
-public class Account {
-    @NotNull
-    private final AccountId id;
-
-    @NotNull
-    private final CustomerId customerId;
-
-    @NotNull
-    private final AccountType type;
-
-    @NotNull
-    private Money balance;
-
-    @NotNull
-    private AccountStatus status;
-
-    private Money overdraftLimit;
-
-    @NotNull
-    private final LocalDateTime createdAt;
-
-    private LocalDateTime closedAt;
-
-    private final List<Transaction> transactions = new ArrayList<>();
-
-    // Business logic methods
-    public void deposit(Money amount, String description) {
-        validateAccountActive();
-        validatePositiveAmount(amount);
-
-        this.balance = this.balance.add(amount);
-
-        Transaction transaction = Transaction.createDeposit(
-            this.id,
-            amount,
-            description,
-            LocalDateTime.now()
-        );
-
-        this.transactions.add(transaction);
-    }
-
-    public void withdraw(Money amount, String description) {
-        validateAccountActive();
-        validatePositiveAmount(amount);
-        validateSufficientFunds(amount);
-
-        this.balance = this.balance.subtract(amount);
-
-        Transaction transaction = Transaction.createWithdrawal(
-            this.id,
-            amount,
-            description,
-            LocalDateTime.now()
-        );
-
-        this.transactions.add(transaction);
-    }
-
-    public void transfer(Account targetAccount, Money amount, String description) {
-        validateAccountActive();
-        targetAccount.validateAccountActive();
-        validatePositiveAmount(amount);
-        validateSufficientFunds(amount);
-        validateDifferentAccounts(targetAccount);
-
-        this.withdraw(amount, "Transfer to " + targetAccount.getId());
-        targetAccount.deposit(amount, "Transfer from " + this.getId());
-    }
-
-    public Money calculateInterest(BigDecimal annualRate, int days) {
-        if (this.type != AccountType.SAVINGS) {
-            throw new IllegalStateException("Interest only applies to savings accounts");
-        }
-
-        BigDecimal dailyRate = annualRate.divide(BigDecimal.valueOf(365), 10, BigDecimal.ROUND_HALF_UP);
-        BigDecimal interest = this.balance.getAmount()
-            .multiply(dailyRate)
-            .multiply(BigDecimal.valueOf(days));
-
-        return new Money(interest, this.balance.getCurrency());
-    }
-
-    // Validation methods
-    private void validateAccountActive() {
-        if (this.status != AccountStatus.ACTIVE) {
-            throw new AccountNotActiveException("Account " + this.id + " is not active");
-        }
-    }
-
-    private void validatePositiveAmount(Money amount) {
-        if (amount.getAmount().compareTo(BigDecimal.ZERO) <= 0) {
-            throw new IllegalArgumentException("Amount must be positive");
-        }
-    }
-
-    private void validateSufficientFunds(Money amount) {
-        Money availableBalance = this.balance.add(this.overdraftLimit != null ? this.overdraftLimit : Money.ZERO);
-
-        if (availableBalance.compareTo(amount) < 0) {
-            throw new InsufficientFundsException(
-                "Insufficient funds. Available: " + availableBalance + ", Required: " + amount
-            );
-        }
-    }
-
-    private void validateDifferentAccounts(Account other) {
-        if (this.id.equals(other.id)) {
-            throw new IllegalArgumentException("Cannot transfer to the same account");
-        }
-    }
-
-    // Getters
-    public AccountId getId() { return id; }
-    public Money getBalance() { return balance; }
-    public AccountStatus getStatus() { return status; }
-}
-
-// Value Objects
-public record AccountId(String value) {
-    public AccountId {
-        if (value == null || value.isBlank()) {
-            throw new IllegalArgumentException("Account ID cannot be null or blank");
-        }
-    }
-}
-
-public record Money(BigDecimal amount, Currency currency) implements Comparable<Money> {
-    public static final Money ZERO = new Money(BigDecimal.ZERO, Currency.USD);
-
-    public Money add(Money other) {
-        validateSameCurrency(other);
-        return new Money(this.amount.add(other.amount), this.currency);
-    }
-
-    public Money subtract(Money other) {
-        validateSameCurrency(other);
-        return new Money(this.amount.subtract(other.amount), this.currency);
-    }
-
-    @Override
-    public int compareTo(Money other) {
-        validateSameCurrency(other);
-        return this.amount.compareTo(other.amount);
-    }
-
-    private void validateSameCurrency(Money other) {
-        if (!this.currency.equals(other.currency)) {
-            throw new IllegalArgumentException("Cannot operate on different currencies");
-        }
-    }
-}
-
-public enum AccountType {
-    CHECKING, SAVINGS, CREDIT, LOAN
-}
-
-public enum AccountStatus {
-    ACTIVE, SUSPENDED, CLOSED, FROZEN
-}
-```
-
-### 2. Application Layer - Transfer Service
-
-**Use Case Orchestration**
-
-```java
-// src/main/java/com/bank/application/transfer/TransferService.java
-package com.bank.application.transfer;
-
-import com.bank.domain.account.*;
-import com.bank.domain.common.Money;
-import com.bank.infrastructure.events.EventPublisher;
-import com.bank.infrastructure.fraud.FraudDetectionService;
-import org.springframework.stereotype.Service;
-import org.springframework.transaction.annotation.Transactional;
-import java.time.LocalDateTime;
-
-@Service
-public class TransferService {
-    private final AccountRepository accountRepository;
-    private final TransferRepository transferRepository;
-    private final FraudDetectionService fraudDetection;
-    private final EventPublisher eventPublisher;
-    private final AuditLogger auditLogger;
-
-    public TransferService(
-        AccountRepository accountRepository,
-        TransferRepository transferRepository,
-        FraudDetectionService fraudDetection,
-        EventPublisher eventPublisher,
-        AuditLogger auditLogger
-    ) {
-        this.accountRepository = accountRepository;
-        this.transferRepository = transferRepository;
-        this.fraudDetection = fraudDetection;
-        this.eventPublisher = eventPublisher;
-        this.auditLogger = auditLogger;
-    }
-
-    @Transactional
-    public TransferResult executeTransfer(TransferRequest request) {
-        // 1. Validate request
-        validateTransferRequest(request);
-
-        // 2. Load accounts
-        Account sourceAccount = accountRepository.findById(request.sourceAccountId())
-            .orElseThrow(() -> new AccountNotFoundException(request.sourceAccountId()));
-
-        Account targetAccount = accountRepository.findById(request.targetAccountId())
-            .orElseThrow(() -> new AccountNotFoundException(request.targetAccountId()));
-
-        // 3. Fraud detection
-        FraudCheckResult fraudCheck = fraudDetection.checkTransfer(
-            sourceAccount,
-            targetAccount,
-            request.amount()
