> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Edge Function Catalog

> Every Supabase Edge Function in Encore OS, with HTTP method, auth posture, and purpose, derived from supabase/functions source — see PF-113.

All **474 Supabase Edge Functions** in Encore OS, with their HTTP method, auth posture, and a one-line purpose. Generated offline from `supabase/functions/<name>/index.ts` and `supabase/config.toml` (`verify_jwt`); auth is inferred from in-function signals and is indicative, not a contract.

| Function                                     | Method    | Auth                      | Purpose                                                                            |
| -------------------------------------------- | --------- | ------------------------- | ---------------------------------------------------------------------------------- |
| `admin-reset-password`                       | POST      | User JWT, org-scoped      | Admin Password Reset                                                               |
| `aggregate-form-analytics`                   | POST      | Service-role (cron)       | Form Analytics Aggregation                                                         |
| `ai-assistant`                               | POST      | JWT (gateway)             | AI Assistant                                                                       |
| `ai-categorize-transactions`                 | POST      | User JWT, org-scoped      | AI Transaction Categorization                                                      |
| `ai-detect-anomalies`                        | POST      | JWT (gateway)             | AI Anomaly Detection                                                               |
| `ai-document-analyze`                        | POST      | JWT (gateway)             | AI Document Analyze                                                                |
| `ai-generate-template`                       | POST      | User JWT, org-scoped      | Parsed AI output plus the PHI-safe usage record for `pf_ai_usage_logs`.            |
| `ai-mapping-suggest`                         | POST      | User JWT, org-scoped      | AI Mapping-Suggestion Service (reusable, cross-core).                              |
| `ai-match-benefits-employees`                | POST      | User JWT, org-scoped      | AI-Match Benefits Employees                                                        |
| `ai-match-transactions`                      | POST      | JWT (gateway)             | AI Transaction Matching                                                            |
| `ai-skill-execute`                           | POST      | User JWT                  | AI Skill Execute                                                                   |
| `approval-escalation`                        | POST      | JWT (gateway)             | Approval Escalation                                                                |
| `audit-siem-export`                          | POST      | User JWT, org-scoped      | SIEM Export                                                                        |
| `auto-signature-reminders`                   | POST      | Service-role (cron)       | E-Signature Platform - Auto Signature Reminders                                    |
| `automation-executor`                        | POST      | JWT (gateway)             | Automation Engine - Executor                                                       |
| `batch-export-submissions-pdf`               | POST      | JWT (gateway)             | Batch Export Submissions PDF -                                                     |
| `calculate-asset-depreciation`               | POST      | JWT (gateway)             | Edge Function: calculate-asset-depreciation                                        |
| `calculate-hedis-outcomes`                   | POST      | User JWT, org-scoped      | HEDIS Batch Calculation                                                            |
| `calculate-test-coverage`                    | POST      | JWT (gateway)             | Calculate Test Coverage                                                            |
| `calendar-freebusy`                          | POST      | User JWT                  | Calendar Free/Busy Query                                                           |
| `calendar-oauth-callback`                    | POST      | User JWT                  | Calendar OAuth Callback                                                            |
| `calendar-schedule`                          | POST      | User JWT, org-scoped      | Calendar Schedule Meeting                                                          |
| `calendar-sync`                              | POST      | User JWT                  | Calendar Sync                                                                      |
| `calendar-task-push`                         | POST      | User JWT, org-scoped      | Follow-up task -> M365 calendar push (one-way, fail-open).                         |
| `calendar-token-backfill`                    | POST      | User JWT, org-scoped      | Calendar Token Backfill                                                            |
| `ce-card-public`                             | GET, POST | JWT (gateway)             | Encore Connect — public card endpoint.                                             |
| `ce-contract-renewal-check`                  | POST      | Service-role (cron)       | Contract Renewal Check                                                             |
| `ce-export-compliance-report`                | POST      | User JWT, org-scoped      | Compliance Report Export                                                           |
| `ce-extract-document-data`                   | POST      | User JWT, org-scoped      | AI extraction edge function (`ce-extract-document-data`).                          |
| `ce-hubspot-backfill`                        | POST      | User only                 | onboarding backfill — run lifecycle endpoint (AC-12/13/14).                        |
| `ce-hubspot-dlq`                             | POST      | User only                 | dead-letter queue admin — list / retry / discard (AC-10 surface).                  |
| `ce-hubspot-oauth`                           | GET, POST | User only                 | HubSpot OAuth connect / callback / disconnect.                                     |
| `ce-hubspot-sync-worker`                     | POST      | Service-role (cron)       | HubSpot inbound sync worker (T7).                                                  |
| `ce-hubspot-webhook`                         | POST      | Public (in-function auth) | HubSpot webhooks v3 receiver (T6).                                                 |
| `ce-import-dnc-registry`                     | POST      | User JWT, org-scoped      | National DNC Registry Import                                                       |
| `ce-scheduled-sms-executor`                  | POST      | Service-role (cron)       | Scheduled SMS Executor                                                             |
| `ce-submit-optum-pa`                         | POST      | User JWT, org-scoped      | ce-submit-optum-pa                                                                 |
| `chatbot-lead-capture`                       | POST      | JWT (gateway)             | Chatbot Lead Capture                                                               |
| `chatbot-message`                            | POST      | JWT (gateway)             | Chatbot Message Handler                                                            |
| `chatbot-session`                            | POST      | JWT (gateway)             | Chatbot Session Management                                                         |
| `check-asset-warranties`                     | POST      | Service-role (cron)       | Check Asset Warranties                                                             |
| `check-budget-alerts`                        | POST      | Service-role (cron)       |                                                                                    |
| `check-overdue-pms`                          | POST      | Service-role (cron)       | Check Overdue PMs (FM-04)                                                          |
| `check-oversight-compliance`                 | POST      | JWT (gateway)             | Check Oversight Compliance                                                         |
| `check-payroll-deadlines`                    | POST      | Service-role (cron)       | HR-PAY-05: Check Payroll Deadlines                                                 |
| `check-rate-limit`                           | POST      | JWT (gateway)             | check-rate-limit                                                                   |
| `check-schedule-conflicts`                   | POST      | User JWT, org-scoped      | schedule conflict check.                                                           |
| `check-vendor-certifications`                | POST      | Service-role (cron)       | Check Vendor Certifications                                                        |
| `checkr-session-token`                       | POST      | Public (in-function auth) | Checkr Session Token                                                               |
| `checkr-webhook`                             | POST      | JWT (gateway)             | Checkr Webhook Handler                                                             |
| `cl-agent-draft-note`                        | POST      | User only                 | Thin Deno edge entry for AI-assisted clinical note drafting.                       |
| `cl-ai-chart-summary`                        | POST      | User JWT, org-scoped      | AI Chart Summary.                                                                  |
| `cl-ai-generate-draft`                       | POST      | User JWT, org-scoped      | AI Draft Generation (Phase C wiring).                                              |
| `cl-ai-treatment-plan-draft`                 | POST      | User JWT, org-scoped      | AI Treatment Plan Draft Generation.                                                |
| `cl-assessment-expiration`                   | POST      | Service-role (cron)       | Assessment Expiration Notification Cron                                            |
