Feature ID: PF-64 (Phase 2 Expansion) Status: 🟡 Partially Complete (permission seeding pending deployment) Spec Reference: PF-64-PHASE-2-AI-TEMPLATE-GEN-EXPANSION.md Last Updated: 2026-03-15 Deployment Gate:Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
pf_ai_template_gen_enabled must NOT be enabled until pf.templates.manage permission seed is deployed. Hard guardrail: requires enforced RBAC and edge function authentication.
Overview
PF-64 Phase 2 adds AI-generated template suggestions: users describe a template in natural language and receive suggested structure (sections, placeholders) that can be saved as an organization document template. It also adds section suggestions for policy/procedure/letter types. All AI calls go through an edge function; no PHI/PII in prompts or logs (constitution §4.3).Integration Points (from Spec)
| Dependency | Type | Purpose |
|---|---|---|
| PF-64 Phase 1 | Platform (templates) | Letterhead, pf_document_templates, pf_document_template_versions |
| PF-01 (Organizations & Sites) | Platform | Tenant context, org scoping |
| Platform AI/LLM (e.g. PF-72 Agent SDK) | Platform Integration Layer | Description-to-template generation; section suggestions |
| PF-10 (Notifications) | Optional | Notify on generation complete (deferred to post–Phase 2) |
API / Edge Function Contracts
- Edge function:
ai-generate-template(supabase/functions/ai-generate-template/index.ts) accepts org-scoped requests withaction: 'generate_template'oraction: 'suggest_sections'. Uses Lovable AI Gateway with tool calling for structured output. Authentication/Authorization Chain: Requires valid JWT,pf.templates.managepermission, andverifyOrgAccess()invocation before handling actions.organization_idis validated server-side viaverifyOrgAccess()and request body schema validation.- Generate template:
{ action: 'generate_template', organization_id, description }→{ success: true, data: { name, category, sections } } - Suggest sections:
{ action: 'suggest_sections', organization_id, templateType }→{ success: true, data: { sections } }
- Generate template:
- CORS: Uses
getCorsHeaders(req.headers.get('origin'))from_shared/cors.ts. - Logging: Uses
createLoggerfrom_shared/logger.ts; no PHI/PII in logs.
Security and Tenant Isolation
- No PHI/PII in prompts, logs, or generation payloads (constitution §4.3).
- Org-scoped: All generation and section suggestions are scoped to the current organization.
- Permission:
pf.templates.managegates all AI entry points. Note: Must be seeded inpf_module_permissions(not yet deployed). - Feature flag:
pf_ai_template_gen_enabledonpf_module_settings(per-org) controls visibility of AI entry points.