-        );
-
-        if (fraudCheck.isSuspicious()) {
-            auditLogger.logSuspiciousActivity(request, fraudCheck);
-            throw new SuspiciousActivityException("Transfer flagged for review");
-        }
-
-        // 4. Execute transfer (domain logic)
-        sourceAccount.transfer(targetAccount, request.amount(), request.description());
-
-        // 5. Save accounts
-        accountRepository.save(sourceAccount);
-        accountRepository.save(targetAccount);
-
-        // 6. Create transfer record
-        Transfer transfer = Transfer.create(
-            sourceAccount.getId(),
-            targetAccount.getId(),
-            request.amount(),
-            request.description(),
-            TransferStatus.COMPLETED,
-            LocalDateTime.now()
-        );
-        transferRepository.save(transfer);
-
-        // 7. Publish event
-        eventPublisher.publish(new TransferCompletedEvent(
-            transfer.getId(),
-            sourceAccount.getId(),
-            targetAccount.getId(),
-            request.amount(),
-            LocalDateTime.now()
-        ));
-
-        // 8. Audit log
-        auditLogger.logTransfer(request, transfer, "SUCCESS");
-
-        return new TransferResult(transfer.getId(), TransferStatus.COMPLETED);
-    }
-
-    private void validateTransferRequest(TransferRequest request) {
-        if (request.amount().getAmount().compareTo(BigDecimal.ZERO) <= 0) {
-            throw new IllegalArgumentException("Transfer amount must be positive");
-        }
-
-        if (request.sourceAccountId().equals(request.targetAccountId())) {
-            throw new IllegalArgumentException("Source and target accounts must be different");
-        }
-    }
-}
-```
-
-
-
-### 3. Infrastructure Layer - Repository Implementation
-
-**Data Access with JPA**
-
-```java
-// src/main/java/com/bank/infrastructure/persistence/JpaAccountRepository.java
-package com.bank.infrastructure.persistence;
-
-import com.bank.domain.account.*;
-import org.springframework.data.jpa.repository.JpaRepository;
-import org.springframework.data.jpa.repository.Lock;
-import org.springframework.data.jpa.repository.Query;
-import org.springframework.stereotype.Repository;
-import javax.persistence.LockModeType;
-import java.util.Optional;
-
-@Repository
-public interface JpaAccountRepository extends JpaRepository<AccountEntity, String>, AccountRepository {
-
-    @Lock(LockModeType.PESSIMISTIC_WRITE)
-    @Query("SELECT a FROM AccountEntity a WHERE a.id = :id")
-    Optional<AccountEntity> findByIdForUpdate(String id);
-
-    @Query("SELECT a FROM AccountEntity a WHERE a.customerId = :customerId AND a.status = 'ACTIVE'")
-    List<AccountEntity> findActiveAccountsByCustomer(String customerId);
-}
-
-// Domain Repository Interface
-public interface AccountRepository {
-    Optional<Account> findById(AccountId id);
-    Account save(Account account);
-    void delete(Account account);
-    List<Account> findByCustomerId(CustomerId customerId);
-}
-
-// Repository Adapter
-@Component
-public class AccountRepositoryAdapter implements AccountRepository {
-    private final JpaAccountRepository jpaRepository;
-    private final AccountMapper mapper;
-
-    @Override
-    public Optional<Account> findById(AccountId id) {
-        return jpaRepository.findByIdForUpdate(id.value())
-            .map(mapper::toDomain);
-    }
-
-    @Override
-    public Account save(Account account) {
-        AccountEntity entity = mapper.toEntity(account);
-        AccountEntity saved = jpaRepository.save(entity);
-        return mapper.toDomain(saved);
-    }
-}
-
-// JPA Entity
-@Entity
-@Table(name = "accounts")
-public class AccountEntity {
-    @Id
-    private String id;
-
-    @Column(name = "customer_id", nullable = false)
-    private String customerId;
-
-    @Enumerated(EnumType.STRING)
-    @Column(nullable = false)
-    private AccountType type;
-
-    @Column(nullable = false, precision = 19, scale = 4)
-    private BigDecimal balance;
-
-    @Enumerated(EnumType.STRING)
-    @Column(nullable = false)
-    private AccountStatus status;
-
-    @Column(name = "overdraft_limit", precision = 19, scale = 4)
-    private BigDecimal overdraftLimit;
-
-    @Column(name = "created_at", nullable = false)
-    private LocalDateTime createdAt;
-
-    @Column(name = "closed_at")
-    private LocalDateTime closedAt;
-
-    @Version
-    private Long version; // Optimistic locking
-
-    // Getters and setters
-}
-```
-
-### 4. Presentation Layer - REST API
-
-**Account Controller**
-
-```java
-// src/main/java/com/bank/presentation/api/AccountController.java
-package com.bank.presentation.api;
-
-import com.bank.application.account.*;
-import com.bank.domain.common.Money;
-import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
-import org.springframework.web.bind.annotation.*;
-import javax.validation.Valid;
-
-@RestController
-@RequestMapping("/api/v1/accounts")
-public class AccountController {
-    private final AccountService accountService;
-    private final TransferService transferService;
-
-    @GetMapping("/{accountId}")
-    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
-    public ResponseEntity<AccountDto> getAccount(@PathVariable String accountId) {
-        Account account = accountService.getAccount(new AccountId(accountId));
-        return ResponseEntity.ok(AccountDto.from(account));
-    }
-
-    @GetMapping("/{accountId}/balance")
-    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
-    public ResponseEntity<BalanceDto> getBalance(@PathVariable String accountId) {
-        Money balance = accountService.getBalance(new AccountId(accountId));
-        return ResponseEntity.ok(new BalanceDto(balance.getAmount(), balance.getCurrency()));
-    }
-
-    @PostMapping("/{accountId}/deposit")
-    @PreAuthorize("hasPermission(#accountId, 'Account', 'WRITE')")
-    public ResponseEntity<TransactionDto> deposit(
-        @PathVariable String accountId,
-        @Valid @RequestBody DepositRequest request
-    ) {
-        Transaction transaction = accountService.deposit(
-            new AccountId(accountId),
-            new Money(request.amount(), Currency.valueOf(request.currency())),
-            request.description()
-        );
-
-        return ResponseEntity.ok(TransactionDto.from(transaction));
-    }
-
-    @PostMapping("/{accountId}/withdraw")
-    @PreAuthorize("hasPermission(#accountId, 'Account', 'WRITE')")
-    public ResponseEntity<TransactionDto> withdraw(
-        @PathVariable String accountId,
-        @Valid @RequestBody WithdrawRequest request
-    ) {
-        Transaction transaction = accountService.withdraw(
-            new AccountId(accountId),
-            new Money(request.amount(), Currency.valueOf(request.currency())),
-            request.description()
-        );
-
-        return ResponseEntity.ok(TransactionDto.from(transaction));
-    }
-
-    @PostMapping("/transfer")
-    @PreAuthorize("hasPermission(#request.sourceAccountId, 'Account', 'WRITE')")
