Encrypted Assignments - Entity | Meander Platform

Description

Encrypted dispatch envelope carrying sensitive personal data (name, address, epicrisis) from a coordinator to a peer mentor, with delivery confirmation, read receipt, and status tracking. Core entity backing the Encrypted Data Assignments area, critical for Blindeforbundet's workflow.

Data Structure

Name	Type	Description	Constraints
`id`	`uuid`	Unique identifier for the encrypted assignment	PKrequiredunique
`organization_id`	`uuid`	Tenant organization owning the assignment (multi-tenancy scope)	required
`peer_mentor_id`	`uuid`	Peer mentor (recipient) the assignment is dispatched to	required
`coordinator_id`	`uuid`	Coordinator (sender) who created and dispatched the assignment	required
`contact_id`	`uuid`	Optional link to the contact (case) the assignment relates to once created	-
`subject`	`string`	Short non-sensitive subject line displayed in inbox previews (no PII)	required
`encrypted_payload`	`text`	AES-256-GCM encrypted JSON blob containing sensitive personal data (name, address, epikrise, instructions)	required
`encryption_algorithm`	`enum`	Cipher used for the payload	required
`encryption_key_id`	`string`	Key identifier resolved via the Key Management Service for decryption	required
`encryption_iv`	`string`	Initialization vector / nonce used by AES-GCM, base64 encoded	required
`auth_tag`	`string`	AES-GCM authentication tag for payload integrity, base64 encoded	required
`status`	`enum`	Lifecycle status of the assignment	required
`dispatched_at`	`datetime`	Server timestamp when the assignment was sent	required
`delivered_at`	`datetime`	Timestamp when device confirmed delivery	-
`read_at`	`datetime`	Timestamp when the peer mentor opened the assignment detail (read receipt)	-
`contact_created_at`	`datetime`	Timestamp when the peer mentor first established contact (used to detect 10-day no-contact reminders)	-
`reminder_due_at`	`datetime`	Scheduled time for the automatic 10-day no-contact reminder	-
`reminder_sent_at`	`datetime`	When the no-contact reminder was actually fired	-
`expires_at`	`datetime`	When the assignment automatically expires if not completed	-
`completed_at`	`datetime`	When the assignment was marked completed by the peer mentor	-
`counts_toward_threshold`	`boolean`	Whether this assignment is eligible to be counted in the per-RK threshold tracker (3rd and 15th honorar tiers)	required
`priority`	`enum`	Urgency hint shown in the inbox	-
`source_ref`	`string`	Optional external reference (e.g., RK case number) for cross-referencing legacy systems	-
`created_at`	`datetime`	Record creation timestamp	required
`updated_at`	`datetime`	Last modification timestamp	required

Database Indexes

idx_encrypted_assignments_peer_mentor_status

btree

Columns: peer_mentor_id, status

idx_encrypted_assignments_coordinator

btree

Columns: coordinator_id, dispatched_at

idx_encrypted_assignments_organization

btree

Columns: organization_id, status

idx_encrypted_assignments_reminder_due

btree

Columns: reminder_due_at

idx_encrypted_assignments_expires_at

btree

Columns: expires_at

idx_encrypted_assignments_contact

btree

Columns: contact_id

Validation Rules

required_fields_present error

Validation failed

status_transition_valid error

Validation failed

timestamps_monotonic error

Validation failed

subject_no_pii_length warning

Validation failed

payload_decrypts_with_key error

Validation failed

peer_mentor_belongs_to_org error

Validation failed

expires_after_dispatch error

Validation failed

Business Rules

payload_must_be_encrypted_at_rest

on_create

Sensitive personal data (name, address, epikrise) must only be stored in the encrypted_payload field via AES-256-GCM; plaintext PII must never be written to other columns.

Enforced by: Encryption Service Key Management Service Assignment Store

delivery_receipt_recorded

on_update

When the recipient device acknowledges receipt, delivered_at must be set and status transitions dispatched -> delivered.

Enforced by: Assignment Inbox Screen Encryption Service Assignment Store

read_receipt_recorded

on_update

Opening the assignment detail sets read_at once and transitions status to read; subsequent opens do not overwrite read_at.

Enforced by: Assignment Detail Screen Encryption Service Assignment Store

ten_day_no_contact_reminder

always

If contact_created_at remains null 10 days after dispatched_at, the system fires a reminder to the peer mentor and notifies the coordinator.

Enforced by: Assignment Counter Service Encryption Service Assignment Store

threshold_counting

on_update

Completed assignments where counts_toward_threshold=true increment the per-mentor assignment_threshold_counter; 3rd and 15th completions trigger honorar-tier events.

Enforced by: Assignment Counter Service Threshold Status Widget Assignment Store

tenant_isolation

always

An assignment must only be readable by users within the same organization_id; cross-tenant reads are rejected by the role guard.

Enforced by: Role Guard Encryption Service Assignment Store

key_rotation_supported

always

encryption_key_id must resolve via the Key Management Service so retired keys can still decrypt historical assignments without re-encrypting the table.

Enforced by: Key Management Service Encryption Service

module_toggle_gate

always

Encrypted assignment operations are only available when the encrypted-assignments module is enabled for the tenant; disabled tenants cannot create or read assignments.

Enforced by: Role Guard Module Registry Service Encryption Service

audit_every_decryption

always

Every decryption (read) of an assignment payload is recorded in the audit log with actor, timestamp, and assignment id.

Enforced by: Encryption Service Audit Service Assignment Store