Skip to main content

edge-functions — Public API surface

Types & interfaces

interface AftercarePlanHedisFlags

  • file: supabase/functions/_shared/cl-followup-gap.ts:59
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal row shape this predicate reads.
  • score: 2

interface AgentActionClassification

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:54
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The classifier’s verdict for one proposed tool call.
  • score: 2

interface AgentActionInput

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:47
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The input the classifier scores (no PHI — identifiers and dimension hints only).
  • score: 2

type AgentActionTier

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:21
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The runtime risk tier of a proposed agent tool call (FR-1).
  • score: 2

interface AgentBudgetInput

  • file: supabase/functions/_shared/ai/agent-usage.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The three independent caps evaluated before dispatch (any may fail closed).
  • score: 2

interface AgentBudgetVerdict

  • file: supabase/functions/_shared/ai/agent-usage.ts:32
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The pre-dispatch budget verdict. ⇒ a hard cap is reached → fail closed.
  • score: 2

interface AgentConfig

  • file: supabase/functions/_shared/skill-agent.ts:63
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Agent configuration produced by buildSkillAgent
  • score: 2

interface AgenticLoopDeps

  • file: supabase/functions/_shared/ai/agentic-loop.ts:74
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Injectable dependencies for . All optional; defaults are thereal implementations. Tests override //(to avoid network/db) and // (to drive thebudget/iteration-cap branches deterministically without real waits).
  • score: 2

interface AgenticResult

  • file: supabase/functions/_shared/ai/agentic-loop.ts:57
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a execution: the model’s final text plus thetoken usage accumulated across every iteration. When the skill requestedstructured output, holds the parsed JSON, or is set when the model’s content could not be parsed.
  • score: 2

interface AgentMessageActor

  • file: supabase/functions/_shared/cowork/agent-message.ts:23
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The agent’s dual identity for attribution. == MachinePrincipal.serviceAccountId.
  • score: 2

interface AgentMessageInput

  • file: supabase/functions/_shared/cowork/agent-message.ts:31
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Inputs for an attributed agent message.
  • score: 2

interface AgentMessageRow

  • file: supabase/functions/_shared/cowork/agent-message.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A fully-attributed pf_messages insert row (Phase 1B always uses content_type=‘ai_response’).
  • score: 2

interface AgentRun

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:110
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The columns of the durable wrapper reads (subset of the table).
  • score: 2

type AgentRunState

  • file: supabase/functions/_shared/ai/agent-run-states.ts:33
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: A run lifecycle state.
  • score: 1

interface ApplyRulesAuthDeps

  • file: supabase/functions/plaid-apply-rules/index.ts:191
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Auth/infra seams injected into , with production defaults. Thecross-org-caller denial guard (#1493) is a security boundary, so it isexercised by a Deno unit test that injects a stub authenticating a real userand a that denies — without a live stack. Production calls and the defaults wire the real helpers, sothe service-role/cron sentinel (the internal plaid-sync caller) + theplatform-admin parity baked into the real are preservedverbatim.
  • score: 2

interface ArtifactParams

  • file: supabase/functions/cl-agent-draft-note/handler.ts:60
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The artifact creation input.
  • score: 1

interface AuditLogRow

  • file: supabase/functions/security-detect-audit-anomalies/scoring.ts:26
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single audit-log row as aggregated for scoring (metadata columns only).
  • score: 2

interface AuditWindow

  • file: supabase/functions/security-detect-audit-anomalies/scoring.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Pre-aggregated per-(org, user) window fed into the scorer.
  • score: 2

interface AuthError

  • file: supabase/functions/_shared/auth.ts:33
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Failure value returned by when the JWT is missing, invalid,or the service-role token is disallowed. maps to an HTTP code(typically 401) and is safe to surface in an error response.
  • see:
    • validateAuth
  • score: 5

interface AuthResult

  • file: supabase/functions/_shared/auth.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Successful return value from .Carries the authenticated user’s id/email and a Supabase client scoped tothat session so downstream queries run under the user’s RLS policies.
  • see:
    • validateAuth
  • score: 5

interface BaseLayoutOptions

  • file: supabase/functions/_shared/email-templates/base-layout.ts:6
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Base Email LayoutShared HTML wrapper for all Encore OS email templates
  • score: 2

interface BillingProvider837I

  • file: supabase/functions/_shared/x12/generate-837i.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-08-EN-14: Pure X12 837I Institutional Claim GeneratorGenerates ANSI X12 837I (005010X223A2) claim segments. Does NOT build theISA/GS/ST envelope — pair with the envelope builder inenvelope.ts (this directory) when serializing.Pure: no React, no Supabase, no Deno globals. Safe for Vitest + browser.A Deno mirror lives at for edge-function consumption (kept in lockstep — update both).
  • score: 2

interface BudgetDimension

  • file: supabase/functions/_shared/ai/agent-usage.ts:15
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single budget dimension: a hard limit (null = uncapped) and the run/period-to-date spend.
  • score: 2

interface BudgetVerdict

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:135
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a budget check (FR-12).
  • score: 2

interface BuildCheckRequestInput

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:56
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Validated input for .
  • score: 1

type BuildCheckRequestResult

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:116
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Discriminated result of validating a manual-check request: either withthe vendor-ready body, or with thecollected field-level validation errors.
  • score: 2

interface BuiltEarningLine

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:57
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A validated earning line ready to push, paired with its source index andEncore employee id for downstream sync-log and push-log attribution.
  • score: 2

interface CancelRxRequest

  • file: supabase/functions/_shared/weno/transport.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Arguments for a CancelRx send: the fully-built WENO request URL.
  • score: 2

type CapabilityKey

  • file: supabase/functions/_shared/google-workspace-client.ts:48
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: A PF-101 connector capability — each maps to a least-privilege Google OAuth scope set in .
  • score: 2

interface CaptureCard

  • file: supabase/functions/_shared/ce-card-capture.ts:37
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal shape of a row needed to resolve a capture.(The public read whitelist is a separate, narrower projection.)
  • score: 2

interface CaptureInput

  • file: supabase/functions/_shared/ce-card-capture.ts:53
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The captured visitor’s self-reported details (all optional).
  • score: 2

type CaptureMethod

  • file: supabase/functions/_shared/ce-card-capture.ts:28
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Methods that can produce a card capture.
  • score: 2

type CaptureOutcome

  • file: supabase/functions/_shared/ce-card-capture.ts:31
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Outcome of resolving + persisting a capture.
  • score: 2

interface CaptureSettings

  • file: supabase/functions/_shared/ce-card-capture.ts:48
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Relevant columns. All optional/nullable — the helperfalls back to safe defaults so a missing settings row never breaks a capture.
  • score: 2

type CaptureSourceMeta

  • file: supabase/functions/_shared/ce-card-capture.ts:65
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Extra metadata persisted on the capture (recaptcha score, ip, utm, …).
  • score: 2

interface CareGapDomainEventRow

  • file: supabase/functions/_shared/cl-care-gap-event.ts:37
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: An insert row (matches the publishEvent insert shape).
  • score: 2

interface CareGapEventSource

  • file: supabase/functions/_shared/cl-care-gap-event.ts:27
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A persisted care-gap row, narrowed to the fields the event needs.
  • score: 2

type CareGapPriority

  • file: supabase/functions/_shared/cl-followup-gap.ts:33
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Allowed values (the column CHECK constraint).
  • score: 2

interface CheckLineItem

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:104
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Vendor line (camelCase per swagger).
  • score: 2

interface CheckRequestModel

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:82
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Vendor body for .
  • score: 1

interface Claim837PInput

  • file: supabase/functions/_shared/x12/generate-837p.ts:11
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 837P Professional Claim GeneratorGenerates ANSI X12 837P (005010X222A1) claim segments from structuredclaim data. Does NOT build the ISA/GS/ST envelope — use envelope.ts for that.Supports: Single/multi-line claims, modifiers, diagnosis pointers,place of service codes, and AHCCCS-specific behavioral health modifiers.
  • score: 2

interface CodeDefinitionInput

  • file: supabase/functions/proliant-code-push/push-code-definitions.ts:26
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One Encore-defined code to write back to Proliant (HR-44-EN-01 AC-7). selects the Proliant resource controller (see ); is the lookup code, its label, its state.
  • score: 2

interface CodeMapRow

  • file: supabase/functions/proliant-sync/code-resolver.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: HR-44-EN-01 AC-11 — resolve Encore values to Proliant lookup CODES.The push mapper otherwise sends display words (, )where the vendor’s lookup codes are short tokens (, ). The pull mapscode→Encore; the push must map Encore→code via (the write side of the HR-44 V5 shape lesson). This resolver indexes the coderows by, in precedence order: the admin-configured , the, and the itself (passthrough when avalue is already a code). Lookups are case-insensitive.
  • score: 2

interface CodePushOutcome

  • file: supabase/functions/proliant-code-push/push-code-definitions.ts:38
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The tally returned by : were created at thevendor, already existed (idempotent), and collects everydefinition that could not be written (unknown family / missing code / vendor failure).
  • score: 2

interface CodeRowCtx

  • file: supabase/functions/proliant-code-lookup/lookup-mapper.ts:38
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Tenant/integration context stamped onto every generated mapping row.
  • score: 2

type CodeType

  • file: supabase/functions/proliant-code-lookup/lookup-mapper.ts:18
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The category of Proliant code being mapped. Mirrors the CHECKconstraint on ; was added in HR-44 tomap JournalEntry GL segment codes to FA accounts. The ten types added inHR-44 Follow-up C (position, pay_grade, union, employee_status, employee_type,benefit_class, workers_comp_code, workers_comp_rate, eeo_class, accrual)correspond to confirmed endpoints in.The 18 read-only families on the final line (HR-44 — full read coverage)complete the remaining no-parameter Lookup endpoints: company-scoped (termination_reason … onboarding_flow) and thesystem-scoped enums (gender … auto_pay). Verified liveagainst the SBX0028 sandbox 2026-06-05; families whose backing resource thecredentials are not granted simply return 0 (recorded in the per-family list, never fatal).
  • score: 2

interface CodingPromptInput

  • file: supabase/functions/pm-ai-coding-suggest/prompt.ts:48
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Full input to the prompt builder.
  • score: 2

interface CodingSuggestionOutput

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:33
  • kind: interface
  • core: edge-functions
  • spec: PM-64
  • summary: The expected JSON response shape from the AI model.
  • score: 3

interface ComplianceAuditEntryParams

  • file: supabase/functions/_shared/fw-compliance-audit.ts:80
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Parameters for inserting a compliance audit entry.
  • score: 2

interface ComposeRxPayload

  • file: supabase/functions/_shared/weno/request-builder.ts:46
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Canonical CL-06 payload for a ComposeRx (NewRx) launch (camelCase, Encorenaming). Loose -friendly subset of the src ; theedge function receives this as untyped JSON, so optionals are widened.
  • score: 2

type ConflictResolution

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:10
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: FW-26 (Workflow Scheduling) — Deno port of the T3 conflict detector.Mirrors (time-overlap +circular-dependency detection). Kept as a copy because edge functionsrun under Deno and can’t import the Vite app’s tree. Keep the two insync — the algorithm is intentionally identical; only the module system differs.
  • score: 2

type ConflictResolutionAction

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:91
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The action the worker should take for a conflicting run, per the schedule’s strategy.
  • score: 2

type ConflictStrategy

  • file: supabase/functions/proliant-sync/sor-direction.ts:18
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The integration’s (the column).
  • score: 2

interface CreatedArtifact

  • file: supabase/functions/cl-agent-draft-note/handler.test.fixtures.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Spy record for artifact creation calls
  • score: 2

interface CronHandlerContext

  • file: supabase/functions/_shared/cron-handler.ts:57
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Context provided to the cron handler function.
  • score: 2

type CronHandlerFn

  • file: supabase/functions/_shared/cron-handler.ts:74
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The handler function that contains the cron job’s business logic.
  • params:
    • supabase — Service role Supabase client
    • logger — Structured logger for the function
    • ctx — Context with correlation ID, timestamp, and request
  • returns: A record of result metrics/data to include in the response
  • score: 2

interface CurrentModuleSettings

  • file: supabase/functions/provision-tenant/module-overrides.ts:95
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Existing pf_module_settings values that feed the merge base.
  • score: 2

interface DecisionNode

  • file: supabase/functions/_shared/skill-agent.ts:27
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Conditional decision node (mirrors client-side DecisionNode; from JSONB)
  • score: 2

interface DeclaredField

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:37
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A declared write field as the caller knows it (name + the value the agent intends to write).
  • score: 2

interface DemographicInput

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:126
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Raw demographic inputs — accepted, never stored or returned.
  • score: 2

interface DigestInput

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:43
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Inputs to the digest (identifiers + declared write shape; values are redacted, never stored raw).
  • score: 2

interface DirectoryRequest

  • file: supabase/functions/_shared/weno/transport.ts:17
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Arguments for a pharmacy-directory download: the fully-built WENO request URL.
  • score: 2

interface DisclosureResult

  • file: supabase/functions/cl-agent-draft-note/handler.ts:46
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a published-disclosure lookup.
  • score: 2

interface DispatchSummary

  • file: supabase/functions/_shared/fw-schedule-dispatch.ts:112
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Outcome tallies for one dispatch tick.
  • score: 2

interface DraftAi

  • file: supabase/functions/cl-agent-draft-note/handler.ts:96
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: AI port — injected by the caller.
  • score: 2

interface DraftDb

  • file: supabase/functions/cl-agent-draft-note/handler.ts:86
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: DB port — injected by the caller (edge function or test).
  • score: 2

interface DraftDeps

  • file: supabase/functions/cl-agent-draft-note/handler.ts:103
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Full injectable deps bundle.
  • score: 1

interface DraftInput

  • file: supabase/functions/cl-agent-draft-note/handler.ts:30
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Input required to generate a clinical draft.
  • score: 2

type DraftResult

  • file: supabase/functions/cl-agent-draft-note/handler.ts:111
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Handler result.
  • score: 1

interface DurableLoopArgs

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:210
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Positional args for , bundled so the durable wrapper can gate .
  • score: 2

interface DurableRunResult

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:339
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a durable run: the loop result plus the terminal state it reached.
  • score: 2

interface EarningBatchLineInput

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:23
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One explicit earnings line from the request body.
  • score: 2

interface EarningLineError

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:45
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One earning line rejected during build, carrying its array position and theresolved employee so the caller can attribute the failure in the sync logwithout aborting the rest of the batch.
  • score: 2

type EarningLineErrorReason

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:32
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Typed per-line validation failure reasons (logged, never thrown).
  • score: 2

interface EarningPeriod

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:74
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Vendor-format (MM/DD/YYYY) period stamp, taken from the target calendar.
  • score: 2

interface EarningsImportBuildResult

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:68
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Outcome of building an earnings batch: the lines that passed validation andthe per-line errors for the rest, so a partial batch can still be pushed.
  • score: 2

interface Eligibility270Input

  • file: supabase/functions/_shared/x12/generate-270.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 270 Eligibility Inquiry GeneratorGenerates ANSI X12 270 (005010X279A1) eligibility inquiry segments.Use with envelope.ts to wrap in ISA/GS/ST.
  • score: 2

type EmailModuleCode

  • file: supabase/functions/_shared/email-provider.ts:30
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Supported module codes for per-module sender lookup
  • score: 2

type EmailProvider

  • file: supabase/functions/_shared/email-provider.ts:27
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Email transport backend an org sends through: Microsoft Entra (Graph) or Google Workspace Gmail.
  • score: 2

interface EmailProviderConfig

  • file: supabase/functions/_shared/email-provider.ts:39
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Resolved per-org email configuration used by : which providerto use, sender identity (with optional per-module override), the Entra andGmail provider settings, and — when present — the PF-101 Google Workspaceconnection metadata (BAA attestation, capability flag, vault-sourcedcredential, sender allowlist) that takes priority over the legacy Gmail path.
  • score: 2

interface EmailSendRequest

  • file: supabase/functions/_shared/email-provider.ts:71
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single outbound message: recipients, subject, HTML body, and optional reply-to/cc/bcc.
  • score: 2

interface EmailSendResult

  • file: supabase/functions/_shared/email-provider.ts:85
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Outcome of an email send: success flag, the provider message id on success,a sanitized on failure, the provider used, and whether afallback provider was used after the primary failed.
  • score: 2

interface EmployeeFieldMappingConfig

  • file: supabase/functions/proliant-sync/field-mapper.ts:36
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Resolved employee field-mapping: each Encore field → the ordered Proliant source keys to try.
  • score: 2

interface EmployeePushSourceModel

  • file: supabase/functions/proliant-sync/field-mapper.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Encore-side employee shape used as the source when pushing an employee to Proliant.
  • score: 2

interface EncounterContext

  • file: supabase/functions/pm-ai-coding-suggest/prompt.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Encounter metadata injected as structured facts (never model-generated).
  • score: 2

interface EncounterFacts

  • file: supabase/functions/cl-agent-draft-note/handler.ts:52
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Encounter context loaded from DB (used to build the generation prompt).
  • score: 2

interface EnforceResult

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:54
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The enforcer’s verdict — the text that may be dispatched, and whether it was redacted.
  • score: 2

interface EnvelopeConfig

  • file: supabase/functions/_shared/x12/envelope.ts:10
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 ISA/GS/ST/SE/GE/IEA Envelope BuilderBuilds ANSI X12 interchange envelopes per the 005010X222A1 (837P),005010X221A1 (835), 005010X279A1 (270/271), 005010X231A1 (999) standards.Element separator: * | Segment terminator: ~ | Sub-element separator: :
  • score: 2

type ErrorClass

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:29
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Error classification result.
  • score: 1

interface EstimatorBenefitInputs

  • file: supabase/functions/_shared/pm/benefit-estimator.ts:15
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-02-EN-02: Benefit Estimator (pure logic)Calculates patient out-of-pocket responsibility for a single encountergiven a normalized benefit detail row and the contracted/fee-scheduleamount for the CPT.Pure and synchronous — mirror-maintained atsupabase/functions/_shared/pm/benefit-estimator.ts.See PM-02-EN-02-CONTEXT.md § D3. shared/lib/pm/benefit-estimator
  • score: 2

interface ExemptionAttestation

  • file: supabase/functions/_shared/ceem-minimum-necessary.ts:11
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: CL-71 — Minimum-necessary builder + validator (DENO MIRROR).Byte-for-byte logic mirror of (the unit-tested source of truth). Edge functions run in Deno and cannotimport paths, so this copy exists for the runtime. KEEP IN LOCKSTEP — the allow-list and FR-4a coarsening rules areload-bearing for 42 CFR Part 2 compliance.
  • score: 2

interface ExpectedBaseline

  • file: supabase/functions/proliant-payroll-run/expected-baseline.ts:52
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The expected totals a payroll run is reconciled against — derived headcount,gross and deductions plus the audit fields recording which prior period theamount baseline came from and how much batch-pushed earnings it includes.
  • score: 2

interface ExportTimesheetRow

  • file: supabase/functions/_shared/timesheet-export-csv.ts:11
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Shape of a single timesheet row as selected by the export edge function.
  • score: 2

interface ExternalModelStep

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single external-model-reaching step to evaluate.
  • score: 2

type ExternalStepType

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:26
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Every external-model-reaching step type subject to the two-path rule (FR-9/FR-10).
  • score: 2

interface FairnessBuckets

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:79
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: De-identified protected-class buckets stored in. Contains NO raw demographic value.
  • score: 2

interface FieldMapping

  • file: supabase/functions/_shared/import-transforms.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single source→target field mapping, optionally with a transform.
  • score: 2

interface FieldMappingOverrideRecord

  • file: supabase/functions/proliant-sync/field-mapper.ts:27
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A per-org override row mapping one Proliant field to one Encore field for an entity type/direction.
  • score: 2

interface FilterRecommendationSection

  • file: supabase/functions/suggest-workspaces/filter.ts:10
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Pure helpers for the suggest-workspaces edge function.Extracted to a separate module so Vitest (Node) can import them withoutpulling in , specifiers, or the Lovable Gateway client.The runtime () re-uses these via a relative import — same code,same coverage, no drift.
  • score: 2

interface FollowUpGapResult

  • file: supabase/functions/_shared/cl-followup-gap.ts:71
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: What the predicate hands the edge fn to build a gap candidate.
  • score: 2

interface FollowUpTaskInsert

  • file: supabase/functions/_shared/follow-up-task.ts:17
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Insert payload for a follow-up row (subset of the table Insert). is a column (and typed non-nullable in), so it must always be a real actor uuid — a null hereBOTH fails the generated type check AND violates the NOT NULLconstraint at runtime. / are nullable uuid columns.
  • score: 2

interface GateResult

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:67
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The result the seam needs.
  • score: 1

interface GatewayError

  • file: supabase/functions/_shared/ai/errors.ts:11
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PF-111: Unified AI Gateway — error classification + PHI-safe sanitization.Merges the two near-identical legacy implementations ( + /) into one. _shared/ai/errors
  • score: 2

interface GoogleWorkspaceConnection

  • file: supabase/functions/_shared/google-workspace-client.ts:74
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Connection metadata loaded from (ids, primary domain, status, BAA attestation, capability flags, vault credential ref) — never the raw credential.
  • score: 2

interface GovernanceContext

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:55
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The context a governance decision needs (no PHI — identifiers + the redacted digest).
  • score: 2

interface GovernanceDecision

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The runtime decision for one proposed tool call.
  • score: 2

interface GovernanceDeps

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:73
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Injected effectful collaborators (all overridable for hermetic tests).
  • score: 2

interface GraphCalendarEventBody

  • file: supabase/functions/_shared/calendar-provider.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A flexible Microsoft Graph event body. Unlike entra-client’s (which omits location/attendees), this allows the full Graph shape so theshared callers are not lossy for any caller. The follow-up builder populatesonly the PHI-safe subset.
  • score: 2

interface GraphPushContext

  • file: supabase/functions/calendar-task-push/index.ts:52
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The single injectable Graph seam. Given the resolved push context, create thecalendar event and return the external id + the (delegated-path) connection id.Throws on any Graph/credential failure — the caller treats a throw as fail-open.The production implementation branches on auth mode (application vs delegated);tests inject a stub so the handler’s gating/recipient/fail-open logic isexercised without a live Microsoft Graph.
  • score: 2

interface GwsAdminClient

  • file: supabase/functions/_shared/google-workspace-client.ts:322
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Admin SDK Directory client (get/insert/suspend users) bound to one org’s PF-101 connection.
  • score: 2

interface GwsCalendarClient

  • file: supabase/functions/_shared/google-workspace-client.ts:338
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Calendar client (insert events, free/busy) bound to one org’s PF-101 connection.
  • score: 2

interface GwsChatClient

  • file: supabase/functions/_shared/google-workspace-client.ts:381
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Chat client (post a message to a space) bound to one org’s PF-101 connection.
  • score: 2

interface GwsClientErrorShape

  • file: supabase/functions/_shared/google-workspace-client.ts:96
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Shape of a : a sanitized /, optional upstream HTTP , and whether the failure is retryable.
  • score: 2

interface GwsDriveClient

  • file: supabase/functions/_shared/google-workspace-client.ts:370
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Drive client (list shared drives + folders, METADATA only) bound to one org’s PF-101 connection.
  • score: 2

interface GwsLicensingClient

  • file: supabase/functions/_shared/google-workspace-client.ts:361
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Licensing client (idempotent assign/revoke of SKU licenses) bound to one org’s PF-101 connection.
  • score: 2

interface GwsReportsClient

  • file: supabase/functions/_shared/google-workspace-client.ts:392
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Reports API client (pull audit/usage activities) bound to one org’s PF-101 connection.
  • score: 2

interface HispSendInput

  • file: supabase/functions/_shared/hisp-adapter.ts:11
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: CL-48: Direct/HISP transmission adapter.- Default mock mode: synthesizes a delivery confirmation after a short delay.- Live mode (CDA_HISP_MODE=live + CDA_HISP_BASE_URL + CDA_HISP_API_KEY): POSTs the XML to the configured HISP gateway and returns the response.Never logs PHI. Document IDs and endpoint IDs only.
  • score: 2

interface HubspotFieldMapping

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Row shape of the worker consumes.
  • score: 2

type HubspotInboundSource

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:129
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Feeder that enqueued the item: webhook (T2), poll (T8), backfill (T12).
  • score: 2

interface HubspotInboundWorkItem

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:132
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Queue work item enqueued to (consumed by T7).
  • score: 2

interface IdentityResolution

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:147
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Outcome of the CE-74 batch resolution for one incoming payload.
  • score: 2

type ImportStrictness

  • file: supabase/functions/_shared/import-transforms.ts:35
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Per-binding enforcement policy persisted on a value_map transform (PF-15 PR9).
  • score: 2

type InferenceResult

  • file: supabase/functions/_shared/denial-model/inference.ts:49
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The fields returned by .Matches the full shape; aliased so callers can annotatevariables without importing directly.
  • score: 2

interface IntakeProposal

  • file: supabase/functions/intake-agent-run/run-intake.ts:176
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The structured intake recommendation the UI renders + drives with. Deriveddeterministically from the read substrate (screening program → PM-38 top candidate → the lead’slinked patient), independent of the model’s free-text summary. provider/datetimes mean nobookable candidate was found and the UI must require a manual selection (out of Stage-2 scope).
  • score: 2

interface IntakeReadSources

  • file: supabase/functions/intake-agent-run/read-tools.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The CE/PM read functions the dispatcher calls (production: authenticated reads).
  • score: 2

type JsonObject

  • file: supabase/functions/provision-tenant/module-overrides.ts:16
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: PF-50 AC-006 — per-request module/settings override merge logic.Pure, dependency-free so it is unit-testable from the Vitest lane (which cannotimport Deno runtime modules) while the provision-tenant edge function imports itdirectly. See tests/unit/platform/provisioning/module-overrides.test.ts.Overrides supersede the template baseline: - / are jsonb object maps — the override map is DEEP (two-level) merged onto the current/default map, so a partial only flips and preserves every other module the template enabled. - Other whitelisted typed columns are replaced wholesale (scalar override). - Unrecognised keys fall through to (merged, not replaced).
  • score: 2

interface JurisdictionCodingContext

  • file: supabase/functions/pm-ai-coding-suggest/prompt.ts:40
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Jurisdiction coding context from pf_resolve_jurisdiction_profile (FR-008).
  • score: 2

interface JurisdictionProfile

  • file: supabase/functions/_shared/jurisdiction.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Resolved jurisdiction profile shape (mirrors src/platform/jurisdiction/types.ts).
  • score: 2

interface KbCitation

  • file: supabase/functions/_shared/gr-state-rag.ts:44
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Citation surfaced to the AI prompt and (optionally) returned to the UI.
  • score: 2

type Lane

  • file: supabase/functions/_shared/ai/models.ts:16
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: PF-111: Unified AI Gateway — model routing (single source of truth).Maps a module + lane to an ordered list of identifiers.The ordered list is handed to the gateway, which tries each in order(gateway-native fallback) — replacing the legacy hand-rolled fallback chains.Lanes: - ‘standard’ — non-PHI workloads; any model allowed (cost/quality tuned). - ‘phi’ — PHI/SUD workloads (CL-36/PM-64). Fails closed: resolves only when a BAA-confirmed model config is present, else throws. _shared/ai/models
  • score: 2

interface LookupCode

  • file: supabase/functions/proliant-code-lookup/lookup-mapper.ts:36
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single code returned by the Proliant lookup API. The live vendor returnsthe code under (confirmed against the real ReadyPay sandbox for everynon-empty Lookup family, 2026-06-04); in-repo fixtures historically used. Both are accepted, taking precedence. (HR-44 V5)
  • score: 2

type ManualCheckErrorCode

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:69
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Machine-readable validation failure codes for the manual-check gate.
  • score: 2

interface ManualCheckLineItemInput

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:22
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One earning line on the manual check (Encore-side input shape).
  • score: 2

interface ManualCheckOptionsInput

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Optional check-issuance options (vendor + flags).
  • score: 2

interface ManualCheckValidationError

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:76
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single typed validation failure (message is PHI-free + user-safe).
  • score: 2

interface MappedIdentityFields

  • file: supabase/functions/proliant-sync/unmatched-enrichment.ts:19
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The mapped, non-PHI identity fields surfaced from mapProliantEmployee.
  • score: 2

interface MappingCandidateTarget

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:29
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: An Encore-side value the model may pick. Constrains the output to real targets.
  • score: 2

interface MappingExample

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: An already-accepted mapping, supplied as a few-shot example.
  • score: 2

interface MappingRow

  • file: supabase/functions/_shared/transforms/rippling-to-hr.ts:6
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Rippling HRIS → Encore HR TransformerMaps source_rippling schema tables to hr_* tables
  • score: 2

interface MappingSourceItem

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:17
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A single item to map (e.g. a Proliant earning code + its description).
  • score: 2

interface MappingSuggestion

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:62
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One suggestion row returned to the consumer.
  • score: 2

interface MappingSuggestRequestBody

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:48
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Request body for the edge function.
  • score: 2

interface McpConnection

  • file: supabase/functions/_shared/mcp-client.ts:47
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Represents an active MCP connection
  • score: 2

interface McpRejectionContext

  • file: supabase/functions/_shared/mcp-rejection-audit.ts:19
  • kind: interface
  • core: edge-functions
  • spec: PF-127
  • summary: Non-PHI identity context for a rejection audit row.
  • see:
    • auditMcpRejections
  • score: 5

interface McpServerConfig

  • file: supabase/functions/_shared/mcp-client.ts:28
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Configuration for an MCP server
  • score: 2

interface McpToolInvocationResult

  • file: supabase/functions/_shared/mcp-client.ts:40
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of an MCP tool invocation
  • score: 2

interface MergedRetryPolicy

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:16
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Merged retry policy combining rule defaults + node-level overrides.
  • score: 2