-    public ResponseEntity<TransferDto> transfer(@Valid @RequestBody TransferRequest request) {
-        TransferResult result = transferService.executeTransfer(request);
-        return ResponseEntity.ok(TransferDto.from(result));
-    }
-
-    @GetMapping("/{accountId}/transactions")
-    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
-    public ResponseEntity<Page<TransactionDto>> getTransactions(
-        @PathVariable String accountId,
-        @RequestParam(defaultValue = "0") int page,
-        @RequestParam(defaultValue = "20") int size
-    ) {
-        Page<Transaction> transactions = accountService.getTransactions(
-            new AccountId(accountId),
-            PageRequest.of(page, size)
-        );
-
-        return ResponseEntity.ok(transactions.map(TransactionDto::from));
-    }
-}
-
-// DTOs
-public record AccountDto(
-    String id,
-    String customerId,
-    String type,
-    BigDecimal balance,
-    String currency,
-    String status,
-    LocalDateTime createdAt
-) {
-    public static AccountDto from(Account account) {
-        return new AccountDto(
-            account.getId().value(),
-            account.getCustomerId().value(),
-            account.getType().name(),
-            account.getBalance().getAmount(),
-            account.getBalance().getCurrency().name(),
-            account.getStatus().name(),
-            account.getCreatedAt()
-        );
-    }
-}
-
-public record DepositRequest(
-    @NotNull @Positive BigDecimal amount,
-    @NotNull String currency,
-    @NotBlank String description
-) {}
-
-public record WithdrawRequest(
-    @NotNull @Positive BigDecimal amount,
-    @NotNull String currency,
-    @NotBlank String description
-) {}
-```
-
----
-
-## Security Implementation
-
-### 1. Authentication & Authorization
-
-**Spring Security Configuration**
-
-```java
-// src/main/java/com/bank/infrastructure/security/SecurityConfig.java
-package com.bank.infrastructure.security;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.web.SecurityFilterChain;
-
-@Configuration
-@EnableMethodSecurity(prePostEnabled = true)
-public class SecurityConfig {
-
-    @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
-            .csrf().disable()
-            .sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-            .and()
-            .authorizeHttpRequests(auth -> auth
-                .requestMatchers("/api/v1/public/**").permitAll()
-                .requestMatchers("/api/v1/accounts/**").authenticated()
-                .requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
-                .anyRequest().authenticated()
-            )
-            .oauth2ResourceServer()
-                .jwt()
-                .jwtAuthenticationConverter(jwtAuthenticationConverter());
-
-        return http.build();
-    }
-
-    @Bean
-    public JwtAuthenticationConverter jwtAuthenticationConverter() {
-        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
-        grantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
-        grantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
-
-        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
-        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
-        return jwtAuthenticationConverter;
-    }
-}
-```
-
-**Custom Permission Evaluator**
-
-```java
-// src/main/java/com/bank/infrastructure/security/AccountPermissionEvaluator.java
-@Component
-public class AccountPermissionEvaluator implements PermissionEvaluator {
-    private final AccountRepository accountRepository;
-
-    @Override
-    public boolean hasPermission(
-        Authentication authentication,
-        Object targetDomainObject,
-        Object permission
-    ) {
-        if (authentication == null || !(targetDomainObject instanceof String)) {
-            return false;
-        }
-
-        String accountId = (String) targetDomainObject;
-        String userId = authentication.getName();
-
-        // Check if user owns the account
-        Account account = accountRepository.findById(new AccountId(accountId))
-            .orElseThrow(() -> new AccountNotFoundException(accountId));
-
-        return account.getCustomerId().value().equals(userId) ||
-               authentication.getAuthorities().stream()
-                   .anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"));
-    }
-}
-```
-
-
-### 2. Audit Logging
-
-**Comprehensive Audit Trail**
-
-```java
-// src/main/java/com/bank/infrastructure/audit/AuditLogger.java
-@Component
-public class AuditLogger {
-    private final AuditRepository auditRepository;
-    private final KafkaTemplate<String, AuditEvent> kafkaTemplate;
-
-    public void logTransfer(TransferRequest request, Transfer transfer, String status) {
-        AuditEvent event = AuditEvent.builder()
-            .eventType("TRANSFER")
-            .userId(SecurityContextHolder.getContext().getAuthentication().getName())
-            .entityType("Transfer")
-            .entityId(transfer.getId().value())
-            .action("EXECUTE")
-            .status(status)
-            .details(Map.of(
-                "sourceAccountId", request.sourceAccountId(),
-                "targetAccountId", request.targetAccountId(),
-                "amount", request.amount().toString(),
-                "description", request.description()
-            ))
-            .ipAddress(getClientIpAddress())
-            .timestamp(LocalDateTime.now())
-            .build();
-
-        // Store in database
-        auditRepository.save(event);
-
-        // Publish to Kafka for real-time monitoring
-        kafkaTemplate.send("audit-events", event);
-    }
-
-    public void logSuspiciousActivity(TransferRequest request, FraudCheckResult fraudCheck) {
-        AuditEvent event = AuditEvent.builder()
-            .eventType("FRAUD_ALERT")
-            .userId(SecurityContextHolder.getContext().getAuthentication().getName())
-            .action("TRANSFER_BLOCKED")
-            .status("SUSPICIOUS")
-            .details(Map.of(
-                "reason", fraudCheck.getReason(),
-                "riskScore", fraudCheck.getRiskScore(),
-                "amount", request.amount().toString()
-            ))
-            .timestamp(LocalDateTime.now())
-            .build();
-
-        auditRepository.save(event);
-        kafkaTemplate.send("fraud-alerts", event);
-    }
-}
-```
-
-### 3. Data Encryption
-
-**Encryption at Rest and in Transit**
-
-```java
-// src/main/java/com/bank/infrastructure/security/EncryptionService.java
-@Service
-public class EncryptionService {
-    private final KeyManagementService kms;
-
-    public String encryptSensitiveData(String plaintext) {
-        try {
-            // Use AWS KMS or HSM for key management
-            byte[] dataKey = kms.generateDataKey();
-
-            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
-            GCMParameterSpec spec = new GCMParameterSpec(128, generateIV());
