Status: 📝 Planned
Last Updated: 2026-03-02
Spec: PM-28 PM System Configuration & Admin Settings
Constitution Reference: Section 1.2 (Core Independence), Section 1.3 (Integration Patterns)
Overview
PM-28 provides the single admin surface (“Practice Management Settings”) for all org-levelpm_module_settings keys consumed by PM billing, payments, registration, and eligibility workflows. It does not introduce new tables or data flows; it is a UI aggregator over the existing pm_module_settings row (one per org).
Key tables: pm_module_settings (existing; columns owned by consumer spec migrations)
Integration Points (from spec)
Platform Integration Layer Usage
- PF-01: Organization context via
pf_organizations;organization_idis the partition key for thepm_module_settingsupsert. - PF-30: Permissions platform layer;
useHasPermission('pm.settings.view')/useHasPermission('pm.settings.manage')gate page access and save action.
Event Contracts
No new events defined in PM-28. Settings changes do not publish domain events (settings are read by consumer hooks on demand). Future enhancement:pm_settings_updated event if consumers require reactive cache invalidation.
API Contracts
Internal PM only.usePmModuleSettings (read) and usePmModuleSettingsUpsert (write) in src/cores/pm/hooks/; no external API exposed. Consumer specs (PM-01, PM-08, PM-09) read pm_module_settings directly via their own hooks.
Integration Matrix
Security Notes
pm_module_settingsRLS restricts all reads and writes to the user’sorganization_id; no cross-org access is possible.updated_bypopulated on every upsert byusePmModuleSettingsUpsert; provides audit trail per compliance requirement.- Permission keys added via migration to
pf_module_permissionsandpf_role_permissions; PF-30 enforces at hook level.