Implement Dart integration type registry class
epic-external-system-integration-configuration-foundation-task-006 — Implement the Dart IntegrationTypeRegistry class as a static/singleton infrastructure component. It must expose typed metadata for each supported integration: credential field definitions (name, type, required, placeholder), available field mapping targets per integration type, and display names. Load from compile-time constants; no network calls required.
Acceptance Criteria
Technical Requirements
Execution Context
Tier 1 - 540 tasks
Can start after Tier 0 completes
Handles integration between different epics or system components. Requires coordination across multiple development streams.
Implementation Notes
Define an IntegrationType enum with values xledger, dynamics, cornerstone, consio, bufdir — use extension methods to expose the string identifier and displayName. Use a private static const Map
This class will be consumed by the UI (credential form builder) and by task-010 (field mapping validation), so the public API surface matters — keep it minimal and typed. Avoid dynamic or Map
Testing Requirements
Write unit tests using flutter_test. Test: (1) getMetadata() returns correct type for each of the 5 integration types; (2) getMetadata() throws ArgumentError for unknown type; (3) supportedTypes contains exactly the 5 expected identifiers; (4) all CredentialFieldDefinition fields are non-null for required entries; (5) availableMappingTargets is non-empty for each type. No mocking needed — registry is pure Dart with compile-time constants.
Supabase Vault API has limited documentation for Dart/Flutter clients; wrapping it correctly for credential rotation and secret reference management may require significant trial and error, delaying the vault component and blocking all downstream credential-dependent work.
Mitigation & Contingency
Mitigation: Spike the Vault integration in the first sprint using a minimal proof-of-concept (store, retrieve, rotate one secret). Document the API surface before building the full vault client. Identify any missing Dart SDK bindings early.
Contingency: If Supabase Vault is too complex, fall back to Supabase's encrypted column approach (pgcrypto) for credential storage as a temporary measure, with a planned migration path to Vault once the API is understood.
Incorrect RLS policy configuration on organization_integrations could allow org admins of one organization to read or modify another organization's integration credentials, creating a serious data breach and compliance violation.
Mitigation & Contingency
Mitigation: Write integration tests that explicitly attempt cross-org data access using different JWT tokens and assert 0 rows returned. Include RLS policy review in PR checklist. Use Supabase's local development stack for policy validation before deployment.
Contingency: If a breach is discovered post-deployment, immediately revoke all integration credentials, rotate vault secrets, notify affected organizations, and apply emergency RLS patches.
JSONB columns for field_mappings and sync_schedule lack database-level schema enforcement; AI-generated or malformed JSON could silently corrupt integration configurations, causing export failures that are hard to diagnose.
Mitigation & Contingency
Mitigation: Define TypeScript/Dart model classes with strict deserialization and validation. Add database check constraints or triggers that validate JSONB structure at write time. Version the JSONB schema to enable forward-compatible migrations.
Contingency: Build a repair script that scans organization_integrations for invalid JSONB and resets corrupted records to a safe default state, alerting the admin of the affected organization.