Skip to main content
Version: 1.0.0
Last Updated: 2026-03-09
Spec: specs/hr/specs/HR-05-ENHANCEMENTS.md

Overview

HR-05 Enhancements extend Time & Attendance with geofencing (EN-03), real-time exception alerts (EN-08), and planned integrations with PTO (EN-05), Payroll (EN-06), and Scheduling (EN-04).

Integration Points

EN-03: Advanced Geofencing (✅ Implemented)

EN-08: Real-time Exception Alerts (✅ Implemented)

EN-05: PTO Integration (📝 Planned)

EN-06: Automated Payroll Import (📝 Planned)


Event Contracts

Payload Schema: hr_timesheet_exception_created

SQL Trigger Implementation

The trigger trg_hr_time_exceptions_notify fires on INSERT to hr_time_exceptions and calls the hr_notify_time_exception() SECURITY DEFINER function, which:
  1. Retrieves supabase_functions_url and supabase_anon_key from the vault
  2. Skips notification if vault values are missing (fail-safe)
  3. POSTs to time-exception-notify edge function with the payload above

Testing

  • Unit: Verify time-exception-notify edge function handles valid/invalid payloads
  • Integration: Insert into hr_time_exceptions and verify notification created in pf_notifications
  • RLS: Confirm hr_time_exceptions policies enforce org isolation

Backward Compatibility

This event was introduced in the same PR as the trigger — no prior consumers exist. The rename from timesheet_exception_created to hr_timesheet_exception_created follows the canonical {core}_{entity}_{action} naming convention.

Security

  • All geofence operations scoped by organization_id via RLS + application-level filter
  • Exception notifications resolve recipients server-side (no client-side manager lookup)
  • Geofence CRUD gated by hr.geofence.view/create/update/delete permissions
  • Edge function time-exception-notify requires Authorization header

HR-05-EN-10 — Admin & Manager Timesheet Correction and Manual Entry

HR-05-EN-10 adds manager- and admin-level timesheet correction (editing existing punches with a mandatory reason and audit trail) and manual punch entry for missed clock events, surfaced via the /hr/team-timesheets/:id detail view. The enhancement operates entirely within the HR core, writing to the same hr_time_entries and hr_timesheets tables that HR-05 already owns, and raises no new cross-core events or external system dependencies — it rides the parent spec’s existing integration surface without introducing any new integration contract.

HR-05-EN-11 — Site-aware timezone-correct time capture

HR-05-EN-11 adds site-aware, server-authoritative timezone resolution to clock punches: each punch payload carries the work site_id and capture source, and resolved_timezone is stamped by the database (not the client) using the site’s configured timezone. This enhancement rides the parent HR-05 integration surface already documented above — it introduces no new cross-core contracts, external system dependencies, or platform integration layers beyond those established by HR-05 and PF-30.

HR-05-EN-12 — Single-line inline editing and manual/blank timesheets (both editors)

HR-05-EN-12 adds single-line inline punch editing (In/Out saved in one action) and the ability to create manual or blank timesheets in both the standard and bulk timesheet editors. This enhancement operates entirely within the HR core’s existing Time & Attendance data model and rides the parent HR-05 integration surface documented above — it introduces no new cross-core contracts, external system dependencies, or platform integration layer calls beyond those already established by HR-05.