| `cl-care-gap-rules`                          | POST      | Service-role (cron)       | Care Gap Rules Engine                                                              |
| `cl-cds-rationale`                           | POST      | User JWT, org-scoped      | CDS Rationale Enrichment                                                           |
| `cl-ceem-disclosure-gate`                    | POST      | User JWT, org-scoped      | CL-71 — CEEM 42 CFR Part 2 / DS4P Disclosure Gate (edge function).                 |
| `cl-clinical-notify`                         | POST      | User JWT                  | Centralized Clinical Notification Service                                          |
| `cl-dosespot-webhook`                        | POST      | Public (in-function auth) | DoseSpot ePrescribing Webhook                                                      |
| `cl-fdb-interaction-check`                   | POST      | User JWT                  | FDB MedKnowledge Drug Interaction Check                                            |
| `cl-hedis-calculator`                        | POST      | User JWT, org-scoped      | HEDIS / MA STARS calculator edge function.                                         |
| `cl-lab-result-ingestion`                    | POST      | Public (in-function auth) | Lab Result Ingestion                                                               |
| `cl-loc-assessment-get`                      | POST      | User JWT, org-scoped      | Server-side LoC assessment fetch for UM consumers.                                 |
| `cl-marketplace-import`                      | POST      | User JWT, org-scoped      | Server-side atomic marketplace import.                                             |
| `cl-note-charge-capture`                     | POST      | User JWT, org-scoped      | cl-note-charge-capture                                                             |
| `cl-notification-sla-evaluator`              | POST      | Service-role (cron)       | SLA Evaluator (Cron)                                                               |
| `cl-pathway-overdue-check`                   | POST      | Service-role (cron)       | Pathway Milestone Overdue Check Cron                                               |
| `cl-referral-directory-search`               | POST      | User JWT, org-scoped      | Directory Search                                                                   |
| `cl-risk-stratification`                     | POST      | Service-role (cron)       | Risk Stratification Cron                                                           |
| `cl-tefca-exchange`                          | POST      | User JWT, org-scoped      | TEFCA Exchange                                                                     |
| `cl-telehealth-consent-expiry-scan`          | POST      | JWT (gateway)             | Telehealth Consent Expiry Scanner                                                  |
| `cl-vbp-export`                              | GET, POST | User JWT, org-scoped      | Value-Based Purchasing (VBP) export edge function.                                 |
| `cl-weno-cancelrx`                           | POST      | User JWT, org-scoped      | cl-weno-cancelrx — CL-06-EN-23 WENO CancelRx send path.                            |
| `cl-weno-directory-ingest`                   | POST      | User JWT, org-scoped      | cl-weno-directory-ingest — CL-06-EN-23 US-2 pharmacy directory sync.               |
| `cl-weno-launch`                             | POST      | User JWT, org-scoped      | cl-weno-launch — CL-06-EN-23 WENO EZ launch URL builder.                           |
| `cl-weno-newrx-sync`                         | POST      | User JWT, org-scoped      | cl-weno-newrx-sync (CL-06-EN-23, WS5 / US-3)                                       |
| `clearinghouse-batch-submit`                 | POST      | User JWT, org-scoped      | Clearinghouse Batch Submit —                                                       |
| `clearinghouse-health-check`                 | POST      | Service-role (cron)       | Clearinghouse Health Check                                                         |
| `clearinghouse-retrieve`                     | POST      | User JWT, org-scoped      | Clearinghouse ERA Retrieval                                                        |
| `clearinghouse-submit`                       | POST      | User JWT, org-scoped      | Clearinghouse Batch Submission                                                     |
| `collect-backend-health-metrics`             | POST      | Service-role (cron)       | Workstream D PR-2 (PF-48): Backend Health-Metric Feeder                            |
| `collect-health-metrics`                     | POST      | Public (in-function auth) | Collect Health Metrics                                                             |
| `compliance-phi-scan`                        | POST      | Service-role (cron)       | Compliance PHI Scan                                                                |
| `compliance-run-checks`                      | POST      | Service-role (cron)       | Compliance Run Checks                                                              |
| `consent-expiration-reminders`               | POST      | Service-role (cron)       | Consent Expiration Reminders                                                       |
| `contractor-compliance-reminders`            | POST      | Service-role (cron)       | Contractor Compliance Reminders                                                    |
| `create-layout-from-template`                | POST      | User JWT                  | Create Layout from Template (transactional)                                        |
| `create-safety-plan-share`                   | POST      | User JWT, org-scoped      | Safety Plan Share                                                                  |
| `create-signature`                           | POST      | JWT (gateway)             |                                                                                    |
| `create-user-direct`                         | POST      | User JWT, org-scoped      | Create User Directly                                                               |
| `daily-partner-status-check`                 | POST      | Service-role (cron)       | Daily Partner Status Check                                                         |
| `data-migration-explore`                     | POST      | User JWT, org-scoped      | Data Migration Explorer                                                            |
| `data-migration-save-connection`             | POST      | User JWT                  | Data Migration Save Connection                                                     |
| `data-migration-test-connection`             | POST      | User JWT                  | Data Migration Test Connection                                                     |
| `data-migration-worker`                      | POST      | User JWT, org-scoped      | Data Migration Worker                                                              |
| `db-health-metrics`                          | POST      | JWT (gateway)             | Database Health Metrics                                                            |
| `denial-prediction-metrics`                  | POST      | User JWT, org-scoped      | Denial Prediction Metrics                                                          |
| `detect-time-exceptions`                     | POST      | JWT (gateway)             |                                                                                    |
| `detect-underpayment-patterns`               | POST      | Service-role (cron)       | detect-underpayment-patterns                                                       |
| `document-expiration-reminders`              | POST      | Service-role (cron)       | Document Expiration Reminders                                                      |
| `duplicate-layout`                           | POST      | JWT (gateway)             | Atomic Layout Duplication                                                          |
| `email-provider-health`                      | POST      | User JWT, org-scoped      | email-provider-health                                                              |
| `email-send`                                 | POST      | JWT (gateway)             | Email Send                                                                         |
| `email-sync-outlook`                         | POST      | JWT (gateway)             | Outlook Email Sync                                                                 |
| `email-tracking`                             | GET       | JWT (gateway)             | Email Tracking Webhook Handler                                                     |
| `entra-calendar-sync`                        | POST      | User JWT, org-scoped      | Entra ID Calendar Sync                                                             |
| `entra-disable-user`                         | POST      | User JWT, org-scoped      | Entra ID Account Lifecycle                                                         |
| `entra-employee-presence`                    | POST      | User JWT, org-scoped      | Employee Presence Display                                                          |
| `entra-oauth`                                | POST      | Public (in-function auth) | Entra ID OAuth Callback Handler                                                    |
| `entra-provision-user`                       | POST      | User JWT, org-scoped      | Entra ID User Provisioning                                                         |
| `entra-register-app`                         | POST      | JWT (gateway)             | Entra ID App Registration                                                          |
| `entra-sharepoint-documents`                 | POST      | User JWT, org-scoped      | SharePoint Document Browser                                                        |
| `entra-sharepoint-membership`                | POST      | User JWT, org-scoped      | Entra ID SharePoint Membership                                                     |
| `entra-sync-directory`                       | POST      | User JWT, org-scoped      | Entra ID Directory Sync                                                            |
