2026-02-08 09:07:26 +00:00
20 changed files with 227 additions and 472 deletions
--- a/.azuredevops/build-pipeline.yml
+++ b/.azuredevops/build-pipeline.yml
@ -4,19 +4,19 @@ pool:
 variables:
  - name: bufVersion
    # go install github.com/bufbuild/buf/cmd/buf@
-    value: v1.63.0
+    value: v1.56.0
  - name: golangCiLintVersion
    # github.com/golangci/golangci-lint
-    value: v2.8.0
+    value: v2.4.0
  - name: goVersion
    # github.com/golang/go
    value: 1.24.0
  - name: protobufValidateVersion
    # go install github.com/envoyproxy/protoc-gen-validate@
-    value: v1.3.0
+    value: v1.2.1
  - name: protobufVersion
    # go install google.golang.org/protobuf/cmd/protoc-gen-go@
-    value: v1.36.11
+    value: v1.36.9
  - name: GOPATH
    value: '$(system.defaultWorkingDirectory)/gopath'
--- a/.azuredevops/main-code-analyze.yml
+++ b/.azuredevops/main-code-analyze.yml
@ -1,46 +0,0 @@
 ---
 name: audit_go_main_code_analyze_$(Date:yyyy-MM-dd)_$(SourceBranchName)_$(Rev:r)
 trigger:
  - main
 resources:
  repositories:
    - repository: tools
      type: git
      name: schwarzit.stackit-core-platform/core-platform-tools
      ref: refs/tags/v1.15.0
 pool:
  vmImage: ubuntu-24.04
 variables:
  - name: reportDir
    value: '$(System.DefaultWorkingDirectory)/out'
  - name: goVersion
    value: 1.25.5
 stages:
  - stage: CodeQualityScans
    displayName: "Code Quality Scans"
    jobs:
      - template: ./.azuredevops/templates/jobs/code/code-format.yml@tools
        parameters:
          lintReports: true
          lintReportDir: $(reportDir)
      - template: ./.azuredevops/templates/jobs/code/code-test.yml@tools
        parameters:
          testReports: true
          testReportDir: $(reportDir)
      - template: ./.azuredevops/templates/jobs/code/code-quality-scans.yml@tools
        parameters:
          dependsOn:
            - Tests
            - Linter
          organization: 'xx-sit-odj-stackit-public'
          serviceConnection: 'xx-sit-odj-stackit-public-snyk'
          sonar: true
          sonarReportSourceDir: $(reportDir)
          sonarServiceConnection: sonarqube-audit-go
--- a/.azuredevops/pull_request_template.md
+++ b/.azuredevops/pull_request_template.md
@ -6,6 +6,6 @@
 [Describe how the change was tested if it needs explanation]
-Security-concept-update-needed: false.
+Security-concept-update-needed: true/false.
-JIRA Work Item: [STACKITRMA-XXX](https://jira.schwarz/browse/STACKITRMA-XXX)
+JIRA Work Item: STACKITALO-xxx
--- a/.golangci.yml
+++ b/.golangci.yml
@ -267,10 +267,6 @@ linters:
          - wastedassign
          - wsl
        path: test_.*\.go|pkg/messaging/test/solace.go
      - linters:
          - prealloc
        path: internal/messaging/amqp_connection_pool_test.go
        text: Consider preallocating connections with capacity 5
    paths:
      - third_party$
      - builtin$
--- a/82
+++ b/82
@ -1,82 +0,0 @@
 SHELL = /bin/bash -euo pipefail
 PWD = $(shell pwd)
 export PATH := $(PWD)/bin:$(PATH)
 # constants
 GOLANGCI_VERSION = 2.8.0
 all: download build ## Initializes all tools and files
 all/ci: ado-git-setup all
 out:
 	@mkdir -pv "$(@)"
 build: out ## do nothing
 .PHONY: build/%
 build/%: out ## do nothing
 download:
 	@go mod download
 fmt:
 	@go fmt ./...
 GOLANGCI_LINT = bin/golangci-lint-$(GOLANGCI_VERSION)
 $(GOLANGCI_LINT):
 	curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b bin v$(GOLANGCI_VERSION)
 	@mv bin/golangci-lint "$(@)"
 lint: fmt $(GOLANGCI_LINT) download ## Lints all code with golangci-lint
 	@$(GOLANGCI_LINT) run
 lint/fix: fmt $(GOLANGCI_LINT) download ## Fixes automatically fixable things like imports for the defined lint rules
 	@$(GOLANGCI_LINT) run --fix
 lint/reports: fmt $(GOLANGCI_LINT) download ## Fixes automatically fixable things like imports for the defined lint rules
 	@$(GOLANGCI_LINT) run ./... --output.checkstyle.path stdout | awk '!/0 issues./' > out/lint.xml
 test-clean:
 	@go clean -testcache
 tidy:
 	@go mod tidy
 test:
 	@go test ./...
 coverage: out/report.json ## Displays coverage per func on cli
 	go tool cover -func=out/cover.out
 html-coverage: out/report.json ## Displays the coverage results in the browser
 	go tool cover -html=out/cover.out
 test-reports: out/report.json
 .PHONY: out/report.json
 out/report.json: out
 	go test -v $$(go list ./... | grep -v '/tests') -tags=unit -coverprofile=out/cover.out -json | tee "$(@)"
 clean:
 	@rm -rf bin out
 .PHONY: ado-git-setup
 ado-git-setup:
    # Add "dev.azure.com/schwarzit" to GOPRIVATE if not present
 	@priv="$$(go env GOPRIVATE)"; \
 	[[ "$$priv" =~ '(^|,)dev\.azure\.com(/|,|$)' ]] || go env -w "GOPRIVATE=$${priv:+$$priv,}dev.azure.com/schwarzit"
    # Configure HTTPS (with PAT) or SSH access to Go import paths
 	@if [[ -n "$${ADO_PAT:+x}" ]]; then \
 		git config --global "url.https://schwarzit:$${ADO_PAT}@dev.azure.com/schwarzit/.insteadof" 'https://dev.azure.com/schwarzit/'; \
 	else \
 		git config --global 'url.git@ssh.dev.azure.com:v3/schwarzit.insteadOf' 'https://dev.azure.com/schwarzit'; \
 	fi
 help:
 	@echo 'Usage: make <OPTIONS> ... <TARGETS>'
 	@echo ''
 	@echo 'Available targets are:'
 	@echo ''
 	@grep -E '^[ a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
 	awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
 	@echo ''
--- a/README.md
+++ b/README.md
@ -1,35 +1,3 @@
 > ## DEPRECATION NOTICE  
 > 
 > ### Discontinuation of the current audit log system
 >
 > The audit log system provided to date will be discontinued in its current form. 
 > This decision was made to pave the way for a new, more powerful audit log system that 
 > will be provided in the future. The new system offers extended functionalities and 
 > improved integration options, particularly with regard to the use and analysis of 
 > audit data by our customers.  
 >   
 > ### What does it mean?
 > The existing audit log system will be supported until the new system is generally 
 > available to customers on Mai 1, 2026.  
 > **Services that are already sending audit log events to the existing audit log 
 > system must continue to do so until the new system is GA** and further information 
 > about the shutdown process is provided.  
 > **Large volumes of new audit event types must not be sent to the existing audit log
 > system.**  
 >
 > STACKIT services should start migrating to the new system now by sending data to 
 > the new system (**in parallel**).  
 > **The new audit log system may drop and does not guarantee to store events until 
 > it will be GA**.  
 > Further information on the changeover and how to use the new system can be found in the
 > [developer docs](https://developers.stackit.schwarz/domains/central-services/telemetry-router/integration/).  
 > 
 > We are confident that the new audit log system will make an important contribution to 
 > improving the transparency, traceability, and integration for our customers. 
