> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Platform Foundation Entity Relationship Diagram

> > Module: Platform Foundation > Prefix: pf_ > Tables: 73 > Last Updated: 2026-01-11

> **Module:** Platform Foundation\
> **Prefix:** `pf_`\
> **Tables:** 73\
> **Last Updated:** 2026-01-11

## Overview

Platform Foundation provides the core infrastructure for multi-tenancy, authentication, user management, and cross-module services. All other modules depend on PF for organization context and user identity.

## Core Entities ERD

```mermaid theme={null}
erDiagram
    pf_organizations ||--o{ pf_sites : contains
    pf_organizations ||--o{ pf_profiles : "has members"
    pf_organizations ||--o{ pf_user_roles : "defines roles"
    pf_organizations ||--o{ pf_departments : "has departments"
    
    pf_profiles ||--o{ pf_user_roles : "has roles"
    pf_profiles ||--o{ pf_notifications : receives
    pf_profiles ||--o{ pf_audit_logs : generates
    
    pf_sites ||--o{ pf_site_contacts : "has contacts"
    
    pf_organizations {
        uuid id PK
        string name
        string slug
        jsonb settings
        jsonb custom_fields
        timestamp created_at
    }
    
    pf_profiles {
        uuid id PK
        uuid organization_id FK
        string email
        string first_name
        string last_name
        string avatar_url
        jsonb preferences
        timestamp created_at
    }
    
    pf_sites {
        uuid id PK
        uuid organization_id FK
        string name
        string address
        boolean is_active
        jsonb custom_fields
    }
    
    pf_user_roles {
        uuid id PK
        uuid user_id FK
        uuid organization_id FK
        enum role
        timestamp created_at
    }
```

## Authentication & Security ERD

```mermaid theme={null}
erDiagram
    pf_profiles ||--o{ pf_sessions : "has sessions"
    pf_profiles ||--o{ pf_mfa_factors : "has MFA"
    pf_organizations ||--o{ pf_sso_configs : "configures SSO"
    pf_organizations ||--o{ pf_api_keys : "manages keys"
    
    pf_sessions {
        uuid id PK
        uuid user_id FK
        timestamp expires_at
        string ip_address
        string user_agent
    }
    
    pf_mfa_factors {
        uuid id PK
        uuid user_id FK
        string factor_type
        boolean is_verified
        timestamp created_at
    }
    
    pf_sso_configs {
        uuid id PK
        uuid organization_id FK
        string provider
        jsonb config
        boolean is_active
    }
    
    pf_api_keys {
        uuid id PK
        uuid organization_id FK
        string key_hash
        timestamp expires_at
        jsonb permissions
    }
```

## Notifications & Communications ERD

```mermaid theme={null}
erDiagram
    pf_organizations ||--o{ pf_notification_templates : defines
    pf_profiles ||--o{ pf_notifications : receives
    pf_profiles ||--o{ pf_notification_preferences : configures
    
    pf_notification_templates ||--o{ pf_notifications : generates
    
    pf_notifications {
        uuid id PK
        uuid user_id FK
        uuid organization_id FK
        string title
        string message
        string type
        boolean is_read
        timestamp created_at
    }
    
    pf_notification_templates {
        uuid id PK
        uuid organization_id FK
        string name
        string subject
        text body
        string channel
    }
    
    pf_notification_preferences {
        uuid id PK
        uuid user_id FK
        string notification_type
        boolean email_enabled
        boolean push_enabled
        boolean in_app_enabled
    }
```

## Documents & Storage ERD

```mermaid theme={null}
erDiagram
    pf_organizations ||--o{ pf_documents : stores
    pf_documents ||--o{ pf_document_versions : "has versions"
    pf_documents ||--o{ pf_document_shares : "shared with"
    
    pf_documents {
        uuid id PK
        uuid organization_id FK
        string name
        string file_path
        string mime_type
        bigint file_size
        uuid created_by FK
    }
    
    pf_document_versions {
        uuid id PK
        uuid document_id FK
        integer version_number
        string file_path
        uuid created_by FK
    }
    
    pf_document_shares {
        uuid id PK
        uuid document_id FK
        uuid shared_with_user_id FK
        string permission_level
        timestamp expires_at
    }
```

## Platform Services ERD

```mermaid theme={null}
erDiagram
    pf_organizations ||--o{ pf_picklists : defines
    pf_organizations ||--o{ pf_custom_field_definitions : defines
    pf_organizations ||--o{ pf_module_permissions : configures
    
    pf_picklists ||--o{ pf_picklist_items : contains
    
    pf_picklists {
        uuid id PK
        uuid organization_id FK
        string name
        string category
        boolean is_system
    }
    
    pf_picklist_items {
        uuid id PK
        uuid picklist_id FK
        string value
        string label
        integer display_order
        boolean is_active
    }
    
    pf_custom_field_definitions {
        uuid id PK
        uuid organization_id FK
        string entity_type
        string field_key
        string field_type
        jsonb validation_rules
    }
    
    pf_module_permissions {
        uuid id PK
        uuid organization_id FK
        string module
        string permission_key
        jsonb roles_allowed
    }
```

## RLS Policy Coverage

| Table                        | SELECT | INSERT | UPDATE | DELETE | WITH CHECK | Status        |
| ---------------------------- | ------ | ------ | ------ | ------ | ---------- | ------------- |
| pf\_organizations            | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_profiles                 | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_sites                    | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_user\_roles              | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_notifications            | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_documents                | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_document\_versions       | ✅      | ✅      | -      | -      | -          | Version table |
| pf\_audit\_logs              | ✅      | ✅      | -      | -      | -          | Audit table   |
| pf\_health\_metrics          | ✅      | ✅      | ✅      | ✅      | ✅          | Complete      |
| pf\_integration\_credentials | ❌      | ❌      | ❌      | ❌      | ❌          | Deny-all      |

## Key Tables

### pf\_organizations

The root tenant entity. All business data is scoped to an organization.

### pf\_profiles

Extended user profiles linked to `auth.users`. Contains display name, avatar, preferences.

### pf\_user\_roles

Maps users to roles within organizations. Used by RLS helper functions.

### pf\_sites

Physical locations within an organization. Used for multi-site deployments.

### pf\_audit\_logs

Immutable audit trail of all significant actions. Append-only.

## Helper Functions

| Function                             | Purpose                               |
| ------------------------------------ | ------------------------------------- |
| `pf_has_org_access(org_id, user_id)` | Check if user belongs to organization |
| `pf_is_platform_admin(user_id)`      | Check if user is platform admin       |
| `pf_get_user_organizations(user_id)` | Get all organizations for user        |
| `pf_get_user_role(org_id, user_id)`  | Get user's role in organization       |

## Related Modules

* **All modules** depend on PF for organization context
* **HR** references `pf_profiles` for employee user accounts
* **FW** uses PF for workflow ownership and permissions
* **GR** integrates with PF for policy document storage