Traceability Matrix: Desktop Electron EHR
Version: 1.2
Date: 2026-04-13
Maps requirements in SPEC.md and TECHNICAL_REQUIREMENTS.md to verification artifacts; extends to REQ-DESK-* (EHEALTH_DESKTOP_PLATFORM_REQUIREMENTS.md) and DESK-US-* backlog stories (backlog/UNIFIED_USER_STORIES.md). Update this file when features ship.
| Requirement ID | Summary | Verification |
|---|---|---|
| FR-DSK-001 | Offline-capable local UX | E2E: offline mode navigation + local persistence |
| FR-DSK-002 | Stable mutation ids | Unit: outbox generates UUID/ULID once per user action |
| FR-DSK-003 | Sync on reconnect with backoff | Integration: mock 429/401; assert backoff and no infinite 401 retry |
| FR-DSK-004 | Conflict surfacing | Integration: mock 409; UI test conflict path |
| FR-DSK-005 | Connectivity + sync status UI | E2E: indicator states |
| FR-DSK-006 | Online-only degradation | Manual/E2E: disabled state + copy for representative flows |
| FR-DSK-007 | Licensing gates | Integration: 403 MODULE_NOT_LICENSED handling |
| FR-DSK-008 | Message catalogs + locale fallback | Unit: loader; integration: config-resolver snapshot |
| FR-DSK-009 | LTR/RTL layout | E2E: dir + nav mirror; visual baseline optional |
| FR-DSK-010 | Mixed-direction identifiers | Component/E2E: MRN/code in RTL shell |
| FR-DSK-011 | Locale preference persistence | Unit: settings store; integration: login restore |
| FR-DSK-012 | Cloud AI via Kong/orchestrator | Integration: mock Kong AI route; no secrets in bundle lint |
| FR-DSK-013 | AI offline degradation | E2E: offline → feature disabled or local-only path per flag |
| FR-DSK-014 | On-device AI policy | Security review + IPC contract tests when enabled |
| FR-DSK-015 | Scheduling rich UI parity | Visual/ E2E: calendar + RTL axis; module contract tests |
| FR-DSK-016 | Desktop notifications | E2E/manual: OS notification permission path + in-app fallback |
| NFR-DSK-001 | Encryption at rest | Security review + unit test of DB open with key |
| NFR-DSK-002 | No secrets in renderer | Static check + code review of preload surface |
| NFR-DSK-003 | Minimal PHI in logs | Log review checklist |
| NFR-DSK-004 | Automated tests | CI: unit + integration + E2E jobs |
| NFR-DSK-005 | Signed updates | Release pipeline test (where applicable) |
| NFR-DSK-006 | Locale formatting + RTL E2E | E2E: TR-DSK-063; date/number format checks |
| TR-DSK-001–004 | Electron security model | Audit: webPreferences, CSP, contextIsolation |
| TR-DSK-010–013 | SQLite + tenant isolation | Unit: query scoping tests |
| TR-DSK-020–022 | Outbox semantics | Unit + integration vs mock Kong |
| TR-DSK-030–035 | Kong HTTP behavior | Integration: headers on sample POST |
| TR-DSK-040–042 | Auth storage | Manual + automated token vault tests |
| TR-DSK-050–051 | Update security | Pipeline docs + verify signature step |
| TR-DSK-060–063 | Test obligations | CI coverage; TR-DSK-063 RTL E2E |
| TR-DSK-070–076 | Localization + direction | Unit + E2E per TR-DSK-075/076 |
| TR-DSK-080–083 | AI integration | Integration: orchestrator + local IPC mocks; policy flag tests |
Platform cross-reference
Desktop requirements inherit offline platform IDs (FR-OFF / NFR-OFF / TR-OFF) from offline-first/SPEC.md and offline-first/TECHNICAL_REQUIREMENTS.md. AI features additionally trace to AI_PLATFORM.md and FR-AI / FR-NFR-015..018 in EHR_FUNCTIONAL_REQUIREMENTS.md where applicable. When implementing, trace dual IDs in PR descriptions where relevant.