| `entra-sync-inbound`                         | POST      | User JWT, org-scoped      | Entra ID Inbound Directory Sync                                                    |
| `entra-teams-activity`                       | POST      | User JWT, org-scoped      | Teams Activity Feed                                                                |
| `entra-teams-membership`                     | POST      | User JWT, org-scoped      | Entra ID Teams Membership                                                          |
| `entra-teams-notify`                         | POST      | User JWT, org-scoped      | Teams Channel Notification                                                         |
| `entra-verify-sender`                        | POST      | User JWT, org-scoped      | Entra Verify Sender & Browse Mailboxes                                             |
| `evaluate-cds`                               | POST      | User JWT, org-scoped      | Server-Side CDS Evaluation                                                         |
| `evaluate-conditions`                        | POST      | User JWT, org-scoped      | Server-Side Condition Evaluation                                                   |
| `evaluate-decision-table`                    | POST      | User JWT, org-scoped      | Server-Side Decision Table Evaluation                                              |
| `evaluate-health-alerts`                     | POST      | Service-role (cron)       | Evaluate Health Alerts                                                             |
| `event-consumer`                             | POST      | User JWT                  | Event Consumer                                                                     |
| `execute-report`                             | POST      | JWT (gateway)             | DECOMMISSIONED — 2026-06-29 deep-review P0.                                        |
| `execute-scheduled-reports`                  | POST      | JWT (gateway)             | Anonymize email address for logging (privacy protection)                           |
| `export-employee-list`                       | POST      | JWT (gateway)             |                                                                                    |
| `export-payroll-data`                        | POST      | JWT (gateway)             |                                                                                    |
| `export-report`                              | POST      | User JWT, org-scoped      |                                                                                    |
| `extend-execution-deadline`                  | POST      | User JWT, org-scoped      | Extend Execution Deadline                                                          |
| `extract-document-text`                      | POST      | Public (in-function auth) | Extract Document Text                                                              |
| `fa-accrue-credit-line-interest`             | POST      | Service-role (cron)       |                                                                                    |
| `fa-accrue-investment-interest`              | POST      | Service-role (cron)       | Resolve the fiscal period covering a date for an org (null if none).               |
| `fa-check-collection-thresholds`             | POST      | Service-role (cron)       |                                                                                    |
| `fa-check-credit-limits`                     | POST      | Service-role (cron)       |                                                                                    |
| `fa-check-installment-due-dates`             | POST      | Service-role (cron)       | Cron to monitor payment plan installment due dates.                                |
| `fa-check-investment-maturities`             | POST      | Service-role (cron)       |                                                                                    |
| `fa-consume-pm-payment-events`               | POST      | Public (in-function auth) | FA Consumer for PM payment\_posted and write\_off\_approved domain events (EN-01). |
| `fa-consume-revenue-source-events`           | POST      | JWT (gateway)             | FA Consumer for revenue source domain events (FA-18 WS-B).                         |
| `fa-episode-balance`                         | GET       | User JWT, org-scoped      | Episode balance query for RH (API\_CONTRACTS.md).                                  |
| `fa-execute-report`                          | POST      | User JWT                  | Execute a single FA report run (server-side).                                      |
| `fa-generate-recurring-invoices`             | POST      | JWT (gateway)             |                                                                                    |
| `fa-gl-migration-import`                     | POST      | User JWT, org-scoped      | GL Migration Import                                                                |
| `fa-gr-compliance-cost-consumer`             | POST      | User JWT, org-scoped      | GR → FA Compliance Cost Consumer                                                   |
| `fa-handle-bank-balance-updated`             | POST      | JWT (gateway)             | Bank Balance Updated Event Handler                                                 |
| `fa-handle-payment-processed`                | POST      | JWT (gateway)             | Payment Processed Event Handler                                                    |
| `fa-je-import`                               | POST      | User JWT, org-scoped      | Journal Entry CSV Import                                                           |
| `fa-payroll-je-consumer`                     | POST      | Service-role (cron)       | Patch a fw\_domain\_events lifecycle row (processed\_at / processing\_error).      |
| `fa-process-recurring-transactions`          | POST      | Service-role (cron)       | Process Recurring Transaction Templates                                            |
| `fa-process-revenue-recognition`             | POST      | User JWT, org-scoped      | HTTP wrapper for the revenue recognition RPC.                                      |
| `fa-receipt-upload`                          | POST      | Public (in-function auth) |                                                                                    |
| `fa-report-data`                             | GET       | User JWT, org-scoped      | BI API                                                                             |
| `fa-update-cash-positions`                   | POST      | Service-role (cron)       |                                                                                    |
| `fhir-r4`                                    | GET       | User JWT, org-scoped      | FHIR R4 Facade                                                                     |
| `fw-audit-archive`                           | POST      | JWT (gateway)             | Audit Archive                                                                      |
| `fw-audit-fhir-export`                       | POST      | User JWT, org-scoped      | FHIR AuditEvent Export                                                             |
| `fw-audit-report-generate`                   | POST      | User JWT, org-scoped      | Compliance Report Generation                                                       |
| `fw-audit-scheduled-reports`                 | POST      | JWT (gateway)             | Scheduled Reports                                                                  |
| `fw-audit-workflow-export`                   | POST      | User JWT, org-scoped      | Workflow Audit Trail Export                                                        |
| `fw-enqueue-execution`                       | POST      | JWT (gateway)             | Platform Workflow Execution Seam — Enqueue                                         |
| `fw-retention-purge`                         | POST      | Service-role (cron)       | Retention Purge Cron Function                                                      |
| `fw-rule-evaluation-cleanup`                 | POST      | Service-role (cron)       | Rule Evaluation Cleanup Cron Function                                              |
| `fw-webhook-maintenance`                     | POST      | Service-role (cron)       | Webhook Maintenance Cron Function                                                  |
| `fw-webhook-receiver`                        | POST      | Public (in-function auth) | External Webhook Receiver                                                          |
| `generate-1099-nec-pdf`                      | POST      | JWT (gateway)             | HR-PAY-04: 1099-NEC PDF Generation                                                 |
| `generate-837i-claim`                        | POST      | User JWT, org-scoped      | Generate 837I Institutional Claim                                                  |
| `generate-940-pdf`                           | POST      | JWT (gateway)             | HR-PAY-04: Form 940 PDF Generation                                                 |
| `generate-941-pdf`                           | POST      | JWT (gateway)             | HR-PAY-04: Form 941 PDF Generation                                                 |
| `generate-compensation-statement-pdf`        | POST      | JWT (gateway)             | Generate Compensation Statement PDF                                                |
| `generate-compliance-evidence`               | POST      | User JWT, org-scoped      | Generate Compliance Evidence                                                       |
| `generate-compliance-report`                 | POST      | JWT (gateway)             |                                                                                    |
| `generate-embeddings`                        | POST      | Public (in-function auth) | Generate Embeddings                                                                |
| `generate-fa-report-export`                  | POST      | JWT (gateway)             |                                                                                    |
| `generate-it-report`                         | POST      | JWT (gateway)             | Generate IT Report                                                                 |
