System controls
System settings
Operational configuration for routing, links, documents, approvals, exports and production readiness.
Production
Supabase
Private buckets
Not enabled
Branch routing
East Gippsland, Latrobe and Mount Alexander route to their configured branches.
Cases without an assessor remain in intake and are not hidden from queues.
Manual transfer will require administrator role and audit reason.
Secure links
Default expiry from environment setting for customer secure-link submissions.
Revoked and expired RFI links already render separate applicant states.
Invite creation is modelled; outbound provider credentials are not connected yet.
Document and storage rules
Supabase storage buckets are private and intended for signed server URLs.
Export packages and generated documents stay separate from customer uploads.
Schema tracks scan state; scanning service is not wired in v1 yet.
Decision guardrails
Assessment revisions must be signed off by an assessor before RBS review.
PermAssist export is blocked until RBS approval is recorded.
Reopening earlier work creates a new path instead of mutating locked history.
PermAssist export
Current adapter produces CSV package, manifest and validation report.
Export checks require project details, documents, sign-off and RBS approval.
Direct submission/import credentials are not connected in this v1.
Integrations
Database, RLS policies and storage buckets are configured.
Outbound invite and RFI delivery needs provider credentials before staff launch.
Extraction scaffolding is present; production analysis provider is not selected.
Audit and retention
Human decisions, generated packages and link actions are represented in the trail.
Production events should persist actor id and role at the time of action.
Council retention policy needs to be confirmed before enforcing archive rules.
Production readiness
Queues, revisions, RFIs, approval gates and export package generation are wired.
Email delivery, document analysis and production PermAssist credentials still need real provider configuration.
Settings mutations should wait for staff auth, role checks and audit-backed server actions.
Connected services
Readiness register
| Area | State | Owner | Next action |
|---|---|---|---|
| Staff auth | Needs setup | Platform | Connect staff login and role claims |
| Outbound email | Needs setup | Platform | Configure invite and RFI provider |
| Secure storage | Active | Security | Issue signed URLs from server actions |
| PermAssist package | Active | Permits | Confirm import mapping with real PermAssist target |
| Audit retention | Planned | Audit | Confirm council retention period |