-            SecretKeySpec keySpec = new SecretKeySpec(dataKey, "AES");
-
-            cipher.init(Cipher.ENCRYPT_MODE, keySpec, spec);
-            byte[] encrypted = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
-
-            return Base64.getEncoder().encodeToString(encrypted);
-        } catch (Exception e) {
-            throw new EncryptionException("Failed to encrypt data", e);
-        }
-    }
-
-    public String decryptSensitiveData(String ciphertext) {
-        // Decryption logic
-    }
-}
-```
-
----
-
-## Compliance & Regulatory
-
-### 1. SOX Compliance
-
-**Segregation of Duties**
-
-```java
-// src/main/java/com/bank/infrastructure/compliance/SoxComplianceService.java
-@Service
-public class SoxComplianceService {
-
-    @PreAuthorize("hasRole('MAKER')")
-    public void createTransaction(TransactionRequest request) {
-        // Maker creates transaction in PENDING state
-        Transaction transaction = Transaction.createPending(request);
-        transactionRepository.save(transaction);
-    }
-
-    @PreAuthorize("hasRole('CHECKER') and !hasRole('MAKER')")
-    public void approveTransaction(String transactionId) {
-        // Checker approves (different person than maker)
-        Transaction transaction = transactionRepository.findById(transactionId);
-
-        if (transaction.getCreatedBy().equals(getCurrentUser())) {
-            throw new SoxViolationException("Cannot approve own transaction");
-        }
-
-        transaction.approve(getCurrentUser());
-        transactionRepository.save(transaction);
-    }
-}
-```
-
-### 2. GDPR Compliance
-
-**Data Privacy and Right to be Forgotten**
-
-```java
-// src/main/java/com/bank/application/gdpr/GdprService.java
-@Service
-public class GdprService {
-
-    public CustomerDataExport exportCustomerData(CustomerId customerId) {
-        // Export all customer data
-        Customer customer = customerRepository.findById(customerId);
-        List<Account> accounts = accountRepository.findByCustomerId(customerId);
-        List<Transaction> transactions = transactionRepository.findByCustomerId(customerId);
-
-        return CustomerDataExport.builder()
-            .customer(customer)
-            .accounts(accounts)
-            .transactions(transactions)
-            .exportDate(LocalDateTime.now())
-            .build();
-    }
-
-    @Transactional
-    public void anonymizeCustomerData(CustomerId customerId) {
-        // Anonymize customer data (cannot delete due to regulatory requirements)
-        Customer customer = customerRepository.findById(customerId);
-        customer.anonymize(); // Replace PII with anonymized values
-
-        customerRepository.save(customer);
-
-        auditLogger.log("GDPR_ANONYMIZATION", customerId);
-    }
-}
-```
-
----
-
-## Key Takeaways
-
-### Architecture Decisions
-
-1. **Layered Architecture**: Clear separation of concerns, easier to understand and maintain
-2. **Rich Domain Model**: Business logic in domain layer, not anemic models
-3. **Repository Pattern**: Abstracts data access, enables testing
-4. **ACID Transactions**: PostgreSQL ensures data integrity
-5. **Pessimistic Locking**: Prevents concurrent modification of accounts
-6. **Audit Logging**: Complete trail for compliance
-7. **Encryption**: AES-256 for sensitive data
-
-### Trade-offs
-
-**Benefits**
-- ✅ Clear separation of concerns
-- ✅ Easy to understand and maintain
-- ✅ Strong data consistency (ACID)
-- ✅ Comprehensive security
-- ✅ Regulatory compliance
-- ✅ Testable layers
-
-**Challenges**
-- ❌ Monolithic deployment (all layers together)
-- ❌ Vertical scaling only
-- ❌ Technology lock-in (Java/Spring)
-- ❌ Layer overhead for simple operations
-- ❌ Tight coupling within monolith
-
-### Security Measures
-
-- **Authentication**: OAuth 2.0, JWT tokens
-- **Authorization**: Role-based access control (RBAC)
-- **Encryption**: AES-256 at rest, TLS 1.3 in transit
-- **MFA**: TOTP, SMS, biometric
-- **Audit**: Complete audit trail
-- **Compliance**: SOX, PCI DSS, GDPR, Basel III
-
-### Performance Metrics
-
-- **Transaction Processing**: < 500ms (P95)
-- **API Response Time**: < 200ms (P95)
-- **Database Queries**: < 100ms (P95)
-- **Availability**: 99.95%
-- **Throughput**: 100,000 transactions/day
-
----
-
-## References
-
-- [Layered Architecture](../rules/layered-architecture.md)
-- [Security Architecture](../rules/security.md)
-- [Domain-Driven Design](../rules/tools-methodologies.md)
-- [Quality Attributes](../rules/quality-attributes.md)
-- [Spring Security Documentation](https://spring.io/projects/spring-security)
-- [PCI DSS Compliance](https://www.pcisecuritystandards.org/)
-
+# Banking Application Architecture Example
+
+## Overview
+
+This document provides a comprehensive example of a banking application built with layered architecture, focusing on security, compliance, and data integrity.
+
+---
+
+## System Context
+
+### Business Requirements
+
+**Functional Requirements**
+- Account management (checking, savings, credit)
+- Fund transfers (internal and external)
+- Transaction history and statements
+- Bill payments and recurring payments
+- Loan applications and management
+- Customer authentication and authorization
+- Fraud detection and alerts
+- Regulatory reporting
+
+**Non-Functional Requirements**
+- **Security**: Multi-factor authentication, encryption at rest and in transit
+- **Compliance**: SOX, PCI DSS, GDPR, Basel III
+- **Availability**: 99.95% uptime (4.38 hours downtime/year)
+- **Data Integrity**: ACID transactions, zero data loss
+- **Auditability**: Complete audit trail for all transactions
+- **Performance**: Transaction processing < 500ms
+
+### Scale Metrics
+- 500,000 active customers
+- 1 million accounts
+- 100,000 transactions per day
+- $10 billion in assets under management
+- 24/7 operation with global presence
+
+---
+
+## Architecture Overview
+
+### Layered Architecture Pattern
+
+**Four-Tier Architecture**
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    Presentation Layer                        │
+│         Web UI, Mobile Apps, ATM Interface, APIs             │
+└─────────────────────────────────────────────────────────────┘
+                              │
+┌─────────────────────────────────────────────────────────────┐
+│                    Application Layer                         │
+│    Use Cases, Orchestration, Transaction Coordination        │
+│    (Account Service, Transfer Service, Loan Service)         │
+└─────────────────────────────────────────────────────────────┘
+                              │
+┌─────────────────────────────────────────────────────────────┐
+│                      Domain Layer                            │
+│    Business Logic, Domain Models, Business Rules             │
+│    (Account, Transaction, Customer, Loan)                    │
+└─────────────────────────────────────────────────────────────┘
+                              │
+┌─────────────────────────────────────────────────────────────┐
+│                  Infrastructure Layer                        │