| `generate-oversight-session-pdf`             | POST      | JWT (gateway)             | Generate PDF for signed oversight sessions                                         |
| `generate-pay-stub-pdf`                      | POST      | Public (in-function auth) | HR-PAY-03 Phase 4: Generate Pay Stub PDF (Refactored)                              |
| `generate-payer-performance-snapshot`        | POST      | Service-role (cron)       | generate-payer-performance-snapshot                                                |
| `generate-pm-work-orders`                    | POST      | Service-role (cron)       | Generate PM Work Orders (FM-04)                                                    |
| `generate-report-narrative`                  | POST      | JWT (gateway)             | Generate Report Narrative                                                          |
| `generate-schedule`                          | POST      | JWT (gateway)             |                                                                                    |
| `generate-signed-pdf`                        | POST      | JWT (gateway)             | Generate Signed PDF                                                                |
| `generate-templated-pdf`                     | POST      | User JWT, org-scoped      | Generate Templated PDF                                                             |
| `generate-timesheets`                        | POST      | Service-role (cron)       |                                                                                    |
| `generate-w2-pdf`                            | POST      | JWT (gateway)             | HR-PAY-04: W-2 PDF Generation                                                      |
| `get-integration-credential`                 | POST      | JWT (gateway)             | Get Integration Credential                                                         |
| `github-webhook`                             | POST      | Public (in-function auth) | GitHub Webhook Handler                                                             |
| `google-workspace-calendar-event`            | POST      | User JWT, org-scoped      | Calendar/Meet event creation wrapper.                                              |
| `google-workspace-calendar-freebusy`         | POST      | User JWT, org-scoped      | Calendar free/busy query wrapper.                                                  |
| `google-workspace-chat-notify`               | POST      | User JWT, org-scoped      | Chat notification delivery.                                                        |
| `google-workspace-directory-reconcile`       | POST      | Service-role (cron)       | Scheduled directory reconciliation.                                                |
| `google-workspace-drive-sync`                | POST      | User JWT, org-scoped      | Drive metadata sync.                                                               |
| `google-workspace-hr-event-subscriber`       | POST      | User JWT, org-scoped      | HR-01 event subscriber for Google Workspace lifecycle.                             |
| `google-workspace-license-manage`            | POST      | User JWT, org-scoped      | Google Workspace License Manager assign/revoke.                                    |
| `google-workspace-oauth-authorize`           | POST      | User JWT, org-scoped      | Start Google Workspace OAuth authorization-code flow (PKCE).                       |
| `google-workspace-oauth-callback`            | POST      | JWT (gateway)             | Google Workspace OAuth callback.                                                   |
| `google-workspace-oauth-refresh`             | POST      | User only                 | Refresh Google OAuth access token from stored refresh token.                       |
| `google-workspace-offboard-user`             | POST      | User JWT, org-scoped      | google-workspace-offboard-user                                                     |
| `google-workspace-provision-user`            | POST      | User JWT, org-scoped      | google-workspace-provision-user                                                    |
| `google-workspace-reports-ingest`            | POST      | Service-role (cron)       | Reports API ingestion (cron).                                                      |
| `google-workspace-test-connection`           | POST      | User JWT, org-scoped      | PF-101 — google-workspace-test-connection                                          |
| `gr-accreditation-on-regulatory-report`      | POST      | JWT (gateway)             | gr-accreditation-on-regulatory-report (GR-08 consumer)                             |
| `gr-cap-deadline-alerts`                     | POST      | Service-role (cron)       | CAP Deadline Alerts — Daily Cron                                                   |
| `gr-cap-from-audit-finding`                  | POST      | JWT (gateway)             | gr-cap-from-audit-finding                                                          |
| `gr-check-corrective-action-deadlines`       | POST      | Service-role (cron)       | Corrective Action Deadline Checker                                                 |
| `gr-classify-incident-reporting-obligations` | POST      | User JWT                  | Classify Incident Reporting Obligations                                            |
| `gr-classify-regulatory-change-impact`       | POST      | Service-role (cron)       | Regulatory Change Impact Classifier (Cron fallback + event-triggered)              |
| `gr-coi-attestation-reminders`               | POST      | Service-role (cron)       | COI Attestation Reminders                                                          |
| `gr-compliance-on-regulatory-report`         | POST      | JWT (gateway)             | gr-compliance-on-regulatory-report (GR-03 consumer)                                |
| `gr-evidence-from-incident`                  | POST      | JWT (gateway)             | Consumer for the `incident_resolved` compliance event.                             |
| `gr-evidence-from-policy-ack`                | POST      | JWT (gateway)             | Consumer for the `policy_acknowledged` compliance event.                           |
| `gr-evidence-from-training`                  | POST      | JWT (gateway)             | Consumer for `gr_events` payload `&#123; event: 'training_completed', ... &#125;`. |
| `gr-generate-regulatory-report`              | POST      | User JWT                  | Generate Regulatory Report Package                                                 |
| `gr-handle-incident-reported`                | POST      | Public (in-function auth) | GR-Side Event Consumer for `cl_incident_reported`                                  |
| `gr-handle-restraint-event-documented`       | POST      | User JWT                  | GR-Side Event Consumer for `cl_restraint_event_documented`                         |
| `gr-handle-safety-plan-activated`            | POST      | User JWT                  | GR-Side Event Consumer for `cl_safety_plan_activated`                              |
| `gr-pf61-refresh-source`                     | POST      | Service-role (cron)       | PF-61 Knowledge Base Re-ingestion Hook (Post-Approval)                             |
| `gr-procedure-gap-consumer`                  | POST      | JWT (gateway)             | gr-procedure-gap-consumer                                                          |
| `gr-refresh-procedure-analytics`             | POST      | Service-role (cron)       | Refresh Procedure Analytics Materialized View                                      |
| `gr-regulatory-change-watcher`               | POST      | Service-role (cron)       | Regulatory Source Watcher (Cron)                                                   |
| `gr-regulatory-deadline-alerts`              | POST      | Service-role (cron)       | Regulatory Deadline Alerts (Cron)                                                  |
| `gr-snapshot-compliance-posture`             | POST      | Service-role (cron)       | Daily compliance-posture snapshot (cron).                                          |
| `gr-whistleblower-status`                    | POST      | Public (in-function auth) | Anonymous whistleblower report status lookup                                       |
| `gr-whistleblower-submit`                    | POST      | Public (in-function auth) | Anonymous whistleblower report submission                                          |
| `health`                                     | POST      | JWT (gateway)             | Unified Health Endpoint (redeploy: 2026-03-06)                                     |
| `hr-ai-import-assist`                        | POST      | User JWT                  | HR AI Import Assist                                                                |
| `hr-analytics-refresh`                       | POST      | JWT (gateway)             | HR-18 Analytics Refresh                                                            |
| `hr-decrypt-bank-account`                    | POST      | JWT (gateway)             | HR-PAY-03: Bank Account Decryption                                                 |
| `hr-employee-terminated-handler`             | POST      | JWT (gateway)             | Employee Terminated Handler                                                        |
| `hr-encrypt-bank-account`                    | POST      | JWT (gateway)             | HR-PAY-03: Bank Account Encryption                                                 |
| `hr-encrypt-ssn`                             | POST      | JWT (gateway)             | SSN Encryption                                                                     |
| `hr-everify-orchestrator`                    | POST      | User JWT, org-scoped      | E-Verify Orchestrator                                                              |
| `hr-generate-nacha`                          | POST      | JWT (gateway)             | HR-PAY-03: NACHA File Generator                                                    |
| `hr-job-board-import`                        | POST      | JWT (gateway)             | Job Board Import — Application/Candidate Import                                    |
| `hr-job-board-sync`                          | POST      | User JWT, org-scoped      | Job Board Sync — Production Hardened                                               |