 > If you have any questions or need assistance, the 
 > [STACKIT Telemetry Hub](https://chat.google.com/room/AAQAf9NsX6M?cls=7) team will be 
 > happy to help.  
 ## audit-go
 The audit-go library is the core library for validation and sending of audit events.
@ -64,7 +32,13 @@ The code can be found in the [api_routable.go](./api_routable.go) and
 ### Development
 #### Go
-The current minimum Go version is **go1.24.0**.
+The current minimum toolchain version is **go1.24.0**.  
 The toolchain version can be set as environment variable (either manually in the terminal
 or in the ~/.basrc or ~/.zshrc):
 ```shell
 export GOTOOLCHAIN=go1.24.0
 ```
 #### Linter
@ -72,7 +46,7 @@ The linter *golangci-lint* can either be installed via package manager (e.g. bre
 by running the following command in the terminal:
 ```shell
-curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.8.0
+curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.4.0
 ```
 #### Schema Generation
@ -87,9 +61,9 @@ Buf and the required plugins can either be installed via package manager (e.g. b
 or manually by running:
 ```shell
-go install github.com/bufbuild/buf/cmd/buf@v1.63.0              #Pipeline: bufVersion
+go install github.com/bufbuild/buf/cmd/buf@v1.56.0              #Pipeline: bufVersion
-go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.11 #Pipeline: protobufVersion,         go.mod: buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go 
+go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.36.9 #Pipeline: protobufVersion,         go.mod: buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go 
-go install github.com/envoyproxy/protoc-gen-validate@v1.3.0     #Pipeline: protobufValidateVersion, go.mod: google.golang.org/protobuf
+go install github.com/envoyproxy/protoc-gen-validate@v1.2.1     #Pipeline: protobufValidateVersion, go.mod: google.golang.org/protobuf
 ```
 Please check that the versions above match the versions in the *go.mod* file
--- a/gen/go/audit/v1/audit_event.pb.go
+++ b/gen/go/audit/v1/audit_event.pb.go
@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.36.11
+// 	protoc-gen-go v1.36.9
 // 	protoc        (unknown)
 // source: audit/v1/audit_event.proto
@ -521,8 +521,8 @@ type AuthenticationInfo struct {
 	// The email address of the authenticated user.
 	// Service accounts have email addresses that can be used.
 	//
-	// Required: false
+	// Required: true
-	PrincipalEmail *string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3,oneof" json:"principal_email,omitempty"`
+	PrincipalEmail string `protobuf:"bytes,2,opt,name=principal_email,json=principalEmail,proto3" json:"principal_email,omitempty"`
 	// The name of the service account used to create or exchange
 	// credentials for authenticating the service account making the request.
 	//
@ -584,8 +584,8 @@ func (x *AuthenticationInfo) GetPrincipalId() string {
 }
 func (x *AuthenticationInfo) GetPrincipalEmail() string {
-	if x != nil && x.PrincipalEmail != nil {
+	if x != nil {
-		return *x.PrincipalEmail
+		return x.PrincipalEmail
 	}
 	return ""
 }
@ -1480,10 +1480,10 @@ const file_audit_v1_audit_event_proto_rawDesc = "" +
 	"\vLabelsEntry\x12\x10\n" +
 	"\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" +
 	"\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x11\n" +
-	"\x0f_correlation_id\"\xb3\x06\n" +
+	"\x0f_correlation_id\"\xab\x06\n" +
-	"\bAuditLog\x125\n" +
+	"\bAuditLog\x12-\n" +
-	"\fservice_name\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\fservice_name\x18\x01 \x01(\tB\n" +
-	"\x10\x012\x06.*\\S.*R\vserviceName\x12w\n" +
+	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\vserviceName\x12w\n" +
 	"\x0eoperation_name\x18\x02 \x01(\tBP\xbaHM\xc8\x01\x01rH\x10\x01\x18\xff\x012A^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$R\roperationName\x12c\n" +
 	"\rresource_name\x18\x03 \x01(\tB>\xbaH;\xc8\x01\x01r6\x10\x01\x18\xff\x012/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\fresourceName\x12U\n" +
 	"\x13authentication_info\x18\x04 \x01(\v2\x1c.audit.v1.AuthenticationInfoB\x06\xbaH\x03\xc8\x01\x01R\x12authenticationInfo\x12J\n" +
@ -1497,14 +1497,14 @@ const file_audit_v1_audit_event_proto_rawDesc = "" +
 	"\n" +
 	"\b_requestB\v\n" +
 	"\t_responseB\v\n" +
-	"\t_metadata\"\x93\x03\n" +
+	"\t_metadata\"\xf3\x02\n" +
-	"\x12AuthenticationInfo\x125\n" +
+	"\x12AuthenticationInfo\x12-\n" +
-	"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\fprincipal_id\x18\x01 \x01(\tB\n" +
-	"\x10\x012\x06.*\\S.*R\vprincipalId\x12:\n" +
+	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\vprincipalId\x126\n" +
-	"\x0fprincipal_email\x18\x02 \x01(\tB\f\xbaH\tr\a\x10\x05\x18\xff\x01`\x01H\x00R\x0eprincipalEmail\x88\x01\x01\x12n\n" +
+	"\x0fprincipal_email\x18\x02 \x01(\tB\r\xbaH\n" +
-	"\x14service_account_name\x18\x03 \x01(\tB7\xbaH4r220^[a-z-]+/[a-z0-9-]+/service-accounts/[a-z0-9-]+$H\x01R\x12serviceAccountName\x88\x01\x01\x12m\n" +
+	"\xc8\x01\x01r\x05\x10\x01\x18\xff\x01R\x0eprincipalEmail\x12n\n" +
-	"\x1fservice_account_delegation_info\x18\x04 \x03(\v2&.audit.v1.ServiceAccountDelegationInfoR\x1cserviceAccountDelegationInfoB\x12\n" +
+	"\x14service_account_name\x18\x03 \x01(\tB7\xbaH4r220^[a-z-]+/[a-z0-9-]+/service-accounts/[a-z0-9-]+$H\x00R\x12serviceAccountName\x88\x01\x01\x12m\n" +
-	"\x10_principal_emailB\x17\n" +
+	"\x1fservice_account_delegation_info\x18\x04 \x03(\v2&.audit.v1.ServiceAccountDelegationInfoR\x1cserviceAccountDelegationInfoB\x17\n" +
 	"\x15_service_account_name\"\xf2\x01\n" +
 	"\x11AuthorizationInfo\x12U\n" +
 	"\bresource\x18\x01 \x01(\tB9\xbaH6\xc8\x01\x01r12/^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$R\bresource\x12L\n" +
@ -1514,25 +1514,26 @@ const file_audit_v1_audit_event_proto_rawDesc = "" +
 	"\agranted\x18\x03 \x01(\bH\x01R\agranted\x88\x01\x01B\r\n" +
 	"\v_permissionB\n" +
 	"\n" +
-	"\b_granted\"\xaa\v\n" +
+	"\b_granted\"\x8a\v\n" +
 	"\x10AttributeContext\x1a\xa9\x01\n" +
 	"\x04Auth\x12J\n" +
 	"\tprincipal\x18\x01 \x01(\tB,\xbaH)\xc8\x01\x01r$2\"^[a-zA-Z0-9-%._]+/[a-zA-Z0-9-%.]+$R\tprincipal\x12\x1c\n" +
 	"\taudiences\x18\x02 \x03(\tR\taudiences\x127\n" +
-	"\x06claims\x18\x03 \x01(\v2\x17.google.protobuf.StructB\x06\xbaH\x03\xc8\x01\x01R\x06claims\x1a\xce\x04\n" +
+	"\x06claims\x18\x03 \x01(\v2\x17.google.protobuf.StructB\x06\xbaH\x03\xc8\x01\x01R\x06claims\x1a\xae\x04\n" +
 	"\aRequest\x12\x13\n" +
 	"\x02id\x18\x01 \x01(\tH\x00R\x02id\x88\x01\x01\x12J\n" +
 	"\x06method\x18\x02 \x01(\x0e2%.audit.v1.AttributeContext.HttpMethodB\v\xbaH\b\xc8\x01\x01\x82\x01\x02\x10\x01R\x06method\x12Q\n" +
-	"\aheaders\x18\x03 \x03(\v2/.audit.v1.AttributeContext.Request.HeadersEntryB\x06\xbaH\x03\xc8\x01\x01R\aheaders\x12)\n" +
+	"\aheaders\x18\x03 \x03(\v2/.audit.v1.AttributeContext.Request.HeadersEntryB\x06\xbaH\x03\xc8\x01\x01R\aheaders\x12!\n" +
-	"\x04path\x18\x04 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x04path\x12&\n" +
+	"\x04path\x18\x04 \x01(\tB\r\xbaH\n" +
-	"\x04host\x18\x05 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\xc8\x01\x01r\x05\x10\x01\x18\xff\x01R\x04path\x12\x1e\n" +
-	"\x10\x012\x06.*\\S.*R\x04host\x12*\n" +
+	"\x04host\x18\x05 \x01(\tB\n" +
-	"\x06scheme\x18\x06 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\x04host\x12\"\n" +
-	"\x10\x012\x06.*\\S.*R\x06scheme\x12\x19\n" +