type ModelLane

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:23
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The resolved model lane for a step. = a BAA/ZDR-covered model (cl/pm); = any other.
  • score: 2

type ModelWeights

  • file: supabase/functions/_shared/denial-model/inference.ts:42
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Alias for the weights object loaded from model storage.
  • score: 2

interface ModuleSettings

  • file: supabase/functions/cl-agent-draft-note/handler.ts:40
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Module settings read from DB.
  • score: 1

interface NarrativeBody

  • file: supabase/functions/cl-agent-draft-note/handler.ts:68
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The whitelist of narrative-only keys the model may populate.
  • score: 2

interface NewRxSyncRequest

  • file: supabase/functions/_shared/weno/transport.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Arguments for a NewRx sync fetch: the fully-built WENO request URL.
  • score: 2

type OnboardingPayloadResult

  • file: supabase/functions/proliant-sync/onboarding-builder.ts:47
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Either the vendor-ready payload, or the sorted list of missing REQUIRED vendor fields.
  • score: 2

interface OnboardingPushSourceModel

  • file: supabase/functions/proliant-sync/onboarding-builder.ts:32
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Encore-side source for an onboarding push (mirrors EmployeePushSourceModel fields used).
  • score: 2

interface OrgProcessingErrors

  • file: supabase/functions/workflow-executor-worker/queue-failure.ts:10
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal shape needed from a per-org ProcessingResult.
  • score: 2

interface OrphanClaimBlock

  • file: supabase/functions/process-era/orphan-helpers.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-09-EN-16: Pure helpers for ERA orphan-line capture.Kept free of imports (which pull in Sentry / npm specifiers)so they can be unit-tested with the Deno test runner directly.
  • score: 2

interface OwnedTaxFormEntry

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:44
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Raw owned TaxForm entry (content INCLUDED) for the single-document fetch.
  • score: 2

interface Parsed271

  • file: supabase/functions/_shared/x12/parse-271.ts:7
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 271 Eligibility Response ParserParses ANSI X12 271 (005010X279A1) eligibility/benefit responses.
  • score: 2

interface Parsed277CA

  • file: supabase/functions/_shared/x12/parse-277ca.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 277CA Claim Acknowledgment ParserParses ANSI X12 277CA (005010X214) claim-level acknowledgments.Provides per-claim accept/reject status after clearinghouse processing.
  • score: 2

interface Parsed999

  • file: supabase/functions/_shared/x12/parse-999.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 999 Functional Acknowledgment ParserParses ANSI X12 999 (005010X231A1) implementation acknowledgments.Used to confirm receipt and syntactic correctness of submitted X12 files.
  • score: 2

interface ParsedBenefitEnrollment

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:33
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Parsed enrollment row per employee per benefit line
  • score: 2

interface ParsedCobraEvent

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:45
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Parsed COBRA event from Rippling COBRA report
  • score: 2

interface ParsedEbSegment

  • file: supabase/functions/_shared/pm/benefit-parser.ts:18
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Subset of EB-loop fields produced by the clearinghouse adapter.
  • score: 2

interface ParsedERA

  • file: supabase/functions/_shared/x12/parse-835.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: X12 835 ERA (Electronic Remittance Advice) ParserParses ANSI X12 835 (005010X221A1) remittance data into structuredobjects for PM-09 payment posting.
  • score: 2

interface PayloadDigest

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:53
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The PHI-free envelope persisted as .
  • score: 2

interface PharmacyRecord

  • file: supabase/functions/_shared/weno/pharmacy-mapping.ts:43
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A pharmacy mapped from the WENO directory into the column shape.
  • score: 2

interface PhiAccessInput

  • file: supabase/functions/_shared/ai/agent-usage.ts:75
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A PHI touch to audit (identifiers + a sanitized category only — never a PHI value).
  • score: 2

interface PhiAccessRecord

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:159
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A per-operation PHI-access record (FR-14). Identities only — never PHI content.
  • score: 2

interface PlaidDisconnectDeps

  • file: supabase/functions/plaid-disconnect/index.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Auth/infra seams injected into , with production defaults. The user isauthenticated via the injected service client’s (same pattern asplaid-exchange-token) so the handler is testable without a live Supabase session.
  • score: 2

interface PlaidSyncResponseFull

  • file: supabase/functions/_shared/plaid-client.ts:90
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a full sync (all pages consumed). Use this when you need complete data.
  • score: 2

interface PlaidWebhookJwtPayload

  • file: supabase/functions/_shared/plaid-webhook-verify.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Decoded Plaid webhook JWT body. Plaid signs (hex sha256 of theraw request body) and (issued-at, epoch seconds) into the JWT; additional claimsare passed through unchanged.
  • score: 2

interface PlaidWebhookSyncMessage

  • file: supabase/functions/plaid-webhook/index.ts:59
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The plaid_webhook_sync message shape the worker (Task 13) drains.
  • score: 2

interface PriorRunRow

  • file: supabase/functions/proliant-payroll-run/expected-baseline.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A prior completed pay period’s actuals (period end, gross, deductions) readfrom the sync-run history and used to derive the amount baseline a new run isreconciled against.
  • score: 2

interface ProcedureGapEventPayload

  • file: supabase/functions/gr-procedure-gap-consumer/buildQIDraftFromGap.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: GR-13-EN-01: Build a draft QI project from a event payload.Pure function — no Supabase, no Deno, no I/O. Mirror of (kept in sync because edge functions cannot import from ).
  • score: 2

interface ProliantCapabilities

  • file: supabase/functions/_shared/proliant-capabilities.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Vendor-granted capability flags for a Proliant (ReadyPay) API client, derivedfrom .The endpoint returns a flat list of grant entries theclient’s OAuth credentials are provisioned for — e.g. ,, . It isresource-controller granular (no , no subpaths):the Lookup families are backed by their resource controllers’ GET grant( ⇐ ), so Lookuppull works without a literal entry.The sandbox provisions clients per resource: SBX0028 is granted Employee /Rate / Accrual / TimeImport / Earnings / code-controller writes, but NOT the run family, , or . Calling a non-grantedresource returns (HR-44 V4). Surfacingthese flags turns that opaque 401 into an actionable diagnostic — e.g. thesetup wizard can tell the admin exactly which directions are live and whichneed a ReadyPay grant.
  • score: 2

interface ProliantCredentials

  • file: supabase/functions/_shared/proliant-client.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Resolved Proliant API credentials for one integration (secrets pulled from the vault).
  • score: 2

type ProliantFixtureMap

  • file: supabase/functions/_shared/proliant-transport.ts:14
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Canned responses keyed by (path only, no query string).
  • score: 2

interface ProliantReportListItem

  • file: supabase/functions/proliant-reports/report-list-mapper.ts:20
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One sanitized vendor report, ready for the read-only admin list.
  • score: 2

interface ProliantRequestOptions

  • file: supabase/functions/_shared/proliant-client.ts:37
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Per-request options for (method, query, body, correlation id).
  • score: 2

interface ProliantTaxDocumentMeta

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:28
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: One metadata-only tax document entry for the self-service list.
  • score: 2

interface ProliantTransport

  • file: supabase/functions/_shared/proliant-transport.ts:9
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The single vendor-call boundary. already satisfies this shape.
  • score: 2

interface ProvisioningWelcomeInput

  • file: supabase/functions/_shared/provisioning-welcome.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Pure decision helper for the tenant-provisioning welcome step.Given whether the admin already had an account, returns: - : the Supabase Auth password-recovery email target for a brand-new admin (null when the admin already has a login), and - : an in-app (never email) welcome notification payload.No I/O — the caller () performs the side effects so thisstays unit-testable without a Supabase stack.
  • score: 2

type PullMergeDecision

  • file: supabase/functions/proliant-sync/sor-direction.ts:25
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: How a pulled value for a resource should merge (HR-44-EN-01 AC-3): it(overwrite Encore), it (Encore is authoritative — no clobber), or it for manual review. Returned by .
  • score: 2

interface PushEmployeeSubResourcesArgs

  • file: supabase/functions/proliant-sync/push-subresources.ts:89
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Inputs for : the vendor transport andidempotency log, the company/employee/integration identifiers, the resolvedEncore data to write back (pay rate, dependents, custom fields), and thecapability gates and log sink that keep each sub-resource push non-fatal.
  • score: 2

interface PushLogClient

  • file: supabase/functions/proliant-sync/push-idempotency.ts:17
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal Supabase client surface this module needs (service-role in practice).
  • score: 2

interface PushSafety

  • file: supabase/functions/proliant-sync/push-scope.ts:43
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The safety posture of an employee push (HR-44-EN-01 AC-12) — whether it isscoped to an explicit set, whether it is a dry-run preview, and whether itwill actually write to the vendor. Produced by .
  • score: 2

interface RawHubspotWebhookEvent

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:109
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Raw v3 webhook event fields the receiver consumes (research R3).
  • score: 2

interface RawNarrativeOutput

  • file: supabase/functions/cl-agent-draft-note/handler.ts:76
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Raw model output (may contain extra keys; stripped by mapNarrative).
  • score: 2

interface ReconciliationMatchInput

  • file: supabase/functions/plaid-apply-rules/reconciliation-match.ts:16
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: FA-21 AC-2 (#943): pure builder for fa_reconciliation_matches insert rowswritten by plaid-apply-rules when a rule or category mapping auto-creates ajournal entry. Kept free of Deno imports so it can be unit-tested directlyfrom Vitest (Node) — mirrors the _shared pure-module pattern.The insert shape mirrors ai-match-transactions (organization_id,reconciliation_id, bank_line_id, gl_line_id, match_type, match_confidence,notes) plus the NOT NULL the table requires (FK - pf_profiles). is the deterministic-match value permitted by the table’sCHECK constraint (‘auto’ | ‘manual’ | ‘ai_auto’ | ‘ai_suggested’); it matchesthe baseline fa_auto_match_transactions function. No migration is required.
  • score: 2

interface RecorderCaptureEvent

  • file: supabase/functions/_shared/recorder-transport.ts:23
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A captured event (no — the edge never transmits field contents).
  • score: 2

type RecorderErrorCode

  • file: supabase/functions/_shared/recorder-transport.ts:20
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: PF-119: Recorder capture transport (Deno/edge side).Mirrors (fixture | worker | unavailable). The control plane(auth, org access) stays stable while the how of capturing a guided browsersession evolves: - (default in the edge runtime): no browser here, so a live capture cannot run; returns PORTAL_AUTOMATION_UNAVAILABLE. The recorder UI degrades to the guided step-builder. - : POST to the external self-hosted Playwright worker’s record endpoint, which instruments a real session and returns a trace. Wired but gated on standing up the worker (PORTAL_WORKER_URL) — the deferred pilot. - (PORTAL_BOT_FIXTURE_TRANSPORT=1 or PORTAL_RECORDER_FIXTURE=1): a deterministic Optum-style trace so the compile → review → save path is hermetically testable with NO live browser. NEVER carries captured values (no secret/PHI ever transits the edge).
  • score: 2

type RedactFn

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:38
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: The injected redactor (the canonical ). MAY throw fail-closed.
  • score: 2

interface RedactionContext

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Caller-supplied literal identifiers to remove (names/MRNs/ids known from context).
  • score: 2

interface RedactionResult

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:43
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a redaction: PHI-safe text + per-category match counts (never values).
  • score: 2

interface Redactor

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:19
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A redactor decides whether a declared field’s value is PHI-bearing (and thus redacted).
  • score: 2

interface RegistryToolDef

  • file: supabase/functions/_shared/registry-tool-resolution.ts:18
  • kind: interface
  • core: edge-functions
  • spec: PF-127
  • summary: A model tool definition (matches the shape consumed by the agentic loop).
  • see:
    • resolveRegistryToolDefs
  • score: 5

type RejectionAuditRpc

  • file: supabase/functions/_shared/mcp-rejection-audit.ts:34
  • kind: type
  • core: edge-functions
  • spec: PF-127
  • summary: Minimal Supabase RPC surface (production: ).
  • see:
    • auditMcpRejections
  • score: 5

interface ReminderConfig

  • file: supabase/functions/_shared/reminder-engine.ts:111
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Configuration for the reminder engine.Each reminder function defines one of these configs.
  • score: 2

interface ReminderResult

  • file: supabase/functions/_shared/reminder-engine.ts:184
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of processing reminders.
  • score: 2

interface ReminderThreshold

  • file: supabase/functions/_shared/reminder-engine.ts:79
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Configuration for a reminder threshold.Thresholds define how notifications change based on days until due.They are evaluated in order - the FIRST matching threshold wins.
  • example: | // Overdue: days 0 maxDays: 0, type: ‘overdue’, title: ‘Overdue’, bodyTemplate: ’…’, priority: ‘high’ // Due within 7 days: 0 = days = 7 maxDays: 7, type: ‘due_soon’, title: ‘Due Soon’, bodyTemplate: ’…’, priority: ‘normal’
  • score: 5

interface RequirementCascadeInput

  • file: supabase/functions/gr-compliance-on-regulatory-report/resolveRequirementId.ts:10
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: GR-14-EN-01: requirement-id resolution cascade for the GR-03 complianceconsumer. Pure (no Deno-specific imports → unit-testable from Vitest).SECURITY-REVIEW FIX M1: the cascade is PER-ORG only. has NO platform-default (organization_id IS NULL) rows — isorg-scoped and cannot be a global default — so there is no platform-defaultrequirement-map tier. Cascade: org map row → gr_module_settings default → null.
  • score: 2

type ResolveToolsRpc

  • file: supabase/functions/_shared/registry-tool-resolution.ts:29
  • kind: type
  • core: edge-functions
  • spec: PF-127
  • summary: Minimal Supabase RPC surface (production: ).
  • see:
    • resolveRegistryToolDefs
  • score: 5

interface ResumeState

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:254
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Rehydrated state returned by (FR-5).
  • score: 2

interface RetryConfig

  • file: supabase/functions/_shared/transport/retry.ts:8
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-15-P2: Exponential Backoff Retry + Dead-LetterProvides retry logic for clearinghouse transport operations.Failed operations beyond max retries are flagged for dead-letter review.
  • score: 2

interface RetryOptions

  • file: supabase/functions/_shared/retry.ts:25
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Options for retry behavior.
  • score: 1

type RetryStrategy

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:13
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Retry strategy types.
  • score: 1

interface RiskRule

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:33
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A risk-rule row as the classifier consumes it (subset of ). is a platform-seeded global default; a non-null value is anadditive per-org override.
  • score: 2

interface RunRpcClient

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:205
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal Supabase-RPC surface the governed-RPC callers need (user- or service-scoped).The return is (not ) because supabase-js yields athenable , which resolves but which is not a .
  • score: 2

interface RunStateMachineDeps

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:232
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Injectable dependencies for / .All optional; defaults call the real governed RPCs and . Testsoverride these to drive lifecycle/spine/budget branches without a DB or network.
  • score: 2

interface ScheduleAuthDeps

  • file: supabase/functions/calendar-schedule/index.ts:113
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Auth/infra seams injected into , with production defaults. Thecross-org-caller denial guard (#1351) is a security boundary, so it is exercisedby a Deno unit test that injects a stub authenticating a real user and a that denies — without a live stack. Production calls and the defaults wire the real helpers, sothe service-role/cron sentinel + platform-admin parity baked into the real are preserved verbatim.
  • score: 2

interface ScheduleNode

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal schedule shape needed for conflict analysis.
  • score: 2

interface SchedulingReadClient

  • file: supabase/functions/intake-agent-run/provider-availability.ts:13
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A structural subset of the Supabase client this read needs (so it is unit-testable).
  • score: 2

interface SelectJoin

  • file: supabase/functions/_shared/reminder-engine.ts:102
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A select clause addition for joining related data.
  • example: | // Joins the course title via foreign key field: ‘course:gr_training_courses(title)’, alias: ‘course’
  • score: 5

interface ServiceAccountKey

  • file: supabase/functions/_shared/google-workspace-client.ts:88
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Decoded Google service-account JSON key; only and are used, other fields are tolerated.
  • score: 2

interface ServiceTypeMapping

  • file: supabase/functions/_shared/pm/service-type-mapper.ts:16
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: PM-02-EN-02: Service Type MapperMaps X12 271 EB service type codes to user-friendly behavioral-healthcategories and labels. v1 ships a hardcoded default mapping; per-payeroverrides are deferred (see CONTEXT.md “Open Questions”).NOTE: This file is mirror-maintained at supabase/functions/_shared/pm/service-type-mapper.tsEdge Functions cannot import / aliases; if logic changes here, updatethe mirror copy as well. See PM-02-EN-02-CONTEXT.md § D3. shared/lib/pm/service-type-mapper
  • score: 2

type Severity

  • file: supabase/functions/gr-cap-from-audit-finding/resolveCapAction.ts:11
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: GR-04-EN-01 — pure gate logic for the gr-cap-from-audit-finding consumer.Decides whether an audit_finding_created event should proceed to CAP creation: - severity gate: only / findings auto-create CAPs. - requirement gate: a finding with no requirement_id cannot be resolved to an accreditation standard, so it is skipped.Pure (no I/O) so it is unit-testable without a stack.
  • score: 2

interface SkillExample

  • file: supabase/functions/_shared/skill-agent.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Input/output example for guiding responses (mirrors client-side SkillExample; from JSONB)
  • score: 2

interface SkillGovernanceFields

  • file: supabase/functions/_shared/skill-agent.ts:112
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal shape of the loaded skill row needed for the PF-120 runtime gate.Kept structural (not the full generated Row) so the gate is unit-testablewithout the DB and tolerant of the additive PF-120 columns being absent onolder rows (treated as not-yet-governed → blocked unless system).
  • score: 2

interface SkillGuidanceFields

  • file: supabase/functions/_shared/skill-agent.ts:45
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The skill-intrinsic guidance fields that PF-62 Phase-0 composes into theassembled system prompt. Kept structural so the composer is unit-testablewithout a DB row, and tolerant of any of the columns being absent/empty.
  • score: 2

interface SkillRAGConfig

  • file: supabase/functions/_shared/skill-agent.ts:55
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: RAG configuration derived from skill settings
  • score: 2

interface SpineProviders

  • file: supabase/functions/_shared/ai/agent-spine.ts:24
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Availability of the external guardrail seams PF-125 consumes but does not own. InPhase 1 the real providers are absent, so the defaults report them inactive — thespine is intentionally unsatisfiable until PF-27-EN-01 / PF-126 wire in.
  • score: 2

interface SpineVerdict

  • file: supabase/functions/_shared/ai/agent-spine.ts:46
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Verdict from : whether the spine holds, and which elements are absent.
  • score: 2

interface SsrfCheck

  • file: supabase/functions/_shared/ssrf-guard.ts:26
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: SSRF egress guard for edge functions that make outbound connections totenant/admin-configured destinations (outbound webhooks, REST API actions,SFTP actions).The destination of these requests is attacker-influenceable (an org admin —or anyone who can write the webhook/connection row — supplies the URL/host),so without a guard the function can be coerced into requesting internalservices or the cloud metadata endpoint (Server-Side Request Forgery).This module blocks loopback, RFC1918 private, carrier-grade NAT, link-local(incl. the 169.254.169.254 cloud metadata address), and other reservedranges — for both IP-literal hosts AND (best-effort) DNS-resolved hostnames,which defeats the common “public hostname that resolves to a private IP”DNS-rebinding variant.Design notes:- Fail-closed on a confirmed private destination (IP literal or a hostname that resolves to a private IP).- Fail-open only when DNS resolution is unavailable/errors — we then fall back to the literal check (so we never break a legitimate webhook just because the runtime cannot resolve DNS). This matches the prior inline behaviour in workflow-api-action while strictly strengthening it.
  • score: 2

type SubResourceAction

  • file: supabase/functions/proliant-sync/push-subresources.ts:45
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Per-sub-resource push outcome recorded in the sync log: /on a successful vendor write, on a non-fatal vendor error, and when idempotency or a capability gate suppressed the call.
  • score: 2

type SubResourceEntityType

  • file: supabase/functions/proliant-sync/push-subresources.ts:51
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Sync-log entity types this module emits — a subset of the DB CHECK on (and of index.ts’s ).
  • score: 2

type SubResourceLogSink

  • file: supabase/functions/proliant-sync/push-subresources.ts:61
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Best-effort sync-log sink. Implementations MUST never throw.
  • score: 2

type SuppressionChannel

  • file: supabase/functions/_shared/ce-suppression.ts:9
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: CE-16: Shared suppression-check helpers for edge functions.Server-side enforcement for SMS/Email/Phone sends. Mirrors theclient-side semantics: blocksevery channel, otherwise the per-channel column is consulted.
  • score: 2

interface SyncWorkerEnv

  • file: supabase/functions/_shared/ce-hubspot-sync-worker-core.ts:118
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: HubSpot endpoints + app credentials, resolved by the runtime wrapper.
  • score: 2

interface SystemActorClient

  • file: supabase/functions/fa-payroll-je-consumer/system-actor.ts:21
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The minimal surface this needs.
  • score: 2

type TaskPushResult

  • file: supabase/functions/calendar-task-push/index.ts:39
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Discriminated result of the push pipeline (HTTP status is derived by the caller).
  • score: 2

interface TimeConflict

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:22
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Two schedules whose next runs fall within the tolerance of each other.
  • score: 2

interface ToolDefinition

  • file: supabase/functions/_shared/tool-handlers.ts:19
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Anthropic tool definition format
  • score: 2

interface ToolResult

  • file: supabase/functions/_shared/tool-handlers.ts:30
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of a tool execution
  • score: 1

interface ToolsGateDecision

  • file: supabase/functions/_shared/ai/agent-spine.ts:67
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The tools-gate decision for a run (AC-2 / FR-8 / FR-9).
  • score: 2

interface TraceContext

  • file: supabase/functions/_shared/ai/provider.ts:41
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Optional observability correlation, consumed only by the tracing decorator() and ignored by the gateway request body. Carries NO content —just identifiers used to group/filter traces in Langfuse.
  • score: 2

interface TransferUser

  • file: supabase/functions/_shared/plaid-client.ts:867
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Plaid transfer recipient user information. Contains PII (legal_name, phone_number, email_address, address).These fields MUST NOT be:- Logged to console or external telemetry- Persisted in plaintext storage- Included in error messagesUse the plaidRequest function pattern for safe handling of requestscontaining this data - it avoids logging request/response bodies.
  • score: 2

type TransportErrorCode

  • file: supabase/functions/ce-submit-optum-pa/transport.ts:28
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: CE-69: Optum PA submission transport.The submission to the Optum AZ portal (pct.my.site.com/AZPriorAuth/s/) is apluggable transport so the orchestration (auth, DB writes, audit, fallback)stays stable while the how evolves: - (default in the Supabase Deno edge runtime): headless-browser automation (Playwright/Chromium) cannot run inside the edge runtime, so the live transport returns PORTAL_AUTOMATION_UNAVAILABLE and the caller degrades to guided manual fallback (AC-6). A real submission path requires either the Optum REST API (beta, not yet GA) or an external browser worker. - (PRIOR_AUTH_FIXTURE_TRANSPORT=1): deterministic success/error for hermetic integration tests — NO live portal calls in CI (spec Q2).When the Optum API GAs (or a browser worker is wired), add a /transport here; the index.ts contract and DB shape do not change. - (PF-119 pilot hook, opt-in, default OFF): routes the submission through the shared portal-bot worker via the seam ( → ) instead of running a browser in the edge runtime. The live cutover is the PF-119 Phase-3 pilot (it needs the external browser worker + a ToS-approved Optum portal flow), so until then this returns the honest “unavailable” and CE-69 keeps its manual fallback (AC-6). This is the documented CE-69 → PF-119 integration point.
  • score: 2

interface TransportInput

  • file: supabase/functions/ce-submit-optum-pa/transport.ts:49
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Credentials + PHI-bearing payload are passed in-memory only; never logged.
  • score: 2

interface UnmatchedProfileRaw

  • file: supabase/functions/proliant-sync/unmatched-enrichment.ts:36
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The shape persisted into hr_proliant_sync_log.proliant_raw for an unmatched row. The index signature keeps it assignable to the jsonb column type (Recordstring, unknown) without a cast at the call site.
  • score: 2

interface UsageRpcClient

  • file: supabase/functions/_shared/ai/agent-usage.ts:70
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Minimal supabase-rpc surface (thenable PostgrestFilterBuilder), mirroring PF-125 RunRpcClient.
  • score: 2

interface ValidateAuthOptions

  • file: supabase/functions/_shared/auth.ts:45
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Options accepted by to control authentication behaviour.Set to to reject internal service-role callson endpoints that must always operate under a real user session.
  • see:
    • validateAuth
  • score: 5

interface ValidationError

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:126
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Validation error detail for a single field.
  • score: 2

interface ValidationFailure

  • file: supabase/functions/_shared/weno/validators.ts:20
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: CL-06-EN-23: WENO payload validators (Deno port of the canonicalsrc/cores/cl/integrations/weno/validators.ts).Pure validation — no I/O, no PHI in error messages. Errors return fieldnames + sanitized reasons only. Required/conditional rules follow WENO’s §5ComposeRx schema (1..1 required, ⚠️ C1..1 conditional).This is the canonical EDGE-SIDE home: edge functions cannot import from (separate Deno build, rootDir barrier), so the src copy is mirroredhere. The two are pinned together bytests/unit/cl/weno/validators-parity.test.ts so they can never silentlyre-drift. The edge function consumes , which is athin flat-string adapter over the canonical .
  • see:
    • src/cores/cl/integrations/weno/validators.ts (canonical, unit-tested)
    • docs/weno/WENO_EZ_Integration_Context.md §5
  • score: 5

interface ValidationResult

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:132
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Result of structured output validation.
  • score: 2

interface ValueMapPolicy

  • file: supabase/functions/_shared/import-transforms.ts:38
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The decoded payload of a JSON-encoded value_map transform.
  • score: 2

interface VerifyResult

  • file: supabase/functions/plaid-webhook/index.ts:46
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Verification result the handler consumes (sig + iat freshness validated → payload trusted).
  • score: 2

interface VersionedHandlers

  • file: supabase/functions/_shared/versioning.ts:19
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: A map of version keys (e.g. , ) to request handlers.
  • score: 2

interface VersioningOptions

  • file: supabase/functions/_shared/versioning.ts:24
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Options for .
  • score: 1

type WenoEndpointType

  • file: supabase/functions/_shared/weno/request-builder.ts:25
  • kind: type
  • core: edge-functions
  • spec: (none)
  • summary: Endpoint kinds WENO exposes for an EZ launch.
  • score: 2

interface WenoLaunchCreds

  • file: supabase/functions/_shared/weno/request-builder.ts:32
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Per-user WENO credentials, sourced server-side from the vault. These areinjected into the wire payload by the builder; they MUST NOT originate fromclient-supplied data or appear in any client-visible payload.
  • score: 2

interface WenoTransport

  • file: supabase/functions/_shared/weno/transport.ts:34
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: The WENO vendor network boundary. Implementations either hit the real WENOendpoints (production/live) or return injected fixtures (deterministic tests);all other logic — auth, crypto, parsing, persistence — is identical regardless.
  • score: 2

interface WidgetQueryDeps

  • file: supabase/functions/pf_widget_query/index.ts:24
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Injectable auth collaborators for handleRequest, so tests can substitute the auth/org-access checks without a live Supabase. Production uses defaultDeps (the real _shared/auth helpers).
  • score: 2

interface WorkflowStep

  • file: supabase/functions/_shared/skill-agent.ts:18
  • kind: interface
  • core: edge-functions
  • spec: (none)
  • summary: Workflow step for multi-phase execution (mirrors client-side WorkflowStep)
  • score: 2