| `hr-job-board-webhook`                       | POST      | JWT (gateway)             | Job Board Webhook — Production Hardened                                            |
| `hr-linkedin-oauth-callback`                 | POST      | JWT (gateway)             | OAuth Callback                                                                     |
| `hr-linkedin-oauth-start`                    | POST      | User JWT, org-scoped      | OAuth Start                                                                        |
| `hr-offer-accept`                            | POST      | User JWT, org-scoped      | Accept Offer → Hire (AC-4)                                                         |
| `hr-performance-review-merit-handler`        | POST      | JWT (gateway)             | T25: Performance Review Event Handler                                              |
| `hr-plaid-transfer-create`                   | POST      | User JWT, org-scoped      | HR-PAY-03: Plaid Transfer Create                                                   |
| `hr-plaid-transfer-webhook`                  | POST      | Public (in-function auth) | HR-PAY-03: Plaid Transfer Webhook                                                  |
| `hr-portal-applications`                     | POST      | JWT (gateway)             | Candidate Portal - Applications                                                    |
| `hr-portal-auth`                             | POST      | JWT (gateway)             | Candidate Portal Authentication                                                    |
| `hr-portal-invite`                           | POST      | JWT (gateway)             | Candidate Portal Invitation                                                        |
| `hr-portal-offer-decline`                    | POST      | JWT (gateway)             | Candidate Portal — Decline Offer (#850)                                            |
| `hr-portal-offers`                           | POST      | JWT (gateway)             | Candidate Portal — Offers (#850)                                                   |
| `hr-proliant-create-profile-from-pending`    | POST      | User only                 | Find an existing profile by email, or mint one via the Auth Admin API.             |
| `hr-public-apply`                            | POST      | Public (in-function auth) | Public Candidate Application Intake                                                |
| `hr-reference-reminders`                     | POST      | Service-role (cron)       | Reference Reminder Cron                                                            |
| `hr-reference-request`                       | POST      | JWT (gateway)             | Reference Request                                                                  |
| `hr-reference-submit`                        | POST      | JWT (gateway)             | HR Reference Submit (PUBLIC)                                                       |
| `hr-reference-validate`                      | GET       | JWT (gateway)             | HR Reference Validate (PUBLIC)                                                     |
| `hr-send-communication`                      | POST      | JWT (gateway)             | Send Communication                                                                 |
| `hr-test-email`                              | POST      | User JWT, org-scoped      | HR Test Email Function                                                             |
| `hr-training-credential-refresh`             | POST      | JWT (gateway)             | Consumer for `gr_events` payload `&#123; event: 'training_completed', ... &#125;`. |
| `import-benefits-enrollment`                 | POST      | User JWT, org-scoped      | Import Benefits Enrollment                                                         |
| `import-credentials`                         | POST      | User JWT, org-scoped      | Import Employee Credentials                                                        |
| `import-employee-roster`                     | POST      | JWT (gateway)             | Import Employee Roster                                                             |
| `import-employee-ssn`                        | POST      | User JWT                  |                                                                                    |
| `import-leave-balances`                      | POST      | JWT (gateway)             | Import Leave Balances                                                              |
| `import-pay-rate-history`                    | POST      | User JWT, org-scoped      | Import Pay Rate History                                                            |
| `import-time-punches`                        | POST      | JWT (gateway)             | Import Time Punches                                                                |
| `intake-agent-run`                           | POST      | User JWT                  | PF-intake agentic vertical — production runtime entry (Stage 1, flag-OFF).         |
| `interview-reminders`                        | POST      | JWT (gateway)             | Interview Reminders                                                                |
| `messaging-notify-mentions`                  | POST      | JWT (gateway)             | messaging-notify-mentions                                                          |
| `messaging-retention-cleanup`                | POST      | Service-role (cron)       | messaging-retention-cleanup                                                        |
| `messaging-summarize-conversation`           | POST      | User JWT, org-scoped      | messaging-summarize-conversation                                                   |
| `messaging-translate-message`                | POST      | User JWT, org-scoped      | messaging-translate-message                                                        |
| `oauth-authorize`                            | POST      | JWT (gateway)             | OAuth Authorization                                                                |
| `oauth-callback`                             | POST      | JWT (gateway)             | OAuth Callback                                                                     |
| `oauth-refresh`                              | POST      | JWT (gateway)             | OAuth Token Refresh                                                                |
| `org-data-sync-consumer`                     | POST      | JWT (gateway)             | Org Data Sync Consumer                                                             |
| `org-data-sync-retry`                        | POST      | User JWT                  | Retry Failed Sync Event                                                            |
| `outlook-oauth`                              | POST      | Public (in-function auth) | Outlook OAuth                                                                      |
| `parse-bank-statement`                       | POST      | JWT (gateway)             | Parse CSV format:                                                                  |
| `pdmp-query`                                 | POST      | User JWT, org-scoped      | pdmp-query — vendor-agnostic PDMP gateway query.                                   |
| `pf_widget_query`                            | POST      | User only                 | pf\_widget\_query — Dashboard Widget Data Broker                                   |
| `pf-analytics-connector-sync`                | POST      | Service-role (cron)       | pf-analytics-connector-sync — cron-triggered materialization of enabled            |
| `pf-analytics-dataset-ingest`                | POST      | User only                 | PF-123 Phase 4 — pf-analytics-dataset-ingest.                                      |
| `pf-analytics-embed-render`                  | POST      | JWT (gateway)             | pf-analytics-embed-render — public, token-gated embed serving surface.             |
| `pf-analytics-embed-token`                   | POST      | User only                 | pf-analytics-embed-token — mint / revoke external signed-embed tokens.             |
| `pf-analytics-query`                         | POST      | User only                 | pf-analytics-query — Tier-2 mediation seam (HTTP surface).                         |
| `pf-analytics-refresh`                       | POST      | Service-role (cron)       | pf-analytics-refresh — per-org mart build / refresh orchestration (cron).          |
| `pf-analytics-schedule-runner`               | POST      | Service-role (cron)       | pf-analytics-schedule-runner — cron-triggered delivery of scheduled dashboards     |
| `pf-check-ai-usage-anomalies`                | POST      | Service-role (cron)       | PF Phase-0 #3: Proactive AI Usage Anomaly + Cost Alert Agent                       |
| `pf-collect-metrics`                         | POST      | JWT (gateway)             |                                                                                    |
| `pf-detect-sla-violations`                   | POST      | JWT (gateway)             | Dispatch SLA violation alerts to configured recipients via PF-10.                  |
| `pf-discover-processes`                      | POST      | User JWT, org-scoped      | Discover Business Processes                                                        |
| `pf-encrypt-field`                           | POST      | User JWT                  | Generalized Field Encryption                                                       |
| `pf-get-edge-function-metrics`               | POST      | User JWT                  | Edge Function Metrics Retrieval                                                    |
| `pf-headshot-campaign-invite`                | POST      | User JWT                  |                                                                                    |
| `pf-headshot-cleanup`                        | POST      | JWT (gateway)             | Daily cron: deletes expired source photos per org retention config.                |
| `pf-headshot-signed-url`                     | POST      | User JWT                  |                                                                                    |