+	"\x06scheme\x18\x06 \x01(\tB\n" +
 	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\x06scheme\x12\x19\n" +
 	"\x05query\x18\a \x01(\tH\x01R\x05query\x88\x01\x01\x12;\n" +
-	"\x04time\x18\b \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x12.\n" +
+	"\x04time\x18\b \x01(\v2\x1a.google.protobuf.TimestampB\v\xbaH\b\xc8\x01\x01\xb2\x01\x028\x01R\x04time\x12&\n" +
-	"\bprotocol\x18\t \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\bprotocol\x18\t \x01(\tB\n" +
-	"\x10\x012\x06.*\\S.*R\bprotocol\x12;\n" +
+	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\bprotocol\x12;\n" +
 	"\x04auth\x18\n" +
 	" \x01(\v2\x1f.audit.v1.AttributeContext.AuthB\x06\xbaH\x03\xc8\x01\x01R\x04auth\x1a:\n" +
 	"\fHeadersEntry\x12\x10\n" +
@ -1563,11 +1564,12 @@ const file_audit_v1_audit_event_proto_rawDesc = "" +
 	"\x13HTTP_METHOD_OPTIONS\x10\b\x12\x15\n" +
 	"\x11HTTP_METHOD_TRACE\x10\t\x12\x15\n" +
 	"\x11HTTP_METHOD_PATCH\x10\n" +
-	"\"\xe9\x01\n" +
+	"\"\xe1\x01\n" +
 	"\x0fRequestMetadata\x12'\n" +
 	"\tcaller_ip\x18\x01 \x01(\tB\n" +
-	"\xbaH\a\xc8\x01\x01r\x02p\x01R\bcallerIp\x12R\n" +
+	"\xbaH\a\xc8\x01\x01r\x02p\x01R\bcallerIp\x12J\n" +
-	"\x1acaller_supplied_user_agent\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x17callerSuppliedUserAgent\x12Y\n" +
+	"\x1acaller_supplied_user_agent\x18\x02 \x01(\tB\r\xbaH\n" +
 	"\xc8\x01\x01r\x05\x10\x01\x18\xff\x01R\x17callerSuppliedUserAgent\x12Y\n" +
 	"\x12request_attributes\x18\x03 \x01(\v2\".audit.v1.AttributeContext.RequestB\x06\xbaH\x03\xc8\x01\x01R\x11requestAttributes\"\xb4\x02\n" +
 	"\x10ResponseMetadata\x12H\n" +
 	"\vstatus_code\x18\x01 \x01(\v2\x1b.google.protobuf.Int32ValueB\n" +
@ -1576,17 +1578,18 @@ const file_audit_v1_audit_event_proto_rawDesc = "" +
 	"\rerror_message\x18\x02 \x01(\tH\x00R\ferrorMessage\x88\x01\x01\x12<\n" +
 	"\rerror_details\x18\x03 \x03(\v2\x17.google.protobuf.StructR\ferrorDetails\x12\\\n" +
 	"\x13response_attributes\x18\x04 \x01(\v2#.audit.v1.AttributeContext.ResponseB\x06\xbaH\x03\xc8\x01\x01R\x12responseAttributesB\x10\n" +
-	"\x0e_error_message\"\xca\x04\n" +
+	"\x0e_error_message\"\xba\x04\n" +
 	"\x1cServiceAccountDelegationInfo\x12c\n" +
 	"\x10system_principal\x18\x01 \x01(\v26.audit.v1.ServiceAccountDelegationInfo.SystemPrincipalH\x00R\x0fsystemPrincipal\x12Z\n" +
 	"\ridp_principal\x18\x02 \x01(\v23.audit.v1.ServiceAccountDelegationInfo.IdpPrincipalH\x00R\fidpPrincipal\x1ao\n" +
 	"\x0fSystemPrincipal\x12G\n" +
 	"\x10service_metadata\x18\x01 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
-	"\x11_service_metadata\x1a\xe3\x01\n" +
+	"\x11_service_metadata\x1a\xd3\x01\n" +
-	"\fIdpPrincipal\x125\n" +
+	"\fIdpPrincipal\x12-\n" +
-	"\fprincipal_id\x18\x01 \x01(\tB\x12\xbaH\x0f\xc8\x01\x01r\n" +
+	"\fprincipal_id\x18\x01 \x01(\tB\n" +
-	"\x10\x012\x06.*\\S.*R\vprincipalId\x12>\n" +
+	"\xbaH\a\xc8\x01\x01r\x02\x10\x01R\vprincipalId\x126\n" +
-	"\x0fprincipal_email\x18\x02 \x01(\tB\x15\xbaH\x12\xc8\x01\x01r\r\x10\x01\x18\xff\x012\x06.*\\S.*R\x0eprincipalEmail\x12G\n" +
+	"\x0fprincipal_email\x18\x02 \x01(\tB\r\xbaH\n" +
 	"\xc8\x01\x01r\x05\x10\x01\x18\xff\x01R\x0eprincipalEmail\x12G\n" +
 	"\x10service_metadata\x18\x03 \x01(\v2\x17.google.protobuf.StructH\x00R\x0fserviceMetadata\x88\x01\x01B\x13\n" +
 	"\x11_service_metadataB\x12\n" +
 	"\tauthority\x12\x05\xbaH\x02\b\x01*\x96\x02\n" +
--- a/gen/go/audit/v1/audit_event.pb.validate.go
+++ b/gen/go/audit/v1/audit_event.pb.validate.go
@ -554,6 +554,8 @@ func (m *AuthenticationInfo) validate(all bool) error {
 	// no validation rules for PrincipalId
 	// no validation rules for PrincipalEmail
 	for idx, item := range m.GetServiceAccountDelegationInfo() {
 		_, _ = idx, item
@ -588,10 +590,6 @@ func (m *AuthenticationInfo) validate(all bool) error {
 	}
 	if m.PrincipalEmail != nil {
 		// no validation rules for PrincipalEmail
 	}
 	if m.ServiceAccountName != nil {
 		// no validation rules for ServiceAccountName
 	}
--- a/gen/go/audit/v1/routable_event.pb.go
+++ b/gen/go/audit/v1/routable_event.pb.go
@ -1,6 +1,6 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.36.11
+// 	protoc-gen-go v1.36.9
 // 	protoc        (unknown)
 // source: audit/v1/routable_event.proto
--- a/go.mod
+++ b/go.mod
@ -3,28 +3,27 @@ module dev.azure.com/schwarzit/schwarzit.stackit-public/audit-go.git
 go 1.24.0
 require (
-	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.9-20250717185734-6c6e0d3c608e.1
-	buf.build/go/protovalidate v1.1.0
+	buf.build/go/protovalidate v0.14.0
-	github.com/Azure/go-amqp v1.5.1
+	github.com/Azure/go-amqp v1.5.0
-	github.com/docker/docker v28.5.2+incompatible
+	github.com/docker/docker v28.4.0+incompatible
 	github.com/google/uuid v1.6.0
 	github.com/lestrrat-go/jwx/v2 v2.1.6
 	github.com/rs/zerolog v1.34.0
 	github.com/stretchr/testify v1.11.1
-	github.com/testcontainers/testcontainers-go v0.40.0
+	github.com/testcontainers/testcontainers-go v0.38.0
-	go.opentelemetry.io/otel v1.39.0
+	go.opentelemetry.io/otel v1.38.0
-	go.opentelemetry.io/otel/trace v1.39.0
+	go.opentelemetry.io/otel/trace v1.38.0
-	google.golang.org/protobuf v1.36.11
+	google.golang.org/protobuf v1.36.9
 )
 require (
-	cel.dev/expr v0.25.1 // indirect
+	cel.dev/expr v0.24.0 // indirect
 	dario.cat/mergo v1.0.2 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/cenkalti/backoff/v4 v4.3.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
 	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
@ -35,54 +34,54 @@ require (
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
-	github.com/ebitengine/purego v0.9.1 // indirect
+	github.com/ebitengine/purego v0.8.4 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/google/cel-go v0.26.1 // indirect
-	github.com/klauspost/compress v1.18.2 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.4 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
 	github.com/lestrrat-go/httprc v1.0.6 // indirect
 	github.com/lestrrat-go/iter v1.0.2 // indirect
 	github.com/lestrrat-go/option v1.0.1 // indirect
-	github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect
+	github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54 // indirect
 	github.com/magiconair/properties v1.8.10 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
-	github.com/moby/go-archive v0.2.0 // indirect
+	github.com/moby/go-archive v0.1.0 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
 	github.com/moby/sys/sequential v0.6.0 // indirect
 	github.com/moby/sys/user v0.4.0 // indirect
 	github.com/moby/sys/userns v0.1.0 // indirect
 	github.com/moby/term v0.5.2 // indirect
-	github.com/morikuni/aec v1.1.0 // indirect
+	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
-	github.com/segmentio/asm v1.2.1 // indirect
+	github.com/segmentio/asm v1.2.0 // indirect
-	github.com/shirou/gopsutil/v4 v4.25.12 // indirect
+	github.com/shirou/gopsutil/v4 v4.25.8 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/stoewer/go-strcase v1.3.1 // indirect
-	github.com/stretchr/objx v0.5.3 // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/tklauser/go-sysconf v0.3.16 // indirect
+	github.com/tklauser/go-sysconf v0.3.15 // indirect
-	github.com/tklauser/numcpus v0.11.0 // indirect
+	github.com/tklauser/numcpus v0.10.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 // indirect
-	go.opentelemetry.io/otel/metric v1.39.0 // indirect