Functions & utilities

function _awsTranscribeMedicalCostUsd

  • file: supabase/functions/_shared/transcription/vendor-adapters/aws-transcribe-medical-adapter.ts:62
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Cost calc helper exposed for the router/cost-ledger when AWS path is wired.
  • score: 4

function _parseAssemblyaiFixture

  • file: supabase/functions/_shared/transcription/vendor-adapters/assemblyai-adapter.ts:144
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Test seam — parses an AssemblyAI completed response without making an HTTP call.
  • score: 4

function _parseAwsTranscribeMedicalFixture

  • file: supabase/functions/_shared/transcription/vendor-adapters/aws-transcribe-medical-adapter.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Test seam — parses an AWS Transcribe Medical fixture without making an HTTP call.
  • score: 4

function _parseDeepgramFixture

  • file: supabase/functions/_shared/transcription/vendor-adapters/deepgram-adapter.ts:130
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Test seam — parses a fixture Deepgram response without making an HTTP call.
  • score: 4

function _resetAllowlistCache

  • file: supabase/functions/_shared/mcp-config.ts:83
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Reset the cached allowlist (for testing only).
  • score: 4

function acquireAuthHeader

  • file: supabase/functions/_shared/transport/rest-transport.ts:98
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the header value for a clearinghouse request, honoringthe provider’s auth scheme: - ‘api_key’ → (Stedi) - ‘oauth2’ → (acquires/caches a client_credentials token)Exported so the retrieve edge function can share one auth code path.
  • score: 4

function addBusinessDays

  • file: supabase/functions/_shared/business-calendar.ts:142
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Adds N business days to a date.
  • score: 4

function addChannelMember

  • file: supabase/functions/_shared/entra-client.ts:806
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Add a user to a channel (for private/shared channels).
  • score: 4

function addChannelTab

  • file: supabase/functions/_shared/entra-client.ts:1539
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Add a custom tab to a Teams channel.Requires TeamsTab.ReadWrite.All.
  • score: 4

function addSharePointGroupMember

  • file: supabase/functions/_shared/entra-client.ts:908
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Add a user to a SharePoint group (Microsoft 365 group).
  • score: 4

function addTeamMember

  • file: supabase/functions/_shared/entra-client.ts:731
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Add a user to a team.Returns the membership ID for later removal.
  • score: 4

function advancePollCursor

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:202
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Next after a poll: the newest modification among the resultsthat were actually enqueued, never earlier than the current cursor. Anempty/failed enqueue holds the cursor so the next tick re-polls the window.
  • score: 4

function agentActionGovernanceAvailable

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:182
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Whether PF-126’s runtime action governance is available to the PF-125 spine — true only whenthe PF-45 flag is on. An integration site composes this into ;the spine still requires PF-27-EN-01 to be satisfied, so PF-126 alone doesnot open the tools gate in Phase 1.
  • score: 4

function applyFieldMappings

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:66
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Apply in-direction mappings to a HubSpot properties object. Unmappedproperties are returned in (logged at debug level only — AC-9);null/undefined values pass through so a cleared HubSpot field clears themapped Encore field.
  • score: 4

function applyFieldMappings

  • file: supabase/functions/_shared/import-transforms.ts:131
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Apply field mappings to a raw row, producing the mapped output. Fields whosesource value is null/undefined are omitted.
  • score: 4

function applyRetryJitter

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:130
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Applies full jitter: returns a random value in [0, computedDelay].Per CONTEXT.md: “spread retries in [0, computedDelay]”.
  • score: 4

function applyTransform

  • file: supabase/functions/_shared/import-transforms.ts:99
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Apply a single transform to a value. Preserves the edge function’s existingsemantics for the plain-name transforms and adds value_map.
  • score: 4

function assertCapabilityAllowed

  • file: supabase/functions/_shared/google-workspace-client.ts:168
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-closed PHI gate. Throws when capability is PHI-capable and BAA is not attested,or when the capability flag is disabled.
  • score: 4

function assertPublicHost

  • file: supabase/functions/_shared/ssrf-guard.ts:107
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate a destination host (e.g. an SFTP host) for an outbound connection.Performs the literal check, then best-effort DNS resolution to catch apublic hostname that resolves to a private address.
  • score: 4

function assertPublicHttpUrl

  • file: supabase/functions/_shared/ssrf-guard.ts:144
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate an outbound URL for fetch(): scheme must be http(s) and the hostmust be public (literal + best-effort DNS).
  • score: 4

function assertSystemActorExists

  • file: supabase/functions/fa-payroll-je-consumer/system-actor.ts:35
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Throw if the seeded System Automation profile does not exist (or cannot bechecked). Resolves silently when present.
  • score: 4

function assertToolCallIsAllowed

  • file: supabase/functions/_shared/ai/tool-guard.ts:40
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Assert that is present in the declared tools array.The argument matches the OpenAI-compatible array that received (entries have a field).Throws on violation — callers MUST catch andconvert to an error tool-result instead of letting the exception propagate(to preserve the existing loop control-flow).
  • score: 4

function assignLicense

  • file: supabase/functions/_shared/entra-client.ts:513
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Assign a license to a user.
  • params:
    • credentials — Azure AD app credentials
    • userId — Entra user ID
    • skuId — License SKU ID
    • correlationId — Request correlation ID
  • score: 1

function auditMcpRejections

  • file: supabase/functions/_shared/mcp-rejection-audit.ts:64
  • kind: function
  • core: edge-functions
  • spec: PF-127
  • summary: Write a denied/not_allowlisted row for each rejected MCP server.Returns the count successfully written. FAIL-SOFT: an individual audit error (returned orthrown) is swallowed so a logging failure never breaks the agent run.
  • score: 5

function base64UrlDecode

  • file: supabase/functions/_shared/google-workspace-oauth.ts:9
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decodes unpadded base64url into bytes.
  • score: 4

function batchCreateNotifications

  • file: supabase/functions/_shared/notification-utils.ts:304
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Process a batch of notifications with dedup checking.Useful for processing multiple reminders in a loop.
  • score: 4

function bootstrapSharedEntraSecret

  • file: supabase/functions/_shared/entra-credentials.ts:115
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Pin the platform shared-app client secret into the org vault after a successfulconnection test. Survives Supabase project restores where edge secrets may be absent.Only runs for orgs using the shared Encore app id (not BYO).
  • score: 4

function bucketPunchLocalDate

  • file: supabase/functions/_shared/punch-bucketing.ts:2
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Local calendar date (YYYY-MM-DD) for a punch, using its resolved IANA timezone.
  • score: 4

function build837i

  • file: supabase/functions/_shared/x12/generate-837i.ts:100
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generate 837I claim segments (between ST/SE envelope) per 005010X223A2.Returns segment array — caller joins with and wraps in envelope.
  • score: 4

function buildAdminClient

  • file: supabase/functions/_shared/google-workspace-client.ts:405
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build an Admin SDK client for the org’s connection. Caller MUST gate by capability. is the Workspace super-admin to impersonate (DWD subject).
  • score: 4

function buildAgentMessageRow

  • file: supabase/functions/_shared/cowork/agent-message.ts:58
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the attributed pf_messages row WITHOUT touching the database. Pure + synchronous sothe stamping contract (both attribution columns set, content_type pinned) is unit-testablewithout a stack. Throws on empty content (Postgres requires non-null; 10000 chars isrejected by pf_messages_content_check at the DB).
  • score: 4

function buildAppealPrompt

  • file: supabase/functions/pm-ai-appeal-letter/index.ts:82
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build PHI-minimized prompt messages for appeal letter generation.Only coded, non-PHI context flows to the model. PM-29-EN-01 FR-3
  • score: 4

function buildCalendarClient

  • file: supabase/functions/_shared/google-workspace-client.ts:528
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-101 (T6.1, T6.2): Calendar/Meet client. Caller must pre-validate matches the connection’s (sender allowlist).
  • score: 4

function buildCareGapEventRow

  • file: supabase/functions/_shared/cl-care-gap-event.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the PHI-minimized row for one identified care gap.Only ids/categoricals/timestamp flow into the payload.
  • score: 4

function buildChatClient

  • file: supabase/functions/_shared/google-workspace-client.ts:738
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-101 (T6.4): Chat client. Sends template-rendered text messages into amapped Chat space. PHI is ALWAYS blocked in Chat (PF-101 Open Decision #4):callers must render only approved PF-10 templates and never log the text.Goes through the ‘chat’ capability gate (capability flag + BAA, fail-closed).
  • score: 4

function buildCheckRequest

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:138
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate + map an Encore manual-check request to the vendor. Returns (all failures, not justthe first) when the practically-required fields are missing/invalid.
  • score: 4

function buildCodeDefinition

  • file: supabase/functions/proliant-sync/writeback-builders.ts:259
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Code-definition body for POST Company/co/EarningCode|DeductionCode|JobCode|ShiftCode|CostCenterNcode. Cost centers also require + use (others use ). Verified live → “Created!”.
  • score: 4

function buildCodeResolver

  • file: supabase/functions/proliant-sync/code-resolver.ts:30
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a from rows.
  • score: 1

function buildCodingPrompt

  • file: supabase/functions/pm-ai-coding-suggest/prompt.ts:104
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Build the AI message array for the coding suggestion request.
  • params:
    • input — Coding prompt inputs; note text MUST already be de-identified.
  • returns: AIMessage array for use with createAIProvider().chat()
  • score: 5

function buildComposeRxObject

  • file: supabase/functions/_shared/weno/request-builder.ts:111
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the WENO ComposeRx wire object in the vendor’s documented field order.Credentials (, , ) are injected from theserver-resolved ; never from the client payload.Empty optionals are omitted (WENO errors on empty-valued optional fields).
  • score: 4

function buildContactsPageUrl

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:82
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: GET URL for one contacts list page.
  • score: 4

function buildDeductionAssignments

  • file: supabase/functions/proliant-sync/writeback-builders.ts:126
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Employee deduction-code assignments for (one body per assignment). Required: (a deduction code) + .Verified: → “Created!”.
  • score: 4

function buildDependentPayloads

  • file: supabase/functions/proliant-sync/writeback-builders.ts:194
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: HR-44-EN-03 AC-3 — employee dependents for POST Company/co/Employee/id/DependentEmployeeDependentViewModel).Source rows are (Encore is the system of record);only rows are pushed. Required per swagger: ,, , , — the vendor requiresthe KEYS, so the booleans default explicitly (isDependent=true — this IS thedependent push; beneficiary=false and smoker=false — Encore does not trackeither yet; isHandicapped=is_disabled). is the Encore row id:caller-supplied, stable, and what makes the create idempotent + linkable.SSN (PHI) is DELIBERATELY OMITTED in v1: stays encrypted atrest (never decrypted here, never logged) and is never sent.The vendor’s Dependent grant is absent today (canPushDependents=false live),so this lane is fixture-proven; a vault-broker SSN lane gets designed whenthe ReadyPay grant lands. See HR-44-EN-03 AC-4.relationship/sex resolve through the dependent_relationshipgender families WHEN mapped; no dependent-relationship codefamily is pulled from Proliant today, so unresolved values fall back to alight normalization (swagger enums: relationship “Child, Spouse, Other, orNULL”; sex “M, F, or NULL”) and otherwise pass through raw for the cutoveradmin to map.
  • score: 4

function buildDeprecationHeaders

  • file: supabase/functions/_shared/deprecation.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the full set of deprecation response headers per FR-3.1.
  • params:
    • — opts.sunsetHttpDate - RFC 7231 IMF-fixdate string (e.g. “Wed, 11 Nov 2026 23:59:59 GMT”).
    • — opts.successorMigrationUrl - URL to the migration guide for the successor version.
  • returns: Record of header name → value for Deprecation, Sunset, and Link.
  • score: 4

function buildDirectDepositsPush

  • file: supabase/functions/proliant-sync/writeback-builders.ts:76
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Direct deposits for (array). Required perentry: , , and must be a valid type — verified (‘R’/‘Remainder’/‘Amount’/‘Net’ rejected as “Invalid depositAmount Type”). Verified live → “direct deposits have been updated!”.
  • score: 4

function buildDriveClient

  • file: supabase/functions/_shared/google-workspace-client.ts:675
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-101 (T6.3): Drive metadata client. Lists shared drives and folders —ids and names ONLY. File contents are never read; PF-11 documentexport/import stays explicit-action-only and out of this client’s scope.Goes through the ‘drive’ capability gate (capability flag + BAA, fail-closed).
  • score: 4

function buildEarningAssignments

  • file: supabase/functions/proliant-sync/writeback-builders.ts:150
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Employee earning-code assignments for (onebody per assignment). Required: (an earning code) + .Verified: → “Created!”.
  • score: 4

function buildEarningsImport

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:97
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build vendor earning lines from explicit batch input. Per-line validation:an invalid line yields a typed ; valid lines stillbuild. Pure — unit-tested without the Deno runtime.
  • score: 4

function buildEmbedClaims

  • file: supabase/functions/_shared/analytics/embed-token.ts:68
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the signed-token claim set for a mint request (no raw data; single-org; ≤15m).
  • score: 4

function buildEmergencyContactsPush

  • file: supabase/functions/proliant-sync/writeback-builders.ts:107
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Emergency contacts for (array, whole-setreplace). Fields map to the swagger . Required perentry: .
  • score: 4

function buildEnvelope

  • file: supabase/functions/_shared/x12/envelope.ts:73
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a complete X12 interchange envelope with ISA/GS/ST…SE/GE/IEA.
  • score: 4

function buildFairnessBuckets

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:356
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the complete de-identified object for storage in. Returns ONLY coarse buckets — no rawdemographic value is ever included. PM-50-EN-01 FR-1, FR-5
  • score: 4

function buildFHIROperationOutcome

  • file: supabase/functions/cl-lab-result-ingestion/ack-response.ts:36
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a FHIR OperationOutcome JSON response body.
  • score: 4

function buildFollowUpCalendarEvent

  • file: supabase/functions/_shared/calendar-provider.ts:60
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a single PHI-safe, all-day calendar event for a follow-up due date.The builder takes ONLY the due date + deep-link, so a raw task title cannever reach the Graph payload by construction.
  • score: 4

function buildFollowUpTaskInsert

  • file: supabase/functions/_shared/follow-up-task.ts:56
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the insert for a meeting-sourced follow-up.
  • score: 4

function buildHL7v2Ack

  • file: supabase/functions/cl-lab-result-ingestion/ack-response.ts:12
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build an HL7v2 ACK message.
  • score: 1

function buildHubspotAuthorizeUrl

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:130
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Builds the HubSpot authorization URL for the connect redirect.
  • score: 4

function buildIdentityPayload

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:131
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the payload from raw HubSpot properties.
  • score: 4

function buildImpactClassifierPrompt

  • file: supabase/functions/_shared/gr-impact-classifier.ts:110
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the user prompt for the impact classifier.SECURITY: diffExcerpt MUST have been passed through neutralizeToolResult() before calling.The prompt never contains org IDs, user data, or PHI.
  • params:
    • diffExcerpt — neutralized content excerpt (max 3000 chars applied here)
    • requirements — org requirements with 1-based numbering in prompt
    • jurisdictionLabel — human-readable jurisdiction label (no org name/ID)
  • score: 4

function buildLicensingClient

  • file: supabase/functions/_shared/google-workspace-client.ts:581
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-101 (T6.5): License Manager client. Idempotent assign/revoke.
  • score: 4

function buildMcpRejectionLog

  • file: supabase/functions/_shared/mcp-rejection-audit.ts:43
  • kind: function
  • core: edge-functions
  • spec: PF-127
  • summary: Build the params for one rejected MCP server (keys + decision only — PHI-free).
  • score: 5

function buildOnboardingPayload

  • file: supabase/functions/proliant-sync/onboarding-builder.ts:118
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the onboarding payload, or report the missing REQUIRED vendor fields.Returns when every required field is present, (sorted vendor field names) otherwise — the caller skips with that reason.
  • score: 4

function buildOrgContextBlock

  • file: supabase/functions/_shared/ai-org-context.ts:257
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Assemble the single org-context block for an organization, once per request.
  • params:
    • supabase — Service-role (or org-scoped) Supabase client.
    • organizationId — The resolved org UUID (never trusted from the request body).
  • returns: The labeled block, or when there is nothing to inject (no published article and no structured facts) — a graceful no-op the caller drops via . PHI-safe by construction: reads only business facts + the article (via ); never queries PHI-bearing tables.
  • score: 4

function buildOrphanInsertRow

  • file: supabase/functions/process-era/orphan-helpers.ts:28
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the row payload for an unmatched 835 claim block.Pure function — no I/O.
  • score: 4

function buildPayloadDigest

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:88
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the PHI-free envelope for an action (FR-4). Field values are nevercopied in — each declared field becomes where is theinjected redactor’s verdict. is opacified. Reads as non-PHI-by-construction.
  • params:
    • input — The action shape (identifiers + declared write fields + attachment summary).
    • redactor — The redaction policy; defaults to the PF-27-EN-01 .
  • score: 4

function buildPayrollJournalEntry

  • file: supabase/functions/fa-payroll-je-consumer/je-builder.ts:43
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Builds a balanced, draft PAYROLL-sourced journal entry from mapped GL lines.Throws if total debits !== total credits (tolerance 0.005).
  • score: 4

function buildPollSearchBody

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:83
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Search body for contacts modified at/after the cursor, oldest first.
  • score: 4

function buildPushKey

  • file: supabase/functions/proliant-sync/push-idempotency.ts:50
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a stable idempotency key: . identifies the logical target (e.g. an employee id, or a pair); is from .
  • score: 4

function buildRatePush

  • file: supabase/functions/proliant-sync/writeback-builders.ts:32
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Employee pay-rate body for . Required: (a Rate lookup code) + . is the hourly/numeric rate.Verified: → “Rate created!”.
  • score: 4

function buildReconciliationMatchRow

  • file: supabase/functions/plaid-apply-rules/reconciliation-match.ts:40
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the fa_reconciliation_matches insert row for an auto-matched bank line.
  • score: 4

function buildReportsClient

  • file: supabase/functions/_shared/google-workspace-client.ts:630
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-101 (T6.6): Reports API client (audit activities only). PHI policy: ingestIDs and event metadata only; never persist message bodies, file contents,subjects, attendee free-text, etc.
  • score: 4

function buildRxLogObject

  • file: supabase/functions/_shared/weno/request-builder.ts:179
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: WENO’s RxLog launch payload is exactly two fields — the user’s credentials.Which prescriber’s log is shown is determined by these credentials.
  • score: 4

function buildSkillAgent

  • file: supabase/functions/_shared/skill-agent.ts:346
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Load a skill from the database, apply org override, and build AgentConfig.PF-120: before the agent is constructed, a governance gate is applied to theloaded skill — it must be / (or a system skill), and ifit carries a the caller must hold it. On any failurethis returns so the caller falls back to the module default /; an unapproved or unauthorized skill never executes.
  • params:
    • skillCode — skill_code value from pf_ai_skills
    • organizationId — requesting organization
    • supabaseAdmin — service-role client (bypasses RLS)
    • userId — authenticated caller (from the JWT) for the PF-120 re-check; pass for trusted callers. Omitting it disables only the permission re-check (lifecycle gate still applies).
  • returns: AgentConfig or null if skill not found / disabled / refused by the gate
  • score: 4

function buildSkillGuidanceBlock

  • file: supabase/functions/_shared/skill-agent.ts:250
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-62 Phase-0: compose a skill’s intrinsic guidance — (harddirectives), , and — into a clearly-delimitedMarkdown block for the assembled system prompt. These columns were seeded butNEVER injected at runtime; in particular carries load-bearingno-PHI directives (PF-62-EN-01 AC-7) that must be enforced in-prompt.Rendering rules: - — framed as hard requirements the model MUST follow; every constraint is rendered in full (load-bearing, never elided). - — each node rendered as an “If , then ” rule (with an optional next-step pointer). - — bounded by SKILL_GUIDANCE_CAPS (count + token budget + per -field char cap); overflow is elided with a note, but at least one example is always kept.Pure (no I/O) so it is directly unit-testable. Returns ” when the skill has noguidance fields, so the caller can append conditionally.
  • params:
    • skill — the loaded skill’s guidance fields
  • returns: the composed block, or ” when there is nothing to inject
  • score: 4
  • file: supabase/functions/_shared/deprecation.ts:16
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a header value pointing to the successor version migration guide.
  • params:
    • migrationUrl — Absolute URL to the migration documentation.
  • returns: Formatted Link header value with .
  • score: 4

function buildSuggestTool

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:109
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the forced-tool definition. Constraining to thecandidate enum (+ NO_MATCH) makes hallucinated Encore values impossible — themodel can only choose a real target or explicitly decline.
  • score: 4

function buildSystemPrompt

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:142
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: System prompt — generic, domain-agnostic, no PHI guidance needed (config data).
  • score: 4

function buildTaxesPush

  • file: supabase/functions/proliant-sync/writeback-builders.ts:50
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Employee tax elections for (array). Required perentry: + . Verified: [taxCode:‘FITW’,filingStatus:‘S’,exemptions:0,startDate:‘2024-06-01’] → “Employee taxes have been updated!”.
  • score: 4

function buildTimeImportPayload

  • file: supabase/functions/proliant-payroll-run/time-import.ts:28
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map approved timesheet rows to TimeImport lines; unmapped employees are skipped.
  • score: 4

function buildTimesheetExportCsv

  • file: supabase/functions/_shared/timesheet-export-csv.ts:34
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Builds the payroll-export CSV for the legacy date-range path.Filters to (AC-37 — the sole approved-only gate nowthat the SQL filter is removed), then emits thestandard 6-column CSV (AC-36/AC-38) with the exact header and per-entry rowformat the inline edge-function code produced.
  • returns: the CSV text and the number of approved timesheets included.
  • score: 4

function buildUnmatchedProfileRaw

  • file: supabase/functions/proliant-sync/unmatched-enrichment.ts:87
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the enriched, PHI-minimized proliant_raw for an unmatched skip row.Only the whitelisted identity fields are copied; everything else from themapped payload is intentionally dropped so no SSN/DOB/address can leak intothe audit log.
  • score: 4

function buildUsageRecord

  • file: supabase/functions/_shared/ai/usage.ts:21
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a PHI-safe usage record from a completion result.
  • score: 4

function buildUserPrompt

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:190
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: User prompt embedding the source items, allowed candidates, and few-shot examples.Candidate scoping: when a source item carries a and at least onecandidate shares that type, only those candidates are shown for that item.This prevents a code from being distracted by or candidates. Items with no type (or whose type has nomatching candidates) fall back to the full candidate pool — preservingtoday’s behaviour for untyped consumers.
  • score: 4

function calculateBenefitEstimate

  • file: supabase/functions/_shared/pm/benefit-estimator.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Estimate patient responsibility. Deductible applied first, then coinsuranceon remaining amount, then copay (if present). Total is capped by remainingout-of-pocket maximum when known.
  • score: 4

function calculateDaysUntil

  • file: supabase/functions/_shared/notification-utils.ts:366
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Calculate days between now and a target date.Returns negative values for past dates (overdue).
  • score: 4

function calculateDeadline

  • file: supabase/functions/_shared/deadline-calculator.ts:25
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Calculate the statutory deadline for a regulatory reporting obligation.
  • params:
    • incidentDate — Date/time the incident occurred
    • deadlineHours — Number of hours allowed for reporting
    • deadlineType — Whether hours are calendar or business hours
    • supabaseClient — Service-role Supabase client for holiday lookup
    • organizationId — Optional org ID for org-specific holidays
  • returns: The computed deadline as a Date
  • score: 4

function calculateNextExecution

  • file: supabase/functions/_shared/fw-schedule-evaluator.ts:32
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute the next execution time for a schedule relative to .Returns null when not time-driven (dependency/manual) or a one-time datetimehas already elapsed. Throws on an invalid/missing cron expression.
  • score: 4

function calculateNextRetryAt

  • file: supabase/functions/_shared/transport/retry.ts:89
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Calculate next retry timestamp for database storage.
  • score: 4

function calculateSmsSegments

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:174
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Calculate the number of SMS segments for a messageSMS segment limits:- GSM-7 encoding: 160 chars (single), 153 chars per segment (concatenated)- UCS-2 encoding (unicode): 70 chars (single), 67 chars per segment
  • score: 4

function callerHoldsRequiredPermission

  • file: supabase/functions/_shared/skill-agent.ts:153
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-120 FR-12 — runtime re-check (defense-in-depth).When a non-system skill carries a non-NULL , the callerMUST hold that permission to execute it — a stale client-side catalog mustnot let a member run a skill they cannot access. System skills and skillswith a NULL are not permission-gated here.Fails closed: any RPC error (or a missing caller id) denies execution.
  • params:
    • skill — the loaded skill governance fields
    • organizationId — requesting organization
    • userId — the authenticated caller (NOT trusted from the request body)
    • supabaseAdmin — service-role client used to evaluate
  • returns: true if the caller may run the skill
  • score: 4

function cancelTransfer

  • file: supabase/functions/_shared/plaid-client.ts:1110
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Cancel a pending transferOnly transfers with status ‘pending’ can be cancelled.
  • score: 4

function candidateValueEnum

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:96
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: The set of valid output values: every candidate value plus the NO_MATCH sentinel.
  • score: 4

function canSendSms

  • file: supabase/functions/_shared/sms-provider.ts:391
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if sending is allowed based on consent status
  • score: 4

function captureEdgeError

  • file: supabase/functions/_shared/sentry-edge.ts:68
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Capture an exception from an edge function context.No-op if Sentry was not initialized (SENTRY_DSN not set).
  • score: 4

function checkAgentBudget

  • file: supabase/functions/_shared/ai/agent-usage.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide whether a gateway completion may dispatch under the per-org / per-agent / per-taskbudgets (FR-9). The three caps are evaluated independently — any hard breach throttles(fail-closed, most-specific dimension reported first). An org soft-limit breach (under thehard limit) warns but proceeds. Pure: identical inputs → identical verdict.
  • params:
    • input — The three budget dimensions (omit a dimension to leave it uncapped).
    • projectedCost — The estimated incremental cost/tokens of the pending call.
  • score: 4

function checkAutoNoOp

  • file: supabase/functions/_shared/gr-impact-classifier.ts:180
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine if an impact qualifies for automatic no_op resolution.All conditions must hold: - proposed_action === ‘no_op’ - confidence = threshold - auto_no_op_disabled === falseThis is the ONLY auto-resolution path. All other proposed actions require human review.
  • score: 4

function checkHealth

  • file: supabase/functions/_shared/transport/rest-transport.ts:174
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check clearinghouse health via a lightweight API ping.
  • score: 4

function checkIdempotency

  • file: supabase/functions/fa-gr-compliance-cost-consumer/index.ts:238
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns true if an event with this reference_id already processed.
  • score: 4

function checkRateLimit

  • file: supabase/functions/_shared/rate-limiter.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Utility for check rate limit.
  • score: 1

function checkRunBudget

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:148
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-closed budget check against the run-row ceiling (FR-12). Over-budget if the runcarries a and projected usage would meet/exceed it. With no ceilingset, returns not-exceeded (the full PF-111-EN-01 per-dimension ledger is deferred —see ).
  • score: 4

function checkSmsConsent

  • file: supabase/functions/_shared/sms-provider.ts:366
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if a phone number has SMS consent
  • params:
    • supabase — Supabase client
    • organizationId — Organization UUID
    • phoneNumber — Phone number to check (E.164)
  • returns: Consent status or null if not found
  • score: 4

function checkSudConsent

  • file: supabase/functions/fhir-r4/consent-check.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if the patient has active Part 2 (SUD) consent for data disclosure.If no Part 2 consent exists, SUD-related resources should be excluded.
  • params:
    • supabase — Service role client
    • organizationId — Tenant ID
    • chartId — Patient chart ID
    • correlationId — For logging
  • score: 4

function checkTcpaConsent

  • file: supabase/functions/_shared/tcpa-consent.ts:30
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine whether an SMS may be sent to the given patient right now.1. Checks that a TCPA/SMS consent record exists for the patient-org pair.2. Checks quiet hours using the organization’s configured timezone.
  • returns: or .
  • score: 4

function clampTtlSeconds

  • file: supabase/functions/_shared/analytics/embed-token.ts:51
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Clamp a requested TTL to (0, MAX_EMBED_TTL_SECONDS]. A missing / non-positive / non-finiterequest defaults to the maximum (still ≤ 15 min). The result can never exceed the cap.
  • score: 4

function classifyAgentAction

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:123
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Classify a proposed agent tool call into a risk tier (FR-1, FR-2, FR-17).Order of decision: 1. Prohibited (FR-17) — a hard deny, ahead of any rule, with no approval path. 2. Rule precedence (FR-2) — per-org+tool per-org global+tool global; ties → the most restrictive tier (deny-by-default). 3. Deny-by-default — no matching rule → (a write/outbound action is never ). The runtime gate’s server-authoritative applies the identical contract; this in-memory copy keeps the hot path DB-free.
  • params:
    • input — The action identifiers (no PHI).
    • rules — The cached per-org + global rule set (TTL ≤ 30 s, NFR-perf-1).
  • score: 4

function classifyError

  • file: supabase/functions/_shared/ai/errors.ts:37
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Classify a gateway HTTP status into a structured, user-safe error.429 → retryable; 402 (credits) and 401 (auth) → not retryable; 5xx → retryable.
  • score: 4

function classifyError

  • file: supabase/functions/_shared/checkpointHelpers.ts:36
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Classifies an error for retry/DLQ routing decisions.
  • score: 4

function classifyError

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:158
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Classifies an error as transient, permanent, or unknown.
  • score: 4

function classifyRefreshFailure

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:286
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Classify a failed token refresh. (HubSpot’s uninstall /revocation surface, R6) and other 4xx auth rejections → needs_reauth: flipthe connection and pause feeders. 429/5xx/network → transient: retry later.
  • score: 4

function clusterBatch

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:187
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Cluster one page for in-set duplicates: union by shared normalized email orphone key, then a conservative trigram pass that only mergesstill-singleton contacts whose names clear the threshold AND share a zip(never merges on name alone). Member order inside a cluster follows pageorder, so the representative is the earliest record.
  • score: 4

function coerceTotals

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:271
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Coerce a run row’s jsonb totals back to the typed shape.
  • score: 4

function coerceToType

  • file: supabase/functions/_shared/expressionEvaluator.ts:614
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Coerce a value to a specific type
  • score: 4

function collectScanText

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:81
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Concatenate every free-text field a request carries, for the defense-in-depthPHI tripwire. Reference/config data should never contain PHI; if the detectorfires, the caller fails closed (drops the AI call).
  • score: 4

function composeBedBoard

  • file: supabase/functions/_shared/clinical-bed-board/composer.ts:107
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compose the platform bed board for a given org. Returns rows + summary plusa flag the route handler uses to choose 503.
  • score: 4

function computeDisparityRatio

  • file: supabase/functions/pm-ai-fairness-monitor/scoring.ts:100
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute the disparity ratio for each group relative to the reference group.The reference group is the group with the highest approval rate (1 minus denial rate).Every other group’s approval rate is divided by the reference rate to yield itsdisparity ratio. A ratio below DISPARITY_THRESHOLD (0.8) indicates adverse impactunder the four-fifths rule.
  • params:
    • denialRates — Map of class_value to predicted_denial_rate (0-1)
  • returns: Map of class_value to disparity ratio (reference group = 1.0)
  • score: 4

function computeEmployeeFieldDiff

  • file: supabase/functions/proliant-sync/field-diff.ts:28
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Diff an incoming hr_employees update payload against the existing row.Only keys present in are compared (an omitted column is “notwritten”, not “cleared”). is flattened one level so eachsub-key gets its own audit row. Keys present in but absent from the incoming payload are not tracked as deletions.
  • score: 4

function computeFailureRate

  • file: supabase/functions/pf-check-ai-usage-anomalies/index.ts:92
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute failure rate (0-100) per org from raw log rows.Returns 0 for orgs with no rows.
  • params:
    • logs — Array of org_id, success rows
  • returns: MaporgId, failureRatePct where rate is 0.0–100.0
  • score: 4