| `pf-headshot-status-poll`                    | POST      | User JWT                  |                                                                                    |
| `pf-headshot-submit`                         | POST      | User JWT                  |                                                                                    |
| `pf-headshot-webhook`                        | POST      | JWT (gateway)             |                                                                                    |
| `pf-import-execute`                          | POST      | User JWT, org-scoped      | Edge function for batch import execution.                                          |
| `pf-link-preview`                            | POST      | User JWT                  | Link Preview                                                                       |
| `pf-purge-metric-values`                     | POST      | JWT (gateway)             |                                                                                    |
| `pf-refresh-health`                          | POST      | JWT (gateway)             | Refresh Process Health                                                             |
| `pf-tasks-due-sweep`                         | POST      | Service-role (cron)       | pf\_tasks due-notification sweeper.                                                |
| `pf-token-exchange`                          | POST      | JWT (gateway)             | Token Exchange Endpoint                                                            |
| `pf-transcription-attest-draft`              | POST      | User JWT, org-scoped      | pf-transcription-attest-draft                                                      |
| `pf-transcription-cost-rollup-cron`          | POST      | Service-role (cron)       | pf-transcription-cost-rollup-cron                                                  |
| `pf-transcription-deletion-request`          | POST      | User JWT, org-scoped      | pf-transcription-deletion-request                                                  |
| `pf-transcription-end-session`               | POST      | User JWT, org-scoped      | pf-transcription-end-session                                                       |
| `pf-transcription-generate-note`             | POST      | User JWT, org-scoped      | pf-transcription-generate-note                                                     |
| `pf-transcription-lifecycle-cron`            | POST      | Service-role (cron)       | pf-transcription-lifecycle-cron                                                    |
| `pf-transcription-revoke-consent`            | POST      | User JWT, org-scoped      | pf-transcription-revoke-consent                                                    |
| `pf-transcription-start-session`             | POST      | User JWT, org-scoped      | pf-transcription-start-session (PF-100 H2 Phase 2)                                 |
| `pf-transcription-stt-stream`                | POST      | User JWT, org-scoped      | pf-transcription-stt-stream                                                        |
| `pf-transcription-vendor-baa-monitor`        | POST      | Service-role (cron)       | pf-transcription-vendor-baa-monitor                                                |
| `plaid-apply-rules`                          | POST      | User JWT, org-scoped      | Plaid Apply Rules Engine                                                           |
| `plaid-create-link-token`                    | POST      | Public (in-function auth) | Plaid Link Token Creation Handler                                                  |
| `plaid-disconnect`                           | POST      | JWT (gateway)             | Plaid Disconnect Handler                                                           |
| `plaid-exchange-token`                       | POST      | Public (in-function auth) | Plaid Token Exchange Handler                                                       |
| `plaid-get-balances`                         | POST      | JWT (gateway)             | Plaid Batch Balance Fetch                                                          |
| `plaid-historical-sync`                      | POST      | JWT (gateway)             | Plaid Historical Transaction Sync                                                  |
| `plaid-scheduled-sync`                       | POST      | JWT (gateway)             |                                                                                    |
| `plaid-sync`                                 | POST      | JWT (gateway)             | Plaid Transaction Sync Handler                                                     |
| `plaid-sync-worker`                          | POST      | Public (in-function auth) | FA-20 Plaid Sync Worker — durable consumer of the `plaid_webhook_sync` pgmq queue. |
| `plaid-transfer-intent-create`               | POST      | User JWT, org-scoped      | Plaid Transfer Intent Create (Transfer UI)                                         |
| `plaid-transfer-intent-get`                  | POST      | User JWT, org-scoped      | Plaid Transfer Intent Get (Transfer UI)                                            |
| `plaid-webhook`                              | POST      | Public (in-function auth) | Plaid Webhook Handler — Phase 0 hardening (FA-20)                                  |
| `platform-clinical-bed-board`                | POST      | User JWT, org-scoped      | Clinical Bed Board Read Model —                                                    |
| `pm-39-outreach-scheduler`                   | POST      | Service-role (cron)       | Outreach Scheduler Cron                                                            |
| `pm-39-recheck-availability`                 | POST      | Service-role (cron)       | Daily Availability Re-Check & Auto-Promotion                                       |
| `pm-39-waitlist-entry`                       | POST      | User JWT                  | Waitlist Entry                                                                     |
| `pm-40-generate-packet`                      | POST      | JWT (gateway)             | Generate Preadmission Packet                                                       |
| `pm-40-packet-portal`                        | GET, POST | JWT (gateway)             | Packet Portal                                                                      |
| `pm-40-preappt-alert`                        | POST      | Service-role (cron)       | Pre-Appointment Alert (Cron)                                                       |
| `pm-41-compliance-report`                    | POST      | User JWT                  |                                                                                    |
| `pm-ai-appeal-letter`                        | POST      | User JWT, org-scoped      | AI Denial Appeal Letter Generation.                                                |
| `pm-ai-coding-suggest`                       | POST      | User JWT, org-scoped      | AI Coding Assistant — inference edge function (Note → ICD-10/CPT/HCPCS).           |
| `pm-ai-fairness-monitor`                     | POST      | Service-role (cron)       | AI Fairness & Bias Monitoring — Daily Cron                                         |
| `pm-auth-claim-validation`                   | POST      | User JWT, org-scoped      | Auth-to-Claim Validation                                                           |
| `pm-auth-expiration-alerts`                  | POST      | Service-role (cron)       | Auth Expiration Alert Cron Function                                                |
| `pm-calculate-benefit-estimate`              | POST      | User JWT, org-scoped      | Calculate patient-responsibility benefit estimate.                                 |
| `pm-calculate-encounter-cost`                | POST      | User JWT                  | Auto-calculate encounter cost on encounter completion.                             |
| `pm-charge-reconciliation`                   | POST      | Service-role (cron)       | Automated Charge Reconciliation — Nightly                                          |
| `pm-checkin-eligibility`                     | POST      | User JWT, org-scoped      |                                                                                    |
| `pm-collections-aging-cron`                  | POST      | Service-role (cron)       | Collections Aging Cron                                                             |
| `pm-contract-expiration-alerts`              | POST      | Service-role (cron)       | Payer Contract Expiration Alert Cron                                               |
| `pm-messaging-retention`                     | POST      | User JWT                  | Messaging Retention                                                                |
| `pm-parse-271-benefits`                      | POST      | User JWT, org-scoped      | Parse 271 benefits.                                                                |
| `pm-portal-packet-reminders`                 | POST      | Service-role (cron)       | Portal Intake Packet Reminders                                                     |
| `pm-rcm-snapshot`                            | POST      | Service-role (cron)       | pm-rcm-snapshot — Nightly RCM metric snapshot edge function.                       |
| `portal-bot-dispatch`                        | POST      | User JWT, org-scoped      | portal-bot-dispatch                                                                |
| `portal-bot-status`                          | POST      | User JWT                  | portal-bot-status                                                                  |
| `portal-bot-worker-callback`                 | POST      | JWT (gateway)             | portal-bot-worker-callback                                                         |
| `portal-form-submit`                         | POST      | JWT (gateway)             | External Form Portal - Form Submission Handler                                     |
| `portal-get-config`                          | POST      | JWT (gateway)             | Portal Get Config                                                                  |
| `portal-recorder-start`                      | POST      | User JWT, org-scoped      | portal-recorder-start                                                              |