+	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	golang.org/x/crypto v0.46.0 // indirect
+	golang.org/x/crypto v0.42.0 // indirect
-	golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect
+	golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b // indirect
-	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/sys v0.36.0 // indirect
-	golang.org/x/text v0.33.0 // indirect
+	golang.org/x/text v0.29.0 // indirect
-	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/time v0.13.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -1,29 +1,25 @@
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1 h1:j9yeqTWEFrtimt8Nng2MIeRrpoCvQzM9/g25XTvqUGg=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.9-20250717185734-6c6e0d3c608e.1 h1:u98oQG8CHYBrOWrYdqbyNpKz4Pw02ssv03DsTInnXn8=
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20251209175733-2a1774d88802.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.9-20250717185734-6c6e0d3c608e.1/go.mod h1:aY3zbkNan5F+cGm9lITDP6oxJIwu0dn9KjJuJjWaHkg=
-buf.build/go/protovalidate v1.1.0 h1:pQqEQRpOo4SqS60qkvmhLTTQU9JwzEvdyiqAtXa5SeY=
+buf.build/go/protovalidate v0.14.0 h1:kr/rC/no+DtRyYX+8KXLDxNnI1rINz0imk5K44ZpZ3A=
-buf.build/go/protovalidate v1.1.0/go.mod h1:bGZcPiAQDC3ErCHK3t74jSoJDFOs2JH3d7LWuTEIdss=
+buf.build/go/protovalidate v0.14.0/go.mod h1:+F/oISho9MO7gJQNYC2VWLzcO1fTPmaTA08SDYJZncA=
-cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
+cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
-cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
+cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
 dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
 github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
-github.com/Azure/go-amqp v1.5.1 h1:WyiPTz2C3zVvDL7RLAqwWdeoYhMtX62MZzQoP09fzsU=
+github.com/Azure/go-amqp v1.5.0 h1:GRiQK1VhrNFbyx5VlmI6BsA1FCp27W5rb9kxOZScnTo=
-github.com/Azure/go-amqp v1.5.1/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
+github.com/Azure/go-amqp v1.5.0/go.mod h1:vZAogwdrkbyK3Mla8m/CxSc/aKdnTZ4IbPxl51Y5WZE=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
 github.com/brianvoe/gofakeit/v6 v6.28.0 h1:Xib46XXuQfmlLS2EXRuJpqcw8St6qSZz75OUo0tgAW4=
 github.com/brianvoe/gofakeit/v6 v6.28.0/go.mod h1:Xj58BMSnFqcn/fAQeSK+/PLtC5kSb7FJIq4JyGa8vEs=
 github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cenkalti/backoff/v5 v5.0.3 h1:ZN+IMa753KfX5hd8vVaMixjnqRZ3y8CuJKRKj1xcsSM=
 github.com/cenkalti/backoff/v5 v5.0.3/go.mod h1:rkhZdG3JZukswDf7f0cwqPNk4K0sa+F97BxZthm/crw=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
 github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
 github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
@ -44,14 +40,14 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0 h1:NMZiJj8QnKe1LgsbDayM4UoHwbvw
 github.com/decred/dcrd/dcrec/secp256k1/v4 v4.4.0/go.mod h1:ZXNYxsqcloTdSy/rNShjYzMhyjf0LaoftYK0p+A3h40=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/docker v28.5.2+incompatible h1:DBX0Y0zAjZbSrm1uzOkdr1onVghKaftjlSWt4AFexzM=
+github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk=
-github.com/docker/docker v28.5.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94=
 github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/ebitengine/purego v0.9.1 h1:a/k2f2HQU3Pi399RPW1MOaZyhKJL9w/xFpKAg4q1s0A=
+github.com/ebitengine/purego v0.8.4 h1:CF7LEKg5FFOsASUj0+QwaXf8Ht6TlFxg09+S9wz0omw=
-github.com/ebitengine/purego v0.9.1/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
+github.com/ebitengine/purego v0.8.4/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ=
 github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8vw=
@ -73,10 +69,10 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3 h1:NmZ1PKzSTQbuGHw9DGPFomqkkLWMC+vZCkfs+FHv1Vg=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3/go.mod h1:zQrxl1YP88HQlA6i9c63DSVPFklWpGX4OWAc9bFuaH4=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
-github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@ -93,8 +89,8 @@ github.com/lestrrat-go/jwx/v2 v2.1.6 h1:hxM1gfDILk/l5ylers6BX/Eq1m/pnxe9NBwW6lVf
 github.com/lestrrat-go/jwx/v2 v2.1.6/go.mod h1:Y722kU5r/8mV7fYDifjug0r8FK8mZdw0K0GpJw/l8pU=
 github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU=
 github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 h1:PwQumkgq4/acIiZhtifTV5OUqqiP82UAl0h87xj/l9k=
+github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54 h1:mFWunSatvkQQDhpdyuFAYwyAan3hzCuma+Pz8sqvOfg=
-github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
+github.com/lufia/plan9stats v0.0.0-20250827001030-24949be3fa54/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE=
 github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
@ -106,8 +102,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
 github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
-github.com/moby/go-archive v0.2.0 h1:zg5QDUM2mi0JIM9fdQZWC7U8+2ZfixfTYoHL7rWUcP8=
+github.com/moby/go-archive v0.1.0 h1:Kk/5rdW/g+H8NHdJW2gsXyZ7UnzvJNOy6VKJqueWdcQ=
-github.com/moby/go-archive v0.2.0/go.mod h1:mNeivT14o8xU+5q1YnNrkQVpK+dnNe/K6fHqnTg4qPU=
+github.com/moby/go-archive v0.1.0/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
 github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw=
@ -120,8 +116,8 @@ github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g
 github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28=
 github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
 github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
-github.com/morikuni/aec v1.1.0 h1:vBBl0pUnvi/Je71dsRrhMBtreIqNMYErSAbEeb8jrXQ=
+github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
-github.com/morikuni/aec v1.1.0/go.mod h1:xDRgiq/iw5l+zkao76YTKzKttOp2cwPEne25HDkJnBw=
+github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@ -132,17 +128,15 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
 github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
-github.com/rodaine/protogofakeit v0.1.1 h1:ZKouljuRM3A+TArppfBqnH8tGZHOwM/pjvtXe9DaXH8=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rodaine/protogofakeit v0.1.1/go.mod h1:pXn/AstBYMaSfc1/RqH3N82pBuxtWgejz1AlYpY1mI0=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
 github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY=
 github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ=
-github.com/segmentio/asm v1.2.1 h1:DTNbBqs57ioxAD4PrArqftgypG4/qNpXoJx8TVXxPR0=
+github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys=
-github.com/segmentio/asm v1.2.1/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
+github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs=
-github.com/shirou/gopsutil/v4 v4.25.12 h1:e7PvW/0RmJ8p8vPGJH4jvNkOyLmbkXgXW4m6ZPic6CY=
+github.com/shirou/gopsutil/v4 v4.25.8 h1:NnAsw9lN7587WHxjJA9ryDnqhJpFH6A+wagYWTOH970=
-github.com/shirou/gopsutil/v4 v4.25.12/go.mod h1:EivAfP5x2EhLp2ovdpKSozecVXn1TmuG7SMzs/Wh4PU=
+github.com/shirou/gopsutil/v4 v4.25.8/go.mod h1:q9QdMmfAOVIw7a+eF86P7ISEU6ka+NLgkUxlopV4RwI=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stoewer/go-strcase v1.3.1 h1:iS0MdW+kVTxgMoE1LAZyMiYJFKlOzLooE4MxjirtkAs=
@ -150,8 +144,8 @@ github.com/stoewer/go-strcase v1.3.1/go.mod h1:fAH5hQ5pehh+j3nZfvwdk2RgEgQjAoM8w
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/objx v0.5.3 h1:jmXUvGomnU1o3W/V5h2VEradbpJDwGrzugQQvL0POH4=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