+│    Database, External Services, Messaging, Security          │
+│    (PostgreSQL, Redis, Kafka, SWIFT, ACH)                    │
+└─────────────────────────────────────────────────────────────┘
+```
+
+### Layer Responsibilities
+
+**1. Presentation Layer**
+- Web application (React)
+- Mobile apps (iOS, Android)
+- ATM interface
+- Admin portal
+- RESTful APIs
+- Input validation
+- Session management
+
+**2. Application Layer**
+- Account management use cases
+- Transfer orchestration
+- Loan processing workflows
+- Transaction coordination
+- Event publishing
+- External service integration
+
+**3. Domain Layer**
+- Account entity and business rules
+- Transaction processing logic
+- Interest calculation
+- Overdraft protection
+- Fraud detection rules
+- Loan approval logic
+
+**4. Infrastructure Layer**
+- PostgreSQL database (ACID compliance)
+- Redis cache (session, rate limiting)
+- Kafka message broker (event streaming)
+- SWIFT integration (international transfers)
+- ACH integration (domestic transfers)
+- HSM (Hardware Security Module) for encryption
+
+---
+
+## Technology Stack
+
+### Presentation Layer
+- **Web**: React, TypeScript, Material-UI
+- **Mobile**: React Native
+- **API**: Node.js, Express, GraphQL
+
+### Application Layer
+- **Language**: Java 17
+- **Framework**: Spring Boot 3.x
+- **Security**: Spring Security, OAuth 2.0
+
+### Domain Layer
+- **Language**: Java 17
+- **Patterns**: Domain-Driven Design (DDD)
+- **Validation**: Bean Validation (JSR 380)
+
+### Infrastructure Layer
+- **Database**: PostgreSQL 15 (primary), PostgreSQL replicas (read)
+- **Cache**: Redis Cluster
+- **Message Broker**: Apache Kafka
+- **Search**: Elasticsearch (transaction search)
+- **File Storage**: AWS S3 (statements, documents)
+
+### Security & Compliance
+- **Authentication**: OAuth 2.0, OpenID Connect
+- **MFA**: TOTP, SMS, Biometric
+- **Encryption**: AES-256 (at rest), TLS 1.3 (in transit)
+- **HSM**: Thales Luna HSM
+- **Audit**: Splunk, custom audit tables
+
+### Infrastructure
+- **Hosting**: AWS (multi-region)
+- **Container**: Docker, Kubernetes (EKS)
+- **Load Balancer**: AWS ALB
+- **CDN**: CloudFront
+- **Monitoring**: Datadog, CloudWatch
+
+---
+
+## Implementation Details
+
+### 1. Domain Layer - Account Entity
+
+**Rich Domain Model**
+
+```java
+// src/main/java/com/bank/domain/account/Account.java
+package com.bank.domain.account;
+
+import com.bank.domain.common.Money;
+import com.bank.domain.transaction.Transaction;
+import javax.validation.constraints.*;
+import java.math.BigDecimal;
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.List;
+
+public class Account {
+    @NotNull
+    private final AccountId id;
+
+    @NotNull
+    private final CustomerId customerId;
+
+    @NotNull
+    private final AccountType type;
+
+    @NotNull
+    private Money balance;
+
+    @NotNull
+    private AccountStatus status;
+
+    private Money overdraftLimit;
+
+    @NotNull
+    private final LocalDateTime createdAt;
+
+    private LocalDateTime closedAt;
+
+    private final List<Transaction> transactions = new ArrayList<>();
+
+    // Business logic methods
+    public void deposit(Money amount, String description) {
+        validateAccountActive();
+        validatePositiveAmount(amount);
+
+        this.balance = this.balance.add(amount);
+
+        Transaction transaction = Transaction.createDeposit(
+            this.id,
+            amount,
+            description,
+            LocalDateTime.now()
+        );
+
+        this.transactions.add(transaction);
+    }
+
+    public void withdraw(Money amount, String description) {
+        validateAccountActive();
+        validatePositiveAmount(amount);
+        validateSufficientFunds(amount);
+
+        this.balance = this.balance.subtract(amount);
+
+        Transaction transaction = Transaction.createWithdrawal(
+            this.id,
+            amount,
+            description,
+            LocalDateTime.now()
+        );
+
+        this.transactions.add(transaction);
+    }
+
+    public void transfer(Account targetAccount, Money amount, String description) {
+        validateAccountActive();
+        targetAccount.validateAccountActive();
+        validatePositiveAmount(amount);
+        validateSufficientFunds(amount);
+        validateDifferentAccounts(targetAccount);
+
+        this.withdraw(amount, "Transfer to " + targetAccount.getId());
+        targetAccount.deposit(amount, "Transfer from " + this.getId());
+    }
+
+    public Money calculateInterest(BigDecimal annualRate, int days) {
+        if (this.type != AccountType.SAVINGS) {
+            throw new IllegalStateException("Interest only applies to savings accounts");
+        }
+
+        BigDecimal dailyRate = annualRate.divide(BigDecimal.valueOf(365), 10, BigDecimal.ROUND_HALF_UP);
+        BigDecimal interest = this.balance.getAmount()
+            .multiply(dailyRate)
+            .multiply(BigDecimal.valueOf(days));
+
+        return new Money(interest, this.balance.getCurrency());
+    }
+
+    // Validation methods
+    private void validateAccountActive() {
+        if (this.status != AccountStatus.ACTIVE) {
+            throw new AccountNotActiveException("Account " + this.id + " is not active");
+        }
+    }
+
+    private void validatePositiveAmount(Money amount) {
+        if (amount.getAmount().compareTo(BigDecimal.ZERO) <= 0) {
+            throw new IllegalArgumentException("Amount must be positive");
+        }
+    }
+
+    private void validateSufficientFunds(Money amount) {
+        Money availableBalance = this.balance.add(this.overdraftLimit != null ? this.overdraftLimit : Money.ZERO);
+
+        if (availableBalance.compareTo(amount) < 0) {
+            throw new InsufficientFundsException(
+                "Insufficient funds. Available: " + availableBalance + ", Required: " + amount
+            );
+        }
+    }
+
+    private void validateDifferentAccounts(Account other) {
+        if (this.id.equals(other.id)) {
+            throw new IllegalArgumentException("Cannot transfer to the same account");
+        }
+    }
+
+    // Getters
+    public AccountId getId() { return id; }
+    public Money getBalance() { return balance; }
+    public AccountStatus getStatus() { return status; }
+}
+
+// Value Objects
+public record AccountId(String value) {
+    public AccountId {
+        if (value == null || value.isBlank()) {
+            throw new IllegalArgumentException("Account ID cannot be null or blank");
+        }
+    }
+}
+
+public record Money(BigDecimal amount, Currency currency) implements Comparable<Money> {
+    public static final Money ZERO = new Money(BigDecimal.ZERO, Currency.USD);
+
+    public Money add(Money other) {
+        validateSameCurrency(other);
+        return new Money(this.amount.add(other.amount), this.currency);
+    }
+
+    public Money subtract(Money other) {
+        validateSameCurrency(other);