| `portal-recorder-status`                     | POST      | User JWT                  | portal-recorder-status                                                             |
| `portal-verify-email`                        | GET, POST | JWT (gateway)             | External Form Portal - Email Verification Handler                                  |
| `predict-denial-risk`                        | POST      | User JWT, org-scoped      | Predict Denial Risk                                                                |
| `process-alert-escalations`                  | POST      | Service-role (cron)       |                                                                                    |
| `process-data-retention`                     | POST      | Service-role (cron)       |                                                                                    |
| `process-document-expiration`                | POST      | Service-role (cron)       | Process Document Expiration                                                        |
| `process-entity-mapping`                     | POST      | JWT (gateway)             | Process Entity Mapping Action                                                      |
| `process-era`                                | POST      | User JWT, org-scoped      | process-era — Simplified X12 835 ERA processor.                                    |
| `process-export`                             | POST      | User JWT, org-scoped      | Supported entity tables for data export                                            |
| `process-inbound-webhook`                    | POST      | JWT (gateway)             |                                                                                    |
| `process-leave-accruals`                     | POST      | JWT (gateway)             |                                                                                    |
| `process-leave-carryover`                    | POST      | JWT (gateway)             |                                                                                    |
| `process-notification-batches`               | POST      | Service-role (cron)       | Notification Batch Processor                                                       |
| `process-notification-retries`               | POST      | Service-role (cron)       | Notification Retry Processor                                                       |
| `process-scheduled-workflows`                | POST      | Service-role (cron)       | scheduled-workflow dispatcher.                                                     |
| `process-swap-request`                       | POST      | JWT (gateway)             |                                                                                    |
| `proliant-code-lookup`                       | POST      | User JWT, org-scoped      |                                                                                    |
| `proliant-code-push`                         | POST      | User JWT, org-scoped      | HR-44-EN-01 AC-7 — code-definition write-back.                                     |
| `proliant-manual-check`                      | POST      | User only                 | HR-44-EN-03 AC-5/AC-6 — admin-initiated off-cycle/correction manual checks.        |
| `proliant-payroll-run`                       | POST      | User JWT, org-scoped      |                                                                                    |
| `proliant-reports`                           | POST      | User only                 | HR-44-EN-03 AC-11/AC-12 — read-only ReadyPay report listing.                       |
| `proliant-run-poller`                        | POST      | Service-role (cron)       |                                                                                    |
| `proliant-scheduled-sync`                    | POST      | Service-role (cron)       | Optional overrides (used by manual HTTP triggers / tests); env-overridable.        |
| `proliant-sync`                              | POST      | User JWT, org-scoped      | create explicit NEW HIRES in                                                       |
| `proliant-tax-documents`                     | POST      | User only                 | HR-44-EN-03 AC-1/AC-2 — employee self-service tax-document pull.                   |
| `proliant-test-connection`                   | POST      | User JWT, org-scoped      |                                                                                    |
| `provision-tenant`                           | POST      | User JWT                  | Tenant Provisioning                                                                |
| `query-payment-status`                       | POST      | JWT (gateway)             | Query Payment Status                                                               |
| `query-performance-retention-cleanup`        | POST      | Service-role (cron)       | Query Performance Retention Cleanup                                                |
| `ramp-connect`                               | POST      | User JWT, org-scoped      | Ramp Connect                                                                       |
| `ramp-disconnect`                            | POST      | User JWT, org-scoped      | Ramp Disconnect                                                                    |
| `ramp-sync`                                  | POST      | User JWT, org-scoped      | Ramp Sync                                                                          |
| `ramp-webhook`                               | POST      | Public (in-function auth) | Ramp Webhook                                                                       |
| `rcm-execute-rules`                          | POST      | Service-role (cron)       | Edge Function: rcm-execute-rules                                                   |
| `rcm-score-work-queue`                       | POST      | Service-role (cron)       | Edge Function: rcm-score-work-queue                                                |
| `rcm-simulate-rule`                          | POST      | User JWT, org-scoped      | Edge Function: rcm-simulate-rule                                                   |
| `recalculate-staffing-from-census`           | POST      | JWT (gateway)             | Recalculate Staffing from Census                                                   |
| `reconcile-era-payment`                      | POST      | User JWT, org-scoped      | reconcile-era-payment                                                              |
| `remove-push-subscription`                   | POST      | JWT (gateway)             |                                                                                    |
| `resend-invitation-email`                    | POST      | User JWT                  | PF user-management Quick Win 6: rate-limited invitation resend.                    |
| `restore-layout-version`                     | POST      | User JWT                  | Restore Layout Version (transactional)                                             |
| `retrain-denial-model`                       | POST      | Service-role (cron)       | Retrain Denial Model (Cron)                                                        |
| `retry-failed-webhooks`                      | POST      | Service-role (cron)       | Retry Failed Webhooks                                                              |
| `revoke-session`                             | POST      | JWT (gateway)             | Revoke Session                                                                     |
| `rh-charge-invoice`                          | POST      | JWT (gateway)             | RH-04 Integration - Auto-Invoice from Resident Charges                             |
| `ringcentral-list-extensions`                | POST      | JWT (gateway)             | RingCentral List Extensions                                                        |
| `ringcentral-recording-proxy`                | POST      | JWT (gateway)             | RingCentral Recording Proxy                                                        |
| `ringcentral-ringout`                        | POST      | Public (in-function auth) | RingCentral RingOut                                                                |
| `ringcentral-setup`                          | POST      | Public (in-function auth) | RingCentral Setup                                                                  |
| `ringcentral-subscription-renewal`           | POST      | Public (in-function auth) | RingCentral Subscription Renewal                                                   |
| `ringcentral-webhook`                        | POST      | Public (in-function auth) | RingCentral Webhook Handler                                                        |
| `rpa-execution-archiver`                     | POST      | Service-role (cron)       | RPA Execution Archiver                                                             |
| `rpa-failure-alerter`                        | POST      | Service-role (cron)       | RPA Failure Alerter                                                                |
| `rpa-schedule-runner`                        | POST      | Service-role (cron)       | RPA Schedule Runner                                                                |
| `rpa-screenshot-cleanup`                     | POST      | Service-role (cron)       | RPA Screenshot Cleanup                                                             |
| `run-statement-cycle`                        | POST      | User JWT, org-scoped      | Run Statement Cycle                                                                |
| `sandbox-execute`                            | POST      | JWT (gateway)             | Sandbox Execute                                                                    |
| `save-push-subscription`                     | POST      | JWT (gateway)             |                                                                                    |
| `security-detect-audit-anomalies`            | POST      | Service-role (cron)       | Security: Detect Audit-Log Anomalies (Cron Job — PF-48 extension)                  |
| `security-evaluate-threat-patterns`          | POST      | Service-role (cron)       | Security: Evaluate Threat Patterns (Cron Job)                                      |
