Feature ID: PF-91Documentation Index
Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
Use this file to discover all available pages before exploring further.
Status: π¨ In Progress (80%)
Spec Reference: PF-91-compliance-automation-regulatory-dashboard.md
Last Updated: 2026-03-24
Overview
PF-91 adds tenant-scoped compliance monitoring (dashboard, PHI column classification, drift detection, evidence packages) and deepens 42 CFR Part 2 alignment with CL-11. Consumers integrate through@/platform/compliance, Edge Functions for scheduled checks and evidence generation, and existing PF-04 / PF-10 / PF-48 touchpoints.
Integration Points (from Spec)
| Dependency | Type | Purpose |
|---|---|---|
| PF-01 | Data | organization_id tenancy for all compliance artifacts |
| PF-04 | Data / Audit | Drift and evidence actions logged; audit health widgets |
| PF-05 | Scan / Report | RLS coverage and policy inventory for dashboard |
| PF-10 | Platform | Notifications for drift and compliance summaries |
| PF-36 | UI | Optional health-dashboard widgets |
| PF-48 | Event / Data | Security event correlation for compliance view |
| PF-90 | Data | DR readiness metrics for dashboard and evidence |
| CL-11 | Platform Layer | Consent status for Part 2 enforcement (@/platform/clinical) |
| GR-03 | Event (optional) | Regulatory tracker alignment; avoid duplicating GR-owned governance artifacts |
Platform Layer Contract (target)
- Module path:
@/platform/compliance(canonical). Subfolders allowed internally; export stable hooks/types from barrelsrc/platform/compliance/index.ts. - Edge Functions (names for implementation β adjust in migration if renamed):
compliance-run-checksβ scheduled drift / RLS / audit health checks; insertspf_compliance_checks; may emitpf_compliance_drift_detectedcompliance-phi-scanβ column /custom_fieldskey classification; upsertspf_phi_classificationsgenerate-compliance-evidenceβ async evidence ZIP job; updatespf_compliance_evidence; uploads to private bucketcompliance-evidence; may emitpf_compliance_evidence_readyAll org-scoped; use JWT or service role per job type; documentverify_jwtin each functionβs config and README per FR-4.2.
- Hooks (indicative):
useComplianceDashboard,usePhiClassifications,useComplianceEvidenceJobs,useDriftAlertsβ finalize names insrc/platform/compliance/; all queries includeorganization_id(defense in depth).
API / Edge Contracts (stub)
| Function / route | Auth | Request summary | Response summary |
|---|---|---|---|
compliance-run-checks | Service role / internal cron (verify_jwt: false if invoked only by cron; document) | Optional organization_id; omit for platform sweep if explicitly supported | Rows inserted into pf_compliance_checks; optional drift notifications |
compliance-phi-scan | Service role / internal cron | Optional organization_id | Updated pf_phi_classifications; respects per-org row soft limit (NFR-6) |
generate-compliance-evidence | User JWT + pf.compliance.evidence.generate | organization_id, framework, date range | Job id; artifact in Storage when completed |
Storage (evidence artifacts)
- Bucket:
compliance-evidenceβpublic: false, org-scoped object paths{organization_id}/{evidence_id}/...(same pattern asreports-exportsin20260315003328_04052513-0344-4182-9a43-503c6711e204.sql). - RLS: Reuse
pf_user_can_access_storage_orgon first path segment; service_role uploads from Edge (bypasses RLS); user download via signed URL only. pf_compliance_evidence.storage_path: Store the object key relative to this bucket (document exact convention in migration comment).
CL-11 / Part 2 (server)
- RPC:
cl_check_sud_consent(p_chart_id, p_record_type, p_requesting_user)β source of truth for SUD-gated content; used by@/platform/clinicaluseConsentCheck. - PF-91 Wrapper:
pf_check_sud_consent_for_exportβ SECURITY DEFINER; delegates tocl_check_sud_consent; fail-closed (FALSE on error/NULL);REVOKE ALL FROM PUBLIC. Per 42 CFR Part 2 Β§2.13/Β§2.31. - Emergency Override:
pf_log_emergency_overrideβ SECURITY DEFINER; inserts audit row intopf_audit_logs(PF-04); requires 20+ char justification;REVOKE ALL FROM PUBLIC. - PF-91 Phase 3: Server paths returning SUD-classified data MUST invoke consent RPC per chart; multi-chart exports iterate and fail closed when consent is false or null.
PF-10 (MVP notification behavior)
- In-app notifications to
pf.compliance.drift.manageforpf_compliance_drift_detected; optional in-app toast to requester forpf_compliance_evidence_ready. - Copy: Template-only titles/bodies; payload fields limited to UUIDs, severity, framework enum, opaque
storage_path, and short operator-safesummary(no PHI/SUD, no clinical table/column names). - Deep links:
/settings/compliance(drift);/settings/compliance/evidence?evidenceId=<uuid>(evidence ready).
Event Contracts (stub)
| Event | Publisher | Subscribers | Payload (indicative) |
|---|---|---|---|
pf_compliance_drift_detected | PF-91 check worker | PF-10 | organization_id, check_id, check_type, severity, dashboard_deep_link β no raw PHI or SUD fields in body |
pf_compliance_evidence_ready | Evidence generator | PF-10 (optional toast) | organization_id, evidence_id, framework, storage_path (opaque) |
Security and Tenant Isolation
- All new tables: RLS +
pf_has_org_access(or current SECURITY DEFINER helper) withWITH CHECKon UPDATE; no policy subqueries against RLS-protected tables without helpers (constitution Β§5.7). - Evidence ZIPs: signed URLs; no long-lived public URLs; checksum stored on
pf_compliance_evidence. - Part 2 paths: no SUD-classified data in notification body without consent; align with CL-11 contracts.
- Edge functions:
getCorsHeaders(req.headers.get('origin')),createLoggerfrom_shared/logger.ts, structured logging without PHI content (see spec FR-4.2). Validate contracts with CONTRACT_VALIDATION_CHECKLIST.md before release.