+        return new Money(this.amount.subtract(other.amount), this.currency);
+    }
+
+    @Override
+    public int compareTo(Money other) {
+        validateSameCurrency(other);
+        return this.amount.compareTo(other.amount);
+    }
+
+    private void validateSameCurrency(Money other) {
+        if (!this.currency.equals(other.currency)) {
+            throw new IllegalArgumentException("Cannot operate on different currencies");
+        }
+    }
+}
+
+public enum AccountType {
+    CHECKING, SAVINGS, CREDIT, LOAN
+}
+
+public enum AccountStatus {
+    ACTIVE, SUSPENDED, CLOSED, FROZEN
+}
+```
+
+### 2. Application Layer - Transfer Service
+
+**Use Case Orchestration**
+
+```java
+// src/main/java/com/bank/application/transfer/TransferService.java
+package com.bank.application.transfer;
+
+import com.bank.domain.account.*;
+import com.bank.domain.common.Money;
+import com.bank.infrastructure.events.EventPublisher;
+import com.bank.infrastructure.fraud.FraudDetectionService;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+import java.time.LocalDateTime;
+
+@Service
+public class TransferService {
+    private final AccountRepository accountRepository;
+    private final TransferRepository transferRepository;
+    private final FraudDetectionService fraudDetection;
+    private final EventPublisher eventPublisher;
+    private final AuditLogger auditLogger;
+
+    public TransferService(
+        AccountRepository accountRepository,
+        TransferRepository transferRepository,
+        FraudDetectionService fraudDetection,
+        EventPublisher eventPublisher,
+        AuditLogger auditLogger
+    ) {
+        this.accountRepository = accountRepository;
+        this.transferRepository = transferRepository;
+        this.fraudDetection = fraudDetection;
+        this.eventPublisher = eventPublisher;
+        this.auditLogger = auditLogger;
+    }
+
+    @Transactional
+    public TransferResult executeTransfer(TransferRequest request) {
+        // 1. Validate request
+        validateTransferRequest(request);
+
+        // 2. Load accounts
+        Account sourceAccount = accountRepository.findById(request.sourceAccountId())
+            .orElseThrow(() -> new AccountNotFoundException(request.sourceAccountId()));
+
+        Account targetAccount = accountRepository.findById(request.targetAccountId())
+            .orElseThrow(() -> new AccountNotFoundException(request.targetAccountId()));
+
+        // 3. Fraud detection
+        FraudCheckResult fraudCheck = fraudDetection.checkTransfer(
+            sourceAccount,
+            targetAccount,
+            request.amount()
+        );
+
+        if (fraudCheck.isSuspicious()) {
+            auditLogger.logSuspiciousActivity(request, fraudCheck);
+            throw new SuspiciousActivityException("Transfer flagged for review");
+        }
+
+        // 4. Execute transfer (domain logic)
+        sourceAccount.transfer(targetAccount, request.amount(), request.description());
+
+        // 5. Save accounts
+        accountRepository.save(sourceAccount);
+        accountRepository.save(targetAccount);
+
+        // 6. Create transfer record
+        Transfer transfer = Transfer.create(
+            sourceAccount.getId(),
+            targetAccount.getId(),
+            request.amount(),
+            request.description(),
+            TransferStatus.COMPLETED,
+            LocalDateTime.now()
+        );
+        transferRepository.save(transfer);
+
+        // 7. Publish event
+        eventPublisher.publish(new TransferCompletedEvent(
+            transfer.getId(),
+            sourceAccount.getId(),
+            targetAccount.getId(),
+            request.amount(),
+            LocalDateTime.now()
+        ));
+
+        // 8. Audit log
+        auditLogger.logTransfer(request, transfer, "SUCCESS");
+
+        return new TransferResult(transfer.getId(), TransferStatus.COMPLETED);
+    }
+
+    private void validateTransferRequest(TransferRequest request) {
+        if (request.amount().getAmount().compareTo(BigDecimal.ZERO) <= 0) {
+            throw new IllegalArgumentException("Transfer amount must be positive");
+        }
+
+        if (request.sourceAccountId().equals(request.targetAccountId())) {
+            throw new IllegalArgumentException("Source and target accounts must be different");
+        }
+    }
+}
+```
+
+
+
+### 3. Infrastructure Layer - Repository Implementation
+
+**Data Access with JPA**
+
+```java
+// src/main/java/com/bank/infrastructure/persistence/JpaAccountRepository.java
+package com.bank.infrastructure.persistence;
+
+import com.bank.domain.account.*;
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Lock;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.stereotype.Repository;
+import javax.persistence.LockModeType;
+import java.util.Optional;
+
+@Repository
+public interface JpaAccountRepository extends JpaRepository<AccountEntity, String>, AccountRepository {
+
+    @Lock(LockModeType.PESSIMISTIC_WRITE)
+    @Query("SELECT a FROM AccountEntity a WHERE a.id = :id")
+    Optional<AccountEntity> findByIdForUpdate(String id);
+
+    @Query("SELECT a FROM AccountEntity a WHERE a.customerId = :customerId AND a.status = 'ACTIVE'")
+    List<AccountEntity> findActiveAccountsByCustomer(String customerId);
+}
+
+// Domain Repository Interface
+public interface AccountRepository {
+    Optional<Account> findById(AccountId id);
+    Account save(Account account);
+    void delete(Account account);
+    List<Account> findByCustomerId(CustomerId customerId);
+}
+
+// Repository Adapter
+@Component
+public class AccountRepositoryAdapter implements AccountRepository {
+    private final JpaAccountRepository jpaRepository;
+    private final AccountMapper mapper;
+
+    @Override
+    public Optional<Account> findById(AccountId id) {
+        return jpaRepository.findByIdForUpdate(id.value())
+            .map(mapper::toDomain);
+    }
+
+    @Override
+    public Account save(Account account) {
+        AccountEntity entity = mapper.toEntity(account);
+        AccountEntity saved = jpaRepository.save(entity);
+        return mapper.toDomain(saved);
+    }
+}
+
+// JPA Entity
+@Entity
+@Table(name = "accounts")
+public class AccountEntity {
+    @Id
+    private String id;
+
+    @Column(name = "customer_id", nullable = false)
+    private String customerId;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private AccountType type;
+
+    @Column(nullable = false, precision = 19, scale = 4)
+    private BigDecimal balance;
+
+    @Enumerated(EnumType.STRING)
+    @Column(nullable = false)
+    private AccountStatus status;
+
+    @Column(name = "overdraft_limit", precision = 19, scale = 4)
+    private BigDecimal overdraftLimit;
+
+    @Column(name = "created_at", nullable = false)
+    private LocalDateTime createdAt;
+
+    @Column(name = "closed_at")
+    private LocalDateTime closedAt;
+
+    @Version
+    private Long version; // Optimistic locking
+
+    // Getters and setters
+}
+```
+
+### 4. Presentation Layer - REST API
