Confidentiality Declaration Management Service
Component Detail
Description
Orchestrates the full lifecycle of confidentiality declarations: generating declarations from templates, encrypting and storing them in Supabase Storage, sending delivery notifications, and tracking read/acknowledgement status with timestamps.
declaration-management-service
Summaries
The Confidentiality Declaration Management Service is the organizational safeguard that ensures every driver receives, reads, and formally acknowledges a confidentiality agreement before accessing sensitive coordination work. By automating document generation from organization-specific templates, encrypting and storing declarations in Supabase Storage, delivering notifications to recipients, and tracking sent, read, and acknowledged states with precise timestamps, this service eliminates manual declaration administration entirely. The encrypted, tamper-evident storage creates a legally defensible audit trail that can be produced in regulatory reviews or legal proceedings, directly reducing organizational liability. Automated re-sending for unacknowledged declarations ensures no compliance obligation falls through the cracks, protecting the business from undocumented confidentiality exposure at scale.
The Confidentiality Declaration Management Service is the highest-complexity component in the driver feature set with three upstream dependencies — declaration-repository, declaration-encryption-service, and declaration-notification-service — all of which must be functional before end-to-end integration testing is possible. The eight-interface lifecycle spans document generation, encrypted Supabase Storage upload, notification delivery, and multi-state tracking (sent, read, acknowledged, revoked), each requiring dedicated test coverage. Timeline risk is elevated: delays in either the encryption or notification service will directly block declaration delivery testing. A phased delivery strategy is strongly recommended — deliver document generation and storage first, then notification and re-send flows, to allow parallel testing where possible.
Plan for at least two integration testing rounds given the number of external service dependencies.
The Confidentiality Declaration Management Service orchestrates the full declaration lifecycle through eight interfaces. createDeclaration(driverId, assignmentId, templateId) generates a document from an org template and stores it encrypted in Supabase Storage via declaration-encryption-service. sendDeclaration and resendDeclaration trigger recipient delivery through declaration-notification-service. getDeclarationStatus, getDeclarationsByDriver, and getDeclarationsByAssignment query declaration-repository for current state.
markAsDelivered(declarationId, timestamp) and revokeDeclaration(declarationId) manage state transitions. This service owns the confidentiality_declaration data model and must enforce state machine constraints — for example, revoking an already-acknowledged declaration should be rejected. All storage and notification operations require robust error handling and retry logic, as partial failures (successful upload but failed notification) must be detectable and recoverable. Encryption keys should be managed outside this service boundary via declaration-encryption-service to maintain clean separation of concerns.
Responsibilities
- Generate declaration document from org template
- Encrypt and upload declaration to Supabase Storage
- Trigger delivery notification to recipient driver
- Track sent, read, and acknowledged states with timestamps
- Support re-sending for unacknowledged declarations
Interfaces
createDeclaration(driverId, assignmentId, templateId)
sendDeclaration(declarationId, recipientId)
resendDeclaration(declarationId)
getDeclarationStatus(declarationId)
getDeclarationsByDriver(driverId)
getDeclarationsByAssignment(assignmentId)
markAsDelivered(declarationId, timestamp)
revokeDeclaration(declarationId)
Relationships
Dependencies (3)
Components this component depends on
Related Data Entities (2)
Data entities managed by this component