function computeFollowUpDueDate

  • file: supabase/functions/_shared/follow-up-task.ts:49
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute the follow-up task due date as the meeting end date (UTC) plus whole days, returned as a string (a column value).
  • score: 4

function computeHubspotV3Signature

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: base64(HMAC-SHA256(clientSecret, method + uri + body + timestamp)).
  • score: 4

function computeNextRetryAt

  • file: supabase/functions/_shared/gr-impact-classifier.ts:203
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute the next retry-due timestamp based on attempt count and backoff schedule.Returns null if max attempts exceeded.
  • score: 4

function computeRetryDelayMs

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:90
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Computes the raw retry delay (before jitter) for a given attempt index.
  • params:
    • policy — Merged retry policy
    • attemptIndex — Zero-based attempt index (0 = first retry)
  • returns: Delay in milliseconds, capped at
  • score: 4

function computeSeverityFloor

  • file: supabase/functions/_shared/gr-regulatory-content.ts:195
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute a severity floor based on the diff between two normalized content strings.Rules: - =30% of lines changed - minimum ‘major’ - high-risk section name in the combined text - minimum ‘major’ - Otherwise - ‘minor’ (meaningful change but not high-risk)This is a FLOOR: the AI classifier may propose a higher severity; the floorprevents under-classification when the heuristic fires.
  • score: 4

function computeTokenExpiresAt

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:183
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Computes the ISO expiry timestamp for an access token from now + expires_in.
  • score: 4

function computeTokenExpiry

  • file: supabase/functions/_shared/google-client.ts:268
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute a token-expiry ISO string from a Google (seconds).
  • score: 4

function computeZScore

  • file: supabase/functions/pm-ai-fairness-monitor/scoring.ts:74
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute the z-score of relative to the rolling distribution.Returns 0 when stddev is 0 (flat series or insufficient data) to avoiddivision-by-zero and spurious alerts.
  • params:
    • value — Today’s observation (e.g. predicted_denial_rate)
    • mean — Rolling mean from rollingStats
    • stddev — Rolling standard deviation from rollingStats
  • score: 4

function containsUnredactedPhi

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:196
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when redacted text still contains a recognizable identifier (a residual-PHI tripwire).
  • score: 4

function contrastRatio

  • file: supabase/functions/_shared/compliance-contrast.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Contrast ratio between two hex colors (1–21).
  • score: 4

function countSegments

  • file: supabase/functions/_shared/x12/envelope.ts:136
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Count segments between ST and SE (inclusive).
  • score: 4

function createAIProvider

  • file: supabase/functions/_shared/ai/vercel-gateway.ts:178
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create the configured AIProvider singleton. Reads the single canonical Edge Function Secret (throws if absent).The provider is wrapped with Langfuse tracing (). Tracingis inert (zero overhead beyond a passthrough call) unless and are configured, and never affects the AI call.
  • score: 4

function createAuthorizationError

  • file: supabase/functions/_shared/errors.ts:162
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a standardized 403 Forbidden error response for authorization failures.Security: includes an X-Correlation-ID header for tracing. Do not include PHI/PII in .
  • params:
    • message — User-facing error message. Example: “Insufficient permissions”.
    • correlationId — Optional correlation/tracing identifier to include in the response headers. Example: “req-1234”.
    • corsHeaders — Optional additional CORS headers to merge into the response. Example: “Access-Control-Allow-Origin”: ”*” .
  • returns: Response An HTTP Response with a standardized error JSON body, 403, an header (or “unknown”), and any provided CORS headers.
  • example: | // Return a 403 response with a correlation id and permissive CORS headerreturn createAuthorizationError(“Access denied to resource”, “req-1234”, “Access-Control-Allow-Origin”: ”*” );
  • score: 4

function createCalendarEvent

  • file: supabase/functions/_shared/entra-client.ts:968
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a calendar event for a user.
  • score: 4

function createConnectorMediator

  • file: supabase/functions/intake-agent-run/connector-mediator.ts:31
  • kind: function
  • core: edge-functions
  • spec: PF-127
  • summary: Build a connector mediator bound to one acting principal.
  • score: 5

function createCronHandler

  • file: supabase/functions/_shared/cron-handler.ts:112
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a standardized cron-triggered edge function handler.This wrapper handles:- CORS preflight responses- Service client creation- Structured logging with correlation IDs- Standardized success/error response format- Execution timing
  • params:
    • name — Function name for logging (e.g., ‘send-training-reminders’)
    • handler — The business logic handler function This creates a service-role client (bypasses RLS).Your handler MUST filter by organization_id for tenant isolation.
  • example: | // send-training-reminders/index.tsimport createCronHandler from ‘shared/cron-handler.ts’;export default createCronHandler(‘send-training-reminders’, async (supabase, logger, ctx) = const data: enrollments = await supabase .from(‘gr_training_enrollments’) .select(’*’) .in(‘status’, [‘not_started’, ‘in_progress’, ‘overdue’]); let notificationsCreated = 0; // … process enrollments … return notificationsCreated, enrollmentsProcessed: enrollments?.length || 0 ;);
  • score: 4

function createErrorResponse

  • file: supabase/functions/_shared/errors.ts:72
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a standardized HTTP error Response with a consistent JSON body, correlation ID header, and optional CORS headers. Avoid including any PHI/PII in ; details are sanitized to a safe allowlist before inclusion.
  • params:
    • message — Human-facing error message to return in the response body. Example: “Invalid request payload”.
    • category — Error classification (e.g., VALIDATION, AUTHORIZATION) used by consumers to interpret the error.
    • correlationId — Optional request correlation ID for tracing. If omitted, the response header will be set to . Example: “req-12345”.
    • statusCode — HTTP status code for the response. Must be a valid HTTP status code (e.g., 400, 403, 404, 504).
    • details — Optional additional error details. Keys and values are sanitized to a safe allowlist (field, expected, actual, count, limit, duration, retries). Do not pass PHI/PII.
    • corsHeaders — Optional headers to merge into the response (commonly CORS headers like ). Caller is responsible for providing safe header values.
  • returns: Response A Response whose JSON body conforms to ErrorResponse: success: false, error: string, category: ErrorCategory, correlationId?: string, details?: object
  • example: | // Basic validation error with CORS headercreateErrorResponse( “Missing required field ‘email’”, ErrorCategory.VALIDATION, “req-abc123”, 400, field: “email”, expected: “non-empty string” , “Access-Control-Allow-Origin”: ”*” ); Note: This function sanitizes but does not perform content redaction. Do not pass PHI/PII in or . Ensure callers have permission to emit correlation IDs.
  • score: 4

function createFolder

  • file: supabase/functions/_shared/entra-client.ts:1396
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a folder in a SharePoint document library.Requires Files.ReadWrite.All or Sites.ReadWrite.All.
  • score: 4

function createFreshServiceClient

  • file: supabase/functions/_shared/supabase.ts:90
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a fresh service client (non-cached).Use this when you need a separate client instance, for examplewhen running operations with different connection settings.
  • returns: A new SupabaseClient with service role privileges
  • score: 4

function createGraphEventApplication

  • file: supabase/functions/_shared/calendar-provider.ts:110
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Application path: create an event on an arbitrary mailbox(POST /users/email/events) using an Entra app token.Wraps entra-client.createCalendarEvent. The follow-up payload is a strictsubset of CalendarEvent (no location/attendees), so the cast is safe.
  • score: 4

function createGraphEventDelegated

  • file: supabase/functions/_shared/calendar-provider.ts:85
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Delegated path: create an event on the connected user’s own calendar(POST /me/events) using their OAuth access token. Used by calendar-task-push.
  • score: 4

function createIntakeModelAdapter

  • file: supabase/functions/intake-agent-run/model-adapter.ts:32
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the single-turn model adapter (injectable gateway for tests).
  • score: 4

function createIntakeReadExecutor

  • file: supabase/functions/intake-agent-run/read-tools.ts:88
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the read dispatcher (the injected ).
  • score: 4

function createIntakeToolResolver

  • file: supabase/functions/intake-agent-run/tool-resolver.ts:16
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a read-only tool resolver bound to one org + principal.
  • score: 4

function createLinkToken

  • file: supabase/functions/_shared/plaid-client.ts:389
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a Link token for Plaid Link initialization.For Transfer UI: pass transferIntentId (and optionally linkCustomizationName, accessToken for bank-on-file).
  • score: 4

function createLogCollector

  • file: supabase/functions/_shared/executionHelpers.ts:262
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a log collector that batches logs and inserts them at the end
  • score: 4

function createLogger

  • file: supabase/functions/_shared/logger.ts:167
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a logger for an edge function.
  • params:
    • functionName — Name of the edge function (e.g., ‘automation-executor’)
  • returns: Logger instance
  • score: 4

function createMcpConnection

  • file: supabase/functions/_shared/mcp-client.ts:62
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create an MCP connection for a given server config.This is a lightweight wrapper; actual HTTP calls happen in invokeMcpTool.
  • params:
    • config — MCP server configuration
  • returns: MCP connection object
  • score: 4

function createNotFoundError

  • file: supabase/functions/_shared/errors.ts:185
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a standardized 404 Not Found error HTTP response. Builds an HTTP Response whose JSON body follows the shared error response shape: success: false, error: message, category: ErrorCategory.NOT_FOUND, correlationId, details? . Adds an X-Correlation-ID header (or “unknown” if none provided) and merges any provided CORS headers into the response.
  • params:
    • message — The user-facing error message describing what was not found (e.g., “Order not found”)
    • correlationId — Optional tracing identifier to include in the response headers and body (e.g., “req-1234”)
    • corsHeaders — Optional additional HTTP headers to include for CORS (e.g., “Access-Control-Allow-Origin”: ”*” )
  • returns: Response - An HTTP Response with status code 404 and a standardized JSON error body
  • example: | const resp = createNotFoundError(“User not found”, “req-abc-123”, “Access-Control-Allow-Origin”: “https://app.example.com” );
  • score: 4

function createNotification

  • file: supabase/functions/_shared/notification-utils.ts:190
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a notification in the pf_notifications table with a consistent schema.Column mapping (pf_notifications schema): - — notification type enum (maps from notificationType) - — JSONB payload for priority, referenceType, referenceId, metadata - NO columns: notification_type, priority, reference_type, reference_id, metadata
  • params:
    • supabase — Supabase client (service role recommended)
    • notification — Notification data to insert
  • returns: Result with success status and optional notification ID
  • score: 4

function createNotificationIfNew

  • file: supabase/functions/_shared/notification-utils.ts:263
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a notification only if it’s not a duplicate.Combines dedup check and creation in one call.
  • score: 4

function createOutlookClient

  • file: supabase/functions/_shared/outlook-client.ts:366
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create an Outlook client with the provided access token
  • score: 4

function createPerformanceProfiler

  • file: supabase/functions/_shared/executionHelpers.ts:312
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a performance profiler for tracking node execution times
  • score: 4

function createProliantClientFromIntegration

  • file: supabase/functions/_shared/proliant-client.ts:353
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a for an integration by resolving its credentialpointers through the Supabase vault. Throws a CONFIG when the API key/secret credential ids are not yet configured.
  • score: 4

function createRingCentralClient

  • file: supabase/functions/_shared/ringcentral-client.ts:674
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a RingCentral client using environment variables
  • score: 4

function createRingCentralSmsClient

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:420
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a RingCentral SMS client wrapper
  • score: 4

function createServiceClient

  • file: supabase/functions/_shared/supabase.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create or return a cached Supabase client with the service role key.Use this for cron jobs, background processing, and operations thatdon’t require user-specific RLS context.
  • returns: SupabaseClient with service role privileges
  • example: | const supabase = createServiceClient();const data = await supabase .from(‘pf_notifications’) .select(’*’) .eq(‘organization_id’, orgId);
  • score: 4

function createSignedHubspotState

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:88
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Creates the signed OAuth state token binding tenant + actor + return origin.Format: .
  • score: 4

function createSignedOAuthState

  • file: supabase/functions/_shared/google-workspace-oauth.ts:90
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Creates a signed OAuth state token with tenant and actor binding.Format: v1.payloadBase64Url.signatureBase64Url
  • score: 4

function createTimeoutError

  • file: supabase/functions/_shared/errors.ts:210
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a standardized 504 Gateway Timeout error response. Builds an HTTP Response containing a standardized error payload classified as a timeout error. Includes an X-Correlation-ID header (or ‘unknown’) and any provided CORS headers. Intended for use in edge/HTTP handlers to signal an operation timeout to callers.
  • params:
    • message — - Human-facing error message. Example: “Database query timed out”
    • correlationId — - Optional tracing identifier to include in the response headers and payload. Example: “org-1234-request-5678”
    • corsHeaders — - Optional additional headers to include for CORS (e.g., “Access-Control-Allow-Origin”: ”*” )
  • returns: Response An HTTP Response with status 504 and a JSON body containing the standardized error object
  • example: | // Edge function handlerexport default async function handler(req: Request) if (await operationTimedOut()) return createTimeoutError(‘Upstream service timed out’, ‘org-1234-req-5678’, ‘Access-Control-Allow-Origin’: ‘https://app.example.com’ ); // …
  • score: 4

function createTransfer

  • file: supabase/functions/_shared/plaid-client.ts:1071
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a transfer after authorization is approvedThis initiates the actual ACH transfer.
  • score: 4

function createTransferAuthorization

  • file: supabase/functions/_shared/plaid-client.ts:1052
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a transfer authorization (required before creating a transfer)This step validates the transfer and returns a decision.
  • score: 4

function createTransferIntent

  • file: supabase/functions/_shared/plaid-client.ts:1280
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a transfer intent for Transfer UI (one-time payment or disbursement).Returns transfer_intent.id to pass to /link/token/create with products: [“transfer”].
  • score: 4

function createUser

  • file: supabase/functions/_shared/entra-client.ts:477
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a new user in Entra ID.
  • params:
    • credentials — Azure AD app credentials
    • userData — User creation data
    • correlationId — Request correlation ID
  • returns: Created user data
  • score: 4

function createUserClient

  • file: supabase/functions/_shared/supabase.ts:69
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a Supabase client authenticated with the user’s JWT from the request.Use this for user-facing operations where RLS should be enforced.The client inherits the user’s session and RLS policies apply.
  • params:
    • req — The incoming request containing the Authorization header
  • returns: SupabaseClient with the user’s session
  • example: | const supabase = createUserClient(req);// RLS policies will be enforcedconst data = await supabase.from(‘hr_employees’).select(’*’);
  • score: 4

function createValidationError

  • file: supabase/functions/_shared/errors.ts:138
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a standardized 400 Bad Request error response for validation failures. Includes an error category of , optional correlation ID, sanitized details, and optional CORS headers.
  • params:
    • message — User-facing error message describing the validation failure. Example:
    • correlationId — Optional tracing identifier to include in the response header. Example: .
    • details — Optional additional error details; only allowed keys are preserved (field, expected, actual, count, limit, duration, retries). Example:
    • corsHeaders — Optional CORS headers to merge into the response headers. Example:
  • returns: Response An HTTP with status 400 and a JSON body conforming to the standardized error shape:- : - : the provided - : - : the provided or - : sanitized object when provided
  • score: 4

function createVariableValue

  • file: supabase/functions/_shared/expressionEvaluator.ts:598
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a VariableValue object
  • score: 1

function decideRoute

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:175
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide the worker’s action for one work item given the link-map lookup and(when unlinked) the CE-74 resolution outcome. - linked creation/property_change → mapped update on the linked contact (AC-2; creation on an already-linked id is a redelivery-shaped apply); - unlinked → resolution tier: auto → link to the match (AC-3), review → park, touch nothing (AC-4), none → create + link (AC-5); - deletion → unlink only; the Encore contact survives (R4); - privacy_deletion → purge link + parked HubSpot payloads (R4); - merge → handled by planMergeRepoint.
  • score: 4

function decodePlaidWebhookPayload

  • file: supabase/functions/_shared/plaid-webhook-verify.ts:37
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Pure base64url-JSON decode of a Plaid webhook JWT’s payload segment.No signature/freshness validation — callers that need authenticity must useverifyPlaidWebhook first; this is the same decode the iat gate performs internally,exposed so the handler can read the payload without re-implementing it.
  • score: 4

function decryptPassword

  • file: supabase/functions/_shared/migration-crypto.ts:20
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Utility for decrypt password.
  • score: 1

function dedupKeyFor

  • file: supabase/functions/_shared/plaid-webhook-verify.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Idempotency key for an inbound Plaid webhook delivery.
  • returns: sha256 hex of — used by the handler cluster as fa_plaid_webhook_deliveries.dedup_key and the plaid_webhook_sync dedupe.
  • score: 4

function defaultContactMappingRows

  • file: supabase/functions/_shared/ce-hubspot-mappings.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Insert rows for the default set, ready for the idempotent upsert.
  • score: 4

function defaultVersionFromHandlers

  • file: supabase/functions/_shared/versioning-core.ts:41
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine the default version from a set of handler keys by picking thehighest registered major (FR-1.3).
  • params:
    • keys — Handler map keys (e.g. ).
  • returns: The version string with the highest major (e.g. ).
  • score: 4

function deleteCalendarEvent

  • file: supabase/functions/_shared/entra-client.ts:1015
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Delete a calendar event.
  • score: 1

function deleteUser

  • file: supabase/functions/_shared/entra-client.ts:605
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Delete a user account.
  • params:
    • credentials — Azure AD app credentials
    • userId — Entra user ID
    • correlationId — Request correlation ID
  • score: 1

function deleteVaultCredential

  • file: supabase/functions/_shared/vault-credentials.ts:106
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Delete a credential from vault by credential ID.
  • score: 4

function deleteVaultCredentialBySource

  • file: supabase/functions/_shared/vault-credentials.ts:139
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Delete a vault credential by source reference (table/column/row).Looks up the credential ID first, then deletes it.
  • score: 4

function denoReadSources

  • file: supabase/functions/intake-agent-run/handler.ts:31
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the production read sources bound to the RLS-bounded staff client (mirror of intake-sources.ts).
  • score: 4

function deriveAgeBand

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:175
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Coarse, de-identifying age band. “90+” follows HIPAA Safe Harbor(45 CFR §164.514(b)(2)(i)(C)): all ages over 89 aggregate to one bucket. PM-50-EN-01 FR-1, FR-5
  • score: 4

function deriveLanguageBucket

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:209
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Coarse preferred-language bucket. Recorded for a planned LEP fairness view;NOT yet aggregated by the monitor. PM-50-EN-01 FR-1
  • score: 4

function derivePayerCategory

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:227
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Normalize pm_payers.payer_type to a fairness-slice category. PM-50-EN-01 FR-1
  • score: 4

function deriveProliantCapabilities

  • file: supabase/functions/_shared/proliant-capabilities.ts:96
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Derive from the raw list returnedby . An empty/missing list yields all-false (theconservative default: assume nothing is permitted until the vendor says so).
  • score: 4

function deriveRaceBucket

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:326
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Roll race (jsonb array/string/object) + ethnicity into ONE coarse bucket.SIGN-OFF: Hispanic/Latino ETHNICITY takes precedence over race (see moduleheader §1). Multiple distinct OMB races → ‘two_or_more’; only ‘other’ present →‘other’; nothing usable → ‘unknown’. PM-50-EN-01 FR-1, FR-5
  • score: 4

function deriveSexBucket

  • file: supabase/functions/_shared/pm-fairness-buckets.ts:194
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map administrative sex_at_birth to a coarse bucket.Anything other than a recognized male/female value → ‘unknown’. PM-50-EN-01 FR-1, FR-5
  • score: 4

function deriveTargetClosureDate

  • file: supabase/functions/gr-cap-from-audit-finding/buildCapRow.ts:14
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: GR-04-EN-01 — pure CAP-row builder + target-closure-date derivation for thegr-cap-from-audit-finding consumer.deriveTargetClosureDate: COALESCE(finding.due_date, today + N days) whereN = 30 for critical, 60 for high.buildCapRow: shapes the gr_accreditation_caps insert row. organization_id isalways the EVENT row’s org (set by the caller from event.organization_id), nevera JWT — the consumer runs as service_role and must scope every write.Pure (no I/O) so both are unit-testable without a stack.
  • score: 4

function describePushSafety

  • file: supabase/functions/proliant-sync/push-scope.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Describe the safety posture of an employee push. A dry run never writes to thevendor; an unscoped real run is the one the dry-run/scoping affordances existto make deliberate.
  • score: 4

function detectCircularDependencies

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detect circular dependencies in the graph.
  • score: 4

function detectCrossTenantProbing

  • file: supabase/functions/security-detect-audit-anomalies/scoring.ts:236
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detects a single user appearing across multiple distinct org_ids.The window for cross-tenant checking spans all orgs for the same user_id.The caller aggregates across orgs per user; this fn receives ALL windowsfor a single user_id (potentially multiple orgIds in the rows).Alternatively: the caller passes allOrgIdsForUser so this rule can workon a per-user basis.Implementation: receives the per-(org,user) window + the set of all orgIdsthe same user appeared in during the evaluation window.
  • score: 4

function detectDiscrepancies

  • file: supabase/functions/_shared/pm-discrepancy-detection.ts:51
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detect discrepancies between current policies and last eligibility state.Compares benefit details stored in the last check against current policy values.Returns an array of discrepancy rows ready for insertion.
  • score: 4

function detectPhi

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:185
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detect (do not redact) PHI: returns the category tokens present, or an empty array.
  • score: 4

function detectPhi

  • file: supabase/functions/_shared/sms-provider.ts:173
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detect potential PHI in message text
  • params:
    • text — Message body to scan
  • returns: Object with detection result and matched patterns
  • score: 4

function detectPHI

  • file: supabase/functions/_shared/phi-detection.ts:58
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Scan text for possible PHI patterns.
  • params:
    • content — Text to scan
  • returns: Detection result with matched PHI categories
  • score: 4

function detectPHIInContent

  • file: supabase/functions/_shared/gr-regulatory-content.ts:151
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Scan normalized content for PHI patterns from FR-2.6.Returns triggered=true if any pattern matches.IMPORTANT: resetLastIndex is required for global RegExp re-use.
  • score: 4

function detectTimeOverlaps

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:33
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detect pairs of schedules whose fall within .
  • score: 4

function disableUser

  • file: supabase/functions/_shared/entra-client.ts:585
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Disable a user account.
  • params:
    • credentials — Azure AD app credentials
    • userId — Entra user ID
    • correlationId — Request correlation ID
  • score: 1

function dispatchDueSchedules

  • file: supabase/functions/_shared/fw-schedule-dispatch.ts:139
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run one dispatch tick against the database: load due schedules, plan, then foreach plan optimistically claim the row (CAS on next_execution_at), re-arm it,and for dispatched runs insert a durable row + enqueueit to the worker’s pgmq queue. Extracted from the edge handler so it can beexercised directly (Deno) against a live database. Caller passes a service-role client; this is a cross-org system job.
  • score: 4

function dispatchPortalRun

  • file: supabase/functions/_shared/portal-runner.ts:327
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: The consumer seam (server side). Enforces the ToS gate, creates a queued run,enqueues it to FW-46, and — in fixture/inline mode — runs it synchronously soa consumer core (e.g. CE-69) receives the confirmation immediately (AC-5).
  • score: 4

function driftColumnsFor

  • file: supabase/functions/_shared/weno/pharmacy-mapping.ts:84
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Unknown columns (not in KNOWN_PHARMACY_FIELDS) → schema drift.
  • score: 4

function dropOptionalEmpty

  • file: supabase/functions/_shared/weno/validators.ts:184
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Strip optional nulls/empty strings/empty arrays so we don’t emit them to the vendor.
  • score: 4

function encryptPassword

  • file: supabase/functions/_shared/migration-crypto.ts:6
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Shared encryption/decryption for migration connection passwords.Uses XOR + base64 encoding (matching the save-connection edge function).
  • score: 4

function encryptWenoData

  • file: supabase/functions/_shared/weno/crypto.ts:22
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Encrypt a payload JSON string with SHA-256(EZ key) + zero IV → base64.
  • score: 4

function enforceExternalModelStep

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:74
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Apply the two-path rule to one external-model-reaching step (FR-8). Exactly one path is legal: - local embedding (no egress) → exempt: dispatch raw. - Path (i) — PHI lane (BAA/ZDR, cl/pm): PHI is permitted; is NOT applied. - Path (ii) — non-PHI lane: is MANDATORY and fail-closed; a step that declares it needs unredacted PHI on a non-PHI lane throws (rejected, not degraded).Fail-closed: if throws (the PM-64 contract on bad input or an internal error), the throwpropagates and the caller MUST skip the model call, forwarding zero original text.
  • params:
    • step — The step to evaluate (lane already resolved by the caller via resolveModels).
    • redact — The canonical redactor (injected). MAY throw fail-closed.
  • score: 4

function ensureContrast

  • file: supabase/functions/_shared/compliance-contrast.ts:73
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Ensure a foreground color meets contrast against a background.Returns the original color if it passes, or the platform default if it fails.
  • score: 4

function errorResponse

  • file: supabase/functions/_shared/auth.ts:339
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create an error response with proper CORS headers
  • score: 4

function escapeHtml

  • file: supabase/functions/_shared/email-templates/utils.ts:10
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Escapes HTML special characters to prevent XSS attacksin email templates
  • score: 4

function escapeHtmlDraft

  • file: supabase/functions/_shared/pm-appeal-gate.ts:86
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Escape HTML special characters in a string.Used to sanitize the raw LLM draft before it is returned to the client orstored, preventing XSS if the draft content ever reaches an HTML surface.The escaping is intentionally minimal (the five standard HTML entities) —the draft is plain-text prose, not structured markup.
  • score: 4

function escapeUrlForHtml

  • file: supabase/functions/_shared/url-validation.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Escapes a URL for safe interpolation into HTML href attributes.Prevents javascript: and data: URI injection.
  • score: 4

function estimateTokens

  • file: supabase/functions/_shared/ai-org-context.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Approximate token count for budgeting. We use the standard ~4-chars-per-tokenheuristic — deliberately cheap and deterministic (no tokenizer dependency inthe Deno runtime). Over-estimating slightly is safe: it trims sooner, neverlater, so the block stays within budget.
  • score: 4

function evaluateAppealGate

  • file: supabase/functions/_shared/pm-appeal-gate.ts:50
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-closed gate: feature flag + PHI lane availability + DSI disclosure.All three conditions must be true for generation to proceed. The checks areordered so the most operator-actionable label takes precedence when severalare false: feature flag → PHI lane → published DSI disclosure. enforces the ONC §170.315(b)(11) interlock: an appealletter is a decision-support intervention, so a published row (ai_feature_key=‘pm.appeal_letter’) is required before any draft isgenerated. This was a TODO stub pending CL-65 PR #1618 (the/ columns); now that #1618 has landed the gate isenforced — mirroring the CL-08 CDS-rationale interlock. PM-29-EN-01 FR-2
  • score: 4

function evaluateCascadeGuard

  • file: supabase/functions/_shared/fw-rate-limit.ts:239
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Cascade fan-out guard (US-3 MVP). If this execution belongs to a correlationchain, count non-terminal peers sharing org + correlation_id; at or above the start is blocked (routed to DLQ by the caller).
  • score: 4

function evaluateCodingGate

  • file: supabase/functions/_shared/pm-coding-gate.ts:38
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-closed gate: feature flag + PHI lane availability + DSI disclosure.All three conditions must be true to proceed. Ordered so the mostoperator-actionable label wins when several are false: feature flag → PHIlane → published DSI disclosure. PM-64 FR-003
  • score: 4

function evaluateDenialGate

  • file: supabase/functions/_shared/pm-denial-gate.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-closed gate: feature flag + published DSI disclosure.Both must be true to serve a prediction. Ordered so the most operator-actionablelabel wins: feature flag → published DSI disclosure. (Unlike coding/appeal thereis NO PHI-lane check — denial prediction runs a local logistic-regression kernelwith no LLM/vendor call, so no PHI ever leaves the database.) PM-50-EN-01 FR-5
  • score: 4

function evaluateExpression

  • file: supabase/functions/_shared/expressionEvaluator.ts:553
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Evaluate an expression string with variable context
  • score: 4

function evaluateFollowUpGap

  • file: supabase/functions/_shared/cl-followup-gap.ts:96
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide whether the chart’s aftercare plans warrant a care gap. Pure and deterministic (no — the lookback filtering isthe edge fn’s query concern). Returns when no plan is a 30-day miss.When multiple plans qualify, the MOST RECENT qualifying plan (max )is the triggering plan for / / the per-measurebooleans, while is unioned across all qualifying plans. follows FUA-before-FUI precedence on that union.
  • score: 4

function evaluateRateLimit

  • file: supabase/functions/_shared/fw-rate-limit.ts:274
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Full pre-start evaluation. Order (cheapest, hardest-fail first): 1. cascade fan-out guard → block 2. concurrency caps (effective workflow + org) → defer 3. per-minute window (effective workflow + org) → defer 4. per-hour window (effective workflow + org) → deferOtherwise → admit.
  • score: 4

function evaluateSpine

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:128
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Evaluate the Phase-1 guardrail spine for a run (FR-9). Thin adapter over the pure () that reads the principal from the run row.
  • score: 4

function evaluateSpine

  • file: supabase/functions/_shared/ai/agent-spine.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Evaluate the Phase-1 guardrail spine (FR-9). Satisfied only when ALL of: a scopedprincipal is present (FR-3), redaction is active, a budget check is available, andinjection screening is enabled. Any absent element is a fail-closed block.
  • score: 4

function exchangeAuthorizationCode

  • file: supabase/functions/_shared/google-client.ts:150
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Exchange an authorization code for an access + refresh token pair.Uses the resolved (tenant or platform) OAuth client for the org.
  • score: 4

