Created: 2026-01-24
Status: 📋 Specification
Spec Reference:
specs/ce/specs/CE-07-email-integration.md
Overview
This document defines the integration contracts for CE-07 (Email Integration). CE-07 integrates with multiple internal modules (CE-01, CE-02, CE-04, PF-10, PF-11) and external services (Gmail API, Microsoft Graph API).Integration Patterns
Pattern Summary
Internal Integrations
CE-01: Contacts Integration
Pattern: Direct Reference (Foreign Key)Direction: CE-07 → CE-01
- Email matched to contact by email address
- Contact timeline includes email tab
- Email compose from contact detail page
CE-02: Partners Integration
Pattern: Direct Reference + Domain MatchingDirection: CE-07 → CE-02
- Email matched to partner by domain (e.g., @hospital.org)
- Partner timeline includes email tab
- Email compose from partner detail page
CE-04: Activities Integration
Pattern: Database Trigger (Event-Based)Direction: CE-07 → CE-04 Trigger Contract:
PF-10: Notifications Integration
Pattern: Platform Integration LayerDirection: CE-07 → PF-10 Usage: Email tracking notifications (opens, clicks) Import:
Notification Payload:
PF-11: Documents Integration
Pattern: Platform Integration LayerDirection: CE-07 → PF-11 Usage: Attachment storage and retrieval Import:
- Attachments linked to PF-11 document storage
- Document selection in email compose dialog
- Attachment preview in email detail view
External Integrations
Gmail API Integration
Pattern: External API (OAuth 2.0)Direction: Bi-directional OAuth Configuration:
Edge Functions:
gmail-oauth/index.ts- OAuth flow (authorize, callback, refresh)email-sync-gmail/index.ts- Message sync
Microsoft Graph API Integration
Pattern: External API (OAuth 2.0)Direction: Bi-directional OAuth Configuration:
Edge Functions:
outlook-oauth/index.ts- OAuth flow (authorize, callback, refresh)email-sync-outlook/index.ts- Message sync
Event Contracts
Email Synced Event
Event Name:ce.email.syncedPublisher: CE-07
Subscribers: CE-04 (Activity creation) Payload Schema:
Email Tracking Event
Event Name:ce.email.trackingPublisher: CE-07 (tracking Edge Function)
Subscribers: PF-10 (Notifications) Payload Schema:
Security Considerations
OAuth Token Security
- Tokens encrypted at rest via Supabase Vault (pgsodium)
- Refresh tokens stored separately from access tokens
- Token refresh handled server-side only
- No tokens exposed in client-side code
Email Content Security
- Email content stored in org-isolated tables
- RLS policies enforce organization boundaries
- No email content in application logs
- PHI/PII detection warnings (optional)
Tracking Pixel Security
- Tracking endpoints validate organization context
- Rate limiting on tracking endpoints
- No sensitive data in tracking URLs
Module Settings
Settings stored ince_module_settings:
Implementation Status
References
- Spec:
specs/ce/specs/CE-07-email-integration.md - Tasks:
specs/ce/tasks/CE-07-email-integration-TASKS.md - Gmail API: https://developers.google.com/gmail/api
- Microsoft Graph: https://docs.microsoft.com/en-us/graph/api/resources/mail-api-overview
- Integration Patterns:
docs/architecture/integrations/index.md
Last Updated: 2026-01-24