Skip to main content
Version: 1.0.0
Created: 2026-01-24
Status: 📋 Specification
Spec Reference: specs/ce/specs/CE-07-email-integration.md

Overview

This document defines the integration contracts for CE-07 (Email Integration). CE-07 integrates with multiple internal modules (CE-01, CE-02, CE-04, PF-10, PF-11) and external services (Gmail API, Microsoft Graph API).

Integration Patterns

Pattern Summary


Internal Integrations

CE-01: Contacts Integration

Pattern: Direct Reference (Foreign Key)
Direction: CE-07 → CE-01
Integration Points:
  • Email matched to contact by email address
  • Contact timeline includes email tab
  • Email compose from contact detail page
API Contract:

CE-02: Partners Integration

Pattern: Direct Reference + Domain Matching
Direction: CE-07 → CE-02
Integration Points:
  • Email matched to partner by domain (e.g., @hospital.org)
  • Partner timeline includes email tab
  • Email compose from partner detail page
API Contract:

CE-04: Activities Integration

Pattern: Database Trigger (Event-Based)
Direction: CE-07 → CE-04
Trigger Contract:
Activity Created:

PF-10: Notifications Integration

Pattern: Platform Integration Layer
Direction: CE-07 → PF-10
Usage: Email tracking notifications (opens, clicks) Import:
Notification Types: Notification Payload:

PF-11: Documents Integration

Pattern: Platform Integration Layer
Direction: CE-07 → PF-11
Usage: Attachment storage and retrieval Import:
Integration Points:
  • Attachments linked to PF-11 document storage
  • Document selection in email compose dialog
  • Attachment preview in email detail view
Note: Email attachment content NOT stored in CE-07 tables (only metadata). Full content stored in PF-11.

External Integrations

Gmail API Integration

Pattern: External API (OAuth 2.0)
Direction: Bi-directional
OAuth Configuration:
API Endpoints Used: Edge Functions:
  • gmail-oauth/index.ts - OAuth flow (authorize, callback, refresh)
  • email-sync-gmail/index.ts - Message sync

Microsoft Graph API Integration

Pattern: External API (OAuth 2.0)
Direction: Bi-directional
OAuth Configuration:
API Endpoints Used: Edge Functions:
  • outlook-oauth/index.ts - OAuth flow (authorize, callback, refresh)
  • email-sync-outlook/index.ts - Message sync

Event Contracts

Email Synced Event

Event Name: ce.email.synced
Publisher: CE-07
Subscribers: CE-04 (Activity creation)
Payload Schema:

Email Tracking Event

Event Name: ce.email.tracking
Publisher: CE-07 (tracking Edge Function)
Subscribers: PF-10 (Notifications)
Payload Schema:

Security Considerations

OAuth Token Security

  • Tokens encrypted at rest via Supabase Vault (pgsodium)
  • Refresh tokens stored separately from access tokens
  • Token refresh handled server-side only
  • No tokens exposed in client-side code

Email Content Security

  • Email content stored in org-isolated tables
  • RLS policies enforce organization boundaries
  • No email content in application logs
  • PHI/PII detection warnings (optional)

Tracking Pixel Security

  • Tracking endpoints validate organization context
  • Rate limiting on tracking endpoints
  • No sensitive data in tracking URLs

Module Settings

Settings stored in ce_module_settings:

Implementation Status


References


Last Updated: 2026-01-24