Last Updated: 2026-03-09
Spec:
specs/hr/specs/HR-05-ENHANCEMENTS.md
Overview
HR-05 Enhancements extend Time & Attendance with geofencing (EN-03), real-time exception alerts (EN-08), and planned integrations with PTO (EN-05), Payroll (EN-06), and Scheduling (EN-04).Integration Points
EN-03: Advanced Geofencing (✅ Implemented)
EN-08: Real-time Exception Alerts (✅ Implemented)
EN-05: PTO Integration (📝 Planned)
EN-06: Automated Payroll Import (📝 Planned)
Event Contracts
Payload Schema: hr_timesheet_exception_created
SQL Trigger Implementation
The triggertrg_hr_time_exceptions_notify fires on INSERT to hr_time_exceptions and calls the hr_notify_time_exception() SECURITY DEFINER function, which:
- Retrieves
supabase_functions_urlandsupabase_anon_keyfrom the vault - Skips notification if vault values are missing (fail-safe)
- POSTs to
time-exception-notifyedge function with the payload above
Testing
- Unit: Verify
time-exception-notifyedge function handles valid/invalid payloads - Integration: Insert into
hr_time_exceptionsand verify notification created inpf_notifications - RLS: Confirm
hr_time_exceptionspolicies enforce org isolation
Backward Compatibility
This event was introduced in the same PR as the trigger — no prior consumers exist. The rename fromtimesheet_exception_created to hr_timesheet_exception_created follows the canonical {core}_{entity}_{action} naming convention.
Security
- All geofence operations scoped by
organization_idvia RLS + application-level filter - Exception notifications resolve recipients server-side (no client-side manager lookup)
- Geofence CRUD gated by
hr.geofence.view/create/update/deletepermissions - Edge function
time-exception-notifyrequires Authorization header
HR-05-EN-10 — Admin & Manager Timesheet Correction and Manual Entry
HR-05-EN-10 adds manager- and admin-level timesheet correction (editing existing punches with a mandatory reason and audit trail) and manual punch entry for missed clock events, surfaced via the/hr/team-timesheets/:id detail view. The enhancement operates entirely within the HR core, writing to the same hr_time_entries and hr_timesheets tables that HR-05 already owns, and raises no new cross-core events or external system dependencies — it rides the parent spec’s existing integration surface without introducing any new integration contract.
HR-05-EN-11 — Site-aware timezone-correct time capture
HR-05-EN-11 adds site-aware, server-authoritative timezone resolution to clock punches: each punch payload carries the worksite_id and capture source, and resolved_timezone is stamped by the database (not the client) using the site’s configured timezone. This enhancement rides the parent HR-05 integration surface already documented above — it introduces no new cross-core contracts, external system dependencies, or platform integration layers beyond those established by HR-05 and PF-30.