Integration checkpoint for epic-organization-selection-and-onboarding-data-layer
epic-organization-selection-and-onboarding-data-layer-integration-task — Integration Task
Integration Purpose
Verify integration with dependent epics: epic-organization-selection-and-onboarding-foundation
This integration checkpoint ensures proper coordination and compatibility between different epics. It verifies that all interfaces, data flows, and dependencies are correctly implemented before proceeding.
Integrates With Epics
Execution Context
Tier 6 - 158 tasks
Can start after Tier 5 completes
Handles integration between different epics or system components. Requires coordination across multiple development streams.
| Status | pending |
| Type | Integration |
| Estimated | 4h |
| Tier | 6 |
TenantSessionStore must write to both SecureStorageAdapter and Supabase session synchronously. If the Supabase write succeeds but the local secure storage write fails (or vice versa), the system ends up in an inconsistent state: local app thinks org A is selected but Supabase queries are scoped to org B (or unscoped), causing silent data leakage or empty result sets.
Mitigation & Contingency
Mitigation: Implement the dual-write with compensating rollback: if the second write fails, undo the first write and surface a typed DualWriteFailureError to callers. Add a startup integrity check in restoreSession() that validates local storage and Supabase session agree on the current org_id.
Contingency: If integrity check fails on startup, clear both stores and redirect the user to the org selection screen rather than proceeding with potentially mismatched state.
An organization could be deactivated in Supabase between the time the org list is cached and the time the user taps to select it. If the repository serves stale cached data the org-selection-service will attempt to seed a context for an inactive org, potentially causing RLS scope issues or confusing error states.
Mitigation & Contingency
Mitigation: The OrganizationRepository.getOrganizationById() path used during selection validation always performs a fresh network fetch (bypassing cache) to confirm the org is still active before the TenantSessionStore writes anything.
Contingency: If a freshness check finds the org is inactive, surface a localized error message on the selection screen ('This organization is no longer available') and refresh the org list to show only currently active partners.