-github.com/stretchr/objx v0.5.3/go.mod h1:rDQraq+vQZU7Fde9LOZLr8Tax6zZvy4kuNKF+QYS+U0=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
@ -159,40 +153,40 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-github.com/testcontainers/testcontainers-go v0.40.0 h1:pSdJYLOVgLE8YdUY2FHQ1Fxu+aMnb6JfVz1mxk7OeMU=
+github.com/testcontainers/testcontainers-go v0.38.0 h1:d7uEapLcv2P8AvH8ahLqDMMxda2W9gQN1nRbHS28HBw=
-github.com/testcontainers/testcontainers-go v0.40.0/go.mod h1:FSXV5KQtX2HAMlm7U3APNyLkkap35zNLxukw9oBi/MY=
+github.com/testcontainers/testcontainers-go v0.38.0/go.mod h1:C52c9MoHpWO+C4aqmgSU+hxlR5jlEayWtgYrb8Pzz1w=
-github.com/tklauser/go-sysconf v0.3.16 h1:frioLaCQSsF5Cy1jgRBrzr6t502KIIwQ0MArYICU0nA=
+github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
-github.com/tklauser/go-sysconf v0.3.16/go.mod h1:/qNL9xxDhc7tx3HSRsLWNnuzbVfh3e7gh/BmM179nYI=
+github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
-github.com/tklauser/numcpus v0.11.0 h1:nSTwhKH5e1dMNsCdVBukSZrURJRoHbSEQjdEbY+9RXw=
+github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
-github.com/tklauser/numcpus v0.11.0/go.mod h1:z+LwcLq54uWZTX0u/bGobaV34u6V7KNlTZejzM6/3MQ=
+github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
 github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
 github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
-go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 h1:ssfIgGNANqpVFCndZvcuyKbl0g+UAVcbBcqGkG28H0Y=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0/go.mod h1:GQ/474YrbE4Jx8gZ4q5I4hrhUzM6UPzyrqJYV2AqPoQ=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 h1:f0cb2XPmrqn4XMy9PNliTgRKJgS5WcL/u0/WRYGz4t0=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0/go.mod h1:vnakAaFckOMiMtOIhFI2MNH4FYrZzXCYxmb1LlhoGz8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 h1:Ckwye2FpXkYgiHX7fyVrN1uA/UYd9ounqqTuSNAv0k4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 h1:aTL7F04bJHUlztTsNGJ2l+6he8c+y/b//eR0jjjemT4=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0/go.mod h1:teIFJh5pW2y+AN7riv6IBPX2DuesS3HgP39mwOspKwU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0/go.mod h1:kldtb7jDTeol0l3ewcmd8SDvx3EmIE7lyvqbasU3QC4=
-go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
+go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
-go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=
-go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
+go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
+golang.org/x/crypto v0.42.0 h1:chiH31gIWm57EkTXpwnqf8qeuMUi0yekh6mT2AvFlqI=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/crypto v0.42.0/go.mod h1:4+rDnOTJhQCx2q7/j6rAN5XDw8kPjeaXEUR2eL94ix8=
-golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1iimyPKZ/xwniHj8Q2a0=
+golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b h1:DXr+pvt3nC887026GRP39Ej11UATqWDmWuS99x26cD0=
-golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
+golang.org/x/exp v0.0.0-20250819193227-8b4c13bb791b/go.mod h1:4QTo5u+SEIbbKW1RacMZq1YEfOBqeXa19JeshGi+zc4=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
+golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@ -201,22 +195,22 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
-golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
-golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
+golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI=
-golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b h1:uA40e2M6fYRBf0+8uN5mLlqUtV192iiksiICIBkYJ1E=
+google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090 h1:d8Nakh1G+ur7+P3GcMjpRDEkoLUcLW2iU92XVqR+XMQ=
-google.golang.org/genproto/googleapis/api v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:Xa7le7qx2vmqB/SzWUBa7KdMjpdpAHlh5QCSnjessQk=
+google.golang.org/genproto/googleapis/api v0.0.0-20250908214217-97024824d090/go.mod h1:U8EXRNSd8sUYyDfs/It7KVWodQr+Hf9xtxyxWudSwEw=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b h1:Mv8VFug0MP9e5vUxfBcE3vUkV6CImK3cMNMIDFjmzxU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090 h1:/OQuEa4YWtDt7uQWHd3q3sUMb+QOLQUg1xa8CEsRv5w=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251222181119-0a764e51fe1b/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250908214217-97024824d090/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og=
-google.golang.org/grpc v1.77.0 h1:wVVY6/8cGA6vvffn+wWK5ToddbgdU3d8MNENr4evgXM=
+google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4=
-google.golang.org/grpc v1.77.0/go.mod h1:z0BY1iVj0q8E1uSQCjL9cppRj+gnZjzDnzV0dHhrNig=
+google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ=
-google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.9 h1:w2gp2mA27hUeUzj9Ex9FBjsBm40zfaDtEWow293U7Iw=
-google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/protobuf v1.36.9/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
--- a/internal/audit/api/api_common_test.go
+++ b/internal/audit/api/api_common_test.go
@ -74,7 +74,7 @@ func Test_ValidateAndSerializePartially_AuditEventValidationFailed(t *testing.T)
 	_, err := ValidateAndSerializePartially(
 		validator, event, auditV1.Visibility_VISIBILITY_PUBLIC, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-	assert.EqualError(t, err, "validation error: log_name: value is required")
+	assert.EqualError(t, err, "validation error:\n - log_name: value is required [required]")
 }
 func Test_ValidateAndSerializePartially_RoutableEventValidationFailed(t *testing.T) {
@ -83,7 +83,7 @@ func Test_ValidateAndSerializePartially_RoutableEventValidationFailed(t *testing
 	event, objectIdentifier := NewOrganizationAuditEvent(nil)
 	_, err := ValidateAndSerializePartially(validator, event, 3, pkgAuditCommon.NewRoutableIdentifier(objectIdentifier))
-	assert.EqualError(t, err, "validation error: visibility: value must be one of the defined enum values")
+	assert.EqualError(t, err, "validation error:\n - visibility: value must be one of the defined enum values [enum.defined_only]")
 }
 func Test_ValidateAndSerializePartially_CheckVisibility_Event(t *testing.T) {
--- a/internal/audit/api/api_legacy_converter.go
+++ b/internal/audit/api/api_legacy_converter.go
@ -202,7 +202,7 @@ func ConvertAndSerializeIntoLegacyFormat(
 		UserAgent:       userAgent,
 		Initiator: LegacyAuditEventPrincipal{
 			Id:    event.ProtoPayload.AuthenticationInfo.PrincipalId,
-			Email: event.ProtoPayload.AuthenticationInfo.PrincipalEmail,
+			Email: &event.ProtoPayload.AuthenticationInfo.PrincipalEmail,
 		},
 		ServiceAccountDelegationInfo: serviceAccountDelegationInfo,
 		Request:                      request,
--- a/internal/audit/api/model.go
+++ b/internal/audit/api/model.go
@ -558,7 +558,7 @@ func AuditAttributesFromAuthorizationHeader(request *pkgAuditCommon.ApiRequest)
 	var authenticationPrincipal = "none/none"
 	var principalId = "none"
-	var principalEmail *string
+	var principalEmail = EmailAddressDoNotReplyAtStackItDotCloud
 	emptyClaims, err := structpb.NewStruct(make(map[string]interface{}))
 	if err != nil {
 		return nil, authenticationPrincipal, nil, nil, err
@ -741,15 +741,14 @@ func extractSubjectAndEmailFromActClaims(actClaim map[string]interface{}) (strin
 	return principalId, principalEmail
 }
-func extractSubjectAndEmail(token jwt.Token) (string, *string) {
