🏠 Overview ✅ Implementation Tasks ✅ epic-external-system-integration-configuration-admin-ui-task-008

Wizard step validation logic and error display

epic-external-system-integration-configuration-admin-ui-task-008 — Add per-step validation logic to the Integration Setup Wizard. Each step must validate required fields before allowing navigation forward. Display inline error messages using the plain-language error display pattern. Prevent submission if any step fails validation, and scroll to the first error field automatically.

high priority medium complexity frontend pending frontend specialist Tier 4

Acceptance Criteria

Tapping 'Next' on any step triggers validation for that step's required fields before advancing
If validation fails, the wizard does not advance and inline error messages appear beneath each failing field
Error messages are in plain language (Norwegian or English per org locale) — no raw field keys or technical codes shown to admin
The view automatically scrolls to the first field with an error after a failed validation attempt
Validation runs on each step independently — a completed step's errors do not re-surface when navigating back
The final Submit button is disabled if any step's validation state is invalid (cross-step guard)
Required field validation covers: non-empty strings, valid URL format for endpoint fields, valid integer/numeric ranges for numeric fields
Credential step validates that password/secret fields meet minimum length (≥8 chars)
Field Mapping step validates that all mandatory source fields have a mapped target column
Sync Schedule step validates that the cron expression (if custom) is syntactically valid
Clearing an error by correcting the field removes the inline message immediately (reactive validation after first-submit attempt)
All error messages are accessible: announced by screen reader, associated with their input field via semantic label

Technical Requirements

frameworks
Flutter
BLoC
Riverpod
data models
bufdir_column_schema
performance requirements
Validation must complete synchronously for field-level checks (no async validators on basic required/format rules)
Scroll-to-first-error must execute within one animation frame after validation result
security requirements
Client-side validation is UX only — server-side validation in Edge Function is authoritative
Error messages must never echo back raw credential values in error text
ui components
InlineFieldError widget (text below input, error color from design tokens)
ValidatedTextField (wraps AppTextField with error state)
StepValidationSummary (optional: list of unresolved errors at top of step)

Execution Context

Execution Tier
Tier 4

Tier 4 - 323 tasks

Can start after Tier 3 completes

Integration Task

Handles integration between different epics or system components. Requires coordination across multiple development streams.

Implementation Notes

Implement a StepValidator abstract class with a validate(Map stepData) → Map method (field key → error message). Create concrete validators per step type. Store validation results in WizardState.validationErrors (Map>). In the wizard shell, on Next tap: call currentStepValidator.validate(), write results to state, and only advance if result is empty.

Use ScrollController attached to the step's SingleChildScrollView; after validation failure, find the first error field's GlobalKey and call Scrollable.ensureVisible(). For reactive clearing: switch from validate-on-submit-only to validate-on-change after first submission attempt (set a 'hasAttemptedSubmit' flag per step in state). Cron expression validation can use a lightweight local parser — no external package needed for basic syntax check.

Testing Requirements

Unit tests: each validator function (required, urlFormat, minLength, cronExpression, fieldMappingComplete) with valid and invalid inputs. Widget tests: submit step with empty required field, assert error visible; correct field, assert error cleared; navigate forward blocked when errors present. Integration test: attempt to submit wizard with step 2 errors while on step 4 — assert submit button disabled and navigating back to step 2 shows errors. Accessibility: assert error text is associated with field via semantics.

Coverage target: 90% on validation logic, 80% on widget error display.

Component
Integration Setup Wizard
ui high
Dependencies (1)
Implement the first step of the setup wizard: an integration type selection screen listing available integration types (Xledger, Dynamics, Cornerstone, Consio, Bufdir) as selectable cards with icons and brief descriptions. Selection updates wizard state and pre-populates relevant credential field schemas for the next step. epic-external-system-integration-configuration-admin-ui-task-007
Epic Risks (4)
medium impact high prob technical

The multi-step Integration Setup Wizard must render different credential fields, field mapping targets, and validation rules depending on the selected integration type. If the type-specific branching logic is implemented as conditional widget trees rather than driven by the Integration Type Registry, the wizard becomes unmaintainable and adding new integration types requires UI code changes.

Mitigation & Contingency

Mitigation: Design the wizard to be metadata-driven from the Integration Type Registry from day one. Credential form fields, required field validation, and mapping target lists are all fetched from the registry, not hardcoded in widgets. Implement one integration type end-to-end first (Xledger) to validate the pattern before building the others.

Contingency: If the metadata-driven approach proves too complex for the initial delivery, implement Xledger and Dynamics as hardcoded wizard variants and create a registry-driven refactor as a follow-up technical debt ticket with a fixed deadline.

medium impact medium prob dependency

The Excluded Features Configuration Panel must wire directly into the feature flag system to suppress HLF app features. If the feature flag system does not yet expose a writable admin interface, this panel cannot save its configuration, blocking the HLF-specific acceptance criteria.

Mitigation & Contingency

Mitigation: Verify that the Organization-scoped Feature Flags feature (a declared dependency) exposes a Dart API for programmatic flag writes before starting this panel. Coordinate with the feature flags team to ensure the write API is available. If needed, schedule this panel as the last item in the epic.

Contingency: If the feature flag write API is unavailable at implementation time, store excluded features in the integration's JSONB settings column and wire them into a local feature flag provider that merges database state with the standard flag system at app startup.

high impact medium prob scope

The Field Mapping Editor's usability for non-technical org admins is high-risk. If the visual mapping interface is confusing, admins will configure incorrect mappings that cause silent data corruption in accounting exports — a serious financial risk discovered only at month-end reconciliation.

Mitigation & Contingency

Mitigation: Conduct usability testing with at least one admin user from Blindeforbundet on the field mapping editor prototype before full implementation. Provide descriptive labels and sample data values for all fields. Add a 'test mapping' preview that shows a transformed sample record before saving.

Contingency: If usability testing reveals the visual editor is too complex, implement a simplified list-based mapping editor (select app field → select external field, one row at a time) as a fallback, deferring the drag-and-drop visual editor to a future iteration.

medium impact medium prob technical

The Credential Management Form's masked fields and connection-test flow may conflict with screen reader requirements — VoiceOver and JAWS must be able to navigate the form, understand which fields are already configured, and receive feedback on connection test results without exposing credential values in accessible text.

Mitigation & Contingency

Mitigation: Design accessible semantics labels for masked fields (e.g., 'API key: configured, last 4 characters: abcd') from the start. Use Flutter's Semantics widget to provide screen-reader-specific text that differs from visual display. Test with VoiceOver on iOS and TalkBack on Android during development, not only at QA.

Contingency: If accessibility conflicts with security requirements for the credential form, implement a separate 'accessibility mode' flow where credential configuration is done through a separate confirmation step that provides more explicit semantic feedback without risk of value exposure.

Quick Links
All Tasks Execution Plan