Skip to main content
Feature ID: FW-52
Status: 📋 Specification
Spec Reference: FW-52-workflow-import-export-portability.md
Last Updated: 2026-03-22

Overview

FW-52 adds portable JSON/YAML packages for workflow definitions with optional bundled forms (FW-01) and decision tables (FW-45). Export strips tenant UUIDs; import performs validation, dry-run analysis, conflict resolution, and transactional apply via a SECURITY DEFINER RPC. Automation rules are not bundled in Phase 1.

Integration Points (from Spec)


API / Edge Functions

Shared requirements: getCorsHeaders, verifyOrgAccess, createLogger; verify_jwt: true. AuthZ: fw.workflows.export (export), fw.workflows.import (import/dry-run/apply).

Platform Integration Layer


Security and Tenant Isolation

  • No PHI in packages or logs (definitions only).
  • All DB writes scoped to organization_id; RPC runs as SECURITY DEFINER with explicit p_organization_id checks.
  • RLS on fw_import_logs via fw_has_org_access + pf_has_permission.

UI Routes (canonical)

Register in src/routes/fw.tsx; labels in src/platform/navigation/route-labels.ts. Workflow export remains in-context on /fw/automations/:id/workflow (and other existing workflow surfaces).

Audit (PF-04)

On successful apply (client after RPC returns, or edge after RPC succeeds): logAuditEvent with action: 'workflow_import_applied', resource: 'fw_import_logs', module: 'fw', and count-only metadata (see spec FR-8.1). No cross-core event required for MVP.

Event Contracts

  • None required for MVP (audit via pf_audit_logs through logAuditEvent).