+
+**Account Controller**
+
+```java
+// src/main/java/com/bank/presentation/api/AccountController.java
+package com.bank.presentation.api;
+
+import com.bank.application.account.*;
+import com.bank.domain.common.Money;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+import javax.validation.Valid;
+
+@RestController
+@RequestMapping("/api/v1/accounts")
+public class AccountController {
+    private final AccountService accountService;
+    private final TransferService transferService;
+
+    @GetMapping("/{accountId}")
+    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
+    public ResponseEntity<AccountDto> getAccount(@PathVariable String accountId) {
+        Account account = accountService.getAccount(new AccountId(accountId));
+        return ResponseEntity.ok(AccountDto.from(account));
+    }
+
+    @GetMapping("/{accountId}/balance")
+    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
+    public ResponseEntity<BalanceDto> getBalance(@PathVariable String accountId) {
+        Money balance = accountService.getBalance(new AccountId(accountId));
+        return ResponseEntity.ok(new BalanceDto(balance.getAmount(), balance.getCurrency()));
+    }
+
+    @PostMapping("/{accountId}/deposit")
+    @PreAuthorize("hasPermission(#accountId, 'Account', 'WRITE')")
+    public ResponseEntity<TransactionDto> deposit(
+        @PathVariable String accountId,
+        @Valid @RequestBody DepositRequest request
+    ) {
+        Transaction transaction = accountService.deposit(
+            new AccountId(accountId),
+            new Money(request.amount(), Currency.valueOf(request.currency())),
+            request.description()
+        );
+
+        return ResponseEntity.ok(TransactionDto.from(transaction));
+    }
+
+    @PostMapping("/{accountId}/withdraw")
+    @PreAuthorize("hasPermission(#accountId, 'Account', 'WRITE')")
+    public ResponseEntity<TransactionDto> withdraw(
+        @PathVariable String accountId,
+        @Valid @RequestBody WithdrawRequest request
+    ) {
+        Transaction transaction = accountService.withdraw(
+            new AccountId(accountId),
+            new Money(request.amount(), Currency.valueOf(request.currency())),
+            request.description()
+        );
+
+        return ResponseEntity.ok(TransactionDto.from(transaction));
+    }
+
+    @PostMapping("/transfer")
+    @PreAuthorize("hasPermission(#request.sourceAccountId, 'Account', 'WRITE')")
+    public ResponseEntity<TransferDto> transfer(@Valid @RequestBody TransferRequest request) {
+        TransferResult result = transferService.executeTransfer(request);
+        return ResponseEntity.ok(TransferDto.from(result));
+    }
+
+    @GetMapping("/{accountId}/transactions")
+    @PreAuthorize("hasPermission(#accountId, 'Account', 'READ')")
+    public ResponseEntity<Page<TransactionDto>> getTransactions(
+        @PathVariable String accountId,
+        @RequestParam(defaultValue = "0") int page,
+        @RequestParam(defaultValue = "20") int size
+    ) {
+        Page<Transaction> transactions = accountService.getTransactions(
+            new AccountId(accountId),
+            PageRequest.of(page, size)
+        );
+
+        return ResponseEntity.ok(transactions.map(TransactionDto::from));
+    }
+}
+
+// DTOs
+public record AccountDto(
+    String id,
+    String customerId,
+    String type,
+    BigDecimal balance,
+    String currency,
+    String status,
+    LocalDateTime createdAt
+) {
+    public static AccountDto from(Account account) {
+        return new AccountDto(
+            account.getId().value(),
+            account.getCustomerId().value(),
+            account.getType().name(),
+            account.getBalance().getAmount(),
+            account.getBalance().getCurrency().name(),
+            account.getStatus().name(),
+            account.getCreatedAt()
+        );
+    }
+}
+
+public record DepositRequest(
+    @NotNull @Positive BigDecimal amount,
+    @NotNull String currency,
+    @NotBlank String description
+) {}
+
+public record WithdrawRequest(
+    @NotNull @Positive BigDecimal amount,
+    @NotNull String currency,
+    @NotBlank String description
+) {}
+```
+
+---
+
+## Security Implementation
+
+### 1. Authentication & Authorization
+
+**Spring Security Configuration**
+
+```java
+// src/main/java/com/bank/infrastructure/security/SecurityConfig.java
+package com.bank.infrastructure.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+@EnableMethodSecurity(prePostEnabled = true)
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .csrf().disable()
+            .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            .and()
+            .authorizeHttpRequests(auth -> auth
+                .requestMatchers("/api/v1/public/**").permitAll()
+                .requestMatchers("/api/v1/accounts/**").authenticated()
+                .requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
+                .anyRequest().authenticated()
+            )
+            .oauth2ResourceServer()
+                .jwt()
+                .jwtAuthenticationConverter(jwtAuthenticationConverter());
+
+        return http.build();
+    }
+
+    @Bean
+    public JwtAuthenticationConverter jwtAuthenticationConverter() {
+        JwtGrantedAuthoritiesConverter grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
+        grantedAuthoritiesConverter.setAuthoritiesClaimName("roles");
+        grantedAuthoritiesConverter.setAuthorityPrefix("ROLE_");
+
+        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
+        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(grantedAuthoritiesConverter);
+        return jwtAuthenticationConverter;
+    }
+}
+```
+
+**Custom Permission Evaluator**
+
+```java
+// src/main/java/com/bank/infrastructure/security/AccountPermissionEvaluator.java
+@Component
+public class AccountPermissionEvaluator implements PermissionEvaluator {
+    private final AccountRepository accountRepository;
+
+    @Override
+    public boolean hasPermission(
+        Authentication authentication,
+        Object targetDomainObject,
+        Object permission
+    ) {
+        if (authentication == null || !(targetDomainObject instanceof String)) {
+            return false;
+        }
+
+        String accountId = (String) targetDomainObject;
+        String userId = authentication.getName();
+
+        // Check if user owns the account
+        Account account = accountRepository.findById(new AccountId(accountId))
+            .orElseThrow(() -> new AccountNotFoundException(accountId));
+
+        return account.getCustomerId().value().equals(userId) ||
+               authentication.getAuthorities().stream()
+                   .anyMatch(a -> a.getAuthority().equals("ROLE_ADMIN"));
+    }
+}
+```
+
+
+### 2. Audit Logging
+
+**Comprehensive Audit Trail**
+
+```java
+// src/main/java/com/bank/infrastructure/audit/AuditLogger.java
+@Component
+public class AuditLogger {
+    private final AuditRepository auditRepository;
