🏠 Overview ✅ Implementation Tasks ✅ epic-contact-detail-and-edit-foundation-task-018

Document data layer contracts and encryption design

epic-contact-detail-and-edit-foundation-task-018 — Write developer documentation covering: typed interfaces for all repository methods, field-encryption-utils API surface, MaskedFieldResult contract, contact-form-validator ValidationResult structure, and the NHF 5-chapter affiliation rule. Include a sequence diagram for the encrypted field fetch-decrypt-display flow so service and UI tier developers have stable contracts to build upon.

medium priority low complexity documentation pending documentor Tier 8

Acceptance Criteria

A markdown file `docs/architecture/contact-data-layer.md` is created and committed to the repository
Document covers all public method signatures of ContactDetailRepository (typed Dart interfaces, not prose)
Document covers all public method signatures of AssignmentRepository
Document covers field-encryption-utils' encrypt, decrypt, and mask methods with parameter types and return types
MaskedFieldResult contract is documented: when it is returned, what its fields mean, and how UI should render it
ContactFormValidator ValidationResult structure is documented with all possible error codes and their meanings
The NHF 5-chapter affiliation rule is explicitly documented: the constant name, its value (5), its source file, and how it propagates to UI
A Mermaid sequence diagram showing: UI requests contact detail → service calls repository → repository fetches encrypted metadata → field-encryption-utils decrypts with org key → plaintext returned to UI; with a branch showing masked fallback on key error
Document includes a 'How to override providers in tests' section with a short Dart code snippet
Reviewed and approved by at least one service-layer developer (review comment or PR approval is sufficient)
All Dart type names in the document match exactly the names in the source code (no paraphrasing)

Technical Requirements

frameworks
Flutter
Riverpod
data models
ContactDetail
Assignment
EncryptedFieldMetadata
MaskedFieldResult
ValidationResult
OrgKey
security requirements
Documentation must not include any real encryption keys, real org IDs, or real contact data
Any example values must be clearly labelled as synthetic/illustrative

Execution Context

Execution Tier
Tier 8

Tier 8 - 48 tasks

Can start after Tier 7 completes

Implementation Notes

Use Mermaid syntax for the sequence diagram (GitHub renders it natively). Structure the document with the following H2 sections: Overview, ContactDetailRepository API, AssignmentRepository API, FieldEncryptionUtils API, MaskedFieldResult Contract, ContactFormValidator & ValidationResult, NHF 5-Chapter Affiliation Rule, Riverpod Provider Dependency Graph, Testing Override Examples. Keep prose minimal — prefer typed method signatures and bullet lists over paragraphs. The sequence diagram must include the masked fallback branch (alt/else block in Mermaid).

Cross-reference the relevant test file from task-016 so readers can see the contracts exercised. This document is a living contract — note at the top that it must be updated whenever a public interface changes.

Testing Requirements

No automated tests for documentation. However, the document must be technically reviewed: a second developer should attempt to implement a stub service using only the documentation (without reading source code) and confirm all required information is present and unambiguous.

Record the review outcome as a PR comment.

Component
Field Encryption Utilities
infrastructure high
Dependencies (2)
Expose contact-detail-repository, assignment-repository, field-encryption-utils, and contact-form-validator through Riverpod providers. Use family providers where org-scoping is required. Ensure providers are properly scoped so higher-tier service components (contact-detail-service, contact-edit-service, read-receipt-service) can depend on them without circular dependencies. epic-contact-detail-and-edit-foundation-task-017 Write integration tests exercising the full data path: contact-detail-repository fetches encrypted field metadata, field-encryption-utils decrypts using org key, masked fallback triggers on injected key error. Use a local Supabase instance or mock client. Verify RLS blocks cross-org access. Document all test scenarios for QA sign-off. epic-contact-detail-and-edit-foundation-task-016
Epic Risks (3)
high impact medium prob security

Blindeforbundet's encryption key retrieval mechanism may not be finalised at implementation time, or session key availability via Supabase RLS may be inconsistent, causing decryption failures that expose masked placeholders to users and degrade the experience.

Mitigation & Contingency

Mitigation: Agree with Blindeforbundet on key storage and retrieval contract before implementation starts. Prototype key retrieval in a spike against the staging Supabase instance and validate the full decrypt/verify cycle with real test data before committing to the implementation.

Contingency: Implement a fallback that shows a 'field temporarily unavailable' state with a retry affordance. Log decryption failures server-side for audit. Escalate to Blindeforbundet stakeholders to unblock key management before the service tier epic begins.

medium impact medium prob technical

NHF contacts may belong to up to 5 chapters, each governed by separate RLS policies. A coordinator's chapter scope may not cover all affiliations, causing partial profile reads or silent data omissions that are difficult to detect in tests.

Mitigation & Contingency

Mitigation: Map all RLS policy combinations for multi-chapter contacts early. Write integration tests that create contacts with 5 affiliations and query them from coordinators with varying chapter scopes. Use Supabase's RLS test utilities to verify row visibility per role.

Contingency: Add an explicit 'affiliation partially visible' state in the repository response model so the UI can communicate scope limitations to the coordinator rather than silently showing incomplete data.

low impact medium prob scope

Organisation-specific validation rules (e.g., NHF chapter limit, Blindeforbundet encrypted field edit flow) may expand in scope during implementation as edge cases are discovered, causing the validator to grow beyond the planned complexity.

Mitigation & Contingency

Mitigation: Define the complete validation rule set with product and org stakeholders before coding begins. Document each rule with its source organisation and acceptance test. Use a rule registry pattern so new rules can be added without modifying core validator logic.

Contingency: Timebox validator enhancements to 2 hours per additional rule. Defer non-blocking rules to a follow-on maintenance task rather than blocking the epic delivery.

Quick Links
All Tasks Execution Plan