Skip to content

Complete SOS emergency backend workflow#416

Open
LoopyB wants to merge 1 commit into
mainfrom
louisabest/feature/sos-emergency-completion
Open

Complete SOS emergency backend workflow#416
LoopyB wants to merge 1 commit into
mainfrom
louisabest/feature/sos-emergency-completion

Conversation

@LoopyB

@LoopyB LoopyB commented Jul 14, 2026

Copy link
Copy Markdown
Collaborator

Summary

Rebuilds the remaining SOS/emergency functionality from PR #409 against current main.

This preserves the existing emergency API while adding the Guard App-compatible /sos contract through shared service and route logic, rather than duplicating business rules.

Changes

  • Added an emergency service layer for:
    • ownership and RBAC scoping
    • validation
    • active SOS lookup
    • location updates
    • note handling
    • cancellation
    • duplicate-active checks
    • cooldown handling
    • controlled status transitions
  • Preserved the existing /api/v1/emergency endpoints
  • Added Guard App-compatible /api/v1/sos endpoints
  • Added shared route registration so both endpoint families use the same handlers and middleware
  • Expanded the Emergency model for:
    • shift linkage
    • escalation
    • cancellation
    • notes
    • location history
  • Removed the invalid notification write path
  • Added README documentation
  • Added focused controller and workflow tests

Endpoints

Existing emergency routes

  • POST /api/v1/emergency/sos
  • GET /api/v1/emergency/sos
  • PUT /api/v1/emergency/sos/:id
  • GET /api/v1/emergency/sos/active
  • GET /api/v1/emergency/sos/:id
  • POST /api/v1/emergency/sos/:id/location
  • POST /api/v1/emergency/sos/:id/note
  • POST /api/v1/emergency/sos/:id/cancel

Guard App-compatible routes

  • POST /api/v1/sos/trigger
  • GET /api/v1/sos/active
  • GET /api/v1/sos/:id
  • POST /api/v1/sos/:id/location
  • POST /api/v1/sos/:id/note
  • POST /api/v1/sos/:id/cancel

Security and workflow

  • Guards can access and update only their own SOS records
  • Employers can access only SOS records linked to shifts they created
  • Admin access is explicit
  • Static routes are registered before /:id
  • Invalid ObjectIds and malformed input return controlled errors
  • Terminal SOS records cannot be reactivated
  • Allowed transitions:
    • ACTIVE -> ESCALATED | RESOLVED | CANCELLED
    • ESCALATED -> RESOLVED | CANCELLED

Validation

  • Targeted ESLint passed
  • Emergency Jest suite passed
  • 18 tests passed
  • git diff --check passed
  • Both protected route families returned 401 during runtime smoke testing, confirming they are mounted and authenticated

Important limitations

  • The Guard App still has USE_MOCK_SOS = true; this PR does not enable live Guard App SOS behaviour
  • Employer visibility requires the SOS record to include a shiftId
  • No automatic calls, emergency dispatch, Firebase/APNs, or external escalation were added
  • The emergency contact value remains a contract-compatible placeholder

Scope

This is a focused backend recovery and contract-alignment PR.

Supersedes PR #409.

@LoopyB LoopyB mentioned this pull request Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant