Overview
PF-94 adds authoritative site-level IANA timezones, per-site business hours (pf_site_business_hours), and platform hooks for scheduling, SLA, reporting, and notifications. Consumers use the Platform Integration Layer (@/platform/timezone when implemented) rather than direct database access from domain cores.
Integration Points (from Spec)
API / Platform Contracts (Planned)
- Client layer (planned):
@/platform/timezone(or equivalent path chosen at implementation):useSiteTimezone(siteId)— IANA id, format/toSite/toUTC helpersuseBusinessHours(siteId)— rows,isOpen, next open/close- Pure utilities:
isBusinessHours(siteId, timestamp)(may delegate to edge or client cache)
- Data:
pf_sites.timezone;pf_site_business_hourswith RLS viapf_has_org_access - Permission keys:
pf.sites.timezone.manage,pf.sites.business-hours.manage
Security and Tenant Isolation
- All new rows are scoped by
organization_id; RLS policies requirepf_has_org_access(organization_id, auth.uid())for all operations. - No PHI: configuration and timestamps only; follow standard audit (PF-04) for timezone changes.
- Application mutations must include
.eq('organization_id', orgId)per defense-in-depth.