Skip to main content
Version: 1.0.1
Last Updated: 2026-03-24
Spec: HR-28 Fingerprint Clearance Card Management
Constitution Reference: Section 1.2 (Core Independence), Section 1.3 (Integration Patterns)

Overview

HR-28 tracks Arizona DPS fingerprint clearance cards per employee, drives expiration notifications, and exposes verification status for HR-03 onboarding and HR-02 credential prerequisites. Cross-core consumers use the Platform Integration Layer or documented events—no direct core-to-core imports.

Integration Points

Platform Foundation (PF)

Intra-HR dependencies


Event Contracts (planned)

Names follow {core}_{entity}_{action} where possible. Final names MUST be registered in EVENT_CONTRACTS.md before production publish.

hr_fingerprint_clearance_status_changed

Publisher: HR (HR-28)
Subscribers: HR-02, HR-03 (via platform handlers)
Status: 📋 Planned
Purpose: Notify gates and dashboards when clearance moves between blocking and non-blocking states.

hr_fingerprint_clearance_expiration_warning

Publisher: HR (HR-28) / scheduled worker
Subscribers: PF-10
Status: 📋 Planned
Purpose: Correlate scheduled notifications with idempotent alert flags on the clearance row.

API / data access

  • Client: HR module routes and hooks under src/cores/hr/; use Supabase client with tenant filters on mutations.
  • Downstream cores: Consume published events or platform read APIs—do not query hr_fingerprint_clearances from non-HR cores.

Security & tenant isolation

  • All rows scoped by organization_id; RLS enforced.
  • Full card numbers suppressed for all non-authorized roles and internal surfaces (including logs, prompts, error strings, monitoring/telemetry, and debug dumps).
  • No secrets or card numbers in logs, prompts, error strings, monitoring/telemetry, or debug outputs.