function exchangePublicToken

  • file: supabase/functions/_shared/plaid-client.ts:447
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Exchange public token for access token
  • score: 4

function executeDurableRun

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:364
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Execute a queued run durably: gate tools on the spine + PF-45 flag (FR-9), advance (FR-2), run the agentic loop, checkpoint the committed step (FR-4),reconcile the budget (FR-12), and advance to a terminal state exactly once (FR-7).Fail-closed behaviors:- A run whose spine is unsatisfied is refused: the run is moved and a is thrown (no tools dispatch).- When the spine is unsatisfied (read-only path), tools are withheld (the loop runs with ); the run still completes durably.- An over-budget run is moved to and an is thrown (FR-12).
  • params:
    • run — The queued run row (must be in ).
    • loopArgs — The agentic-loop args; is the desired tool set.
    • rpcClient — User-scoped client for the governed RPCs (RLS + SECURITY DEFINER).
    • deps — Injected dependencies / overrides (testing seam).
  • score: 4

function executeIntakeWrites

  • file: supabase/functions/intake-agent-run/run-intake.ts:442
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: action=execute_writes: mint tokens → gate → governed RPCs → transition artifact. Post-approval.
  • score: 4

function executePortalRun

  • file: supabase/functions/_shared/portal-runner.ts:205
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run a single portal run to completion. Loads the run + flow, re-checks the ToSgate, brokers credentials, executes via the transport, and persists the result.Never throws.
  • score: 4

function executeTool

  • file: supabase/functions/_shared/tool-handlers.ts:134
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Execute a tool call and return the result.All queries are scoped to the requesting organization.
  • score: 4

function extractControlNumber

  • file: supabase/functions/_shared/x12/envelope.ts:144
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract the ISA13 control number from an X12 interchange.
  • score: 4

function extractCsvText

  • file: supabase/functions/cl-weno-directory-ingest/parse-archive.ts:60
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract the directory CSV text from the ZIP (null if the archive has none).
  • score: 4

function fakeDeps

  • file: supabase/functions/cl-agent-draft-note/handler.test.fixtures.ts:50
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a fake deps object for unit tests.All gate booleans default to PASS; override to test gate rejections.
  • score: 4

function fetchGoogleUserInfo

  • file: supabase/functions/_shared/google-client.ts:235
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fetch the Google account email/id for a user-scoped access token.
  • score: 4

function fetchWithRetry

  • file: supabase/functions/_shared/ai/retry.ts:43
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Retry a fetch-like operation with exponential backoff on 429 / network errors.
  • params:
    • fn — returns a Promise
    • maxRetries — retry attempts after the initial try (default 3)
    • initialDelayMs — initial backoff (default 1000)
    • maxDelayMs — backoff ceiling (default 30000)
  • returns: the successful (or final) Response
  • score: 4

function fhirResponse

  • file: supabase/functions/cl-lab-result-ingestion/ack-response.ts:78
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create a FHIR OperationOutcome Response object with correct Content-Type.
  • score: 4

function filterByAllowlist

  • file: supabase/functions/_shared/mcp-config.ts:61
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Filter requested MCP server IDs against the allowlist.
  • params:
    • requestedIds — Server IDs the skill wants to use
  • returns: Object with allowed IDs and rejected IDs
  • score: 4

function filterRecommendations

  • file: supabase/functions/suggest-workspaces/filter.ts:38
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Drop sections referencing unknown cores or unknown group ids; drop wholerecommendations with zero surviving sections OR duplicate workspace_keys(against AND against earlier survivors in this batch).Pure: no I/O.
  • score: 4

function findHardQueueReadFailures

  • file: supabase/functions/workflow-executor-worker/queue-failure.ts:19
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns the org IDs whose result contains a hard queue-read failure.Non-hard errors (e.g. ‘skipped: worker already running’, ‘semaphoreacquisition failed’) are intentionally ignored.
  • score: 4

function findOwnedTaxForm

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:163
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Locate ONE raw TaxForm entry by vendor id, returning it (content included)only when it belongs to the requesting employee — the cross-employee denialkeystone for the single-document fetch (NFR-phi-1).
  • score: 4

function findSuppressedEmailRecipient

  • file: supabase/functions/_shared/ce-suppression.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Find any suppressed email recipient by looking up contacts whose primaryemail matches one of the provided addresses. Returns the first suppressedrecipient (lowercased) or null.
  • score: 4

function flushEdgeSentry

  • file: supabase/functions/_shared/sentry-edge.ts:90
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Flush pending Sentry events. Call before the function exits in long-running handlers.
  • score: 4

function flushEdgeTracing

  • file: supabase/functions/_shared/ai/tracing.ts:94
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Flush pending observations. Edge functions are short-lived, so spans must beforced out before the runtime freezes. Prefer the non-blocking when available; otherwise await directly. No-op when disabled. Never throws.
  • score: 4

function formatBytes

  • file: supabase/functions/_shared/email-templates/base-layout.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Format bytes to human-readable stringHandles negative values defensively
  • score: 4

function formatDate

  • file: supabase/functions/_shared/email-templates/base-layout.ts:45
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Format date to localized string
  • params:
    • locale — Optional locale string (defaults to ‘en-US’)
  • score: 4

function fourFifthsRuleViolation

  • file: supabase/functions/pm-ai-fairness-monitor/scoring.ts:129
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns true if the given disparity ratio indicates a four-fifths ruleviolation (ratio strictly less than DISPARITY_THRESHOLD = 0.8).
  • params:
    • ratio — Disparity ratio from computeDisparityRatio
  • score: 4

function generate270Segments

  • file: supabase/functions/_shared/x12/generate-270.ts:32
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generate 270 eligibility inquiry segments (between ST/SE envelope).
  • score: 4

function generate837PSegments

  • file: supabase/functions/_shared/x12/generate-837p.ts:69
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generate 837P claim segments (between ST/SE envelope).
  • score: 4

function generateAdminConsentUrl

  • file: supabase/functions/_shared/entra-client.ts:424
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build an admin consent URL that redirects an administrator to grant tenant-wide permissions. Constructs a Microsoft identity platform admin consent URL for the given tenant and application.If and are provided, a cryptographically random UUID is generated as the parameter and stored server-side in for secure callback validation.
  • params:
    • tenantId — Microsoft tenant (directory) ID; example: or a GUID.
    • clientId — Azure AD application (client) ID; example: .
    • redirectUri — Absolute callback URL that will receive the authorization code; must match an app-registered redirect URI.
    • organizationId — Optional organization identifier for callback correlation; stored server-side, not exposed in URL.
    • supabaseClient — Optional Supabase client (service role) for storing state; required if organizationId is provided.
  • returns: Promisestring An admin consent URL that an administrator can visit to grant the app permissions for the specified tenant.
  • example: | // Example including organization context with secure stateconst url = await generateAdminConsentUrl( ‘contoso.onmicrosoft.com’, ‘01234567-89ab-cdef-0123-456789abcdef’, ‘https://app.example.com/auth/callback’, ‘org_98765’, supabaseAdminClient);
  • score: 4

function generateHubspotOAuthNonce

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:43
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generates a cryptographically random hex nonce.
  • score: 4

function generateOAuthState

  • file: supabase/functions/_shared/google-workspace-oauth.ts:19
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generates a cryptographically random hex OAuth state token.
  • score: 4

function generatePkcePair

  • file: supabase/functions/_shared/google-workspace-oauth.ts:26
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generates a PKCE verifier/challenge pair using SHA-256.
  • score: 4

function generateSecurePassword

  • file: supabase/functions/_shared/entra-client.ts:178
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generate a secure password meeting Azure AD requirements.Requirements:- Minimum 16 characters (we use 20)- At least one uppercase letter- At least one lowercase letter- At least one number- At least one symbol
  • returns: Secure random password
  • score: 4

function generateTemporaryPassword

  • file: supabase/functions/_shared/google-workspace-client.ts:804
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Generate a temporary password meeting Workspace minimum complexity. Caller forcespassword change at first login when calling .
  • score: 4

function getAccessTokenForBankAccount

  • file: supabase/functions/_shared/vault-credentials.ts:264
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a bank account’s Plaid access token, vault-first: look it up inpf_credential_vault by the item’s source coordinates, and fall back to the legacyplaintext plaid_access_token column during the vault migration. Returns null whenneither is present.
  • score: 4

function getAccounts

  • file: supabase/functions/_shared/plaid-client.ts:458
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get accounts for an item
  • score: 1

function getACHReturnDescription

  • file: supabase/functions/_shared/plaid-client.ts:1193
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get human-readable description for ACH return code
  • score: 4

function getAllowlistedMcpServers

  • file: supabase/functions/_shared/mcp-config.ts:25
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse and return the list of allowlisted MCP server identifiers.Reads from env var (comma-separated server IDs).Returns empty array if unset or empty.
  • returns: Array of allowlisted MCP server identifiers
  • score: 4

function getApplicationToken

  • file: supabase/functions/_shared/entra-client.ts:228
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get an access token using client credentials flow.Implements token caching to reduce API calls.
  • params:
    • credentials — Azure AD app credentials
    • correlationId — Request correlation ID for logging
  • returns: Access token string
  • score: 4

function getBalanceForAccount

  • file: supabase/functions/_shared/plaid-client.ts:650
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract balance for a specific Plaid account from a balance/get response.Use this instead of accounts[0] when an Item has multiple accounts so thecorrect account’s balance is applied. Prefers current, fallback to available.
  • score: 4

function getBalances

  • file: supabase/functions/_shared/plaid-client.ts:632
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get account balances (dedicated endpoint, faster than /accounts/get)Uses /accounts/balance/get which fetches real-time balance from the bank.
  • see:
  • score: 4

function getBusinessHoursBetween

  • file: supabase/functions/_shared/business-calendar.ts:210
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Calculates business hours between two timestamps.
  • score: 4

function getClientIp

  • file: supabase/functions/_shared/ip-security.ts:21
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract client IP from request headers.
  • score: 4

function getCorsHeaders

  • file: supabase/functions/_shared/cors.ts:104
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute CORS response headers scoped to a request Origin, allowing only validated or default origins. Resolves a safe Access-Control-Allow-Origin value based on the incoming header, an optional environment allowlist, and a set of default origins. Includes required CORS headers (Allow-Headers, Allow-Methods, Vary) and conditionally adds when the origin is not the wildcard. Designed to avoid reflecting arbitrary origins in production while permitting validated Lovable platform domains and local development origins when appropriate.
  • params:
    • requestOrigin — The raw header from the incoming request. The value is normalized for comparison (lowercased, trailing slash removed) and may be returned verbatim only if it matches known Lovable domain patterns or is explicitly allowed. Example: “https://app.lovable.app
  • returns: Recordstring, string - A headers object containing: - : the resolved origin or fallback - : allowed request headers - : allowed HTTP methods - : “Origin” - : “true” when the resolved origin is not
  • example: | const headers = getCorsHeaders(‘https://preview—myapp.lovable.app’);// headers[‘Access-Control-Allow-Origin’] = ‘https://preview—myapp.lovable.app’ (if validated) This function will only reflect origins that are validated against the configured allowlist, the built-in defaults, or approved Lovable domain patterns. In production unknown origins are not reflected to prevent open CORS; localhosts may be reflected in non-production environments for debugging.
  • score: 4

function getDefaultMappings

  • file: supabase/functions/_shared/transforms/business-central-to-fa.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides get default mappings functionality.
  • score: 4

function getDefaultMappings

  • file: supabase/functions/_shared/transforms/ringcentral-to-ce.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides get default mappings functionality.
  • score: 4

function getDefaultMappings

  • file: supabase/functions/_shared/transforms/rippling-to-hr.ts:18
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides get default mappings functionality.
  • score: 4

function getDefaultMappings

  • file: supabase/functions/_shared/transforms/sage-intacct-to-fa.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides get default mappings functionality.
  • score: 4

function getDirectoryAuditLogs

  • file: supabase/functions/_shared/entra-client.ts:1673
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get directory audit logs for the tenant.Requires AuditLog.Read.All.Use for tracking permission changes, role assignments, and compliance auditing.
  • score: 4

function getEmailProviderConfig

  • file: supabase/functions/_shared/email-provider.ts:108
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get email provider configuration for an organization.Fetches HR module settings and Entra/Gmail configuration if applicable.Sender resolution order:1. Module-specific sender (e.g. fa_module_settings.email_sender_address)2. Org default sender (pf_organizations.settings.entra_sender_email / gmail_sender_email)3. HR module from address (legacy fallback)
  • params:
    • moduleCode — Optional module code to check for per-module sender override
  • score: 4

function getEntraAccessTokenForUser

  • file: supabase/functions/email-sync-outlook/index.ts:694
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-63: Get access token for Entra-provisioned account syncThis can be used when syncing emails for users who have Entra-provisionedaccounts but haven’t individually connected their OAuth tokens.
  • score: 4

function getEntraCredentials

  • file: supabase/functions/_shared/entra-credentials.ts:82
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve full Entra credentials (tenant + app + secret) for an org.Resolves the secret and provenance via the shared internal resolver so thecaller can log/audit provenance (‘vault’ vs ‘env’). Falls back toENTRA_CLIENT_SECRET env var during the migration window while orgs rotateto per-org vault secrets.
  • params:
    • supabase — Service-role Supabase client.
    • orgId — The organization UUID to look up credentials for.
    • _correlationId — Reserved for structured logging; not yet used.
  • score: 4

function getEnvOrDefault

  • file: supabase/functions/_shared/env.ts:80
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get an environment variable with a default fallback.
  • params:
    • name — Environment variable name
    • defaultValue — Value to return if the variable is not set
  • returns: The environment variable value or the default
  • example: | const timeout = getEnvOrDefault(‘REQUEST_TIMEOUT_MS’, ‘5000’);
  • score: 4

function getFileDownloadUrl

  • file: supabase/functions/_shared/entra-client.ts:1429
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a download URL for a file in SharePoint.The URL is temporary and pre-authenticated.Requires Files.ReadWrite.All or Sites.Read.All.
  • score: 4

function getFreshCalendarAccessToken

  • file: supabase/functions/_shared/calendar-token.ts:111
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a fresh access token for a calendar connection.Microsoft connections are passed through unchanged (refresh is a separateMicrosoft-Graph flow not yet handled here — WS5). Google connections arevault-resolved and refreshed via the unified Google client.
  • score: 4

function getJurisdictionProfile

  • file: supabase/functions/_shared/jurisdiction.ts:42
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolves the effective jurisdiction profile for an org + optional site.Calls the RPC which merges:Federal Baseline → State Profile → Org Overrides → Site Overrides.
  • params:
    • client — Authenticated Supabase client (service_role or user-scoped).
    • orgId — Organization UUID.
    • siteId — Optional site UUID for site-level overrides.
  • returns: Merged jurisdiction profile, or null if no profile is configured.
  • score: 4

function getMailboxSettings

  • file: supabase/functions/_shared/entra-client.ts:1701
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s mailbox settings including Out-of-Office status.Requires MailboxSettings.Read (covered by User.Read.All for basic info,or MailboxSettings.Read for full automatic-replies detail).
  • score: 4

function getPeriodForDate

  • file: supabase/functions/fa-gr-compliance-cost-consumer/index.ts:196
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: FA-34 AC-1: resolve the fiscal period whose date range covers . fa_journal_entries.period_id is NOT NULL, so a compliance-cost JE cannot be created without one. Mirrors thecanonical getPeriodForDate in fa-consume-pm-payment-events. Returns null when no period coversthe date (caller fails loudly rather than guessing).
  • score: 4

function getPublishedCodingDisclosure

  • file: supabase/functions/_shared/pm-coding-gate.ts:65
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: CL-65 DSI interlock: check for a published disclosure row scoped to THISfeature.Narrows the lookup to (organization_id, model_id, model_version,status=published, ai_feature_key=‘pm.ai_coding’) so the PM coding disclosure —not another feature’s published row on the same model — gates this function.Mirrors the feature-key narrowing in cl-ai-chart-summary and pm-ai-appeal-letternow that the CL-65 column has landed (#1618). Any query error(including a pre-#1618 stack missing the column) resolves to NOT published →fail closed (ONC HTI-1 §170.315(b)(11)). PM-64 FR-003, FR-010
  • score: 4

function getPublishedDenialDisclosure

  • file: supabase/functions/_shared/pm-denial-gate.ts:77
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: CL-65 DSI interlock: is there a PUBLISHED disclosure row scoped to THIS feature?Matches an org-scoped OR platform-scoped published row forai_feature_key=‘pm.denial_prediction’. Any query error (including a pre-#1618stack missing the / columns) OR a thrown exceptionresolves to NOT published → fail closed (ONC HTI-1 §170.315(b)(11)). Mirrorsthe org-or-platform narrowing used by pm-ai-appeal-letter. PM-50-EN-01 FR-5
  • score: 4

function getReportDeliverySubject

  • file: supabase/functions/_shared/email-templates/report-delivery.ts:147
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get the email subject for report delivery
  • score: 4

function getReportFailedSubject

  • file: supabase/functions/_shared/email-templates/report-failed.ts:133
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get the email subject for report failure
  • score: 4

function getScopesForCapabilities

  • file: supabase/functions/_shared/google-workspace-client.ts:58
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Return the de-duplicated Google OAuth scope list required by selected PF-101 capabilities.
  • score: 4

function getSignInLogs

  • file: supabase/functions/_shared/entra-client.ts:1627
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get sign-in audit logs for the tenant.Requires AuditLog.Read.All.Use for compliance monitoring and security reporting in the GR module.
  • score: 4

function getSmsProviderConfig

  • file: supabase/functions/_shared/sms-provider.ts:78
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get SMS provider configuration for an organization
  • params:
    • supabase — Supabase client
    • organizationId — Organization UUID
  • returns: Provider configuration or null if not configured
  • score: 4

function getTeamMembershipId

  • file: supabase/functions/_shared/entra-client.ts:781
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s team membership ID.
  • score: 4

function getToolsForCategory

  • file: supabase/functions/_shared/tool-handlers.ts:123
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get tool definitions available for a skill category.
  • score: 4

function getTransactions

  • file: supabase/functions/_shared/plaid-client.ts:678
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get transactions for a specific date range using /transactions/getUnlike /transactions/sync (incremental), this endpoint supports date-range queries.Caller must handle pagination via offset.
  • see:
  • score: 4

function getTransfer

  • file: supabase/functions/_shared/plaid-client.ts:1089
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get details of a specific transfer
  • score: 4

function getTransferIntent

  • file: supabase/functions/_shared/plaid-client.ts:1302
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get transfer intent status and transfer_id after Transfer UI completion.
  • score: 4

function getUrgencyLevel

  • file: supabase/functions/_shared/notification-utils.ts:375
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine urgency level based on days until due.
  • score: 4

function getUser

  • file: supabase/functions/_shared/entra-client.ts:638
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get user by ID or userPrincipalName.
  • params:
    • credentials — Azure AD app credentials
    • userId — Entra user ID or UPN
    • correlationId — Request correlation ID
  • returns: User data or null if not found
  • score: 4

function getUserDirectReports

  • file: supabase/functions/_shared/entra-client.ts:1134
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s direct reports from the Entra directory.Requires User.Read.All (already included).
  • score: 4

function getUserManager

  • file: supabase/functions/_shared/entra-client.ts:1110
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s manager from the Entra directory.Requires User.Read.All (already included).
  • score: 4

function getUserPhoto

  • file: supabase/functions/_shared/entra-client.ts:1162
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s profile photo as a base64 data URL.Requires User.Read.All (already included).Returns null if user has no photo set.
  • score: 4

function getUserPresence

  • file: supabase/functions/_shared/entra-client.ts:1047
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a user’s Teams presence/availability status.Requires Presence.Read.All application permission.
  • score: 4

function getUserPresenceBatch

  • file: supabase/functions/_shared/entra-client.ts:1072
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get batch presence for multiple users (up to 650 per call).Requires Presence.Read.All application permission.
  • score: 4

function getWebhookVerificationKey

  • file: supabase/functions/_shared/plaid-client.ts:700
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get webhook verification key for JWT validation
  • score: 4

function governAgentAction

  • file: supabase/functions/_shared/ai/agent-action-governance.ts:93
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide whether a proposed agent tool call may proceed, must be held for approval, or must beblocked (FR-3/FR-10/FR-13/FR-17). See the module doc for the flag-OFF / fail-closed contract.
  • params:
    • ctx — The action context (no PHI; carries the redacted ).
    • deps — Injected collaborators (flag read, rule set, approval RPC, PHI-access emitter).
  • score: 4

function graphApiCall

  • file: supabase/functions/_shared/entra-client.ts:289
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Make a Graph API call with automatic retry for transient errors.
  • params:
    • options — Request options
  • returns: API response data
  • score: 4

function groupCodeToAppType

  • file: supabase/functions/process-era/orphan-helpers.ts:76
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map CAS group code to application_type (aligned to DB CHECK).
  • score: 4

function handleRequest

  • file: supabase/functions/calendar-schedule/index.ts:126
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: HTTP entrypoint: CORS, auth, tenant authorization, then the schedule pipeline.The port-binding registration is guarded by soimporting this module in a test does not bind a socket.
  • score: 4

function handleRequest

  • file: supabase/functions/calendar-task-push/index.ts:253
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: HTTP entrypoint: CORS, auth, tenant authorization, then the fail-open pipeline.Exported so it can be exercised by an integration harness; the port-binding registration is guarded by so importing thismodule in a unit test does not bind a socket.
  • score: 4

function handleRequest

  • file: supabase/functions/cl-dosespot-webhook/index.ts:105
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: The webhook request handler. Exported so unit tests can exercise it withoutbinding a network port (the live bind is gated on below).
  • score: 4

function handleRequest

  • file: supabase/functions/intake-agent-run/handler.ts:86
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Injectable handler core (unit-testable without a live stack).
  • score: 4

function handleRequest

  • file: supabase/functions/pf_widget_query/index.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Data-capability broker: returns a count of an allowlisted, org-scoped table so dashboardplugins/custom widgets can read aggregates without direct table access. Enforces, in order:caller-JWT auth (no service-role), server-side table/op allowlist, org membership, then thecount UNDER the caller’s JWT so RLS applies. Errors are sanitized (no SQL/PHI leak).
  • params:
    • req — The incoming HTTP request; JSON body .
    • deps — Injectable auth collaborators; defaults to the real _shared/auth helpers.
  • returns: A JSON Response: on success, or with a 4xx/5xx status.
  • score: 4

function handleRequest

  • file: supabase/functions/plaid-apply-rules/index.ts:204
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: HTTP entrypoint: CORS, caller auth, tenant authorization, then the rulepipeline. The port-binding registration is guarded by so importing this module in a test does not bind a socket.
  • score: 4

function hashContent

  • file: supabase/functions/_shared/gr-regulatory-content.ts:116
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: SHA-256 hash of normalized content using the Web Crypto API.Compatible with Deno and Node 18+ (globalThis.crypto.subtle).
  • score: 4

function hashPayload

  • file: supabase/functions/proliant-sync/push-idempotency.ts:36
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: SHA-256 hex of a stable JSON serialization of .
  • score: 4

function hashToken

  • file: supabase/functions/_shared/analytics/embed-token.ts:107
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Lowercase-hex SHA-256 of a string (the value persisted as ).
  • score: 4

function hasScope

  • file: supabase/functions/_shared/machine-auth.ts:137
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check whether a required scope is satisfied by the granted scopes.Supports wildcard matching: matches .
  • params:
    • required — The scope to check (e.g. ‘pf.users.read’)
    • granted — Array of granted scopes (may include wildcards like ‘pf.*’)
  • returns: true if any granted scope satisfies the requirement
  • score: 4

function hexToRgb

  • file: supabase/functions/_shared/compliance-contrast.ts:9
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse hex color to [r, g, b] (0–255).
  • score: 4

function hl7AckResponse

  • file: supabase/functions/cl-lab-result-ingestion/ack-response.ts:59
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Create an HL7v2 ACK Response object with correct Content-Type.
  • score: 4

function initEdgeSentry

  • file: supabase/functions/_shared/sentry-edge.ts:28
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Initialize Sentry for an edge function. Safe to call multiple times (idempotent).No-op if SENTRY_DSN env var is not set.
  • score: 4

function initialCheckpoint

  • file: supabase/functions/proliant-sync/pull-checkpoint.ts:97
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build a fresh checkpoint for an invocation that starts a brand-new pull.
  • score: 4

function insertComplianceAuditEntry

  • file: supabase/functions/_shared/fw-compliance-audit.ts:105
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Insert a compliance audit entry using the service-role client.The payload is sanitized to strip potential PHI beforepersisting to the immutable table.
  • params:
    • supabase — A service-role Supabase client.
    • entry — The audit entry parameters.
  • score: 4

function insertExecutionLog

  • file: supabase/functions/_shared/executionHelpers.ts:175
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Insert a single execution log
  • score: 1

function insertExecutionLogs

  • file: supabase/functions/_shared/executionHelpers.ts:206
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Batch insert execution logs for efficiency
  • score: 4

function insertOrphanLine

  • file: supabase/functions/process-era/orphan-helpers.ts:56
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Insert an orphan line. Returns so the caller can appendto its collection without throwing.
  • score: 4

function interactiveToolsEnabled

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:322
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fail-safe read of the PF-45 interactive-tools flag via .Any error → returns (tools stay off). The sentinel is neverpassed as a uuid (edge-function caller pitfall).
  • score: 4

function interpolate

  • file: supabase/functions/_shared/email-templates/base-layout.ts:16
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Interpolate template variables using variable syntax
  • score: 4

function invokeMcpTool

  • file: supabase/functions/_shared/mcp-client.ts:80
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Invoke an MCP tool via HTTP POST (JSON-RPC 2.0 format).Applies PHI detection on outbound arguments and inbound response.Retries up to MAX_RETRIES times with exponential backoff on transient failures.
  • params:
    • connection — Active MCP connection
    • toolName — Name of the tool to invoke
    • args — Tool arguments
  • returns: Invocation result
  • score: 4

function isAgentRunState

  • file: supabase/functions/_shared/ai/agent-run-states.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when is a known run-state value (narrows /).
  • score: 4

function isAllowedReturnOrigin

  • file: supabase/functions/_shared/google-workspace-oauth.ts:139
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns true when a callback return origin is whitelisted.
  • score: 4

function isBehavioralHealthServiceType

  • file: supabase/functions/_shared/pm/service-type-mapper.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine whether a service type is behavioral-health relevant.
  • score: 4

function isBreach

  • file: supabase/functions/pm-ai-fairness-monitor/scoring.ts:148
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determines whether a metric row should trigger a compliance alert.Two independent breach paths (either can trigger):1. Four-fifths rule: disparity ratio below 0.8 (adverse impact threshold)2. Drift: |z-score| ≥ DRIFT_Z_THRESHOLD (2.0σ from rolling mean)
  • params:
    • disparityRatio — From computeDisparityRatio for this class_value
    • driftZScore — From computeZScore; 0 if suppressed
    • thresholds — Optional overrides (for testing / future config)
  • score: 4

function isBusinessDay

  • file: supabase/functions/_shared/business-calendar.ts:112
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Checks if a date is a business day.
  • score: 4

function isBusinessHour

  • file: supabase/functions/_shared/business-calendar.ts:124
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Checks if a timestamp falls within business hours.
  • score: 4

function isContactSuppressed

  • file: supabase/functions/_shared/ce-suppression.ts:23
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check whether a contact has an active suppression for the given channel.Returns when contactId is missing — callersshould resolve a contact first when possible.
  • score: 4

function isDeadlineReached

  • file: supabase/functions/proliant-scheduled-sync/dispatch-bounds.ts:81
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True once the wall-clock deadline for this tick has been reached. The callerchecks this BEFORE starting each per-org fetch so any remaining orgs arecounted as rather than risking a mid-fetch hard kill by the edgeruntime (which would orphan the summary).
  • score: 4

function isDuplicateNotification

  • file: supabase/functions/_shared/notification-utils.ts:119
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if a notification of the same type/reference was already sentwithin the specified time window.This prevents duplicate notifications when cron jobs run multiple timesor when items are processed repeatedly.
  • params:
    • supabase — Supabase client (service role recommended)
    • params — Dedup check parameters
  • returns: true if a matching notification already exists
  • example: | const isDuplicate = await isDuplicateNotification(supabase, userId: officer.user_id, notificationType: ‘compliance_check_overdue’, referenceId: requirement.id, windowHours: 24,);
  • score: 4

function isEncoreAuthoritative

  • file: supabase/functions/proliant-sync/sor-direction.ts:42
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when Encore is the system of record for (a write-back field).
  • score: 4

function isEnvSet

  • file: supabase/functions/_shared/env.ts:97
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if an environment variable is set (non-empty).
  • params:
    • name — Environment variable name
  • returns: true if the variable is set and non-empty
  • example: | if (isEnvSet(‘FEATURE_FLAG_NEW_UI’)) // use new UI
  • score: 4

function isGatedTier

  • file: supabase/functions/_shared/ai/agent-action-classifier.ts:181
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when a tier requires a human approval hold before the action may execute.
  • score: 4

function isHoliday

  • file: supabase/functions/_shared/business-calendar.ts:104
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Checks if a date is a full-day holiday.
  • score: 4

function isIpAllowlisted

  • file: supabase/functions/_shared/ip-security.ts:141
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if an IP is in the allowlist.
  • score: 4

function isIpBlocked

  • file: supabase/functions/_shared/ip-security.ts:103
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if an IP is in the blocklist.Fails closed: returns true (blocked) on invalid input or DB errors.
  • score: 4

function isLegalTransition

  • file: supabase/functions/_shared/ai/agent-run-states.ts:85
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when is an allowed transition in the run-state graph.Self-transitions () are not legal. Unknown states return .This is a client-side pre-check only; the governed RPC is the authority (FR-2).
  • score: 4

