🏠 Overview 🧩 Components 🧩 Double-Export Guard

Double-Export Guard

Component Detail

Service Layer medium complexity backend
1
Dependencies
1
Dependents
4
Entities
1
Integrations

Description

Service that prevents expense claims from being included in more than one export run. Before generating an export, it filters out claims already marked as exported in the database. After a successful export it atomically marks the included claims with the export run ID and timestamp.

Feature: Accounting System Export and Integration

double-export-guard

Summaries

The Double-Export Guard is a financial controls component that ensures no expense claim is paid out more than once through the accounting export pipeline. Without it, concurrent export runs or user error could result in duplicate payments — a direct financial loss and an audit liability. By atomically marking claims after each successful export and providing rollback on failure, this component protects the organization from overpayment, simplifies reconciliation, and supports the audit trail required for financial compliance. It is a low-visibility but high-consequence safeguard for the integrity of the reimbursement process.

The Double-Export Guard is a medium-complexity backend service with a single hard dependency on the Export Run Repository. It must be delivered and integrated before any export flow reaches production, as it is the primary guard against duplicate payment — a critical risk in any finance system. Testing must include concurrent export scenarios, partial failure and rollback paths, and boundary cases where claims transition state mid-export. Because it wraps the export pipeline, any delay in the Export Run Repository will block this component.

Plan integration testing as a coordinated slice with the repository and the export orchestration layer.

filterUnexportedClaims() queries the Export Run Repository to exclude any claim IDs already associated with a completed export run before passing the candidate set downstream. markClaimsAsExported() must execute atomically — wrap in a database transaction with the export run status update to prevent partial marks on failure. rollbackExportMarks() reverses that transaction if the downstream export step fails, ensuring the claim set returns to an exportable state. getExportRunForClaim() supports both the Double-Export Guard's own pre-check and external audit queries.

Use optimistic locking or a claim-level status field to handle concurrent export attempts safely under load.

Responsibilities

  • Filter out already-exported claims from the candidate set
  • Atomically mark newly exported claims with export run reference
  • Provide audit query to identify which run exported a specific claim
  • Handle partial export failures by rolling back claim marks on error

Interfaces

filterUnexportedClaims(claims): ExpenseClaim[]
markClaimsAsExported(claimIds, exportRunId)
getExportRunForClaim(claimId): ExportRun | null
rollbackExportMarks(exportRunId)

Relationships

Dependencies (1)

Components this component depends on

data Export Run Repository

Dependents (1)

Components that depend on this component

service Accounting Exporter Service

Related Data Entities (4)

Data entities managed by this component

Driver Fee 16 fields core Expense Claim 18 fields core Export Run 17 fields audit Field Mapping 14 fields configuration

Used Integrations (1)

External integrations and APIs this component relies on

Xledger REST API API