+func extractSubjectAndEmail(token jwt.Token) (string, string) {
-	var principalEmail *string
+	var principalEmail string
 	principalId := token.Subject()
 	emailClaim, hasEmail := token.Get("email")
-	if hasEmail {
+	if !hasEmail {
-		trimmedEmail := strings.TrimSpace(fmt.Sprintf("%s", emailClaim))
+		principalEmail = EmailAddressDoNotReplyAtStackItDotCloud
-		if trimmedEmail != "" {
+	} else {
-			principalEmail = &trimmedEmail
+		principalEmail = fmt.Sprintf("%s", emailClaim)
 		}
 	}
 	return principalId, principalEmail
 }
--- a/internal/audit/api/model_test.go
+++ b/internal/audit/api/model_test.go
@ -404,7 +404,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit-resource-manager-dev"}, audiences)
 		assert.Equal(t, "stackit-resource-manager-dev", authenticationInfo.PrincipalId)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "do-not-reply@stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@ -442,7 +442,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 		assert.Equal(t, "10f38b01-534b-47bb-a03a-e294ca2be4de", authenticationInfo.PrincipalId)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de",
@ -482,7 +482,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de", authenticationInfo.PrincipalId)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de",
@ -526,7 +526,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 		assert.Equal(t, "f45009b2-6433-43c1-b6c7-618c44359e71", authenticationInfo.PrincipalId)
-		assert.Equal(t, "service-account-2-tj9srt1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "service-account-2-tj9srt1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/f45009b2-6433-43c1-b6c7-618c44359e71",
@ -577,7 +577,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit", "api"}, audiences)
 		assert.Equal(t, "1734b4b6-1d5e-4819-9b50-29917a1b9ad5", authenticationInfo.PrincipalId)
-		assert.Equal(t, "service-account-3-fghsxw1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "service-account-3-fghsxw1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Equal(t,
 			"projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/1734b4b6-1d5e-4819-9b50-29917a1b9ad5",
@ -622,7 +622,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"stackit-portal-login-dev-client-id"}, audiences)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@ -657,7 +657,7 @@ func Test_AuditAttributesFromAuthorizationHeader(t *testing.T) {
 		assert.Equal(t, []string{"https://stackit-service-account-dev.apps.01.cf.eu01.stackit.cloud"}, audiences)
 		assert.Equal(t, "5e426aed-c487-4c48-af25-87f69cf9cdd4", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Lukas.Schmitt@stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Lukas.Schmitt@stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@ -756,7 +756,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		authenticationInfo := payload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
@ -889,7 +889,7 @@ func Test_NewAuditLogEntry(t *testing.T) {
 		authenticationInfo := payload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
--- a/internal/audit/api/schema_validation_test.go
+++ b/internal/audit/api/schema_validation_test.go
@ -40,7 +40,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.OperationName = ""
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: operation_name: value is required")
+		assert.EqualError(t, err, "validation error:\n - operation_name: value is required [required]")
 	})
 	t.Run("invalid operation name", func(t *testing.T) {
@ -48,7 +48,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.OperationName = "stackit.resource-manager.v1.INVALID.organizations.create"
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: operation_name: value does not match regex pattern `^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$`")
+		assert.EqualError(t, err, "validation error:\n - operation_name: value does not match regex pattern `^stackit\\.[a-z0-9-]+\\.(?:v[0-9]+\\.)?(?:[a-z0-9-.]+\\.)?[a-z0-9-]+$` [string.pattern]")
 	})
 	t.Run("visibility invalid", func(t *testing.T) {
@ -56,7 +56,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Visibility = -1
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: visibility: value must be one of the defined enum values")
+		assert.EqualError(t, err, "validation error:\n - visibility: value must be one of the defined enum values [enum.defined_only]")
 	})
 	t.Run("visibility unspecified", func(t *testing.T) {
@ -64,7 +64,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Visibility = auditV1.Visibility_VISIBILITY_UNSPECIFIED
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: visibility: value is required")
+		assert.EqualError(t, err, "validation error:\n - visibility: value is required [required]")
 	})
 	t.Run("object identifier nil", func(t *testing.T) {
@ -72,7 +72,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier = nil
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier: value is required [required]")
 	})
 	t.Run("object identifier id empty", func(t *testing.T) {
@ -80,7 +80,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Identifier = ""
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.identifier: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.identifier: value is required [required]")
 	})
 	t.Run("object identifier id not uuid", func(t *testing.T) {
@ -88,7 +88,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Identifier = "invalid"
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.identifier: value must be a valid UUID")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.identifier: value must be a valid UUID [string.uuid]")
 	})
 	t.Run("object identifier type empty", func(t *testing.T) {
@ -96,7 +96,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.ObjectIdentifier.Type = ""
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: object_identifier.type: value is required")
+		assert.EqualError(t, err, "validation error:\n - object_identifier.type: value is required [required]")
 	})
 	t.Run("data nil", func(t *testing.T) {
@ -104,7 +104,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		event.Data = nil
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: data: exactly one field is required in oneof")
+		assert.EqualError(t, err, "validation error:\n - data: exactly one field is required in oneof [required]")
 	})
 	t.Run("data empty", func(t *testing.T) {
@ -115,7 +115,7 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		}}
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: unencrypted_data.data: value is required")
+		assert.EqualError(t, err, "validation error:\n - unencrypted_data.data: value is required [required]")
 	})
 	t.Run("data protobuf type empty", func(t *testing.T) {
@ -126,59 +126,6 @@ func Test_RoutableAuditEvent(t *testing.T) {
 		}}
 		err := validator.Validate(&event)
-		assert.EqualError(t, err, "validation error: unencrypted_data.protobuf_type: value is required")
+		assert.EqualError(t, err, "validation error:\n - unencrypted_data.protobuf_type: value is required [required]")
 	})
 }
 func Test_AuthenticationInfo(t *testing.T) {
 	validator, err := protovalidate.New()
 	assert.NoError(t, err)
 	email := "x@x.x"
 	newEvent := func() auditV1.AuthenticationInfo {
 		return auditV1.AuthenticationInfo{
 			PrincipalId:                  "1234567890",
