Document integration foundation API and security model

epic-external-system-integration-configuration-foundation-task-014 — Write technical documentation covering: database schema with column descriptions, RLS policy matrix (role vs operation), Vault usage contract (how to store/retrieve credentials, what is never persisted), IntegrationTypeRegistry extension guide for adding new integration types, and FieldMappings schema evolution guidelines. Documentation targets backend and integration specialist agents consuming this foundation.

medium priority low complexity documentation pending documentor Tier 7

Acceptance Criteria

Documentation includes a schema reference table for organization_integrations with column name, type, nullable, and description for every column

Documentation includes an RLS policy matrix table with rows for each role (anon, authenticated/coordinator, authenticated/peer_mentor, service_role) and columns for SELECT, INSERT, UPDATE, DELETE showing allowed/denied

Documentation includes a Vault usage contract section that explicitly lists what IS stored in Vault (credential secrets), what is NEVER stored in the application database (raw secrets), and the reference lifecycle (store → use reference ID → rotate → old reference invalidated)

Documentation includes a step-by-step guide for adding a new integration type to IntegrationTypeRegistry with a complete code example

Documentation includes FieldMappings schema evolution guidelines covering: adding new fields (backward compatible), renaming fields (migration strategy), removing fields (deprecation cycle)

All code examples in documentation are valid Dart and compile without errors

Documentation is written in English targeting a technical audience (backend/integration specialist AI agents and human developers)

Documentation is stored as Markdown in `docs/integration-foundation/` within the repository

Technical Requirements

frameworks

Dart

Flutter

apis

Supabase Vault RPC

Supabase PostgREST

data models

OrganizationIntegration

IntegrationCredential

IntegrationTypeRegistry

FieldMappings

security requirements

Documentation must explicitly state that raw credential values must never be stored in organization_integrations or any application table

Documentation must describe the minimum required JWT claims for each vault RPC call

Documentation must include a warning about service role key exposure risks

Execution Context

Execution Tier

Tier 7

Tier 7 - 84 tasks

Can start after Tier 6 completes

Integration Task

Handles integration between different epics or system components. Requires coordination across multiple development streams.

View Full Execution Plan

Implementation Notes

Structure the documentation as four separate Markdown files under `docs/integration-foundation/`: `schema-reference.md`, `security-model.md`, `extending-integration-types.md`, and `field-mappings-evolution.md`. Use Markdown tables for the schema reference and RLS matrix — they render well in GitHub and most documentation tools. For the Vault usage contract, use a numbered list for the lifecycle steps and a clear 'NEVER store' callout block (Markdown `> ⚠️ WARNING:` blockquote). For the IntegrationTypeRegistry extension guide, show a complete before/after diff: the existing registry with two integration types, then the same file after adding a third.

For FieldMappings evolution, reference semantic versioning of the JSONB schema using a `schema_version` field if one exists, or recommend adding one. Keep each file under 300 lines — if longer, split into sub-sections. These docs serve as the primary onboarding material for AI agents implementing tasks in downstream epics (Xledger, Dynamics, Cornerstone integrations), so precision and completeness are more important than brevity.

Testing Requirements

Documentation quality review rather than automated tests. Verification steps: (1) Have a peer developer unfamiliar with this module attempt to add a new integration type following only the extension guide — they should succeed without asking questions; (2) Verify all code examples compile by running `dart analyze` on extracted snippets; (3) Confirm the RLS matrix matches the actual policies applied in task-005 by cross-referencing the migration SQL; (4) Confirm the Vault usage contract accurately reflects the vault client implementation from task-010. No automated test runner required, but documentation accuracy is a merge gate.

Component

Integration Type Registry

infrastructure low

Dependencies (2)

Create a PostgreSQL enum type for supported integration types (xledger, dynamics, cornerstone, consio, bufdir) and apply it to the organization_integrations table. Synchronize the enum values with the Dart IntegrationTypeRegistry constants to ensure type safety across the stack. Write migration with forward and rollback scripts. epic-external-system-integration-configuration-foundation-task-011 Write integration tests against a local Supabase instance to verify RLS policy enforcement on organization_integrations. Tests must confirm: org A cannot read org B records, coordinator role has correct permissions, service role bypasses RLS for edge functions, vault functions reject unauthorized callers, and credential rotation invalidates old vault references. epic-external-system-integration-configuration-foundation-task-013

Epic Risks (3)

high impact medium prob technical

Supabase Vault API has limited documentation for Dart/Flutter clients; wrapping it correctly for credential rotation and secret reference management may require significant trial and error, delaying the vault component and blocking all downstream credential-dependent work.

Mitigation & Contingency

Mitigation: Spike the Vault integration in the first sprint using a minimal proof-of-concept (store, retrieve, rotate one secret). Document the API surface before building the full vault client. Identify any missing Dart SDK bindings early.

Contingency: If Supabase Vault is too complex, fall back to Supabase's encrypted column approach (pgcrypto) for credential storage as a temporary measure, with a planned migration path to Vault once the API is understood.

high impact low prob security

Incorrect RLS policy configuration on organization_integrations could allow org admins of one organization to read or modify another organization's integration credentials, creating a serious data breach and compliance violation.

Mitigation & Contingency

Mitigation: Write integration tests that explicitly attempt cross-org data access using different JWT tokens and assert 0 rows returned. Include RLS policy review in PR checklist. Use Supabase's local development stack for policy validation before deployment.

Contingency: If a breach is discovered post-deployment, immediately revoke all integration credentials, rotate vault secrets, notify affected organizations, and apply emergency RLS patches.

medium impact medium prob technical

JSONB columns for field_mappings and sync_schedule lack database-level schema enforcement; AI-generated or malformed JSON could silently corrupt integration configurations, causing export failures that are hard to diagnose.

Mitigation & Contingency

Mitigation: Define TypeScript/Dart model classes with strict deserialization and validation. Add database check constraints or triggers that validate JSONB structure at write time. Version the JSONB schema to enable forward-compatible migrations.

Contingency: Build a repair script that scans organization_integrations for invalid JSONB and resets corrupted records to a safe default state, alerting the admin of the affected organization.

Quick Links

All Tasks Execution Plan