Integrate duplicate detection into ProxyRegistrationService
epic-proxy-activity-registration-orchestration-task-003 — Call ProxyDuplicateDetectionService inside ProxyRegistrationService prior to any write operation. If a duplicate is detected, immediately construct and return a ProxyRegistrationDuplicateConflict result containing the conflicting record reference, without proceeding to the repository persist step. Ensure the duplicate check receives both the attributed peer mentor ID and the full activity details.
Acceptance Criteria
Technical Requirements
Execution Context
Tier 8 - 48 tasks
Can start after Tier 7 completes
Implementation Notes
Model ProxyRegistrationResult as a sealed class (or freezed union) with variants: ProxyRegistrationSuccess, ProxyRegistrationDuplicateConflict, ProxyRegistrationError. The duplicate detection call should be the first async operation inside the registration method — place it before any attribution or persistence logic. Use Dart's sealed classes (Dart 3+) or the freezed package for exhaustive pattern matching in the BLoC. The conflict result should include at minimum: conflicting_activity_id, conflicting_date, peer_mentor_id, and activity_type so the UI can show a meaningful message.
Ensure the detection service dependency is injected (not constructed inline) to keep the service testable. Avoid catching broad Exception types — only catch expected Supabase/network errors and rethrow unknown errors.
Testing Requirements
Write unit tests using flutter_test with mocked ProxyDuplicateDetectionService and ProxyActivityRepository. Test cases must cover: (1) duplicate detected → conflict result returned, repository never called; (2) no duplicate → execution proceeds to next step; (3) detection service throws exception → mapped to ProxyRegistrationError; (4) detection service called with correct peer_mentor_id and full activity payload. Achieve 100% branch coverage on the duplicate check guard. Integration test against a Supabase test environment to verify the RPC query returns the correct conflicting record.
If the Supabase batch RPC partial-inserts some records before encountering an error and does not roll back cleanly, the bulk service may report failure while orphaned records exist in the database, corrupting reporting data.
Mitigation & Contingency
Mitigation: Wrap the bulk insert in an explicit Supabase transaction via the RPC function. Write an integration test that simulates a mid-batch constraint violation and asserts zero records were written.
Contingency: If a partial-write incident occurs, the registered_by audit field allows identification and deletion of the orphaned records. Implement a coordinator-facing bulk submission status screen to surface any such anomalies.
When a bulk submission of 15 participants has 4 duplicates, the aggregated conflict summary may be too complex for coordinators to process quickly, leading to blanket override decisions that defeat the purpose of duplicate detection.
Mitigation & Contingency
Mitigation: Design the conflict result type to support per-participant override flags, so the UI can present a clear list of conflicting participants with individual cancel/override toggles rather than a single global decision.
Contingency: If coordinator usability testing reveals the conflict review screen is too complex, simplify to a 'skip all conflicts and submit the rest' mode as an immediate fallback while a more granular UI is designed.
If the coordinator role check inside proxy-registration-service is inconsistent with the route-level guard, a regression in the guard could allow peer mentors to call the service directly via deep links, submitting records with incorrect attribution.
Mitigation & Contingency
Mitigation: Enforce role authorization at both the route guard level (coordinator-role-guard) and inside each service method independently. Write a security test that calls the service directly with a peer mentor session token and asserts rejection.
Contingency: If a bypass is discovered, immediately enable the server-side RLS policy as the final enforcement layer and audit any records written during the exposure window using the registered_by field.