Infrastructure

Infrastructure utility wrapping bcrypt password hashing at minimum cost factor 12. Used exclusively by Auth Service to hash passwords on acc...

Infrastructure utility for signing and validating JWT access tokens. Supports per-tenant signing key retrieval and configurable token TTL. V...

HTTP client and configuration layer for communicating with the certified BankID broker over OpenID Connect. Manages OIDC discovery, token ex...

Backend infrastructure adapter for reading and writing static JSON blobs to an S3-compatible object storage service. Used by the Profile Sha...

REST API endpoint contract definitions for activity operations, consumed by Activity Service via the shared API HTTP Client. Specifies the i...

Riverpod provider configuration applying the keepAlive modifier to the WizardStepController, preventing garbage collection when the wizard i...

Thin adapter wrapping the Flutter device_calendar plugin to provide a typed, testable interface over raw plugin calls. Abstracts platform ch...

Thin infrastructure adapter that sends raw audio frames to a cloud speech-to-text API when on-device recognition is unavailable. Invoked onl...

Server-side interceptor that fires on every proxy activity endpoint call to create a structured audit log entry capturing coordinator identi...

Backend adapter abstracting S3-compatible object storage for receipt binary files. Provides typed put, get-presigned-url, and delete operati...

Versioned template store for the Bufdir government reporting specification. Decouples report structure from generation code so format update...

Versioned server-side asset store for the Bufdir PDF report template. Ensures exported PDFs always use the correct government-approved layou...

Infrastructure utility that enforces per-organization rate limits on export requests to prevent accidental duplicate Bufdir submissions. Use...

Manages encrypted storage and retrieval of per-organization accounting API credentials and endpoint configuration. Credentials are encrypted...

Wraps flutter_secure_storage and platform-native secure enclave APIs (iOS Secure Enclave, Android Keystore) to generate, store, and retrieve...

Next.js admin portal UI component under Organization Management allowing org admins to define and edit the threshold rule set (count, label,...

Infrastructure wrapper around the Firebase Cloud Messaging HTTP v1 API for the Next.js backend. Manages OAuth2 service account authenticatio...

Wraps the Twilio or Link Mobility REST API to dispatch SMS messages, abstracting provider authentication, response parsing, and error normal...

Wraps the SendGrid or Postmark API client to deliver multi-part HTML emails from Next.js API routes, handling authentication, exponential-ba...

Scenario Evaluation Cron Job

Thin wrapper around the share_plus Flutter package that invokes the device native share sheet with a text or URL payload. Used by both the I...

Background job integration that schedules push notification reminders at enrollment time. Delegates to the backend job queue to fire reminde...

An automated accessibility audit step integrated into the Flutter CI pipeline that catches WCAG 2.2 AA regressions before merge. It executes...

REST API endpoint that returns the current sensitive field annotation registry and per-context warning behaviour settings for the authentica...

Flutter ARB translation file set for Northern Sami (locale code 'se') covering all externalised UI strings, error messages, onboarding conte...

Flutter utility wrapping the url_launcher package to open external URLs in the device browser or optionally an in-app web view (feature-flag...

Bootstraps the SQLCipher encryption key used by the Drift database at app startup. Retrieves or generates a device-bound AES-256 key from th...

Centralized HTTP client wrapping Dart's http or Dio with JWT bearer token injection, automatic token refresh on 401 responses, a 15-second t...

Registers and manages platform background execution tasks via the workmanager Flutter plugin, mapping to WorkManager (Android) and BGTaskSch...

Short-lived server-side cache layer (30-60 second TTL) for KPI aggregation results, reducing repeated PostgreSQL aggregation load on the adm...

Environment-variable-driven configuration for the activity feed, covering the polling interval (default 60 seconds for MVP), feed retention ...

Next.js middleware applied to all admin user management API routes. Validates the incoming JWT, resolves the requesting admin's organization...

Cron-scheduled infrastructure job that triggers the nightly duplicate detection scan across all active organizations. Runs after business ho...

Thin infrastructure adapter that writes before/after snapshots of rule configuration changes to the central audit log whenever an administra...

Scheduled background job that runs nightly to materialize expense aggregate metrics and statistical baseline values into the expense_summary...

Infrastructure service that transforms normalized Meander activity and organization data into the exact schema required by Bufdir. Abstracts...

Thin adapter over Vercel Blob (primary) and S3 (fallback) for storing completed Bufdir export files. Generates signed download URLs with a 2...

Infrastructure utility that maintains the authoritative whitelist of permitted dimensions and metrics for the custom report builder. Provide...

Static registry defining every overrideable label key along with its platform default string. Adding a new overrideable key requires only ad...

API middleware that intercepts every request to a module-scoped endpoint and verifies the requesting user's organization has the correspondi...

Utility for constructing parameterized recursive Common Table Expression SQL fragments in PostgreSQL for arbitrary-depth tree traversal. Ens...

HTTP endpoint that accepts inbound webhook POST requests from the external Dynamics-based portal. Validates request authenticity via HMAC si...

Secure storage layer for per-organization accounting system credentials. Encrypts API keys, client secrets, and endpoint URLs at rest before...

Next.js API route handler enforcing role-based access control at the API layer before delegating to SecurityMetricsService. Validates that o...

PostgreSQL-level safeguards that make the audit_logs table truly append-only regardless of application code. Consists of two mechanisms: (1)...

Static SEO configuration module providing page-level metadata, Open Graph tags, Twitter card markup, and JSON-LD structured data to maximize...

Next.js static export and Vercel deployment configuration that enables fast global CDN delivery, build-time page generation, image optimizat...

Next.js metadata configuration shared across all sales website pages. Defines page titles, descriptions, Open Graph tags, and canonical URLs...

CSS print media query rules scoping browser print output to the results card only, hiding navigation, input form, and non-essential chrome. ...

DNS and sending-domain configuration required for transactional email deliverability. Covers SPF record setup, DKIM key pair generation and ...

File-based or CMS-backed content storage for versioned legal documents (ToS, Privacy Policy, DPA, Cookie Policy, SLA). Allows legal team to ...

User Interface components handle presentation logic, user interactions, and visual elements of the application.

Service Layer components contain business logic, orchestrate operations, and provide core application functionality.

Data Layer components manage data persistence, storage operations, and data access patterns throughout the application.