| `security-event-alert-delivery`              | POST      | JWT (gateway)             | Alert Delivery Handler                                                             |
| `security-log-failed-login`                  | POST      | Service-role (cron)       | Security: Log Failed Login Events                                                  |
| `security-log-permission-violation`          | POST      | JWT (gateway)             | Security: Log Permission Violation Events                                          |
| `send-approval-reminders`                    | POST      | Service-role (cron)       | Document Approval Reminder                                                         |
| `send-audit-reminders`                       | POST      | Service-role (cron)       | Send Audit Reminders                                                               |
| `send-compliance-reminders`                  | POST      | Service-role (cron)       | Send Compliance Reminders                                                          |
| `send-contract-alerts`                       | POST      | Service-role (cron)       | Contract Alert                                                                     |
| `send-credential-alerts`                     | POST      | Service-role (cron)       | HR Credential Alert                                                                |
| `send-email-notification`                    | POST      | User JWT, org-scoped      | Send email notification via org-configured provider (Entra or Gmail).              |
| `send-employee-setup-email`                  | POST      | User JWT, org-scoped      | Send Employee Setup Email                                                          |
| `send-invitation-email`                      | POST      | User JWT                  | Send Invitation Email                                                              |
| `send-outbound-webhook`                      | POST      | JWT (gateway)             | Send Outbound Webhook                                                              |
| `send-pending-notifications`                 | POST      | Service-role (cron)       | Notification Delivery                                                              |
| `send-policy-reminders`                      | POST      | Service-role (cron)       | Send Policy Reminders                                                              |
| `send-push-notification`                     | POST      | JWT (gateway)             | Push Notification                                                                  |
| `send-qi-reminders`                          | POST      | Service-role (cron)       | Send QI Reminders                                                                  |
| `send-risk-reminders`                        | POST      | Service-role (cron)       | Send Risk Reminders                                                                |
| `send-scheduled-messages`                    | POST      | Service-role (cron)       | Send Scheduled Messages (Cron)                                                     |
| `send-signature-reminder`                    | POST      | JWT (gateway)             | E-Signature Platform - Send Signature Reminder                                     |
| `send-signature-request`                     | POST      | JWT (gateway)             |                                                                                    |
| `send-skill-verification-reminders`          | POST      | Service-role (cron)       | HR Skill Verification Reminder                                                     |
| `send-training-reminders`                    | POST      | Service-role (cron)       | Send Training Reminders                                                            |
| `sequence-auto-enroll`                       | POST      | User JWT, org-scoped      |                                                                                    |
| `sequence-executor`                          | POST      | JWT (gateway)             |                                                                                    |
| `sequence-exit-detector`                     | POST      | User JWT, org-scoped      |                                                                                    |
| `sms-send`                                   | POST      | User JWT, org-scoped      | SMS Send                                                                           |
| `sms-webhook`                                | POST      | JWT (gateway)             | SMS Webhook Handler                                                                |
| `sso-domain-verify`                          | POST      | User JWT, org-scoped      | PF-112 — sso-domain-verify                                                         |
| `sso-provider-delete`                        | POST      | User JWT, org-scoped      | PF-112 — sso-provider-delete                                                       |
| `sso-provider-register`                      | POST      | User JWT, org-scoped      | PF-112 — sso-provider-register                                                     |
| `sso-provider-update`                        | POST      | User JWT, org-scoped      | PF-112 — sso-provider-update                                                       |
| `sso-revoke-unmatched`                       | POST      | User JWT                  | PF-112 — sso-revoke-unmatched                                                      |
| `store-efile-credentials`                    | POST      | User JWT, org-scoped      | HR-PAY-04: Store E-File Credentials                                                |
| `submit-w2-efile`                            | POST      | User JWT, org-scoped      | HR-PAY-04: Submit W-2 E-File                                                       |
| `suggest-workspaces`                         | POST      | JWT (gateway)             | suggest-workspaces — Navigation Foundations P3.5                                   |
| `telehealth-create-session`                  | POST      | User JWT, org-scoped      | Telehealth Create Session                                                          |
| `tenant-domain-manage`                       | POST      | User JWT                  | Tenant Domain Management                                                           |
| `test-cases-run`                             | POST      | JWT (gateway)             | Test Cases Run                                                                     |
| `test-datasets-import`                       | POST      | JWT (gateway)             | Test Datasets Import                                                               |
| `test-integration-connection`                | POST      | JWT (gateway)             | Test Integration Connection                                                        |
| `time-exception-notify`                      | POST      | User JWT, org-scoped      | Time Exception Notification                                                        |
| `trigger-credential-renewal`                 | POST      | Service-role (cron)       | Trigger Credential Renewal                                                         |
| `trigger-invoice-creation`                   | POST      | JWT (gateway)             | Trigger Invoice Creation                                                           |
| `trigger-onboarding`                         | POST      | JWT (gateway)             | Trigger Onboarding                                                                 |
| `validate-form-submission`                   | POST      | JWT (gateway)             | Validate lookup field value against database                                       |
| `validate-shift-assignment`                  | POST      | JWT (gateway)             |                                                                                    |
| `vercel-deployments`                         | POST      | User JWT, org-scoped      | Vercel Deployments Proxy for System Health Dashboard.                              |
| `verify-signature`                           | POST      | JWT (gateway)             |                                                                                    |
| `web-form-submit`                            | POST      | JWT (gateway)             | Web Form Submit (T4 + T5)                                                          |
| `workflow-api-action`                        | POST      | JWT (gateway)             | Workflow API Action                                                                |
| `workflow-debug-control`                     | POST      | JWT (gateway)             | Workflow Debug Control                                                             |
| `workflow-executor-worker`                   | POST      | Public (in-function auth) | Durable Workflow Execution Worker                                                  |
| `workflow-metrics-aggregate`                 | POST      | JWT (gateway)             |                                                                                    |
| `workflow-notification-trigger`              | POST      | JWT (gateway)             |                                                                                    |
| `workflow-path-aggregate`                    | POST      | JWT (gateway)             | Workflow Path Aggregation                                                          |
| `workflow-query-action`                      | POST      | JWT (gateway)             | Workflow Query Action                                                              |
| `workflow-sftp-action`                       | POST      | JWT (gateway)             | SFTP Action                                                                        |
| `workflow-test-connection`                   | POST      | JWT (gateway)             | Test Connection                                                                    |
| `workflow-timeout-checker`                   | POST      | Service-role (cron)       | Workflow Timeout Checker (Watchdog)                                                |
| `workflow-version-compare`                   | POST      | JWT (gateway)             | Workflow Version Compare                                                           |
