Implement activity attribution and repository persistence in ProxyRegistrationService
epic-proxy-activity-registration-orchestration-task-004 — After a clean duplicate check, invoke ActivityAttributionService to attach coordinator identity as the proxy author to the activity record, then persist the attributed ProxyActivityRecord via ProxyActivityRepository. Map repository exceptions to ProxyRegistrationError result variants. Ensure the coordinator ID, attributed peer mentor ID, and timestamp are all captured in the persisted record.
Acceptance Criteria
Technical Requirements
Execution Context
Tier 9 - 22 tasks
Can start after Tier 8 completes
Implementation Notes
The attribution step should produce an immutable ProxyActivityRecord value object before passing it to the repository — never mutate the record after attribution. Use Dart's freezed package for the record type to enforce immutability. Repository exceptions should be caught at the repository call site with a specific try/catch, not a blanket catch at the top of the method — this preserves stack traces and allows precise error mapping. For the Supabase error mapping, inspect the error code: 23505 = unique_violation → databaseConstraint, others → networkFailure or unknown.
The coordinator ID must be injected from the auth session provider (Riverpod) rather than passed as a parameter from the UI layer, preventing client-side identity spoofing. Ensure the timestamp is set server-side using Supabase's now() default rather than the device clock to prevent timezone inconsistencies critical for Bufdir statistics.
Testing Requirements
Write unit tests using flutter_test with mocked ActivityAttributionService and ProxyActivityRepository. Required scenarios: (1) successful attribution + persistence → ProxyRegistrationSuccess with correct activity ID; (2) attribution service throws → ProxyRegistrationError returned, repository not called; (3) repository throws PostgresException (unique) → mapped to ProxyRegistrationError.databaseConstraint; (4) repository throws network error → mapped to ProxyRegistrationError.networkFailure; (5) persisted record contains all three required fields. Use Mockito or mocktail for mocking. Integration test: verify row appears in Supabase test DB with correct recorded_by_user_id and peer_mentor_id.
If the Supabase batch RPC partial-inserts some records before encountering an error and does not roll back cleanly, the bulk service may report failure while orphaned records exist in the database, corrupting reporting data.
Mitigation & Contingency
Mitigation: Wrap the bulk insert in an explicit Supabase transaction via the RPC function. Write an integration test that simulates a mid-batch constraint violation and asserts zero records were written.
Contingency: If a partial-write incident occurs, the registered_by audit field allows identification and deletion of the orphaned records. Implement a coordinator-facing bulk submission status screen to surface any such anomalies.
When a bulk submission of 15 participants has 4 duplicates, the aggregated conflict summary may be too complex for coordinators to process quickly, leading to blanket override decisions that defeat the purpose of duplicate detection.
Mitigation & Contingency
Mitigation: Design the conflict result type to support per-participant override flags, so the UI can present a clear list of conflicting participants with individual cancel/override toggles rather than a single global decision.
Contingency: If coordinator usability testing reveals the conflict review screen is too complex, simplify to a 'skip all conflicts and submit the rest' mode as an immediate fallback while a more granular UI is designed.
If the coordinator role check inside proxy-registration-service is inconsistent with the route-level guard, a regression in the guard could allow peer mentors to call the service directly via deep links, submitting records with incorrect attribution.
Mitigation & Contingency
Mitigation: Enforce role authorization at both the route guard level (coordinator-role-guard) and inside each service method independently. Write a security test that calls the service directly with a peer mentor session token and asserts rejection.
Contingency: If a bypass is discovered, immediately enable the server-side RLS policy as the final enforcement layer and audit any records written during the exposure window using the registered_by field.