function isMcpEnabled

  • file: supabase/functions/_shared/mcp-config.ts:50
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check whether the MCP feature flag is enabled.Reads env var; defaults to when unset.
  • returns: true if MCP is enabled
  • score: 4

function isNonProdRuntime

  • file: supabase/functions/_shared/weno/transport.ts:109
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Server-trusted prod detection. Production is the projectref (see scripts/utils/test-environment-isolation.ts). Anything else — local,staging/dev2 — is non-prod and may use the fixture transport.
  • score: 4

function isPhiKey

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:201
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when a key name is PHI-bearing (its normalized form contains a stem).
  • score: 4

function isPollDue

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:42
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Due when never polled, the timestamp is unusable, or the interval elapsed.
  • score: 4

function isPrivateIp

  • file: supabase/functions/_shared/ssrf-guard.ts:81
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True if is an IP literal (v4 or v6) in a private/reserved range.
  • score: 4

function isPushApplied

  • file: supabase/functions/proliant-sync/push-idempotency.ts:67
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when this exact push was already applied (caller should skip/replay).
  • score: 4

function isQuietHour

  • file: supabase/functions/_shared/tcpa-consent.ts:81
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns true when the current time falls within quiet hours(before 8 AM or at/after 9 PM) in the given timezone.
  • score: 4

function isReauthRequired

  • file: supabase/functions/_shared/plaid-client.ts:778
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if Plaid error indicates need for re-authentication
  • score: 4

function isRefreshDue

  • file: supabase/functions/_shared/gr-impact-classifier.ts:216
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if an impact row is due for a PF-61 refresh attempt.Due = pf_kb_refresh_status IN (‘queued’, ‘retrying’) and next attempt time = now.
  • score: 4

function isRipplingBenefitsReport

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:67
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detects whether CSV headers match the Rippling Insurance Enrollment Report format.
  • score: 4

function isRipplingCobraReport

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:79
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Detects whether CSV headers match the Rippling COBRA Enrollment Report format.
  • score: 4

function isSafeRegulatoryUrl

  • file: supabase/functions/_shared/gr-regulatory-content.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Return true when the URL is safe to fetch.Rejects private/loopback IPs, non-http(s) schemes, and non-allow-listed hostnames.
  • score: 4

function isServiceRoleRequest

  • file: supabase/functions/_shared/auth.ts:76
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when the request carries a service-role credential — either the injectedSUPABASE_SERVICE_ROLE_KEY verbatim (cron / pg_net internal calls) or agateway-verified JWT with . Use in cron/server-to-serverhandlers that must reject all user and anonymous callers (defense in depthwhen the function is reachable without gateway verify_jwt).
  • score: 4

function isSkillRunnable

  • file: supabase/functions/_shared/skill-agent.ts:130
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: PF-120 FR-2 — lifecycle load gate (pure, no I/O).A skill may be loaded by the runtime only when it is a system skill(, pre-blessed) OR its is one of / . Anything else (draft, in_review, archived, or aNULL/unknown status on a non-system row) is refused → the caller falls backto the module default / .
  • params:
    • skill — the loaded skill governance fields
  • returns: true if the skill is allowed to drive AI
  • score: 4

function isSuccessOutcome

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:345
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Outcomes that make a redelivery of the same (external_id, occurred_at,event_type) a no-op (AC-6). is NOT a success — a freshdelivery after a dead-letter may legitimately retry.
  • score: 4

function isSudCarc

  • file: supabase/functions/_shared/pm-appeal-gate.ts:71
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns true if the CARC code is associated with SUD-coded services.Used to gate the 42 CFR Part 2 consent check in the edge function.Comparison is case-normalised (upper-case) so ‘co-96’ and ‘CO-96’ both match. PM-29-EN-01 FR-4
  • score: 4

function isSudSensitiveResourceType

  • file: supabase/functions/fhir-r4/consent-check.ts:68
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Determine if a resource type contains SUD/Part 2 data.SUD conditions, SUD medications, and related resources need Part 2 consent.
  • score: 4

function isTerminalRunState

  • file: supabase/functions/_shared/ai/agent-run-states.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when is a terminal state (no outgoing transitions, FR-7).
  • score: 4

function isTerminalSmsStatus

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:159
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if status indicates a terminal state (no further updates expected)
  • score: 4

function isTokenExpiringSoon

  • file: supabase/functions/_shared/outlook-client.ts:380
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if a token needs refresh (expires within 5 minutes)
  • score: 4

function isTracingEnabled

  • file: supabase/functions/_shared/ai/tracing.ts:84
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Whether tracing is active (keys present + init succeeded).
  • score: 4

function isTransferReturn

  • file: supabase/functions/_shared/plaid-client.ts:1184
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if a transfer failure is a return (vs other failure)
  • score: 4

function isUnmatchedProfileRow

  • file: supabase/functions/hr-proliant-create-profile-from-pending/identity.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True if the row is a remediable unmatched-profile row (vs a data conflict).
  • score: 4

function isUpnAvailable

  • file: supabase/functions/_shared/entra-client.ts:671
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if a userPrincipalName (email) is available.
  • params:
    • credentials — Azure AD app credentials
    • upn — User principal name to check
    • correlationId — Request correlation ID
  • returns: True if available, false if taken
  • score: 4

function isValidE164

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:211
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate E.164 phone number format
  • score: 4

function isValidEncoreField

  • file: supabase/functions/_shared/ce-hubspot-mappings.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when the field is selectable for the given object type.
  • score: 4

function isWellFormedApiVersion

  • file: supabase/functions/_shared/versioning-core.ts:19
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check whether a version string matches the well-formed format (e.g. , ).
  • params:
    • v — The raw header value (may be null).
  • returns: if matches .
  • score: 4

function isWithinBusinessHours

  • file: supabase/functions/_shared/sms-provider.ts:203
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check if current time is within business hours
  • params:
    • startTime — HH:MM format (e.g., “09:00”)
    • endTime — HH:MM format (e.g., “18:00”)
    • timezone — IANA timezone (defaults to America/New_York)
  • returns: true if within business hours
  • score: 4

function iterateBannerCsv

  • file: supabase/functions/_shared/weno/csv.ts:34
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Iterate a banner+header CSV: skip lines until isHeaderRow(cells) is true,then yield header-keyed rows. Lines that match isHeaderRow are treated as(re-)headers and never yielded as data — calling onHeaders each time theyappear. This allows drift detection when a vendor appends new columns.
  • score: 4

function iterateDirectoryCsv

  • file: supabase/functions/cl-weno-directory-ingest/parse-archive.ts:36
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Stream CSV data rows as header-keyed objects WITHOUT materializing them all —the real full directory is ~89k rows / ~6 MB and must stay within the edgeruntime’s memory limit. receives the header row once (for drift).
  • score: 4

function jsonHeaders

  • file: supabase/functions/_shared/auth.ts:332
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Helper to create CORS headers with JSON content type
  • score: 4

function listChannelTabs

  • file: supabase/functions/_shared/entra-client.ts:1563
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List tabs in a Teams channel.Requires TeamsTab.Read.All or TeamsTab.ReadWrite.All.
  • score: 4

function listDriveItems

  • file: supabase/functions/_shared/entra-client.ts:1310
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List items in a SharePoint site’s document library root or a specific folder.Requires Sites.Read.All or Files.ReadWrite.All.
  • score: 4

function listIntakeProviderAvailabilityDeno

  • file: supabase/functions/intake-agent-run/provider-availability.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Read caseloads + appointment schedule blocks, rank lowest-utilization-first.
  • score: 4

function listSharePointSites

  • file: supabase/functions/_shared/entra-client.ts:837
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List SharePoint sites.
  • score: 1

function listSiteGroups

  • file: supabase/functions/_shared/entra-client.ts:858
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List groups associated with a SharePoint site.
  • score: 4

function listTeamChannels

  • file: supabase/functions/_shared/entra-client.ts:708
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List channels in a team.
  • score: 1

function listTeams

  • file: supabase/functions/_shared/entra-client.ts:687
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List all Teams in the tenant.
  • score: 1

function listTransferEvents

  • file: supabase/functions/_shared/plaid-client.ts:1121
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List transfer events (for reconciliation and webhook verification)
  • score: 4

function listTransfers

  • file: supabase/functions/_shared/plaid-client.ts:1100
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: List transfers with optional filters
  • score: 4

function loadConnection

  • file: supabase/functions/_shared/google-workspace-client.ts:126
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Load the tenant’s PF-101 Workspace connection metadata and capability flags.
  • score: 4

function loadEffectiveLimits

  • file: supabase/functions/_shared/fw-rate-limit.ts:121
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Load org-level (workflow_definition_id IS NULL) and per-workflow active limit rowsfor this org in a single indexed read, then resolve the effective ceiling perlimit type. Precedence (FR-1.1 / US-2): a workflow row overrides the org row forthe same limit_type, BUT the effective workflow value is clamped to the org value— “effective workflow limits cannot exceed org-level limits”.
  • score: 4

function loadEmployeeFieldMappings

  • file: supabase/functions/proliant-sync/field-mapper.ts:141
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Merge org field-mapping overrides onto the default key map for a direction.Pull starts from the built-in defaults; push starts empty (overrides only).
  • score: 4

function loadHeldScopes

  • file: supabase/functions/intake-agent-run/run-intake.ts:134
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Look up which of the candidate scopes the staff member holds. — the scope stringIS the permission key (PF-30 identity mapping). p_user_id has no auth.uid() fallback, so theauthorizing staff id MUST be passed explicitly.
  • score: 4

function makeFixtureTransport

  • file: supabase/functions/_shared/weno/transport.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Fixture transport built from base64 payloads supplied in the request body.
  • score: 4

function mapAbnormalFlag

  • file: supabase/functions/cl-lab-result-ingestion/result-mapper.ts:15
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map HL7 Table 0078 or FHIR interpretation codes to CL-09 abnormal_flag values.
  • score: 4

function mapCobraReason

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:254
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Maps a Rippling COBRA reason string to an hr_cobra_events.qualifying_event enum value.
  • score: 4

function mapCondition

  • file: supabase/functions/fhir-r4/condition-mapper.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides map condition functionality.
  • score: 4

function mapEncoreEmployeeToProliant

  • file: supabase/functions/proliant-sync/field-mapper.ts:349
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the Proliant employee push payload () from anEncore , applying any push-direction field overrides.
  • score: 4

function mapErrorToConnectionStatus

  • file: supabase/functions/_shared/plaid-client.ts:795
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map Plaid error to connection status
  • score: 4

function mapFHIRToResult

  • file: supabase/functions/cl-lab-result-ingestion/result-mapper.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map a parsed FHIR Observation to the common MappedResult shape.
  • score: 4

function mapLookupToCodeRows

  • file: supabase/functions/proliant-code-lookup/lookup-mapper.ts:46
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Transform raw Proliant lookup results into rows.Reads the code from (live API) or (legacy fixtures), dropsentries with a missing/blank code, trims it, and marks each row so an admin can later assign the Encore target value.
  • score: 4

function mapMedicationRequest

  • file: supabase/functions/fhir-r4/medication-mapper.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides map medication request functionality.
  • score: 4

function mapOBXToResult

  • file: supabase/functions/cl-lab-result-ingestion/result-mapper.ts:51
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map a parsed HL7v2 OBX segment to the common MappedResult shape.
  • score: 4

function mapPatient

  • file: supabase/functions/fhir-r4/patient-mapper.ts:11
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Provides map patient functionality.
  • score: 4

function mapPharmacyRow

  • file: supabase/functions/_shared/weno/pharmacy-mapping.ts:89
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map a single header-keyed directory row to a PharmacyRecord (null if no name).
  • score: 4

function mapPlaidTransaction

  • file: supabase/functions/_shared/plaid-client.ts:727
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map Plaid transaction to database formatPlaid amounts are negative for debits (outflows) and positive for credits (inflows)
  • score: 4

function mapProcedureCategoryToQI

  • file: supabase/functions/gr-procedure-gap-consumer/buildQIDraftFromGap.ts:62
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map (clinical|operational|safety|hr|financial|it|emergency|other)to a value accepted by (clinical|operational|safety|compliance|outcomes).
  • score: 4

function mapProliantEmployee

  • file: supabase/functions/proliant-sync/field-mapper.ts:252
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map a raw Proliant employee record to the Encore ,resolving each field via the (optionally overridden) key map. Names live onthe linked profile; use before writing hr_employees.
  • score: 4

function mapProviderStatus

  • file: supabase/functions/_shared/sms-provider.ts:347
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map provider-specific status to normalized status.
  • params:
    • _provider — SMS provider (RingCentral)
    • providerStatus — Status string from provider
  • returns: Normalized status
  • score: 4

function mapReportList

  • file: supabase/functions/proliant-reports/report-list-mapper.ts:41
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map the vendor report-list envelope to the sanitized display list.Tolerates the / envelope variants (via ) andskips entries that are not objects or carry neither an id nor a title.
  • score: 4

function mapRingCentralSmsStatus

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:152
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map RingCentral SMS status to normalized status
  • score: 4

function mapServiceTypeCode

  • file: supabase/functions/_shared/pm/service-type-mapper.ts:42
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a service type code to a mapping. Unknown codes return apass-through mapping with category ‘other’.
  • score: 4

function mapTaxDocEntries

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:119
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map the (already employee-scoped) year-end TaxDoc envelope to metadata-onlyentries. The endpoint has no swagger response schema, so this tolerates asingle object or a list and falls back to the REQUESTED year + adeterministic synthetic id when the payload is content-only.
  • score: 4

function mapTaxFormList

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:94
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map the company-wide TaxForm search envelope to the requesting employee’smetadata-only entries. Entries belonging to other employees are dropped; never survives (the output shape has no content field).
  • score: 4

function mapTransactionType

  • file: supabase/functions/_shared/plaid-client.ts:755
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map Plaid transaction to a more specific transaction type.fa_bank_statement_lines.transaction_type now supports: ‘debit’, ‘credit’, ‘check’, ‘ach’, ‘wire’, ‘pos’, ‘fee’, ‘interest’, ‘transfer’Plaid convention: positive amount = outflow (debit), negative = inflow (credit)
  • score: 4

function mapTransferEventToPaymentStatus

  • file: supabase/functions/_shared/plaid-client.ts:1162
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map a Plaid transfer event (from /transfer/event/list or theTRANSFER_EVENTS_UPDATE webhook) to our payment-item status.Returns for non-status / sweep-lifecycle events (, ,, ) and any unmapped event (e.g. ),so callers skip them rather than persisting an illegal status.A event is disambiguated by its ACH return code: a return (R-code)maps to ; any other failure maps to .
  • score: 4

function mapTransferStatusToPaymentStatus

  • file: supabase/functions/_shared/plaid-client.ts:1130
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map Plaid transfer status to our payment item status
  • score: 4

function mask

  • file: supabase/functions/_shared/ai/tracing-mask.ts:23
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Backstop masking applied by Langfuse to every observation input/output/metadatabefore transmission. The tracing decorator already never attaches prompt orcompletion content, so this is defense-in-depth against an accidental leak.Redacts direct identifiers only; leaves structured metadata (model names,token counts) intact. is the stringified JSON of an attribute value (per Langfuse’s contract). Returns the redacted string.
  • score: 4

function meetsContrastAA

  • file: supabase/functions/_shared/compliance-contrast.ts:42
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check WCAG AA normal text contrast.
  • score: 4

function meetsContrastAALarge

  • file: supabase/functions/_shared/compliance-contrast.ts:47
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Check WCAG AA large text contrast.
  • score: 4

function mergeModuleOverrides

  • file: supabase/functions/provision-tenant/module-overrides.ts:122
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Merge request-level overrides onto the current pf_module_settings values.Returns the column set to UPDATE (plus key metadata for logging / step summaries).Never mutates its inputs.
  • score: 4

function mergeRetryPolicy

  • file: supabase/functions/_shared/fw-error-recovery-policy.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Merges rule-level defaults with node-level overrides.Node values take precedence; missing fields fall back to rule, then DB defaults.
  • score: 4

function mergeTaxDocuments

  • file: supabase/functions/proliant-tax-documents/tax-document-mapper.ts:142
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Merge per-source metadata lists into the display order: de-duplicated by id(first occurrence wins — pass the richer list first), sorted bytax year desc, then release date desc.
  • score: 4

function mergeTransactionCustomFields

  • file: supabase/functions/plaid-sync-worker/index.ts:60
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Merge refreshed Plaid-derived custom_fields INTO the stored JSONB instead of overwriting it.Existing keys not present in (e.g. written at insert, or any othermetadata) are preserved; values win on conflict; next-values are dropped soa missing Plaid field never clobbers a stored value with /null.
  • score: 4

function narrowScopesToHuman

  • file: supabase/functions/intake-agent-run/run-intake.ts:39
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Bounded-to-human: keep only requested scopes the authorizing staff actually holds.
  • score: 4

function needsTokenRefresh

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:268
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Refresh when the access token expires within the skew window (default 2 min).
  • score: 4

function neutralizeFetchedContent

  • file: supabase/functions/_shared/gr-regulatory-content.ts:300
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Neutralize external (UNTRUSTED) fetched regulatory content before it entersan AI prompt or is stored as system-interpreted text.Steps:1. Strip C0 control characters (except t, n, r).2. Remove lines that start with known prompt-injection prefixes.3. Truncate to maxChars (default 4 000) with a visible truncation marker.The function is pure (no I/O) and safe to call on any string, including empty.
  • params:
    • content — raw fetched content (may contain injection attempts)
    • opts — optional overrides for maxChars, alwaysAddSuffix
  • returns: neutralized string, safe for AI prompt inclusion
  • score: 4

function neutralizePortalResult

  • file: supabase/functions/_shared/portal-guard.ts:164
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Neutralize a portal result object before DB write.For each key whose value is a string: - If the string exceeds → truncate. - If the string contains a known injection marker → replace with a sentinel so the DB row is not polluted.Non-string values (numbers, booleans, nested objects) are passed through.The function returns a shallow clone; the input is not mutated.
  • params:
    • result — The raw object from the worker response (unknown shape — may contain confirmation numbers, extraction values, etc.).
  • score: 4

function neutralizeToolResult

  • file: supabase/functions/_shared/ai/tool-guard.ts:88
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Neutralize a tool-result string before it re-enters the model context.Operations (in order): 1. Strip C0 control chars (0x00–0x08, 0x0B–0x0C, 0x0E–0x1F) — preserves n and t. 2. If the string starts with a known injection-marker prefix, prepend a bracketed notice and remove the marker so it is no longer directive. 3. Truncate to (default 4000) characters.This function MUST NOT alter valid JSON structure — stripping n/t wouldcorrupt pretty-printed JSON returned by / .
  • score: 4

function nextBusinessDay

  • file: supabase/functions/_shared/business-calendar.ts:192
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns the next business day on or after the given date.
  • score: 4

function normalizeContent

  • file: supabase/functions/_shared/gr-regulatory-content.ts:97
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Strip scripts, styles, HTML tags, common entities, and collapse whitespace.Deliberately coarse to minimize false-positive hash changes from markup churn.Mirrors check-source-regulatory-changes.ts normalizeContent.
  • score: 4

function normalizeDeaSchedule

  • file: supabase/functions/_shared/weno/dea-schedule.ts:47
  • kind: function
  • core: edge-functions
  • spec: (none)
  • returns: canonical roman schedule () or when not a recognized controlled-substance schedule.
  • score: 1

function normalizeEmailKey

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:129
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Lowercased/trimmed email, or null when unusable.
  • score: 4

function normalizePhoneKey

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:136
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Last 10 digits of the phone, or null when fewer than 7 digits.
  • score: 4

function normalizeScopedEmployeeIds

  • file: supabase/functions/proliant-sync/push-scope.ts:16
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Clean a raw input into a scope set: keep only non-empty strings. in → out (no scope). An explicitly empty array ispreserved and treated downstream as “unscoped” (mirrors the gate).
  • score: 4

function normalizeToE164

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:219
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Normalize phone number to E.164 format (US numbers)
  • score: 4

function normalizeWebhookBatch

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:243
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Normalize a batch. R4: also fires a companion (no ordering guarantee) — when both appear for the sameobjectId in one batch, only the privacy_deletion work item is emitted.
  • score: 4

function normalizeWebhookEvent

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:196
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Normalize one raw event into a queue work item. Returns null forunsubscribed/unknown event types or malformed events (skipped, not fatal —HubSpot batches can mix subscription types).
  • score: 4

function opaqueTargetRef

  • file: supabase/functions/_shared/ai/agent-action-digest.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Opacity transform for a target reference. NOT a security hash — it exists only to keep ahuman-readable identifier (a name, an email, an MRN) out of the digest while preservingreferential equality for correlation. FNV-1a (32-bit) over the UTF-16 code units, hex-encoded.
  • score: 4

function orderDueOrgsForFairness

  • file: supabase/functions/proliant-scheduled-sync/dispatch-bounds.ts:46
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Order due orgs FAIRLY so the dispatcher never starves the tail of the list.Least-recently-attempted first (never-run orgs sort first via -Infinity), witha stable integrationId tiebreak so ordering is deterministic across ticks.Without this, the serial dispatcher always drains from the head of the query order; if the head reliably exhausts the deadline, the sametail orgs are deferred on every tick and never sync.
  • score: 4

function parse271

  • file: supabase/functions/_shared/x12/parse-271.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse an X12 271 eligibility response.
  • score: 4

function parse271Benefits

  • file: supabase/functions/_shared/pm/benefit-parser.ts:98
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Group raw EB segments by (service_type_code, network_tier) and produce onenormalized benefit detail per group.
  • score: 4

function parse277CA

  • file: supabase/functions/_shared/x12/parse-277ca.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse an X12 277CA claim acknowledgment.
  • score: 4

function parse835

  • file: supabase/functions/_shared/x12/parse-835.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse an X12 835 ERA string into structured remittance data.
  • score: 4

function parse999

  • file: supabase/functions/_shared/x12/parse-999.ts:67
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse an X12 999 functional acknowledgment.
  • score: 4

function parseClassificationResponse

  • file: supabase/functions/_shared/gr-impact-classifier.ts:141
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse the AI response JSON. Returns a safe default on parse failure.
  • score: 4

function parseCodingResponse

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:320
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Parse the raw model response string to a validated CodingSuggestionOutput.Returns null if parsing fails (caller should treat as a soft error, not throw).
  • score: 5

function parseContactsPage

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:103
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Tolerant parse of a CRM v3 list response page.
  • score: 4

function parseDirectoryArchive

  • file: supabase/functions/cl-weno-directory-ingest/parse-archive.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Unzip a WENO directory archive and return its data rows as header-keyedobjects, handling the real CSV LITE layout (banner + header rows) and anExcel entry defensively. Returns empty when the archive holds neither. Usedfor the small/delta and fixture paths; the full feed streams via to stay within the edge runtime memory limit.
  • score: 4

function parseEmailAddress

  • file: supabase/functions/_shared/outlook-client.ts:389
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse email address from Graph API format
  • score: 4

function parseFHIRDiagnosticReport

  • file: supabase/functions/cl-lab-result-ingestion/fhir-mapper.ts:19
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse a FHIR DiagnosticReport JSON body into a ParsedFHIR structure.
  • score: 4

function parseGatewayResponse

  • file: supabase/functions/_shared/ai/response.ts:15
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Normalize an OpenAI-compatible response into a ChatResult.
  • score: 4

function parseHL7v2ORU

  • file: supabase/functions/cl-lab-result-ingestion/hl7v2-parser.ts:17
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse a raw HL7v2 ORU^R01 message string into a structured object.
  • score: 4

function parseHubspotTokenMetadata

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:196
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parses the access-token metadata response() — the source of and thegranted scope list shown on the connection page (AC-1).
  • score: 4

function parseHubspotTokenResponse

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:162
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parses a HubSpot token-endpoint response body (code exchange or refresh).Always surfaces the returned refresh token — rotation is version-dependent(research R6), so the caller must persist whatever comes back.
  • score: 4

function parseIpv4

  • file: supabase/functions/_shared/ssrf-guard.ts:35
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse a dotted-quad IPv4 string into octets, or null if not a valid IPv4 literal.
  • score: 4

function parseMajor

  • file: supabase/functions/_shared/versioning-core.ts:29
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract the integer major number from a well-formed version string.
  • params:
    • v — A well-formed version string (e.g. ). Caller must validate first.
  • returns: The major version number (e.g. ).
  • score: 4

function parsePharmacyRecords

  • file: supabase/functions/_shared/weno/pharmacy-mapping.ts:118
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map an array of header-keyed directory rows to s,skipping rows without a business name and collecting any unknown columns asschema drift. Returns empty for non-array input.
  • score: 4

function parsePollSearchResponse

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:117
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Tolerant parse of a CRM v3 search response page.
  • score: 4

function parseProliantGrants

  • file: supabase/functions/_shared/proliant-capabilities.ts:63
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse the raw entries into a map.Entries are (e.g. ); resourcekeys are lower-cased for case-insensitive lookup. Malformed/blank entries areskipped. Also tolerates a bare-path form ( with no method)by recording it under the method so callers still see the grant.
  • score: 4

function parseRecipients

  • file: supabase/functions/_shared/outlook-client.ts:402
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse multiple recipients into a JSON-compatible array
  • score: 4

function parseRingCentralSmsEvent

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:448
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse an inbound SMS message event from RingCentral webhook
  • score: 4

function parseRipplingBenefitsRows

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:145
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parses a Rippling Insurance Enrollment Report CSV into structured enrollment data.
  • params:
    • rows — CSV data rows (without header)
    • headers — CSV header row
  • returns: Array of parsed benefit enrollments per employee per active benefit line
  • score: 4

function parseRipplingCobraRows

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:210
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parses a Rippling COBRA Enrollment Report CSV into structured COBRA event data.SSN and DOB columns are intentionally NOT read.
  • score: 4

function parseSpecIdFromTitle

  • file: supabase/functions/github-webhook/index.ts:92
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse [CORE-##] from issue title (e.g. [HR-05], [PF-35]). Exported for unit tests.
  • score: 4

function parseStreamUsage

  • file: supabase/functions/_shared/ai/tracing-mask.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Drain a cloned SSE stream and extract metadata-only signals from the OpenAI-compatible chunks: , the final block, and .Reads ONLY token counts / model / finish — never delta content — so themetadata-only invariant holds even though the stream body is consumed. Pureapart from reading the passed stream; never throws (returns whatever itgathered if the read errors), so a background caller stays best-effort.
  • score: 4

function parseSuggestions

  • file: supabase/functions/ai-mapping-suggest/suggest.ts:271
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse and harden the model’s tool-call arguments into typed suggestions.Drops rows whose is unknown or whose is not anallowed candidate; maps the NO_MATCH sentinel to .
  • score: 4

function parseValueMapTransform

  • file: supabase/functions/_shared/import-transforms.ts:52
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decode a JSON-encoded transform into its value map + policy.Returns for plain-name transforms, non-value_map configs, or malformedJSON. Strictness defaults to for any value other than (including absent), so templates persisted before PR9 keep fail-open behaviour.
  • score: 4

function parseWebhookBatch

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:167
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Parse a raw webhook request body into an event batch.
  • score: 4

function payloadDigest

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:190
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: SHA-256 hex digest of a payload — contains no PHI, safe to log/audit. Used for auditcorrelation and step idempotency keys (FR-6). PF-27-EN-01 redaction is applied topayloads before they reach a model; this digest is over the already-handled payload.
  • score: 4

function plaidItemSourceRowId

  • file: supabase/functions/_shared/vault-credentials.ts:237
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Deterministic UUID v5 of (PLAID_ITEM_NAMESPACE, itemId). Equals Postgresextensions.uuid_generate_v5(PLAID_ITEM_NAMESPACE::uuid, itemId) byte-for-byte —this is the vault source_row_id for a Plaid item’s access token.
  • score: 4

function plaidRequest

  • file: supabase/functions/_shared/plaid-client.ts:241
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Make authenticated request to Plaid API
  • score: 4

function planDispatch

  • file: supabase/functions/_shared/fw-schedule-dispatch.ts:53
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Plan how to handle a batch of due schedules (see src planner for the full contract).
  • score: 4

function planDispatch

  • file: supabase/functions/proliant-scheduled-sync/dispatch-bounds.ts:66
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Split the due orgs into the set we will attempt this tick vs the set deferredby the per-tick cap. Ordering is fair (see ).
  • score: 4

function planMergeRepoint

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:229
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Plan the link re-point for a HubSpot merge event. is the currentexternal_id → internal_id map for every involved HubSpot id.
  • score: 4

function planPropertyChange

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:95
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Plan a single propertyChange event. REDACTED sensitive values never carrythe value on the work item — the worker must re-fetch the object from theCRM API to learn it (T5 README / R3 note).
  • score: 4

function pollResultToWorkItem

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:172
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Convert one search hit into the queue’s normalized work item. is the poll feeder’s event type: the worker treats it asrefetch-then-apply when linked and identity-resolve when not — exactlythe recovery a missed webhook needs. Returns null when the modificationtimestamp is unusable (no stable idempotency key → skip, next pollre-reads it).
  • score: 4

function postAgentMessage

  • file: supabase/functions/_shared/cowork/agent-message.ts:82
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Persist an attributed agent message. MUST be request-scoped to the agent’s boundedprincipal — never the service-role client (FR-14/AC-4). The DB attribution trigger is thereal gate; a write for an agent without an active thread binding is rejected there.
  • score: 4

function processReminders

  • file: supabase/functions/_shared/reminder-engine.ts:218
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Process reminders based on the provided configuration.This is the core engine that:1. Queries the configured table for items with upcoming due dates2. For each item, determines the appropriate notification threshold3. Resolves the recipient and display name4. Creates a notification (with dedup checking)5. Returns a summary of results
  • params:
    • supabase — Service role Supabase client
    • config — Reminder configuration
    • logger — Structured logger
    • correlationId — Correlation ID for tracing
  • returns: Summary of reminders processed
  • score: 4

