Event sourcing: build an auditable ledger

Build a small event-sourced account-ledger service (any language) where the append-only event log is the sole source of truth, all reads are derived projections, and you can demonstrate audit, temporal query, rebuild, snapshot, versioning, and GDPR erasure on it.

• Implement an append-only event store (a single table or stream is fine) with: ordered events per aggregate, a global ordering, and per-aggregate optimistic concurrency — an append must fail if the expected version does not match the stream's current version.
• Model an account aggregate with at least AccountOpened, MoneyDeposited, MoneyWithdrawn, and a compensating correction event. Load the aggregate by folding its stream; reject invalid commands (e.g. overdraft) against the folded state, never against a stored balance.
• Build a CQRS balances projection that consumes the stream into a separate read table. Make it idempotent: advance a per-stream version checkpoint in the same transaction as the update, and ignore already-seen versions. Serve all balance queries from this read model, not the log.
• Add a 'drop and replay' rebuild command that truncates the read model and reconstructs it from event 0, and a brand-new second projection (e.g. monthly statement) built purely by replaying existing history — proving projections are disposable and the data was always in the log.
• Implement a temporal query: given a timestamp, return the account balance as-of that instant by folding only events at or before it. Confirm it matches a hand-traced expected value.
• Add snapshotting: persist the folded state every N events to a separate snapshot store, and on load read the latest snapshot then replay only events strictly after its version (exclusive lower bound). Checksum the snapshot and fall back to full replay on mismatch.
• Evolve one event's schema (e.g. MoneyDeposited gains a currency field) and write an upcaster that lifts old payloads to the new shape at read time, without rewriting any stored event. Old streams must still load correctly.
• Implement crypto-shredding for one PII field (e.g. account holder name): encrypt it with a per-account key stored outside the log, and provide a 'forget' operation that destroys the key — after which replay still works structurally but the PII is unrecoverable.

• A concurrency test: two appends at the same expected version, one succeeds and one fails with a version-conflict error — never a lost update or a silently merged write.
• An idempotency test: deliver the same event to the projection twice and show the read model is identical to single delivery (checkpoint blocks the redelivery).
• A rebuild proof: drop the balances read model, replay, and show byte-for-byte the same balances; plus the second projection produced solely from replayed history.
• A temporal-query result matching a hand-computed as-of balance, and a snapshot benchmark: load time for a long stream with snapshots vs full replay, with the numbers reported.
• An upcaster test: a stored pre-change event loads and folds correctly through the current code path, and the persisted event on disk is shown to be unchanged.
• A crypto-shredding proof: before forget, the name decrypts; after destroying the key, replay still rebuilds all balances while the name is permanently unrecoverable. Note in writing the legal caveat that regulators may still treat undeletable encrypted PII as personal data.