 			PrincipalEmail:               &email,
 			ServiceAccountName:           nil,
 			ServiceAccountDelegationInfo: nil,
 		}
 	}
 	t.Run("valid event", func(t *testing.T) {
 		event := newEvent()
 		err := validator.Validate(&event)
 		assert.NoError(t, err)
 	})
 	t.Run("valid event without email", func(t *testing.T) {
 		event := newEvent()
 		event.PrincipalEmail = nil
 		err := validator.Validate(&event)
 		assert.NoError(t, err)
 	})
 	t.Run("principal id contains only whitespace", func(t *testing.T) {
 		event := newEvent()
 		event.PrincipalId = "     "
 		err := validator.Validate(&event)
 		assert.EqualError(t, err, "validation error: principal_id: value does not match regex pattern `.*\\S.*`")
 	})
 	t.Run("principal email contains only whitespace", func(t *testing.T) {
 		event := newEvent()
 		whitespaceEmail := "     "
 		event.PrincipalEmail = &whitespaceEmail
 		err := validator.Validate(&event)
 		assert.EqualError(t, err, "validation error: principal_email: value must be a valid email address")
 	})
 	t.Run("missing host in email", func(t *testing.T) {
 		event := newEvent()
 		invalidEmail := "@test.com"
 		event.PrincipalEmail = &invalidEmail
 		err := validator.Validate(&event)
 		assert.EqualError(t, err, "validation error: principal_email: value must be a valid email address")
 	})
 }
--- a/internal/audit/api/test_data.go
+++ b/internal/audit/api/test_data.go
@ -43,7 +43,6 @@ func NewOrganizationAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
 	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
 		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
@ -52,7 +51,7 @@ func NewOrganizationAuditEvent(
 			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeOrganization.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
@ -134,7 +133,6 @@ func NewFolderAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
 	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
 		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
@ -143,7 +141,7 @@ func NewFolderAuditEvent(
 			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeFolder.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
@ -225,7 +223,6 @@ func NewProjectAuditEvent(
 	headers["Content-Type"] = "application/json"
 	labels := make(map[string]string)
 	labels["label1"] = "value1"
 	email := "user@example.com"
 	auditEvent := &auditV1.AuditLogEntry{
 		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier, pkgAuditCommon.EventTypeAdminActivity),
 		ProtoPayload: &auditV1.AuditLog{
@ -234,7 +231,7 @@ func NewProjectAuditEvent(
 			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  uuid.NewString(),
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "user@example.com",
 				ServiceAccountName:           nil,
 				ServiceAccountDelegationInfo: nil,
 			},
@ -311,7 +308,6 @@ func NewProjectSystemAuditEvent(
 	serviceAccountId := uuid.NewString()
 	serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId)
 	delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}}
 	email := "service-account@sa.stackit.cloud"
 	auditEvent := &auditV1.AuditLogEntry{
 		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.SystemIdentifier.Type, pkgAuditCommon.SystemIdentifier.Identifier, pkgAuditCommon.EventTypeSystemEvent),
 		ProtoPayload: &auditV1.AuditLog{
@ -320,7 +316,7 @@ func NewProjectSystemAuditEvent(
 			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeProject.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  serviceAccountId,
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "service-account@sa.stackit.cloud",
 				ServiceAccountName:           &serviceAccountName,
 				ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal},
 			},
@ -392,7 +388,6 @@ func NewSystemAuditEvent(
 	serviceAccountId := uuid.NewString()
 	serviceAccountName := fmt.Sprintf("projects/%s/service-accounts/%s", identifier, serviceAccountId)
 	delegationPrincipal := auditV1.ServiceAccountDelegationInfo{Authority: &auditV1.ServiceAccountDelegationInfo_SystemPrincipal_{}}
 	email := "service-account@sa.stackit.cloud"
 	auditEvent := &auditV1.AuditLogEntry{
 		LogName: fmt.Sprintf("%s/%s/logs/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier, pkgAuditCommon.EventTypeSystemEvent),
 		ProtoPayload: &auditV1.AuditLog{
@ -401,7 +396,7 @@ func NewSystemAuditEvent(
 			ResourceName:  fmt.Sprintf("%s/%s", pkgAuditCommon.ObjectTypeSystem.Plural(), identifier),
 			AuthenticationInfo: &auditV1.AuthenticationInfo{
 				PrincipalId:                  serviceAccountId,
-				PrincipalEmail:               &email,
+				PrincipalEmail:               "service-account@sa.stackit.cloud",
 				ServiceAccountName:           &serviceAccountName,
 				ServiceAccountDelegationInfo: []*auditV1.ServiceAccountDelegationInfo{&delegationPrincipal},
 			},
--- a/pkg/audit/api/builder_test.go
+++ b/pkg/audit/api/builder_test.go
@ -90,7 +90,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		assert.NoError(t, err)
 		err = validator.Validate(logEntry)
 		assert.Error(t, err)
-		assert.Equal(t, "validation errors:\n - proto_payload.service_name: value is required\n - proto_payload.operation_name: value is required\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required\n - proto_payload.request_metadata.request_attributes.method: value is required\n - proto_payload.request_metadata.request_attributes.headers: value is required\n - proto_payload.request_metadata.request_attributes.path: value is required\n - proto_payload.request_metadata.request_attributes.host: value is required\n - proto_payload.request_metadata.request_attributes.scheme: value is required\n - proto_payload.request_metadata.request_attributes.protocol: value is required\n - insert_id: value does not match regex pattern `^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$`", err.Error())
+		assert.Equal(t, "validation error:\n - proto_payload.service_name: value is required [required]\n - proto_payload.operation_name: value is required [required]\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required [required]\n - proto_payload.request_metadata.request_attributes.method: value is required [required]\n - proto_payload.request_metadata.request_attributes.headers: value is required [required]\n - proto_payload.request_metadata.request_attributes.path: value is required [required]\n - proto_payload.request_metadata.request_attributes.host: value is required [required]\n - proto_payload.request_metadata.request_attributes.scheme: value is required [required]\n - proto_payload.request_metadata.request_attributes.protocol: value is required [required]\n - insert_id: value does not match regex pattern `^[0-9]+/[a-z0-9-]+/[a-z0-9-]+/[0-9]+$` [string.pattern]", err.Error())
 	})
 	t.Run("required only", func(t *testing.T) {
@ -130,7 +130,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -246,7 +246,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -347,7 +347,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "my-service-yifc9e1@sa.stackit.cloud", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "10f38b01_534b_47bb_a03a_e294ca2be4de", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Equal(t, "projects/dacc7830-843e-4c5e-86ff-aa0fb51d636f/service-accounts/10f38b01-534b-47bb-a03a-e294ca2be4de", *authenticationInfo.ServiceAccountName)
