Compose and Dispatch an Encrypted Assignment Containing Sensitive Personal Data to a Peer Mentor

The coordinator opens the Assignment Compose Screen and selects the target peer mentor. The screen retrieves the recipient's public key from Supabase via the Key Management Service. The coordinator fills in structured fields: contact name, home address, medical summary (epikrise summary), and mission notes. Before submission, the Encrypted Message Service encrypts the entire payload client-side using the recipient's public key via X25519 + XSalsa20-Poly1305 (Encryption Infrastructure). Only the ciphertext is sent to Supabase via the Assignment Repository — plaintext never reaches the server. A push notification is dispatched to the recipient device via the push notification gateway. The Delivery Confirmation Service listens for FCM/APNs delivery receipts and writes a delivery acknowledgement to assignment_dispatches when confirmed. The coordinator sees an immediate 'Dispatched' confirmation and the assignment appears on their status dashboard.

CRITICAL story-encrypted-assignment-dispatch-coordinator-005 8 pts

Story Points

Critical

Priority

Encrypted Assignment Dispatch

Feature

User Story

As a Coordinator

I want to compose an assignment containing a contact's name, home address, medical summary, and mission details, and dispatch it encrypted directly to a selected peer mentor's device, so that the sensitive information never passes through the server in plaintext

So that So that I can securely communicate the information a peer mentor needs to carry out a support visit while meeting GDPR requirements and eliminating the insecure phone call and email workflows currently in use

Acceptance Criteria

Given the coordinator selects a peer mentor with a registered public key, when the Assignment Compose Screen loads, then the recipient's public key is silently fetched and ready for encryption
Given the coordinator fills in all required fields (contact name, address, medical summary, mission notes) and taps 'Send', when the payload is submitted, then the Encrypted Message Service encrypts it client-side before any network call is made
Given encryption succeeds, when the ciphertext is stored in Supabase, then querying the assignment record server-side returns only ciphertext — no plaintext fields are present
Given the assignment is dispatched, when FCM/APNs delivers the push notification to the recipient device, then the Delivery Confirmation Service writes a delivery acknowledgement to assignment_dispatches and the coordinator's dashboard reflects 'Delivered' status
Given the recipient peer mentor has no registered public key (key not yet initialized), when the coordinator attempts to dispatch to that user, then a clear warning is shown explaining that the recipient must log in with BankID before they can receive encrypted assignments
Given a network failure occurs during dispatch, when the coordinator submits the assignment, then the draft is preserved locally and a retry option is presented
Given the assignment is sent successfully, when the coordinator views their status dashboard, then the new assignment appears with 'Dispatched' status and the dispatch timestamp

Business Value

This story delivers the primary coordinator workflow that replaces insecure phone calls and unencrypted emails as channels for transmitting sensitive personal data to volunteers. For Blindeforbundet, this is a Phase 2 critical requirement explicitly cited in workshop findings. Successful implementation removes a legal compliance blocker (GDPR Art. 32) and enables full digitization of the assignment dispatch process, which currently cannot be done via the app due to the sensitivity of epikrise data.

Components

Assignment Compose Screen ui
Encrypted Message Service service
Key Management Service service
Delivery Confirmation Service service
Assignment Repository data
Encryption Infrastructure infrastructure
Supabase Client Service service

Encrypted Assignment Dispatch

Related Feature

Coordinator

User Role