Skip to content

Sub-Domain Blueprint: Community Registry

Domain: Community (governance, occupancy, registry, financials) Logical Sub-Domain: Registry (People Management) Physical Packages: @sd/mod-community/registry Related Documents: Data Definition Context: This document defines the Single Source of Truth for detailed member profiles and their synchronization with external identity providers (Google Workspace). Status: Stable (v2.5)

1. Mandate

The Registry Sub-Domain acts as the Identity CRM. Unlike the low-level unified/identity (which handles login), the Registry manages the rich profile data: Personas, Contexts (e.g. Staff Department, Vendor Category), and Legal Agreements. It automatically synchronizes this state to Google Workspace, ensuring mailing lists and drive access match the current role.

2. Capabilities

Capability Description Component
Profile Management Aggregate view of a User's multiple roles (Owner + Board Member). RegistryService.ensureProfile
Dynamic Sync Rule-based engine that syncs Firestore attributes to Google Groups. reconcileAllGroups
Context Resolution Storing domain-specific data (e.g. Insurance Expiry for Vendors) in contexts. DirectoryProfile.contexts
Forensic Vault Linking legal documents (Deeds/Contracts) to the Identity. forensicVaultRefs

3. Process Models

A. Profile Upsert (Idempotent)

Happy Path: Admin onboards a new Staff member.

sequenceDiagram
    participant Admin
    participant Service as RegistryService
    participant Google as GoogleWorkspace

    Admin->>Service: ensureProfile(email, type="staff", dept="security")
    Service->>Service: checkExists(email)

    alt Exists
        Service->>DB: update(types=["resident", "staff"], contexts.staff={...})
    else New
        Service->>DB: create({ email, types=["staff"], lifecycle="provisioned" })
        Service->>Google: syncProfile(user)
        Service-->>Admin: Success
    end

B. Dynamic Group Sync (Cron)

Ensuring Mailing Lists are accurate.

sequenceDiagram
    participant Cron
    participant Service as RegistryService
    participant Rules as DirectoryRules
    participant Google as GoogleWorkspace

    Cron->>Service: reconcileAllGroups()
    Service->>DB: getAllProfiles()
    loop Every Rule
        Service->>Rules: checkPredicate(profile)
        Rules-->>Service: true/false
    end
    Service->>Google: reconcileMembership("security@HOA.org", [emails...])

4. State Machines

Lifecycle State

stateDiagram-v2
    [*] --> Unverified
    Unverified --> IdentityVerified: Email Confirmed
    IdentityVerified --> Provisioned: Profile Created
    Provisioned --> Revoked: Ban
    Provisioned --> Expired: Contract End

5. Interface Definitions

RegistryService

  • ensureProfile(data): Promise<Profile>
  • getProfileByEmail(email): Promise<Profile>
  • reconcileAllGroups(): Promise<void>

6. Changelog

Date Author Description Reference
2026-01-24 Antigravity Initial creation Implementation Plan