function publishDomainEvent

  • file: supabase/functions/_shared/google-workspace-client.ts:774
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Publish a PF-101 domain event via pg_notify(‘domain_events’, …).Payloads MUST NOT contain PHI; emails/IDs only as documented in the integration doc.
  • score: 4

function pushCodeDefinitions

  • file: supabase/functions/proliant-code-push/push-code-definitions.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Write a set of Encore code definitions back to Proliant (HR-44-EN-01 AC-7).POSTs each definition to its resource controller, treating a vendor”already exists” rejection as an idempotent skip rather than a failure, andreturns a tally. Never throws for a per-definitionproblem — those are collected in .
  • params:
    • client — the resolved Proliant transport.
    • companyId — the Proliant company id the codes belong to.
    • defs — the code definitions to write back.
    • opts — carries the request for vendor-call tracing.
  • returns: the pushed/skipped/errored tally.
  • score: 4

function pushEmployeeSubResources

  • file: supabase/functions/proliant-sync/push-subresources.ts:125
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Push an employee’s writeback sub-resources (pay rate, tax, direct deposit,deductions, earnings, emergency contacts, dependents) to Proliant. Eachsub-resource is applied idempotently via the push log and is non-fatal: avendor failure or unmet capability gate is logged and skipped, never thrown,so one bad resource cannot block the rest of the employee sync.
  • score: 4

function rateLimitsEnabled

  • file: supabase/functions/_shared/fw-rate-limit.ts:98
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Feature flag — emergency bypass per spec Rollback Strategy.
  • score: 4

function readProliantFixtures

  • file: supabase/functions/_shared/proliant-transport.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract test fixtures from a request, default-deny.Fixtures are honored ONLY when the non-prod env flag is enabled AND therequest carries the test-only header. In production is never enabled, so this always returns null and the real transport is used.
  • returns: the parsed fixture map, or null when fixtures are not accepted
  • score: 4

function readPullCheckpoint

  • file: supabase/functions/proliant-sync/pull-checkpoint.ts:67
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Read a resumable employee-pull checkpoint from an arbitrary stored checkpointvalue, or null if it is absent / a different shape / a stale version. A nullresult means “start from the beginning” — the safe default.
  • score: 4

function reconcile

  • file: supabase/functions/proliant-payroll-run/reconciliation.ts:18
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Reconcile the vendor preprocess preview () against the Encore baseline within .HR-44-EN-01 AC-2: controls whether gross/deductions are gated.Headcount is ALWAYS gated (Encore authoritatively knows the pushedpopulation). When no trustworthy amount baseline exists yet (first run for acalendar — see ) the caller passes so a tolerance-0 first run does not spuriously failagainst a zero expected. Amounts are still recorded for audit/calibration; thegate activates once a completed period’s actuals are synced back.
  • score: 4

function recordAgentPhiAccess

  • file: supabase/functions/_shared/ai/agent-usage.ts:111
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Write exactly one PHI-access audit row via , fail-closed(FR-11): on any error this throws and the caller MUST refuse thePHI operation — the audit is a precondition of the touch, not a fire-and-forget side effect(the deliberate exception to the cost-ledger’s best-effort logging). A write with no is rejected by the RPC (FR-12).
  • params:
    • rpc — A supabase client (the agent’s scoped principal / the gateway service path).
    • input — The PHI touch to record (no PHI values).
  • score: 4

function recordBudgetExhausted

  • file: supabase/functions/proliant-sync/pull-checkpoint.ts:114
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True once this invocation has hit its per-run record budget and should persistthe checkpoint and yield (the next tick resumes). Checked AFTER finishing apage so we never split a page across invocations.
  • score: 4

function recordDeprecatedVersionBreadcrumb

  • file: supabase/functions/_shared/versioning-sentry.ts:22
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Record a Sentry breadcrumb for deprecated version usage.This is intentionally a no-op stub in the Edge Function runtime — Sentryis client-side only. The function signature is provided so pilot functionscan call it uniformly. When server-side Sentry is enabled in Edge Functions,the implementation will be swapped to the real Sentry SDK call.
  • params:
    • functionName — The Edge Function name (e.g. ‘portal-form-submit’)
    • apiVersion — The version string used (e.g. ‘v1’)
    • orgId — The organization UUID (identifier only, no PHI)
  • score: 4

function recordExecutionAdmission

  • file: supabase/functions/_shared/fw-rate-limit.ts:347
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: On admit, atomically bump the per-minute and per-hour window counters via theSECURITY DEFINER RPC. Best-effort: a counter write failure must NOT fail theexecution (the limit decision already passed); it only degrades dashboardfidelity. Concurrency is read authoritatively from execution rows, so noconcurrent_count maintenance is required here.
  • score: 4

function recordMetrics

  • file: supabase/functions/_shared/metrics.ts:22
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Utility for record metrics.
  • score: 1

function recordPhiAccess

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:173
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: **SHIM — PF-111-EN-01 owns (FR-14); it is absent here.**Fail-closed contract: returns , and callers MUST refuse aPHI-touching write-capable step when it does. Never reached in Phase 1 (tools off).
  • score: 4

function recordPushApplied

  • file: supabase/functions/proliant-sync/push-idempotency.ts:91
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Record a successful push as (idempotent upsert on the unique(organization_id, idempotency_key)). A no-op-safe write under retry.
  • score: 4

function recordRateLimitHit

  • file: supabase/functions/_shared/rate-limiter.ts:73
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Record one request for the key (call after checkRateLimit if allowed).
  • score: 4

function recordSmsOptOutSuppression

  • file: supabase/functions/_shared/ce-suppression.ts:104
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Record an SMS opt-out: upsert ce_suppressions (sms channel) and appendan immutable ce_consent_evidence row. Safe to call when contactId isunknown — it will only write the consent_evidence if a contact exists.
  • score: 4

function redactionContract

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:181
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: SHIM — PF-27-EN-01 owns unified mandatory redaction (FR-9). Reports inactive inPhase 1 (a spine gap); see .
  • score: 4

function redactLaunchUrl

  • file: supabase/functions/_shared/weno/request-builder.ts:192
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Strip the encrypted param from a URL for safe logging.
  • score: 4

function redactNoteText

  • file: supabase/functions/pm-ai-coding-suggest/index.ts:127
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Redact HIPAA Safe Harbor identifiers from clinical note text.Fail-closed: throws if input is empty or not a string.Caller MUST skip the LLM call if this throws.
  • see:
    • HIPAA §164.514(b)(2) Safe Harbor de-identification
  • score: 5

function redactObject

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:212
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Key-based object scrub (folds + widens CE-69’s ): recursively replaces thevalue of any key that matches (by stem, so variants like / / are caught) with . Non-PHI keys are traversed butunchanged. Used for structured snapshots (audit logs) where regex scrubbing of free text does not apply.
  • score: 4

function redactPhi

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:143
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Redact PHI from free text using the canonical Safe-Harbor catalog + caller literals.Fail-closed: throws on non-string / empty input. Returns PHI-safetext and per-category match counts (never the matched values).
  • params:
    • input — The free text to scrub.
    • ctx — Caller-known literal identifiers to remove in addition to the patterns.
  • score: 4

function redactPHI

  • file: supabase/functions/_shared/redact-phi.ts:33
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Redacts potential PHI/PII patterns from the given text.
  • params:
    • text — The input string to redact.
  • returns: The redacted string with identifiers replaced by placeholder tokens.
  • score: 4

function refreshAccessToken

  • file: supabase/functions/_shared/google-client.ts:195
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Exchange a refresh token for a new access token. Refresh tokens for offlineaccess are long-lived; Google may return a new refresh token, but typically does not.
  • score: 4

function relativeLuminance

  • file: supabase/functions/_shared/compliance-contrast.ts:18
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Relative luminance per WCAG 2.1 §1.4.3.
  • score: 4

function removeChannelTab

  • file: supabase/functions/_shared/entra-client.ts:1585
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Remove a tab from a Teams channel.Requires TeamsTab.ReadWrite.All.
  • score: 4

function removeItem

  • file: supabase/functions/_shared/plaid-client.ts:711
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Remove an item (disconnect bank account)
  • score: 4

function removeSharePointGroupMember

  • file: supabase/functions/_shared/entra-client.ts:932
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Remove a user from a SharePoint group.
  • score: 4

function removeTeamMember

  • file: supabase/functions/_shared/entra-client.ts:760
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Remove a user from a team.
  • score: 1

function renderBaseLayout

  • file: supabase/functions/_shared/email-templates/base-layout.ts:279
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render the base email layout with header, content, and footer
  • score: 4

function renderCitationsForPrompt

  • file: supabase/functions/_shared/gr-state-rag.ts:234
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render the retrieved citations into a system-prompt fragment the AI can ground in.Includes the spec’s verbatim fallback disclaimer when the state KB is missing.
  • score: 4

function renderLetterheadFooter

  • file: supabase/functions/_shared/letterhead-renderer.ts:264
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render the configured footer (confidentiality notice and page numbering) onto a PDF page. Draws an optional confidentiality text at the left margin and optional page numbering at the right margin using the provided fonts and layout options. Rendering respects footer visibility flags in the provided configuration.
  • params:
    • page — PDFPage to draw the footer onto. Must belong to the same PDFDocument instance used for embedding fonts and images. Example:
    • letterhead — LetterheadData containing with optional , , and flags. Example:
    • fonts — FontPair with (used for footer text) and font references. Fonts must be embedded into the PDFDocument prior to calling this function.
    • options — FooterRenderOptions including , , , and . and must be positive integers.
  • returns: void
  • example: | // Render footer for page 2 of 5 with a 36pt marginrenderLetterheadFooter(page, letterhead, fonts, pageWidth: 612, margin: 36, pageNumber: 2, totalPages: 5,); Note: This function only draws provided text into a PDF and does not perform any network or storage operations. Ensure confidentiality text passed in is appropriate for the document and that callers have permission to include any PHI/PII.
  • score: 4

function renderLetterheadHeader

  • file: supabase/functions/_shared/letterhead-renderer.ts:87
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render a configurable letterhead header onto a PDF page, returning the vertical cursor position after rendering.Renders an optional top color bar, logo (fetched and embedded with a 10s timeout), organization name, address lines, contact line, and a separator line according to the provided LetterheadData header_config.
  • params:
    • page — PDFPage to draw on. Must be a valid pdf-lib Page instance already attached to a PDFDocument.
    • letterhead — LetterheadData configuration controlling content and visibility (logo_url, logo_position, logo_max_height, org_name_display, address fields, phone/email/website, header_config flags, bar_color). Fields may be omitted; absent or falsy values are skipped.
    • fonts — FontPair containing and PDFFont instances used for text rendering.
    • options — RenderOptions with , , and . and are used to position elements.
    • pdfDoc — PDFDocument instance used to embed fetched images. Required when a logo URL is provided.
  • returns: Promisenumber The Y coordinate (distance from the bottom of the page) remaining after the header has been rendered. This function may render PII/PHI contained in the letterhead (phone, email, address). Callers must ensure the input LetterheadData is handled according to your data protection policies and only provided to authorized code paths.
  • example: | // Example usage:// const yAfterHeader = await renderLetterheadHeader(page, letterheadConfig, regular: regFont, bold: boldFont , pageWidth: 612, pageHeight: 792, margin: 36 , pdfDoc);
  • score: 4

function renderReportDeliveryEmail

  • file: supabase/functions/_shared/email-templates/report-delivery.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render a branded HTML email for report delivery
  • score: 4

function renderReportFailedEmail

  • file: supabase/functions/_shared/email-templates/report-failed.ts:43
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Render a branded HTML email for report failure notification
  • score: 4

function replyToChannelMessage

  • file: supabase/functions/_shared/entra-client.ts:1265
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Reply to a message in a Teams channel.
  • score: 4

function requireEnv

  • file: supabase/functions/_shared/env.ts:27
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get a required environment variable or throw a descriptive error.
  • params:
    • name — Environment variable name (e.g., ‘SUPABASE_URL’)
  • returns: The environment variable value
  • example: | const url = requireEnv(‘SUPABASE_URL’);
  • score: 4

function requireEnvs

  • file: supabase/functions/_shared/env.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Get multiple required environment variables or throw a descriptive error.
  • params:
    • names — Environment variable names to retrieve
  • returns: Record mapping variable names to their values
  • example: | const SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY = requireEnvs( ‘SUPABASE_URL’, ‘SUPABASE_SERVICE_ROLE_KEY’);
  • score: 4

function resolveAndPersistCapture

  • file: supabase/functions/_shared/ce-card-capture.ts:117
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a card capture against existing contacts and persist all derivedrows. Returns the outcome plus the ids of anything created/linked/parked.Flow (CE-79 AC-5/6/7): - tier ‘auto’ - link existing contact (matches[0].internal_id) + lead - tier ‘review’ - parked (candidate_ids[0]); no contact, no lead - tier ‘none’ - new contact + leadA row is ALWAYS written. A lead always triggers abest-effort owner notification (failure never fails the capture).
  • score: 4

function resolveApAccount

  • file: supabase/functions/fa-gr-compliance-cost-consumer/index.ts:177
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve AP account from module settings (no fallback today).
  • score: 4

function resolveBaseUrl

  • file: supabase/functions/_shared/proliant-client.ts:61
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the API base URL for the given environment. Production is fixed;sandbox uses the configured (trailing slashes trimmed) andthrows a CONFIG when it is missing.
  • score: 4

function resolveConflict

  • file: supabase/functions/_shared/fw-schedule-conflicts.ts:97
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a detected conflict according to the schedule’s strategy (mirror of T3).
  • score: 4

function resolveConnectionUrlFromDb

  • file: supabase/functions/_shared/migration-crypto.ts:39
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolves a connection URL from a stored connection record.Fetches the connection from DB using service client and decrypts the password in the edge function.
  • score: 4

function resolveCredentials

  • file: supabase/functions/_shared/transport/resolve-clearinghouse-credentials.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve credentials for a clearinghouse provider from environment.
  • params:
    • provider — e.g., ‘waystar’, ‘stedi’
    • connectionType — ‘api’ or ‘sftp’ (sftp deferred)
  • score: 4

function resolveEntraSecret

  • file: supabase/functions/_shared/entra-credentials.ts:62
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve only the client secret: vault first, then ENTRA_CLIENT_SECRET env fallback.Returns the secret string or null.
  • score: 4

function resolveExpenseAccount

  • file: supabase/functions/fa-gr-compliance-cost-consumer/index.ts:154
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve expense account: mapping → module-settings default → null.
  • score: 4

function resolveIntakePrincipal

  • file: supabase/functions/intake-agent-run/run-intake.ts:81
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve-or-create the per-org intake service account + a per-run delegation (granted ⊆ human).
  • score: 4

function resolveLinkedInClientCreds

  • file: supabase/functions/_shared/job-board-providers/linkedin.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the OAuth client id/secret for an integration.Per-integration vault entries take precedence; falls back to workspace / env vars.
  • score: 4

function resolveModels

  • file: supabase/functions/_shared/ai/models.ts:68
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the ordered model list for a module + lane.
  • params:
    • module — module code (case-insensitive); falls back to ‘pf’ when unknown/absent
    • lane — ‘standard’ (default) or ‘phi’
  • returns: ordered list (primary first)
  • score: 4

function resolveOAuthClient

  • file: supabase/functions/_shared/google-client.ts:84
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the OAuth client credentials for a given organization.Order of precedence: 1. Org-level row with AND set → pull client_secret from PF-76 vault (source row = the connection). 2. Platform-wide env vars (GOOGLE_CALENDAR_CLIENT_ID / _SECRET) — legacy.Throws GoogleClientError(‘config_missing’) if neither source resolves.
  • score: 4

function resolvePendingIdentity

  • file: supabase/functions/hr-proliant-create-profile-from-pending/identity.ts:37
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the identity to create from the unmatched row’s proliant_raw payload.Returns null when there is no VALID work_email — without a strict, wildcard-freeemail we cannot safely find-or-create a global profile (pf_profiles is keyed byemail; an invalid value must never reach a lookup or createUser), so the row isnot remediable and the caller must surface a clear error.
  • score: 4

function resolveProliantTransport

  • file: supabase/functions/_shared/proliant-transport.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the transport for a request: the fixture transport when fixtures wereaccepted by , otherwise the real vault-backedclient. Mirrors the signature with anadded argument.
  • score: 4

function resolvePullMerge

  • file: supabase/functions/proliant-sync/sor-direction.ts:51
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide how a pulled value for should merge. Write-back (Encore-SoR)resources default to encore_wins: a pull does NOT overwrite them unless theadmin explicitly chose .
  • score: 4

function resolveRecipientEmail

  • file: supabase/functions/_shared/calendar-provider.ts:141
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the target mailbox per CE-73 precedence: per_task_override (explicit) - assigned coordinator - org default.Returns null when nothing resolves (caller treats as a no-op/skip).
  • score: 4

function resolveRegistryToolDefs

  • file: supabase/functions/_shared/registry-tool-resolution.ts:89
  • kind: function
  • core: edge-functions
  • spec: PF-127
  • summary: Resolve the registry-driven tool set for an org. Throws (does not silently return ) on anRPC error so the caller can fall back to the legacy static resolution.
  • score: 5

function resolveSkillModels

  • file: supabase/functions/_shared/ai/models.ts:88
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the ordered model list for a skill execution: preferred model first,then the module’s standard-lane fallbacks (deduplicated). Uses the skill’splatform module code (e.g. , ), not the skill category label.
  • score: 4

function resolveStateCollectionName

  • file: supabase/functions/_shared/gr-state-rag.ts:80
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve the canonical collection name for the given jurisdiction profile.Mirrors the seeding convention in spec task T2.3 ().
  • score: 4

function resolveSttVendor

  • file: supabase/functions/_shared/transcription/vendor-router.ts:106
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve an STT vendor + BAA + credential for the given org/jurisdiction/channel.Throws VendorBaaInactiveError or VendorCredentialMissingError if anythingis missing. NEVER returns a vendor without a verified BAA + credential.
  • score: 4

function resolveTemplate

  • file: supabase/functions/_shared/expressionEvaluator.ts:585
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resolve a template string, replacing all variables with values
  • score: 4

function resumeDurableRun

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:466
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Resume a paused run from its latest checkpoint (FR-5) and continue the loop at thenext uncommitted step; committed steps are not re-executed (the checkpoint cursor isthe resume point). Rehydration + the transition are performed bythe governed RPC; this consumer drives andruns the loop with the rehydrated cursor.
  • params:
    • run — The paused run row.
    • loopArgs — The agentic-loop args (tools gated identically to ).
    • rpcClient — User-scoped client for the governed RPCs.
    • deps — Injected dependencies / overrides (testing seam).
  • score: 4

function retrieveStateAwareCitations

  • file: supabase/functions/_shared/gr-state-rag.ts:196
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Retrieve jurisdiction-aware RAG citations for the user’s query.- When no jurisdiction is resolved → federal-baseline-only retrieval, .- When the state collection has zero hits (or is ) → federal-only, .- Otherwise → state + federal in parallel; state chunks get +20% boost; merged + capped.
  • score: 4

function retrieveVaultCredential

  • file: supabase/functions/_shared/vault-credentials.ts:21
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Retrieve a credential from vault by source table/column/row.Returns null if no vault credential found (caller should fall back to plaintext column during migration).
  • score: 4

function retryDecision

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:311
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Backoff from the pgmq (1 on first read). Exponential from 60s,capped at 1 hour; the attempt that reaches SYNC_MAX_ATTEMPTS dead-letters.
  • score: 4

function revokeGoogleToken

  • file: supabase/functions/_shared/google-client.ts:252
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Revoke a refresh or access token. Best-effort; does not throw on failure.
  • score: 4

function rollbackSnapshots

  • file: supabase/functions/cl-marketplace-import/handlers.ts:275
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Best-effort rollback: delete created rows for each snapshot, scoped to org.
  • score: 4

function rollingStats

  • file: supabase/functions/pm-ai-fairness-monitor/scoring.ts:52
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Compute mean and population standard deviation of a numeric series.
  • params:
    • values — Array of numeric observations (e.g. daily denial rates)
  • returns: An object with mean and stddev; stddev is 0 when values has fewer than 2 elements
  • score: 4

function rollupCostByOrg

  • file: supabase/functions/pf-check-ai-usage-anomalies/index.ts:74
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Rollup total cost per org from raw log rows.NULL cost rows coalesce to 0 (model not yet priced).
  • params:
    • logs — Array of org_id, cost rows (cost may be null)
  • returns: MaporgId, totalCostUsd
  • score: 4

function runAgenticLoop

  • file: supabase/functions/_shared/ai/agentic-loop.ts:128
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run the skill agentic tool-loop against the unified AI gateway.Repeatedly calls (up to ), executing any platformor MCP tools the model requests and feeding their results back, until the modelreturns plain text, the tool time budget is exhausted, or the iteration cap isreached. Token usage is accumulated across every iteration.
  • params:
    • models — Ordered model list (skill preference first, then category lane).
    • systemPrompt — System prompt prepended to the conversation.
    • initialMessages — The caller’s user/assistant turns.
    • temperature — Sampling temperature passed to the gateway.
    • maxTokens — Maximum completion tokens per gateway call.
    • tools — OpenAI-format tool definitions exposed to the model.
    • organizationId — Tenant id injected into MCP tool args for isolation.
    • category — Skill category used to resolve platform tool handlers.
    • supabase — Service-role client passed to platform tool execution.
    • outputSchema — When set, the final text is parsed into structured JSON.
    • mcpConnections — Active MCP connections addressable as .
    • trace — Optional Langfuse trace correlation (metadata only, no content).
    • deps — Optional injected dependencies/limit overrides (testing seam).
  • returns: The final content, accumulated usage, and any structured output.
  • score: 4

function runBackfillInvocation

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:331
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Process up to of the backfill run. Returns the run state afterthis invocation; callers re-invoke until .
  • score: 4

function runClinicalDraft

  • file: supabase/functions/cl-agent-draft-note/handler.ts:185
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run the fail-closed clinical draft generation pipeline.Fail-closed: returns and creates NOartifact on any gate failure. Returns only when every gate passes and the artifact is committed. CL-36-EN-03 AC-1 (flag OFF → disabled) CL-36-EN-03 AC-2 (gate passes → clinical artifact, narrative-only)
  • score: 4

function runCrisisDetection

  • file: supabase/functions/_shared/ce-crisis-detection.ts:154
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run keyword detection and, if matched, insert a row pluspublish a PHI-safe domain event.Best-effort: returns silently on errors after logging — callers must NOTblock inbound message handling on this.
  • score: 4

function runDueSweep

  • file: supabase/functions/pf-tasks-due-sweep/index.ts:59
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Core sweep logic — scan due tasks, write in_app + email notifications, and recordthe per-task idempotency marker. Extracted fromthe cron wrapper so it is unit-testable with an injected Supabase-like client +logger; the wrapper supplies the real service-role client.Idempotency & concurrency: a task already carrying is skippedcheaply by the due-scan, and for the rest the marker is claimed atomicallyBEFORE any notification is written (single UPDATE … WHERE due_notified_at ISNULL RETURNING id). Only the claim winner notifies, so neither a second passnor an overlapping cron tick re-notifies the same task.
  • params:
    • supabase — service-role client (RLS-bypassing; queries are org-scoped)
    • logger — structured logger
    • now — the tick timestamp (also stored as the marker value)
  • score: 4

function runInference

  • file: supabase/functions/_shared/denial-model/inference.ts:123
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run logistic-regression denial-risk inference.Weight key encoding (must match the trained model artifacts): CPT code weight Payer-specific weight ICD-10 diagnosis weight Auth-status weight Modifier weight (summed) Scalar intercept (defaults to 0.5) Coefficient for doc-completeness penalty
  • params:
    • features — Claim feature vector.
    • modelWeights — Weight map loaded from model storage.
    • highRiskThreshold — Score (0-100) at or above which is ‘high’.
  • returns: Prediction result including risk score, level, reasons, and actions.
  • score: 4

function runIntakeAgent

  • file: supabase/functions/intake-agent-run/agentic-loop.ts:34
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Run the read-only intake screening agent for one PF-125 run.
  • params:
    • input — run id, referral id, scoped principal.
    • deps — injected model gateway, tool resolver, PF-125 RPCs, flag check, budget, prompts.
  • returns: the terminal (PHI-free control-plane labels + the screening text).
  • score: 4

function runSyncWorkerTick

  • file: supabase/functions/_shared/ce-hubspot-sync-worker-core.ts:149
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: One full worker tick: drain the inbound queue, then run the poll leg.
  • score: 4

function runTaskPush

  • file: supabase/functions/calendar-task-push/index.ts:107
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Core push pipeline — config gate, task load, recipient resolution, Graph push,traceability write. Pure of auth/CORS/HTTP so it is unit-testable with aninjected Supabase client + Graph pusher. NEVER mutates the originating task andNEVER throws (fail-open): every failure resolves to a status:‘failed’ value.
  • params:
    • supabase — service-role client (org access already verified by caller)
    • body — the validated request body
    • correlationId — log correlation id
    • pushGraph — injectable Graph seam (defaults to the production pusher)
  • score: 4

function salvageRecommendations

  • file: supabase/functions/suggest-workspaces/salvage.ts:79
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate/normalize each recommendation in the raw structured outputindependently, keeping the survivors.
  • params:
    • rawOutput — JSON-parsed tool-call arguments (untrusted model output).
    • opts — Icon allow-list and item cap.
  • returns: Surviving recommendations (normalized) plus the dropped count.
  • score: 4

function sanitizeDetails

  • file: supabase/functions/_shared/fw-compliance-audit.ts:60
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Strip any key not in the allowlist from a details object.This prevents accidental PHI leakage (names, MRNs, SSNs, etc.)into the immutable compliance audit table.
  • params:
    • raw — Arbitrary record from caller.
  • returns: Sanitized record containing only allowed keys.
  • score: 4

function sanitizeErrorMessage

  • file: supabase/functions/_shared/ai/errors.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Produce a client-safe message: returns the original only when it matches anallowlisted phrase; otherwise a generic message. Prevents PHI/PII, secrets,stack traces, or raw provider text from reaching the client.
  • score: 4

function sanitizeHeaders

  • file: supabase/functions/_shared/transforms/rippling-benefits-to-hr.ts:103
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Strips PHI/PII columns from headers and corresponding row data.Finding #20: Accept both headers+rows, project columns together, expand PHI blocklist.
  • params:
    • headers — CSV header row
    • rows — Optional data rows to filter in sync with headers
  • returns: Sanitized headers and optionally sanitized rows
  • score: 4

function sanitizeMcpError

  • file: supabase/functions/_shared/ai/agentic-loop.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Sanitize MCP error messages: strip newlines, redact credentials, truncate.
  • score: 4

function sanitizePlaidError

  • file: supabase/functions/_shared/plaid-client.ts:809
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Sanitize Plaid error for client responseNever expose internal error details
  • score: 4

function scoreAuditAnomaly

  • file: supabase/functions/security-detect-audit-anomalies/scoring.ts:313
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Score a collection of per-(org,user) audit windows for anomaly patterns.
  • params:
    • windows — Aggregated audit windows (one per org+user pair)
    • priorHits — Set of strings from the dedup check (existing suspicious_activity in dedup window). Hits matching a prior key are suppressed.
    • settings — Detection thresholds (falls back to DEFAULT_ANOMALY_SETTINGS)
  • returns: All new (non-deduped) anomaly hits
  • score: 4

function scoreRequirementMatch

  • file: supabase/functions/_shared/gr-impact-classifier.ts:83
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Keyword overlap score between diff tokens and a requirement’s title + description.Returns a score in [0, 1] — higher = stronger match.FLAG: v1 keyword-only; replace with Phase-3 vector search after PF-60 ships.Re-validation required after vector upgrade (per spec clarification).
  • score: 4

function searchDriveItems

  • file: supabase/functions/_shared/entra-client.ts:1456
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Search for files across SharePoint sites.Requires Sites.Read.All.
  • score: 4

function seedDefaultContactMappings

  • file: supabase/functions/_shared/ce-hubspot-mappings.ts:94
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Seed the default contact mappings for an org. Idempotent: rows whose(organization_id, object_type, hubspot_property, direction) key alreadyexists are left untouched, so re-connecting preserves org edits(deactivated rows stay deactivated, re-targeted fields stay re-targeted).Returns false on a database error (callers treat seeding as best-effort —a connection without defaults is usable, just empty until edited).
  • score: 4

function selectCurrentRate

  • file: supabase/functions/proliant-sync/rate-mapper.ts:15
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Selects the current rate from a list of EmployeeRateViewModels.
  • params:
    • rates — Unwrapped list from
  • returns: The current rate, or null when the list is empty.
  • score: 4

function selectEmployeesToPush

  • file: supabase/functions/proliant-sync/push-scope.ts:29
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Restrict an eligible-employee window to the requested scope. With a non-emptyscope the result is the subset whose is in the set (never the wholewindow); with no scope (undefined/empty) the full window is returned. This isthe in-memory belt-and-suspenders to the query-level filter.
  • score: 4

function selectExpectedBaseline

  • file: supabase/functions/proliant-payroll-run/expected-baseline.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Build the reconciliation expected baseline from prior synced run rows + thepushed headcount, plus any batch-pushed earnings for the target calendar(HR-44-EN-03 AC-10 — added to the expected gross; see module header). Amountsare scoped to the single most-recent (never summed acrossperiods). Pure — unit-tested in isolation.
  • score: 4

function selectInboundMappings

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:47
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Mappings that may produce inbound writes: AND active.The DB CHECK already prevents active out/both rows in CE-75; filtering hereagain keeps the worker safe even against a pre-CHECK row (defense in depth).
  • score: 4