@ -429,7 +429,7 @@ func Test_AuditLogEntryBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, internalAuditApi.EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -758,7 +758,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 			Build(context.Background(), SequenceNumber(1))
 		assert.Error(t, err)
-		assert.Equal(t, "validation errors:\n - log_name: value does not match regex pattern `^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$`\n - proto_payload.operation_name: value is required\n - proto_payload.resource_name: value does not match regex pattern `^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$`\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required\n - proto_payload.request_metadata.request_attributes.method: value is required\n - proto_payload.request_metadata.request_attributes.headers: value is required\n - proto_payload.request_metadata.request_attributes.path: value is required\n - proto_payload.request_metadata.request_attributes.host: value is required\n - proto_payload.request_metadata.request_attributes.scheme: value is required\n - proto_payload.request_metadata.request_attributes.protocol: value is required", err.Error())
+		assert.Equal(t, "validation error:\n - log_name: value does not match regex pattern `^[a-z-]+/[a-z0-9-]+/logs/(?:admin-activity|system-event|policy-denied|data-access)$` [string.pattern]\n - proto_payload.operation_name: value is required [required]\n - proto_payload.resource_name: value does not match regex pattern `^[a-z]+/[a-z0-9-]+(?:/[a-z0-9-]+/[a-z0-9-_]+)*$` [string.pattern]\n - proto_payload.request_metadata.caller_supplied_user_agent: value is required [required]\n - proto_payload.request_metadata.request_attributes.method: value is required [required]\n - proto_payload.request_metadata.request_attributes.headers: value is required [required]\n - proto_payload.request_metadata.request_attributes.path: value is required [required]\n - proto_payload.request_metadata.request_attributes.host: value is required [required]\n - proto_payload.request_metadata.request_attributes.scheme: value is required [required]\n - proto_payload.request_metadata.request_attributes.protocol: value is required [required]", err.Error())
 		assert.Nil(t, cloudEvent)
 		assert.Nil(t, routingIdentifier)
 	})
@ -830,7 +830,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -977,7 +977,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", *authenticationInfo.PrincipalEmail)
+		assert.Equal(t, "Christian.Schaible@novatec-gmbh.de", authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "cd94f01a-df2e-4456-902e-48f5e57f0b63", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -1095,7 +1095,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, internalAuditApi.EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
@ -1204,7 +1204,7 @@ func Test_AuditEventBuilder(t *testing.T) {
 		authenticationInfo := logEntry.ProtoPayload.AuthenticationInfo
 		assert.NotNil(t, authenticationInfo)
-		assert.Nil(t, authenticationInfo.PrincipalEmail)
+		assert.Equal(t, internalAuditApi.EmailAddressDoNotReplyAtStackItDotCloud, authenticationInfo.PrincipalEmail)
 		assert.Equal(t, "none", authenticationInfo.PrincipalId)
 		assert.Nil(t, authenticationInfo.ServiceAccountDelegationInfo)
 		assert.Nil(t, authenticationInfo.ServiceAccountName)
--- a/proto/audit/v1/audit_event.proto
+++ b/proto/audit/v1/audit_event.proto
@ -131,8 +131,7 @@ message AuditLog {
  // Required: true
  string service_name = 1 [
    (buf.validate.field).required = true,
-    (buf.validate.field).string.min_len = 1,
+    (buf.validate.field).string.min_len = 1
    (buf.validate.field).string.pattern = ".*\\S.*"
  ];
  // The name of the service method or operation.
@ -233,18 +232,17 @@ message AuthenticationInfo {
  // Required: true
  string principal_id = 1 [
    (buf.validate.field).required = true,
-    (buf.validate.field).string.min_len = 1,
+    (buf.validate.field).string.min_len = 1
    (buf.validate.field).string.pattern = ".*\\S.*"
  ];
  // The email address of the authenticated user.
  // Service accounts have email addresses that can be used.
  //
-  // Required: false
+  // Required: true
-  optional string principal_email = 2 [
+  string principal_email = 2 [
-    (buf.validate.field).string.min_len = 5,
+    (buf.validate.field).required = true,
-    (buf.validate.field).string.max_len = 255,
+    (buf.validate.field).string.min_len = 1,
-    (buf.validate.field).string.email = true
+    (buf.validate.field).string.max_len = 255
  ];
  // The name of the service account used to create or exchange
@ -416,8 +414,7 @@ message AttributeContext {
    string path = 4 [
      (buf.validate.field).required = true,
      (buf.validate.field).string.min_len = 1,
-      (buf.validate.field).string.max_len = 255,
+      (buf.validate.field).string.max_len = 255
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // The HTTP request `Host` header value.
@ -425,8 +422,7 @@ message AttributeContext {
    // Required: true
    string host = 5 [
      (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // The URL scheme, such as `http`, `https` or `gRPC`.
@ -434,8 +430,7 @@ message AttributeContext {
    // Required: true
    string scheme = 6 [
      (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // The HTTP URL query in the format of "name1=value1&name2=value2", as it
@ -462,8 +457,7 @@ message AttributeContext {
    // Required: true
    string protocol = 9 [
      (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // The request authentication.
@ -527,8 +521,7 @@ message RequestMetadata {
  string caller_supplied_user_agent = 2 [
    (buf.validate.field).required = true,
    (buf.validate.field).string.min_len = 1,
-    (buf.validate.field).string.max_len = 255,
+    (buf.validate.field).string.max_len = 255
    (buf.validate.field).string.pattern = ".*\\S.*"
  ];
  // This field contains request attributes like request url, time, etc.
@ -584,8 +577,7 @@ message ServiceAccountDelegationInfo {
    // Required: true
    string principal_id = 1 [
      (buf.validate.field).required = true,
-      (buf.validate.field).string.min_len = 1,
+      (buf.validate.field).string.min_len = 1
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // The email address of the authenticated user.
@ -595,8 +587,7 @@ message ServiceAccountDelegationInfo {
    string principal_email = 2 [
      (buf.validate.field).required = true,
      (buf.validate.field).string.min_len = 1,
-      (buf.validate.field).string.max_len = 255,
+      (buf.validate.field).string.max_len = 255
      (buf.validate.field).string.pattern = ".*\\S.*"
    ];
    // Metadata about the service that uses the service account.
--- a/sonar-project.properties
+++ b/sonar-project.properties
@ -1,13 +0,0 @@
 sonar.projectKey=xx-sit-odj-sec-ident:audit-go
 sonar.host.url=https://sonarqube.schwarz
 sonar.projectName=audit-go
 sonar.sources=.
 sonar.exclusions=**/*_test.go,**/vendor/**,**/mocks/**,**/*.yml,**/gen/**, **/test/solace.go
 sonar.tests=.
 sonar.test.inclusions=**/*_test.go
 sonar.test.exclusions=**/vendor/**,**/mocks/**
 sonar.issuesReport.html.enable=true
 sonar.log.level=INFO
 sonar.go.coverage.reportPaths=out/cover.out
 sonar.go.tests.reportPaths=out/report.json
 sonar.go.golangci-lint.reportPaths=out/lint.xml