Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Status: ✅ Active (GR-01–GR-08, GR-10, GR-11 implemented; GR-09 pending; GR-12 specified)
Last Updated: 2026-03-06
Constitution Reference: §1 Architecture & Module Boundaries — no direct core-to-core imports; all cross-core via Platform Integration Layer, events, or API contracts.
Overview
The GR (Governance & Compliance) module manages policies, compliance tracking, audits, risk, quality improvement, accreditation, incident reporting, contracts, and procedures. This document is the canonical anchor for all GR integration contracts, cross-core event publisher/consumer mappings, API contracts, and platform layer usage.
Related documents:
Events Published by GR
| Event | Channel | Publisher Spec | Subscribers | Status |
|---|
policy_created | gr_events | GR-01 | GR-02, GR-03 | 📝 Planned |
policy_acknowledged | gr_events | GR-01 | GR-02, GR-03 | 📝 Planned |
training_completed | gr_events | GR-02 | GR-03, HR-02 | 📝 Planned |
requirement_created | gr_events | GR-03 | GR-04, GR-06 | 📝 Planned |
compliance_status_changed | gr_events | GR-03 | GR-04, GR-05, GR-06 | 📝 Planned |
audit_created | gr_events | GR-04 | GR-06 | 📝 Planned |
audit_finding_created | gr_events | GR-04 | GR-05, GR-06 | 📝 Planned |
risk_created | gr_events | GR-05 | GR-06 | 📝 Planned |
risk_assessed | gr_events | GR-05 | GR-06 | 📝 Planned |
qi_project_created | gr_events | GR-07 | GR-03, GR-04 | 📝 Planned |
accreditation_created | gr_events | GR-08 | GR-03, GR-04 | 📝 Planned |
incident_created | gr_events | GR-09 | GR-05, GR-06, CL (chart flag via gr_incident_created) | 📝 Planned |
incident_resolved | gr_events | GR-09 | GR-05, GR-06 | 📝 Planned |
gr_incident_created | gr_events | GR-09 | CL — chart flag | 📝 Planned |
procedure_approved | gr_events | GR-11 | GR-02, GR-03, PF-10 | ✅ Complete |
procedure_execution_completed | gr_events | GR-11 | GR-03, PF-10 | ✅ Complete |
gr_template_instantiated | gr_events | GR-12 | GR-03, PF-10 | 📝 Planned |
gr_template_contributed | gr_events | GR-12 | GR-03 | 📝 Planned |
procedure_gap_identified | gr_events | GR-13 | GR-07 (QI project candidate) | 📝 Planned |
- All GR trigger functions that publish to
gr_events MUST use SECURITY DEFINER.
gr_incident_created is also documented in CL-GR-CLINICAL-INCIDENT-INTEGRATION.md; follow PHI payload restrictions there.
Events Consumed by GR
| Event | Publisher | GR Consumer Spec | GR Action | Status |
|---|
employee_created | HR | GR-01, GR-02 | Assign onboarding policies and training | 📝 Planned |
incident_reported | HR-14 | GR-03, GR-04 | Create compliance check; initiate audit workflow | ✅ Implemented |
grievance_filed | HR-14 | GR-03 | Create compliance check record | ✅ Implemented |
vendor_certification_expiring | FM | GR-03 | Create compliance check for expiring vendor cert | ✅ Implemented |
pm_overdue | FM | GR-03 | Flag preventive maintenance compliance gap | 📝 Planned |
inspection_due | FM | GR-03 | Create upcoming compliance check | 📝 Planned |
inspection_failed | FM | GR-03, GR-05 | Create compliance finding; link to risk | 📝 Planned |
inspection_compliant | FM | GR-03 | Update compliance check to compliant | 📝 Planned |
it_security_incident_created | IT | GR-09 | Create or link GR incident report | 📝 Planned |
it_critical_vulnerability_detected | IT | GR-09 | Create GR risk and potential incident | 📝 Planned |
it_asset_disposed | IT | GR-03 | Update compliance tracking for asset disposal | 📝 Planned |
cl_safety_plan_activated | CL (CL-07) | GR-09 | Create draft incident report (type: safety_plan_activation) | 📝 Planned |
cl_restraint_event_documented | CL (CL-13) | GR-09 | Create draft incident report (type: restraint_seclusion) | 📝 Planned |
cl_incident_reported | CL (CL-15) | GR-03, GR-04, GR-08 | Compliance check; audit log; accreditation evidence | ✅ Implemented |
goal_completed | LO | GR | Cross-core governance linkage | 📝 Planned |
- Server-side tenant isolation: validate
organization_id against JWT claims before writing.
- Use
SECURITY DEFINER stored procedures for event-triggered writes.
- Log all event consumptions to
pf_audit_logs with user_id, organization_id, timestamp, correlation_id.
