Activity

Every activity must be scoped to the authenticated user's active organization. Supabase RLS policies use auth.uid() and a custom JWT org_id claim to prevent cross-organization data reads and writes. Peer mentors can only read their own activities; coordinators can read all activities within their org scope.

Before a new activity is submitted (status transitions from draft to submitted), the system checks for existing activities with the same user_id, activity_date (±15 min window), activity_type_id, and contact_id. A confidence score is computed and if above threshold the Duplicate Warning Dialog is shown to allow the peer mentor to confirm or cancel the submission.

For users who are members of multiple organizations (NHF use case), the Duplicate Report Prevention Service scans activities across all affiliated organizations to detect double-reporting of the same event under different org contexts. Applies fuzzy matching on activity_type, contact_id, activity_date, and duration_minutes.

Activity status must follow valid transitions: draft→submitted, submitted→pending_review, pending_review→approved|rejected, rejected→submitted (after correction), approved→corrected (coordinator correction). Reverse transitions and skipping states are rejected. Transitions are executed via authenticated Supabase RPCs to prevent client-side manipulation.

When is_proxy_registration is true, the submitting user (registered_by_user_id) must hold the coordinator or admin role within the same organization as the target peer mentor. The Activity Delegation Service validates this before writing the activity and creates a corresponding delegation_grants audit record.

The activity_type_id must reference an activity_types record belonging to the same organization_id as the activity. Prevents cross-organization activity type misuse and ensures Bufdir reporting categorization is org-specific.

When contact_id is provided, the referenced contact must belong to the same organization as the activity. Enforced via Supabase FK constraint and application-level validation in Activity Validation Service.

Only activities with status='approved' (or 'submitted' for organizations without a coordinator approval workflow) are included in Bufdir report aggregations. Draft and rejected activities are always excluded. This ensures grant reporting reflects only verified peer mentor contributions.

Activities may never be physically deleted from the database. Deletion sets deleted_at to the current timestamp and excludes the record from all RLS-filtered queries. This preserves the immutable Bufdir audit trail and ensures coordinator correction history remains intact.

An activity may have at most 5 attached documents, as required by NHF Bufdir evidence rules. The Document Storage Service checks document_count before accepting a new upload and rejects the operation with a user-facing error if the limit is reached.

Every state change to an activity record (field edits, status transitions, coordinator corrections) must trigger creation of an immutable activity_logs entry capturing the actor, timestamp, changed fields, and old/new values. This is enforced by a Supabase database trigger and cannot be bypassed by application code.