+    private final KafkaTemplate<String, AuditEvent> kafkaTemplate;
+
+    public void logTransfer(TransferRequest request, Transfer transfer, String status) {
+        AuditEvent event = AuditEvent.builder()
+            .eventType("TRANSFER")
+            .userId(SecurityContextHolder.getContext().getAuthentication().getName())
+            .entityType("Transfer")
+            .entityId(transfer.getId().value())
+            .action("EXECUTE")
+            .status(status)
+            .details(Map.of(
+                "sourceAccountId", request.sourceAccountId(),
+                "targetAccountId", request.targetAccountId(),
+                "amount", request.amount().toString(),
+                "description", request.description()
+            ))
+            .ipAddress(getClientIpAddress())
+            .timestamp(LocalDateTime.now())
+            .build();
+
+        // Store in database
+        auditRepository.save(event);
+
+        // Publish to Kafka for real-time monitoring
+        kafkaTemplate.send("audit-events", event);
+    }
+
+    public void logSuspiciousActivity(TransferRequest request, FraudCheckResult fraudCheck) {
+        AuditEvent event = AuditEvent.builder()
+            .eventType("FRAUD_ALERT")
+            .userId(SecurityContextHolder.getContext().getAuthentication().getName())
+            .action("TRANSFER_BLOCKED")
+            .status("SUSPICIOUS")
+            .details(Map.of(
+                "reason", fraudCheck.getReason(),
+                "riskScore", fraudCheck.getRiskScore(),
+                "amount", request.amount().toString()
+            ))
+            .timestamp(LocalDateTime.now())
+            .build();
+
+        auditRepository.save(event);
+        kafkaTemplate.send("fraud-alerts", event);
+    }
+}
+```
+
+### 3. Data Encryption
+
+**Encryption at Rest and in Transit**
+
+```java
+// src/main/java/com/bank/infrastructure/security/EncryptionService.java
+@Service
+public class EncryptionService {
+    private final KeyManagementService kms;
+
+    public String encryptSensitiveData(String plaintext) {
+        try {
+            // Use AWS KMS or HSM for key management
+            byte[] dataKey = kms.generateDataKey();
+
+            Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+            GCMParameterSpec spec = new GCMParameterSpec(128, generateIV());
+            SecretKeySpec keySpec = new SecretKeySpec(dataKey, "AES");
+
+            cipher.init(Cipher.ENCRYPT_MODE, keySpec, spec);
+            byte[] encrypted = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
+
+            return Base64.getEncoder().encodeToString(encrypted);
+        } catch (Exception e) {
+            throw new EncryptionException("Failed to encrypt data", e);
+        }
+    }
+
+    public String decryptSensitiveData(String ciphertext) {
+        // Decryption logic
+    }
+}
+```
+
+---
+
+## Compliance & Regulatory
+
+### 1. SOX Compliance
+
+**Segregation of Duties**
+
+```java
+// src/main/java/com/bank/infrastructure/compliance/SoxComplianceService.java
+@Service
+public class SoxComplianceService {
+
+    @PreAuthorize("hasRole('MAKER')")
+    public void createTransaction(TransactionRequest request) {
+        // Maker creates transaction in PENDING state
+        Transaction transaction = Transaction.createPending(request);
+        transactionRepository.save(transaction);
+    }
+
+    @PreAuthorize("hasRole('CHECKER') and !hasRole('MAKER')")
+    public void approveTransaction(String transactionId) {
+        // Checker approves (different person than maker)
+        Transaction transaction = transactionRepository.findById(transactionId);
+
+        if (transaction.getCreatedBy().equals(getCurrentUser())) {
+            throw new SoxViolationException("Cannot approve own transaction");
+        }
+
+        transaction.approve(getCurrentUser());
+        transactionRepository.save(transaction);
+    }
+}
+```
+
+### 2. GDPR Compliance
+
+**Data Privacy and Right to be Forgotten**
+
+```java
+// src/main/java/com/bank/application/gdpr/GdprService.java
+@Service
+public class GdprService {
+
+    public CustomerDataExport exportCustomerData(CustomerId customerId) {
+        // Export all customer data
+        Customer customer = customerRepository.findById(customerId);
+        List<Account> accounts = accountRepository.findByCustomerId(customerId);
+        List<Transaction> transactions = transactionRepository.findByCustomerId(customerId);
+
+        return CustomerDataExport.builder()
+            .customer(customer)
+            .accounts(accounts)
+            .transactions(transactions)
+            .exportDate(LocalDateTime.now())
+            .build();
+    }
+
+    @Transactional
+    public void anonymizeCustomerData(CustomerId customerId) {
+        // Anonymize customer data (cannot delete due to regulatory requirements)
+        Customer customer = customerRepository.findById(customerId);
+        customer.anonymize(); // Replace PII with anonymized values
+
+        customerRepository.save(customer);
+
+        auditLogger.log("GDPR_ANONYMIZATION", customerId);
+    }
+}
+```
+
+---
+
+## Key Takeaways
+
+### Architecture Decisions
+
+1. **Layered Architecture**: Clear separation of concerns, easier to understand and maintain
+2. **Rich Domain Model**: Business logic in domain layer, not anemic models
+3. **Repository Pattern**: Abstracts data access, enables testing
+4. **ACID Transactions**: PostgreSQL ensures data integrity
+5. **Pessimistic Locking**: Prevents concurrent modification of accounts
+6. **Audit Logging**: Complete trail for compliance
+7. **Encryption**: AES-256 for sensitive data
+
+### Trade-offs
+
+**Benefits**
+- ✅ Clear separation of concerns
+- ✅ Easy to understand and maintain
+- ✅ Strong data consistency (ACID)
+- ✅ Comprehensive security
+- ✅ Regulatory compliance
+- ✅ Testable layers
+
+**Challenges**
+- ❌ Monolithic deployment (all layers together)
+- ❌ Vertical scaling only
+- ❌ Technology lock-in (Java/Spring)
+- ❌ Layer overhead for simple operations
+- ❌ Tight coupling within monolith
+
+### Security Measures
+
+- **Authentication**: OAuth 2.0, JWT tokens
+- **Authorization**: Role-based access control (RBAC)
+- **Encryption**: AES-256 at rest, TLS 1.3 in transit
+- **MFA**: TOTP, SMS, biometric
+- **Audit**: Complete audit trail
+- **Compliance**: SOX, PCI DSS, GDPR, Basel III
+
+### Performance Metrics
+
+- **Transaction Processing**: < 500ms (P95)
+- **API Response Time**: < 200ms (P95)
+- **Database Queries**: < 100ms (P95)
+- **Availability**: 99.95%
+- **Throughput**: 100,000 transactions/day
+
+---
+
+## References
+
+- [Layered Architecture](../rules/layered-architecture.md)
+- [Security Architecture](../rules/security.md)
+- [Domain-Driven Design](../rules/tools-methodologies.md)
+- [Quality Attributes](../rules/quality-attributes.md)
+- [Spring Security Documentation](https://spring.io/projects/spring-security)
+- [PCI DSS Compliance](https://www.pcisecuritystandards.org/)
+