Status: 🔨 In Progress (80%)
Spec Reference: PF-91-compliance-automation-regulatory-dashboard.md
Last Updated: 2026-03-24
Overview
PF-91 adds tenant-scoped compliance monitoring (dashboard, PHI column classification, drift detection, evidence packages) and deepens 42 CFR Part 2 alignment with CL-11. Consumers integrate through@/platform/compliance, Edge Functions for scheduled checks and evidence generation, and existing PF-04 / PF-10 / PF-48 touchpoints.
Integration Points (from Spec)
Platform Layer Contract (target)
- Module path:
@/platform/compliance(canonical). Subfolders allowed internally; export stable hooks/types from barrelsrc/platform/compliance/index.ts. - Edge Functions (names for implementation — adjust in migration if renamed):
compliance-run-checks— scheduled drift / RLS / audit health checks; insertspf_compliance_checks; may emitpf_compliance_drift_detectedcompliance-phi-scan— column /custom_fieldskey classification; upsertspf_phi_classificationsgenerate-compliance-evidence— async evidence ZIP job; updatespf_compliance_evidence; uploads to private bucketcompliance-evidence; may emitpf_compliance_evidence_readyAll org-scoped; use JWT or service role per job type; documentverify_jwtin each function’s config and README per FR-4.2.
- Hooks (indicative):
useComplianceDashboard,usePhiClassifications,useComplianceEvidenceJobs,useDriftAlerts— finalize names insrc/platform/compliance/; all queries includeorganization_id(defense in depth).
API / Edge Contracts (stub)
Expand with request/response JSON Schema before implementation (see API_CONTRACTS.md if exposed externally).
Storage (evidence artifacts)
- Bucket:
compliance-evidence—public: false, org-scoped object paths{organization_id}/{evidence_id}/...(same pattern asreports-exportsin20260315003328_04052513-0344-4182-9a43-503c6711e204.sql). - RLS: Reuse
pf_user_can_access_storage_orgon first path segment; service_role uploads from Edge (bypasses RLS); user download via signed URL only. pf_compliance_evidence.storage_path: Store the object key relative to this bucket (document exact convention in migration comment).
CL-11 / Part 2 (server)
- RPC:
cl_check_sud_consent(p_chart_id, p_record_type, p_requesting_user)— source of truth for SUD-gated content; used by@/platform/clinicaluseConsentCheck. - PF-91 Wrapper:
pf_check_sud_consent_for_export— SECURITY DEFINER; delegates tocl_check_sud_consent; fail-closed (FALSE on error/NULL);REVOKE ALL FROM PUBLIC. Per 42 CFR Part 2 §2.13/§2.31. - Emergency Override:
pf_log_emergency_override— SECURITY DEFINER; inserts audit row intopf_audit_logs(PF-04); requires 20+ char justification;REVOKE ALL FROM PUBLIC. - PF-91 Phase 3: Server paths returning SUD-classified data MUST invoke consent RPC per chart; multi-chart exports iterate and fail closed when consent is false or null.
PF-10 (MVP notification behavior)
- In-app notifications to
pf.compliance.drift.manageforpf_compliance_drift_detected; optional in-app toast to requester forpf_compliance_evidence_ready. - Copy: Template-only titles/bodies; payload fields limited to UUIDs, severity, framework enum, opaque
storage_path, and short operator-safesummary(no PHI/SUD, no clinical table/column names). - Deep links:
/settings/compliance(drift);/settings/compliance/evidence?evidenceId=<uuid>(evidence ready).
Event Contracts (stub)
Register in EVENT_CONTRACTS.md (stub added; finalize TypeScript payload interfaces before ship).
Security and Tenant Isolation
- All new tables: RLS +
pf_has_org_access(or current SECURITY DEFINER helper) withWITH CHECKon UPDATE; no policy subqueries against RLS-protected tables without helpers (constitution §5.7). - Evidence ZIPs: signed URLs; no long-lived public URLs; checksum stored on
pf_compliance_evidence. - Part 2 paths: no SUD-classified data in notification body without consent; align with CL-11 contracts.
- Edge functions:
getCorsHeaders(req.headers.get('origin')),createLoggerfrom_shared/logger.ts, structured logging without PHI content (see spec FR-4.2). Validate contracts with CONTRACT_VALIDATION_CHECKLIST.md before release.