Implement ScenarioEvaluationConfig for threshold and feature flag loading

epic-scenario-push-engagement-foundation-task-005 — Implement ScenarioEvaluationConfig as an infrastructure service that reads all scenario-related thresholds and feature flags from environment variables (or remote config). Expose typed getters: inactivityThresholdDays, sessionCountThreshold, expiryWarningDays, isScenarioPushEnabled(scenarioType). Validate all values at startup and throw descriptive errors on misconfiguration.

high priority low complexity infrastructure pending infrastructure specialist Tier 0

Acceptance Criteria

ScenarioEvaluationConfig is implemented as a singleton or injectable service accessible via Riverpod provider

inactivityThresholdDays returns a positive integer read from environment/remote config with a documented default fallback (e.g. 14 days)

sessionCountThreshold returns a positive integer with a documented default fallback (e.g. 3 sessions)

expiryWarningDays returns a positive integer with a documented default fallback (e.g. 7 days)

isScenarioPushEnabled(ScenarioType scenarioType) returns a bool and respects per-scenario feature flags independently

All config values are validated at application startup; invalid or missing required values throw a ConfigurationException with a descriptive, human-readable message specifying which key is misconfigured

No config value is hard-coded inline in business logic — all thresholds reference ScenarioEvaluationConfig exclusively

Config service is testable with injected overrides (no static globals); unit tests can supply a mock or stub implementation

If remote config is unavailable at startup, service falls back gracefully to environment variable values without crashing

All getters are documented with their valid ranges and units (e.g. 'days as positive integer, min 1, max 365')

Technical Requirements

frameworks

Flutter

Riverpod

performance requirements

Config values loaded once at startup and cached; no repeated I/O on each getter call

Startup validation completes in under 50ms

security requirements

No sensitive credentials or PII stored in config values

Config keys namespaced to prevent collision with other environment variables

Service role keys and API secrets must never be sourced through this config class

Execution Context

Execution Tier

Tier 0

Tier 0 - 440 tasks

View Full Execution Plan

Implementation Notes

Define a ScenarioType enum covering all push scenario types (e.g. INACTIVITY, LOW_SESSION_COUNT, CERTIFICATION_EXPIRY) before implementing isScenarioPushEnabled. Use a simple abstract interface (e.g. ConfigSource) so the implementation can be swapped between dart_define environment variables and a Supabase remote config table without changing call sites.

Riverpod Provider wrapping the config instance enables easy override in tests via ProviderContainer overrides. Validate ranges defensively — a threshold of 0 days is logically invalid and should fail fast. Document all environment variable key names in a companion constants file.

Testing Requirements

Write unit tests using flutter_test. Test each typed getter with valid, boundary, and invalid input values. Test isScenarioPushEnabled for every defined ScenarioType enum value. Test that ConfigurationException is thrown with a descriptive message for each misconfigured key.

Test fallback behaviour when remote config is unavailable. Achieve minimum 90% branch coverage. Use dependency injection to supply a testable config source — do not rely on real environment variables in tests.

Component

Scenario Evaluation Configuration

infrastructure low

Epic Risks (3)

high impact medium prob dependency

FCM service account key and APNs certificate configuration may be missing or misconfigured in the Supabase Edge Function secrets store, blocking end-to-end push delivery testing until resolved by the infrastructure owner.

Mitigation & Contingency

Mitigation: Raise a credentials-setup task in the project board at epic start; document the exact secret names required in scenario-evaluation-config so the infrastructure owner can provision them independently of development work.

Contingency: Implement a mock push-notification-dispatcher stub that records payloads to the database for local testing, allowing the rest of the feature to proceed while credentials are obtained.

high impact low prob security

Incorrect RLS policies on the scenario_notifications or notification_preferences tables could allow one user to read or modify another user's notification records, constituting a data privacy breach.

Mitigation & Contingency

Mitigation: Write dedicated RLS policy tests using Supabase's built-in test framework before any application code touches the tables; require a peer security review of all policy definitions before merging.

Contingency: If a policy gap is discovered post-merge, immediately disable the affected table's read policy, notify the security lead, and deploy a hotfix with corrected policies before re-enabling access.

medium impact medium prob dependency

Norwegian Bokmål ARB localisation strings for all scenario message templates may not be available at implementation time, causing content-builder tests to fail and delaying integration.

Mitigation & Contingency

Mitigation: Define all required ARB message keys in a tracked document shared with the content owner at epic kickoff; use English placeholder strings that follow the final format so template injection logic can be tested independently.

Contingency: Ship with English-only strings in the first release and gate Norwegian strings behind a feature flag that is enabled once translations are reviewed and approved.

Quick Links

All Tasks Execution Plan