- Implement exponential backoff retries; dead-letter queue for max-retry failures.
API Contracts
No GR-owned API contracts are currently defined. The following are candidates for future specification:
| Proposed API | Type | Consumer | Priority |
|---|
GET /gr/incidents/{id} (or incident lookup via platform layer) | REST | CL, IT, HR | High (needed for chart flag navigation) |
GET /gr/compliance-status?org=&site= | REST | CL, PM, HR | Medium |
GET /gr/accreditation-readiness?org= | REST | GR-06 AI, executive dashboard | Medium |
| Layer | PF Spec | GR Usage | Status |
|---|
| Forms (PF-08) | PF-08 | Policy acknowledgment forms, audit checklists, compliance surveys | ✅ Used |
| Notifications (PF-10) | PF-10 | Policy review reminders, compliance due dates, audit finding alerts | ✅ Used |
| Documents (PF-11) | PF-11 | Policy documents, audit evidence, compliance certificates, contract docs | ✅ Used |
| Reports (PF-12) | PF-12 | Compliance reports, audit reports, accreditation reports | ✅ Used |
| AI (PF-27) | PF-27 | GR-06 AI Compliance Advisor; GR-10 contract analysis (Phase 2, planned) | Partial |
| Permissions (PF-30) | PF-30 | Granular permission system for all GR entities | ✅ Used |
| Workflow / Swim Lane (PF-73) | PF-73 | Diagram generation from GR-01 policies and GR-11 procedures | ✅ Used |
| Picklists (PF-15) | PF-15 | Policy categories, compliance status, audit types | ❌ Pending |
| Custom Fields (PF-16) | PF-16 | gr_policies custom_fields | ❌ Pending |
| Configurable Forms (PF-17) | PF-17 | Policy acknowledgment form, audit checklist form | ❌ Pending |
Cross-Core Data References
GR does not hold foreign keys to other cores (per constitution §1 / ADR-002 restrictions). Cross-core linkage is by UUID reference columns:
| GR Entity | References | Method |
|---|
gr_compliance_checks | HR employees, FM vendors | UUID column (entity_id, entity_type) — no FK |
gr_incidents (GR-09) | CL chart_id | UUID column — no FK; link surfaced via gr_incident_created event |
gr_contracts | FM vendors, HR employees, FA | UUID columns (counterparty_id) — no FK |
gr_accreditation_evidence | Any document | Via PF-11 document UUIDs — no direct FK |
Implementation Notes for GR-09 (Pending)
The GR-09 Incident Reporting implementation must:
- Create
gr_incidents table with RLS, org isolation, and full audit trail.
- Subscribe to
cl_safety_plan_activated and cl_restraint_event_documented to auto-create draft incidents.
- Publish
gr_incident_created and incident_created on incident creation.
- Subscribe to
it_security_incident_created and it_critical_vulnerability_detected for IT-originated incidents.
- Implement statutory deadline tracking for ARS 46-454, ARS 13-3620, AHCCCS AMPM 1620-O.
- Create
gr_incident_regulatory_reports sub-table for state/AHCCCS report tracking.
- Add RLS tests for all new tables in
tests/rls/.
- Add E2E tests in
tests/e2e/gr-incident-workflow.test.ts.
See GR-09-incident-reporting.md for full spec.
See CL-GR-CLINICAL-INCIDENT-INTEGRATION.md for bridge implementation requirements.
Testing Requirements
| Test Type | File | Coverage |
|---|
| RLS — policies | tests/rls/gr-policies.rls.test.ts | ✅ |
| RLS — procedures | tests/rls/gr-procedures.rls.test.ts | ✅ |
| RLS — audits | tests/rls/gr-audits.rls.test.ts | ✅ |
| RLS — compliance | tests/rls/gr-compliance*.rls.test.ts | ✅ |
| RLS — accreditation | tests/rls/gr-accreditation*.rls.test.ts | ✅ |
| RLS — contracts | tests/rls/gr-contracts.test.ts | ✅ |
| RLS — risks | tests/rls/gr-risks.rls.test.ts | ✅ |
| RLS — incidents | tests/rls/gr-incidents.rls.test.ts | ❌ Missing — create when GR-09 implemented |
| RLS — procedure templates | tests/rls/gr-procedure-templates.rls.test.ts | ❌ Missing — create when GR-12 implemented |
| E2E — AI compliance advisor | tests/e2e/gr-ai-compliance-advisor.test.ts | ⚠️ Uses test.fixme — needs enabling |
| E2E — incident workflow | tests/e2e/gr-incident-workflow.test.ts | ❌ Missing — create when GR-09 implemented |
| Integration — procedure workflows | src/cores/gr/tests/integration/procedure-workflows.test.ts | ✅ |
| Integration — contracts | tests/integration/gr-contracts*.ts | ✅ |
