Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt

Use this file to discover all available pages before exploring further.

Version: 1.0.0
Last Updated: 2026-03-20
Spec: RH-06 Compliance & Staff Operations
Constitution Reference: Section 1.2 (Core Independence), Section 1.3 (Integration Patterns)

Overview

RH-06 manages compliance requirements, staff operations, and training tracking. It publishes events for compliance deadlines and non-compliance detection, and integrates with HR (Workforce) for staff information lookup.

Integration Points

Platform Foundation (PF) Dependencies

Required PF Features:
  • PF-08 (Forms Integration): Compliance checklists, audit forms
  • PF-10 (Notifications): Compliance deadline reminders, non-compliance alerts, training expiry reminders
  • PF-11 (Document Management): Compliance evidence, audit documents, training certifications
Integration Type: Platform Integration Layer (Pattern 1)

Consumer Core Dependencies (Downstream)

Internal RH Features:
  • RH-01 (Episodes): Episode records for compliance tracking
  • RH-02 (Programs & Phases): Program compliance requirements
  • RH-03 (Significant Events): Significant event reporting compliance
External Cores:
  • HR (Workforce): Staff information lookup for assignments and training

Event Contracts

Event: rh_compliance_deadline_approaching

Publisher: RH (RH-06)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned Purpose: Send compliance deadline reminders 7 days before due date Payload Schema: 
interface RhComplianceDeadlineApproachingPayload {
  event_type: 'rh_compliance_deadline_approaching';
  compliance_requirement_id: uuid;
  organization_id: uuid;
  due_date: date;
  days_until_due: number;
  timestamp: timestamptz;
}

Event: rh_non_compliance_detected

Publisher: RH (RH-06)
Subscribers: PF-10 (Notifications)
Status: 📝 Planned Purpose: Alert management to non-compliance issues Payload Schema: 
interface RhNonComplianceDetectedPayload {
  event_type: 'rh_non_compliance_detected';
  compliance_requirement_id: uuid;
  organization_id: uuid;
  residence_id?: uuid;
  non_compliance_reason: string;
  timestamp: timestamptz;
}

API Contracts

API: HR Employee Lookup

Endpoint: /api/v1/hr/employees?employee_id={id}
Method: GET
Provider: HR (Workforce)
Consumers: RH-06 (Compliance & Staff Operations)
Status: 📝 Planned Purpose: Lookup staff information for assignments and training Request:
  • Query parameter: employee_id (uuid, required)
Response: 
interface HrEmployeeResponse {
  id: uuid;
  full_name: string;
  job_title: string;
  primary_site_id?: uuid;
  employment_status: string;
  organization_id: uuid;
}

Platform Integration Layer Usage

Consumes:
  • PF-08 (Forms Integration): Compliance checklists, audit forms via @/platform/forms
  • PF-10 (Notifications): Compliance deadline reminders, non-compliance alerts, training expiry reminders via @/platform/notifications
  • PF-11 (Document Management): Compliance evidence, audit documents, training certifications via @/platform/documents

Security Considerations

Multi-Tenancy

  • RLS Enforcement: All rh_compliance_* and rh_staff_* tables filtered by organization_id via RLS policies

Role-Based Access Control

  • Compliance Officer: Create requirements, view all compliance data
  • House Manager: Complete checklists, record shift notes
  • Program Manager: Review compliance, approve corrective actions
  • Staff: View assigned compliance items, record training

Data Protection

  • PII Handling: Compliance data may contain PHI (resident references); access controlled via RLS
  • Document Security: Evidence documents stored securely via PF-11
  • Audit Logging: All compliance access logged via PF-04

Testing Requirements

  • Event payload structure validation
  • Event fires on trigger condition (compliance deadline approaching, non-compliance detected)
  • Correct organization_id included in all events
  • Subscribers handle events correctly (PF-10)
  • HR employee lookup API works correctly
  • RLS policies enforce org isolation on compliance and staff operations queries
  • RBAC roles work correctly for different user types

References