function selectOpenCalendar

  • file: supabase/functions/proliant-sync/calendar-selector.ts:10
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Pick the calendar to import hours against. The live sandbox reports animportable upcoming calendar as (verified 2026-06-10 againstSBX0028 — only appears once processing has begun), so both statusesare accepted; an calendar wins over a one, then thehighest sequence.
  • score: 4

function selectPortalTransport

  • file: supabase/functions/_shared/portal-transport.ts:184
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Choose the transport. fixture worker(URL) unavailable. The orchestration(portal-runner) and the DB shape do not change across transports.
  • score: 4

function selectRecorderTransport

  • file: supabase/functions/_shared/recorder-transport.ts:100
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Choose the recorder transport. fixture worker(URL) unavailable.
  • score: 4

function selectTransport

  • file: supabase/functions/_shared/weno/transport.ts:124
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Choose the transport for a request. Returns the fixture transport only whenthe runtime is non-prod AND the caller sent the header;production always gets , so the fixture path isunreachable in prod regardless of client input.
  • score: 4

function sendChannelMessage

  • file: supabase/functions/_shared/entra-client.ts:1240
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Send a message to a Teams channel.Requires ChannelMessage.Send (delegated) or Teamwork.Migrate.All (app).Note: For application-only (client credentials), Microsoft only supportsTeamwork.Migrate.All which is migration-only. For production channelnotifications, use Incoming Webhooks or Bot Framework instead.This function is designed for delegated flows or webhook-based posting.
  • score: 4

function sendEmail

  • file: supabase/functions/_shared/email-provider.ts:644
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Send an email using the organization’s configured provider.Flow:1. If provider is ‘entra’ and Entra is configured → use Entra; on failure optionally try Gmail if configured.2. If provider is ‘gmail’ and Gmail is configured → use Gmail.3. Otherwise return an email-provider configuration error.
  • params:
    • config — Email provider configuration
    • request — Email send request
    • correlationId — Request correlation ID for logging
  • returns: Email send result
  • score: 4

function sendEmailWithAutoConfig

  • file: supabase/functions/_shared/email-provider.ts:687
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Convenience function to send email with auto-fetched config.Creates its own Supabase client with service role.
  • params:
    • organizationId — Organization ID
    • request — Email send request
    • correlationId — Correlation ID for logging
    • moduleCode — Optional module code for per-module sender override
  • score: 4

function sendInvitationEmail

  • file: supabase/functions/_shared/invitation-mailer.ts:95
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Sends (or re-sends) the invitation email for a pending invitation.Throws on hard failures; the caller maps to an HTTP error response.
  • score: 4

function sendRingCentralSms

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:430
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Convenience function to send SMS using existing RingCentral client
  • score: 4

function sendSms

  • file: supabase/functions/_shared/sms-provider.ts:257
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Send an SMS message via RingCentral.Handles PHI detection and opt-out footer appending.
  • params:
    • config — Provider configuration from getSmsProviderConfig
    • toNumber — Recipient phone number (E.164 format)
    • body — Message text
    • correlationId — Optional correlation ID for logging
  • returns: Send result with message ID and status
  • score: 4

function sendTeamsActivityNotification

  • file: supabase/functions/_shared/entra-client.ts:1498
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Send a notification to a user’s Teams activity feed.Requires TeamsActivity.Send application permission.Note: This requires an Azure Bot to be registered with the app.Without a bot, consider using Incoming Webhooks for channel notifications.
  • score: 4

function serializeWenoJson

  • file: supabase/functions/_shared/weno/request-builder.ts:187
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Serialize a WENO wire object preserving insertion (= vendor) order. WENO’sfield order is significant; never substitute a key-sorting serializer.
  • score: 4

function serveRequest

  • file: supabase/functions/plaid-sync-worker/index.ts:292
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: HTTP entrypoint. SECURITY: this is a cron-only worker registered with (config.toml), so the gateway does NOT authenticate the caller — the function MUST gateitself. We require a service-role credential IN-FUNCTION (mirrors , the documented primitive for cron/server-to-server handlers): thedrain cron () calls it with .Any user / anon / secret-less caller is rejected 401 BEFORE we build the service client ortouch the Plaid money path — fail CLOSED. is injectable for tests only.
  • score: 4

function sha256Base64Url

  • file: supabase/functions/_shared/google-workspace-oauth.ts:57
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Returns a stable SHA-256 hash string used for nonce persistence checks.
  • score: 4

function shouldCreateEmployee

  • file: supabase/functions/proliant-sync/employee-create-policy.ts:13
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide whether an unmatched Proliant employee should be auto-created.Pure decision helper extracted from the proliant-sync employee loop so thecreate/skip gate can be unit-tested independently of the Deno edge runtime.An employee is auto-created only when it has NO existing Encore match and theintegration’s flag is enabled.
  • params:
    • autoCreate — whether the integration’s flag is on
    • matched — whether the Proliant employee already matches an Encore record
  • returns: true only when there is no match and auto-create is enabled
  • score: 4

function shouldPollConnection

  • file: supabase/functions/_shared/ce-hubspot-poll.ts:58
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Feeder gating: only connected, inbound-enabled connections poll —needs_reauth stays paused until an admin reconnects (AC-11) anddisconnected connections never sync.
  • score: 4

function splitCsvLine

  • file: supabase/functions/_shared/weno/csv.ts:12
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Quote-aware CSV line splitter ("" escapes, quoted commas). Trims each cell.
  • score: 4

function startIntakeRun

  • file: supabase/functions/intake-agent-run/run-intake.ts:288
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: action=start: open run+thread, run the read vertical, write the draft artifact.
  • score: 4

function storeAccessTokenForItem

  • file: supabase/functions/_shared/vault-credentials.ts:290
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Store a Plaid access token in the vault, keyed per Plaid item. Returns thepf_credential_vault.id; throws if the broker fails (callers persist this id onfa_bank_accounts.plaid_access_token_vault_id).
  • score: 4

function storeVaultCredential

  • file: supabase/functions/_shared/vault-credentials.ts:60
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Store a credential in vault. Returns the pf_credential_vault.id on success, null on failure.If a credential already exists for this source, it will be updated (upsert behavior in the RPC).
  • score: 4

function stripHtml

  • file: supabase/functions/_shared/outlook-client.ts:424
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Extract plain text from HTML content (basic strip)
  • score: 4

function submitX12File

  • file: supabase/functions/_shared/transport/rest-transport.ts:110
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Submit an X12 file to the clearinghouse via REST API.
  • score: 4

function subtractBusinessDays

  • file: supabase/functions/_shared/business-calendar.ts:167
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Subtracts N business days from a date.
  • score: 4

function summarizeLineItems

  • file: supabase/functions/proliant-manual-check/build-check-request.ts:245
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Aggregate, PHI-free amount metadata for the PF-04 audit row (AC-6 requiresactor + employee + amount metadata on every issued check — counts andaggregates only, never per-line detail or identifiers beyond ids).
  • score: 4

function sumPushedCalendarEarnings

  • file: supabase/functions/proliant-payroll-run/expected-baseline.ts:114
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Total the batch-pushed earnings recorded in rows for ONE calendar (HR-44-EN-03 AC-10 / FR-5). Only / checkpoints count, matched on ; holds what the run actually pushed (created lines only — an idempotentre-run records 0, so retries never double-feed the baseline). Tolerant ofmalformed checkpoints (ignored). Pure — unit-tested in isolation.
  • score: 4

function syncLogEventType

  • file: supabase/functions/_shared/ce-hubspot-sync.ts:322
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Work-item event type → CHECK value.
  • score: 4

function syncTransactions

  • file: supabase/functions/_shared/plaid-client.ts:470
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Sync transactions using the Sync API (single page).For full history use syncTransactionsFull which loops until has_more is false.
  • score: 4

function syncTransactionsFull

  • file: supabase/functions/_shared/plaid-client.ts:492
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Sync all transaction pages for an Item (Plaid-recommended pattern).Calls /transactions/sync in a loop until has_more is false; onTRANSACTIONS_SYNC_MUTATION_DURING_PAGINATION restarts from the cursor usedbefore the failing request.
  • see:
  • score: 4

function syncTransactionsStreaming

  • file: supabase/functions/_shared/plaid-client.ts:571
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Stream Plaid page-by-page so callers can persist eachpage (and the page’s ) before fetching the next page. Thiskeeps memory and worker CPU bounded for large initial syncs that previouslycrashed ‘s in-memory accumulation on Supabase EdgeFunctions.- is awaited before the next call so the caller can flush the page to storage and update the persisted cursor.- Returns the final cursor (after the last page) once .- On , restarts from the cursor that was current at the start of the failing iteration (matches ).
  • see:
  • score: 4

function timeImportPushLogKey

  • file: supabase/functions/proliant-payroll-run/time-import.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Idempotency key for the per-calendar+period TimeImport push (hr_proliant_push_log).
  • score: 4

function toEarningImport

  • file: supabase/functions/proliant-sync/earnings-batch-builder.ts:166
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Wrap built lines into the both vendor POSTs take.
  • score: 4

function toEmployeeColumns

  • file: supabase/functions/proliant-sync/field-mapper.ts:336
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Project a mapped employee payload down to writable columns.
  • score: 4

function tokenizeText

  • file: supabase/functions/_shared/gr-impact-classifier.ts:58
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Tokenize text into lower-case alpha tokens =3 chars, drop trivial stopwords.Mirrors the GR-06-EN-01 gr-state-rag.ts approach for consistency.
  • score: 4

function toolRegistryEnabled

  • file: supabase/functions/_shared/registry-tool-resolution.ts:50
  • kind: function
  • core: edge-functions
  • spec: PF-127
  • summary: Fail-safe read of the PF-127 registry flag via . Any error → (registry path stays off → legacy static resolution). The sentinel is neverpassed as a uuid (edge-function caller pitfall).
  • score: 5

function toolsGateDecision

  • file: supabase/functions/_shared/ai/agent-spine.ts:85
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Decide whether tools may fire (FR-8 / FR-9 / AC-2). Tools are allowed only when thespine is satisfied AND the PF-45 flag is on. A write-capable run whose tools are notallowed must be refused at admission (no off-spine write path, AC-5).This is the single decision both the edge boundary () and thedurable wrapper consult, so “tools withheld off the spine” is enforced identicallyon every path (FR-10).
  • score: 4

function toUsageDetails

  • file: supabase/functions/_shared/ai/tracing-mask.ts:36
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Map our to the Langfuse v5 shape, omitting undefinedfields. Returns when no token counts are present.
  • score: 4

function trigramSimilarity

  • file: supabase/functions/_shared/ce-hubspot-backfill-core.ts:149
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Trigram Dice similarity of two strings, whitespace-normalized. Dice(2·shared / (|a|+|b|)) is the conventional trigram name metric — aone-letter variant like Jonathan/Jonathon scores ~0.8, while Jaccardwould put it under 0.7 and defeat the threshold.
  • score: 4

function truncateBody

  • file: supabase/functions/_shared/outlook-client.ts:414
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Truncate body content to specified size in KB
  • score: 4

function updateCalendarEvent

  • file: supabase/functions/_shared/entra-client.ts:992
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Update a calendar event.
  • score: 1

function updateDebugState

  • file: supabase/functions/_shared/executionHelpers.ts:116
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Update debug state for an execution
  • score: 4

function updateExecutionStatus

  • file: supabase/functions/_shared/executionHelpers.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Update workflow execution status with optional timestamps
  • score: 4

function updatePerformanceProfile

  • file: supabase/functions/_shared/executionHelpers.ts:144
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Update performance profile for an execution
  • score: 4

function updateUser

  • file: supabase/functions/_shared/entra-client.ts:551
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Update a user’s properties.
  • params:
    • credentials — Azure AD app credentials
    • userId — Entra user ID
    • updates — Properties to update
    • correlationId — Request correlation ID
  • score: 1

function uploadFile

  • file: supabase/functions/_shared/entra-client.ts:1339
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Upload a small file ( 4MB) to a SharePoint document library.For larger files, use createUploadSession.Requires Files.ReadWrite.All or Sites.ReadWrite.All.
  • score: 4

function validateAuth

  • file: supabase/functions/_shared/auth.ts:93
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate JWT token from Authorization header and return user info.Returns the authenticated user and an anon-key client with the user’s session.
  • params:
    • req — The incoming request
    • correlationId — Correlation ID for logging
  • returns: AuthResult with user and supabase client, or AuthError
  • score: 4

function validateCallbackUrl

  • file: supabase/functions/_shared/url-validation.ts:19
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validates a callback URL against the allowlist.Returns the validated URL or null if invalid.
  • score: 4

function validateCodingOutput

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:177
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Validate and normalize the model’s structured output.- Filters out code entries that fail shape validation.- Filters out codes that fail format regex validation (and records them in filteredCodes).- Clamps confidence scores to [0, 1].- Returns if the output is structurally unusable (but still returns a best-effort output object so partial suggestions can still be persisted).
  • params:
    • raw — Raw parsed JSON from the model.
  • returns: ValidationResult with normalized output and error details.
  • score: 5

function validateComposeRx

  • file: supabase/functions/_shared/weno/validators.ts:175
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Edge-side adapter: flat field-name list (no PHI) for the launch function’s audit metadata and the message. Maps thecanonical structured reasons onto the launch function’s established wiresuffixes so the recorded shape is unchanged: - → - → - →
  • score: 4

function validateComposeRxPayload

  • file: supabase/functions/_shared/weno/validators.ts:55
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Canonical structured validator. Mirrors the src implementation 1:1 — samerules, same field names, same de-dup. Returns .
  • score: 4

function validateCptCode

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:91
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Validate a CPT code format.
  • params:
    • code — The code string to validate.
  • returns: true if the format is valid.
  • example: | validateCptCode(“90834”) // true validateCptCode(“9083”) // false
  • score: 4

function validateEmbedClaims

  • file: supabase/functions/_shared/analytics/embed-token.ts:93
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Structurally validate decoded token claims (after djwt has checked the signature).This is a belt-and-suspenders check on top of the cryptographic verify and theauthoritative DB-row revocation/expiry check — it rejects a well-signed token whose claimsare the wrong type, lack an org, or are expired relative to .
  • score: 4

function validateHcpcsCode

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:105
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Validate a HCPCS Level II code format.
  • params:
    • code — The code string to validate.
  • returns: true if the format is valid.
  • example: | validateHcpcsCode(“H0004”) // true validateHcpcsCode(“1234”) // false
  • score: 5

function validateHubspotSignature

  • file: supabase/functions/_shared/ce-hubspot-webhook.ts:73
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate a HubSpot v3 webhook signature. accepts the candidaterequest URIs to try (the gateway-reported URL can differ in scheme/host fromthe public target URL HubSpot signed, so callers pass every plausible form);the signature is valid if it matches for ANY candidate.
  • score: 4

function validateIcd10Code

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:77
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Validate an ICD-10-CM code format.
  • params:
    • code — The code string to validate.
  • returns: true if the format is valid.
  • example: | validateIcd10Code(“F32.1”) // true validateIcd10Code(“INVALID”) // false
  • score: 5

function validateMachineJwt

  • file: supabase/functions/_shared/machine-auth.ts:51
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate a machine JWT from the Authorization header and verifythe underlying API key is still active and not revoked.
  • params:
    • req — Incoming request with Authorization: Bearer header
    • supabase — Service-role Supabase client for revocation check
    • correlationId — Tracing correlation ID
  • returns: MachineAuthResult with principal or error details
  • score: 4

function validateModifierCode

  • file: supabase/functions/pm-ai-coding-suggest/validation.ts:119
  • kind: function
  • core: edge-functions
  • spec: PM-64
  • summary: Validate a CPT/HCPCS modifier format.
  • params:
    • code — The modifier string to validate.
  • returns: true if the format is valid.
  • example: | validateModifierCode(“GT”) // true validateModifierCode(“X”) // false
  • score: 5

function validateVendorEmail

  • file: supabase/functions/hr-proliant-create-profile-from-pending/identity.ts:24
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Return the email only if it matches the strict shape (lowercased/trimmed).
  • score: 4

function validateVendorEmail

  • file: supabase/functions/proliant-sync/unmatched-enrichment.ts:75
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Return the email ONLY if it matches the strict, wildcard-free shape (lowercased,trimmed); otherwise null. Used to (a) keep junk/wildcard values out of thepersisted , and (b) refuse such values as anidentity lookup or Auth Admin createUser argument.
  • score: 4

function validateVerificationToken

  • file: supabase/functions/_shared/ringcentral-client.ts:717
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Validate RingCentral webhook verification tokenUses timing-safe comparison to prevent timing attacks.
  • score: 4

function vendorRecordAlreadyExists

  • file: supabase/functions/proliant-sync/push-subresources.ts:73
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: True when a vendor error indicates the dated record already exists (so a POSTshould upsert via PUT, or be treated as idempotently applied). Signals areexact strings the SBX0028 sandbox returned for re-pushed Rate/DeductionCode/EarningCode (verified live 2026-06-06).
  • score: 4

function verifyOrgAccess

  • file: supabase/functions/_shared/auth.ts:181
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verify that a user has access to an organization.Checks pf_user_role_assignments for a valid role assignment.
  • params:
    • supabase — Service role Supabase client
    • userId — The authenticated user’s ID
    • organizationId — The organization to check access for
    • correlationId — Correlation ID for logging
  • returns: true if user has access, false otherwise
  • score: 4

function verifyOrgRole

  • file: supabase/functions/_shared/auth.ts:247
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verify that a user has a specific role within an organization.Returns the user’s role(s) and whether they have access, optionallyfiltered to required roles (e.g., ).Unlike (boolean check), this returns role informationso callers can make role-based decisions without inline queries.
  • params:
    • supabase — Service role Supabase client
    • userId — The authenticated user’s ID
    • organizationId — The organization to check access for
    • correlationId — Correlation ID for logging
    • options — Optional: requiredRoles to filter by specific roles
  • returns: Object with hasAccess boolean and roles array
  • score: 4

function verifyPlaidWebhook

  • file: supabase/functions/_shared/plaid-webhook-verify.ts:59
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verify a Plaid webhook JWT: ECDSA P-256 signature, iat freshness (reject missing or PLAID_WEBHOOK_MAX_AGE_SEC old), and request_body_sha256 == sha256(rawBody).
  • params:
    • nowSec — injectable current epoch seconds (defaults to Date.now()/1000) for tests.
  • score: 4

function verifyPlatformAdmin

  • file: supabase/functions/_shared/auth.ts:302
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verify that a user has the platform_admin role.Returns immediately for the sentinel (internal callers alwayshave platform-level trust), otherwise delegates to the RPC.Use this helper in edge functions that previously contained inline queries for the platform_admin check — those inlinequeries (a) are prohibited by edge-functions.md and (b) 403 service-role callers.
  • params:
    • supabase — Any Supabase client (service-role or user-scoped)
    • userId — The authenticated user’s ID (may be the sentinel)
    • correlationId — Correlation ID for logging
  • returns: if the caller is a platform admin or a service-role caller
  • score: 4

function verifySignature

  • file: supabase/functions/cl-dosespot-webhook/index.ts:52
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verify an HMAC-SHA256 signature over the raw body using the Web Crypto API.Uses constant-time comparison to prevent timing attacks. The expected andreceived values are compared as lowercase hex digests; a leading prefix on the received signature (if DoseSpot sends one) is stripped.
  • params:
    • rawBody — The exact bytes of the request body (read before parsing).
    • signatureHeader — The value of the DoseSpot signature header.
    • secret — The shared webhook secret (DOSESPOT_WEBHOOK_SECRET).
  • returns: true when the computed digest matches the provided signature.
  • score: 4

function verifySignature

  • file: supabase/functions/github-webhook/index.ts:24
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Timing-safe HMAC-SHA256 signature verification.Uses crypto.subtle.timingSafeEqual to prevent timing attacks.
  • score: 4

function verifySignedHubspotState

  • file: supabase/functions/_shared/ce-hubspot-oauth.ts:98
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verifies signature, payload shape, and expiry of a signed state token.
  • score: 4

function verifySignedOAuthState

  • file: supabase/functions/_shared/google-workspace-oauth.ts:99
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Verifies OAuth state token signature, shape, and expiration.
  • score: 4

function windowStart

  • file: supabase/functions/_shared/fw-rate-limit.ts:183
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Truncate to the start of its minute / hour window (UTC), matching counter rows.
  • score: 4

function withExtraHeaders

  • file: supabase/functions/_shared/deprecation.ts:48
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Clone a Response with extra headers merged in.Handles locked/immutable responses by creating a new Response with theoriginal body stream, status, statusText, and merged headers (NFR-3).
  • params:
    • res — The original Response to clone.
    • extra — Additional headers to set on the cloned Response.
  • returns: A new Response with merged headers.
  • score: 4

function withIdempotency

  • file: supabase/functions/_shared/idempotency.ts:18
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Utility for with idempotency.
  • score: 1

function withRetry

  • file: supabase/functions/_shared/retry.ts:68
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Execute an async function with retry logic and configurable backoff.
  • params:
    • fn — The async function to execute
    • options — Retry configuration
  • returns: The result of the function
  • example: | // Retry with exponential backoffconst data, error = await withRetry( () = supabase.from(‘pf_notifications’).insert(record), maxRetries: 3, delayMs: 500, backoff: ‘exponential’, label: ‘Insert notification’ ); // Retry only on specific errorsconst result = await withRetry( () = fetch(‘https://api.example.com/data’), maxRetries: 3, isRetryable: (error) = if (error instanceof Response) return error.status = 500; return true; , );
  • score: 4

function withTimeout

  • file: supabase/functions/_shared/timeout.ts:54
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Wrap a promise with a timeout. Throws an error if the promisedoesn’t resolve within the specified milliseconds.
  • params:
    • promise — The promise to wrap
    • timeoutMs — Timeout in milliseconds
    • label — Human-readable label for error messages (e.g., ‘Database query’)
  • returns: The resolved value of the promise
  • example: | const data = await withTimeout( supabase.from(‘pf_notifications’).select(’*‘).limit(100), 5000, ‘Notification query’);
  • score: 4

function withTimeoutAndFallback

  • file: supabase/functions/_shared/timeout.ts:95
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Wrap a promise with a timeout that returns a fallback valueinstead of throwing an error.
  • params:
    • promise — The promise to wrap
    • timeoutMs — Timeout in milliseconds
    • fallback — Value to return if the timeout is exceeded
    • label — Human-readable label for logging
  • returns: The resolved value or the fallback
  • example: | const data = await withTimeoutAndFallback( fetchExternalPricing(), 3000, cachedPricing, ‘Pricing API’);
  • score: 4

function withTracing

  • file: supabase/functions/_shared/ai/tracing.ts:384
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Wrap a provider with Langfuse tracing. Inert until Langfuse keys are configured.
  • score: 4

function withTransportRetry

  • file: supabase/functions/_shared/transport/retry.ts:44
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Execute a function with exponential backoff retry.
  • score: 4

function withVersioning

  • file: supabase/functions/_shared/versioning.ts:53
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Wrap an Edge Function’s handler map with version negotiation middleware.
  • params:
    • functionName — The Edge Function name (used for logging).
    • handlers — Map of keys to async request handlers.
    • options — Optional deprecation config, CORS headers, and legacy key override.
  • returns: A single async request handler that routes by .
  • score: 4

function writeAiUsageLogJurisdiction

  • file: supabase/functions/_shared/ai-jurisdiction-audit.ts:70
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Inserts a jurisdiction-aware audit log row. Errors are logged but do notthrow — audit failure must never break the AI request path.
  • score: 4

function writeExchangeLog

  • file: supabase/functions/fhir-r4/exchange-logger.ts:29
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Write a single entry to cl_data_exchange_log.Returns the exchange log ID for correlation.
  • score: 4

function writeFailureCheckpoint

  • file: supabase/functions/_shared/checkpointHelpers.ts:181
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Writes a failure checkpoint with error classification.
  • score: 4

function writePostStepCheckpoint

  • file: supabase/functions/_shared/checkpointHelpers.ts:152
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Writes a post-step checkpoint (status=completed).
  • score: 4

function writePreStepCheckpoint

  • file: supabase/functions/_shared/checkpointHelpers.ts:111
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Writes a pre-step checkpoint (status=running).Uses upsert on (execution_id, node_id, attempt_number) for idempotency.
  • score: 4

function writeSkippedCheckpoint

  • file: supabase/functions/_shared/checkpointHelpers.ts:254
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Writes a skipped checkpoint for nodes bypassed during resume.
  • score: 4

function writeWaitingCheckpoint

  • file: supabase/functions/_shared/checkpointHelpers.ts:230
  • kind: function
  • core: edge-functions
  • spec: (none)
  • summary: Writes a waiting checkpoint (for approval/delay nodes).
  • score: 4

Classes

class AiBudgetExceededError

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:91
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: **SHIM — PF-111-EN-01 will own the canonical error + per-dimension ledger.**Raised when a run exceeds its row-level token/step ceiling (FR-12). This minimalversion exists so Phase-1 runs still fail-closed at the ceiling we have; it does notrestate PF-111’s ledger semantics.
  • score: 4

class AIGatewayError

  • file: supabase/functions/_shared/ai/errors.ts:22
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown by the provider on a non-OK gateway response. Carries the HTTPstatus + retryable flag so callers can branch (e.g. surface 429/402)without losing the status behind a generic Error.
  • score: 4

class FixtureProliantTransport

  • file: supabase/functions/_shared/proliant-transport.ts:25
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: In-memory that returns canned fixtures instead ofcalling the vendor — used by the deterministic Phase-4 integration suite.Throws a CONFIG when no fixture matches the request.
  • score: 4

class GraphNotFoundError

  • file: supabase/functions/_shared/entra-client.ts:137
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown by graphApiCall when response is 404; use for “not found” handling (e.g. getUser returns null).
  • score: 4

class GwsClientError

  • file: supabase/functions/_shared/google-workspace-client.ts:111
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Typed fail-closed error emitted by the Google Workspace Admin SDK client wrapper.
  • score: 4

class LocalOpenAIGateway

  • file: supabase/functions/_shared/ai/local-provider.ts:43
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: OpenAI-compatible client for a local engine. Ignores module/lane modelresolution — the local engine serves a single configured model.
  • score: 4

class LocalPhiRefusedError

  • file: supabase/functions/_shared/ai/local-provider.ts:28
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown if PHI is ever directed at the local (non-BAA) engine.
  • score: 4

class OutlookClient

  • file: supabase/functions/_shared/outlook-client.ts:118
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Represents outlook client.
  • score: 1

class PhiAccessLogError

  • file: supabase/functions/_shared/ai/agent-usage.ts:93
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Raised when the PHI-access audit row cannot be written — the caller MUST block the operation.
  • score: 4

class PhiLaneNotConfiguredError

  • file: supabase/functions/_shared/ai/models.ts:19
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown when a PHI-lane request is made without a BAA-confirmed model config.
  • score: 4

class PhiRedactionError

  • file: supabase/functions/_shared/ai/phi-redaction-core.ts:26
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown by on invalid input. Fail-closed: callers MUST skip the LLM call.
  • score: 4

class PortalValidationError

  • file: supabase/functions/_shared/portal-guard.ts:72
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Validate that matches the discriminated union.On structural failure returns a failure result instead ofthrowing — callers in catch the existing error path; thismakes validation composable without changing those error-return signatures.Throws a (a subclass of Error) when the shape isfundamentally invalid (not an object) so callers can distinguish parse errorsfrom a returned failure.
  • score: 4

class ProliantApiError

  • file: supabase/functions/_shared/proliant-client.ts:45
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Error thrown for a failed Proliant API call, carrying the HTTP status and an .
  • score: 4

class ProliantClient

  • file: supabase/functions/_shared/proliant-client.ts:77
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Real vendor-backed . Handles OAuth token acquisitionand caching, base-URL resolution, retries with backoff, and typed errormapping for all calls to the Proliant (ReadyPay) Company API.
  • score: 4

class RingCentralClient

  • file: supabase/functions/_shared/ringcentral-client.ts:242
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Represents ring central client.
  • score: 4

class RingCentralSmsClient

  • file: supabase/functions/_shared/ringcentral-sms-adapter.ts:249
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Extended RingCentral client with SMS capabilitiesThis class extends the base client to add SMS-specific methodswhile reusing the authentication and retry logic.
  • score: 4

class RoutingProvider

  • file: supabase/functions/_shared/ai/local-provider.ts:137
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Lane-aware router. STANDARD chat/stream/tools → local; PHI → vercel (always);embeddings → vercel (stable vector dims). Implements AIProvider so it can bewrapped by exactly like the plain gateway.
  • score: 4

class RunTransitionError

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:100
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Raised when a governed lifecycle RPC rejects a transition or errors.
  • score: 4

class SpineNotSatisfiedError

  • file: supabase/functions/_shared/ai/agent-run-state-machine.ts:77
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Raised when a run cannot proceed because the guardrail spine (FR-9) is not satisfied.Carries the missing spine elements (never any PHI).
  • score: 4

class TimeoutError

  • file: supabase/functions/_shared/timeout.ts:30
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown when a promise does not resolve within the allowed time.
  • score: 4

class TokenExpiredError

  • file: supabase/functions/_shared/outlook-client.ts:352
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Represents token expired error.
  • score: 4

class ToolNotAllowedError

  • file: supabase/functions/_shared/ai/tool-guard.ts:19
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown by when the model requests a tool thatwas not declared in the set for this skill invocation.
  • score: 4

class TwoPathViolationError

  • file: supabase/functions/_shared/ai/phi-two-path-enforcer.ts:29
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Raised when a step needs unredacted PHI on a non-PHI-lane model — rejected, never sent degraded.
  • score: 4

class VendorHttpError

  • file: supabase/functions/_shared/weno/transport.ts:44
  • kind: class
  • core: edge-functions
  • spec: (none)
  • summary: Thrown when WENO returns a non-2xx status, so callers can classify outage vs. error.
  • score: 4