REQ-DESK (EHEALTH) → backlog story → verification
Full REQ → Epic → Story mapping: backlog/LINKAGE.md. Jira ADF descriptions: backlog/adf/.
| REQ-DESK ID | Summary | Primary Story | Verification |
|---|---|---|---|
| FR-001 | Tenant isolation in local store | DESK-US-010 | Unit: SQLite queries scoped by tenantId |
| FR-002 | Offline writes + idempotency | DESK-US-011 | Unit: outbox idempotency; integration: replay |
| FR-003 | Online-only degradation UX | DESK-US-017 | E2E: disabled flows offline |
| FR-004 | Server permissions authoritative | DESK-US-004, US-005 | Integration: 403 from API |
| FR-005 | Licensing / feature flags | DESK-US-004, US-009 | Integration: unlicensed module hidden |
| FR-006 | Audit correlation | DESK-US-015 | Integration: correlation header present |
| FR-007–009 | Modular shell, site profile, no unlicensed sync | DESK-US-004–009 | E2E: nav + scheduler registration |
| FR-010–015 | EHR intake, notes, orders, problems, vitals, scheduling | DESK-US-018–023 | E2E + module contract tests |
| FR-020–021 | Radiology summary + virtual visit embed | DESK-US-042–049, US-026 | Security: allowlist; E2E embed |
| FR-030–032 | Messaging, notifications, virtual care | DESK-US-024–026 | E2E: notification + offline labels |
| FR-040–042 | Care plans, med mgmt, e-prescribing | DESK-US-027 | Integration: eRx online gate |
| FR-050–051 | Documents + OCR | DESK-US-050–052 | Integration: OCR IPC + confirm dialog |
| FR-062 | Billing online submit + drafts | DESK-US-053–054 | Integration: idempotent billing replay |
| FR-070–072 | Pop health, reporting, admin | DESK-US-055–058 | E2E: admin blocked offline mutations |
| FR-080–083 | AI cloud, ONNX, search, suggestions | DESK-US-059–062 | Integration: Kong AI; IPC tests |
| FR-090–098 | Capability map, nav, lazy load, tenant switch, telemetry | DESK-US-003–008 | E2E: entitlement refresh |
| FR-100–107 | Laboratory LIS desktop | DESK-US-028–034 | Integration: LIS APIs; role UI tests |
| FR-110–117 | Pharmacy desktop | DESK-US-035–041 | Integration: pharmacy + 403 SoD |
| FR-120–127 | Imaging / radiology desktop | DESK-US-042–049 | E2E: viewer allowlist; draft report |
| REQ-DESK ID | Summary | Primary Story | Verification |
|---|---|---|---|
| NFR-001–003 | Perf: virtualize, SQLite workers, sync UI | DESK-US-012–014, US-063–064 | Perf/unit tests |
| NFR-010–013 | Encryption, secrets, CSP, logs | DESK-US-002, US-016 | Security review + static analysis |
| NFR-020 | Local audit reconciliation | TBD | When device audit API defined |
| NFR-030–031 | Cross-platform CI, proxy | DESK-US-068 | CI matrix; doc review |
| NFR-040–041 | A11y, density | DESK-US-065 | E2E RTL; axe optional |
| NFR-050–051 | Crash opt-in, feature kill-switch | DESK-US-066 | Config + payload inspection |
| NFR-052 | Lazy bundles + entitlement refresh | DESK-US-067 | Bundle analysis; E2E |
| NFR-060–063 | Sync ordering, cursors, batching, conflicts | DESK-US-011–013 | Integration: conflict + cursor tests |
| INT-001,005,007–008 | Kong, sync endpoints, FHIR, entitlements | DESK-US-011, US-003 | Integration: headers + bootstrap |
DESK-US-* (backlog) verification focus
| Story ID | Epic | Verification focus |
|---|---|---|
| DESK-US-001–009 | DESK-EPIC-01 | Auth integration; IPC audit; E2E shell + entitlements |
| DESK-US-010–017 | DESK-EPIC-02 | Unit + integration outbox/sync; E2E offline |
| DESK-US-018–027 | DESK-EPIC-03 | E2E clinical flows; module API mocks |
| DESK-US-028–034 | DESK-EPIC-04 | LIS integration tests; role-gated UI |
| DESK-US-035–041 | DESK-EPIC-05 | Pharmacy integration; SoD 403 |
| DESK-US-042–049 | DESK-EPIC-06 | Viewer allowlist security; reporting states |
| DESK-US-050–052 | DESK-EPIC-07 | File IPC; OCR orchestrator mock |
| DESK-US-053–054 | DESK-EPIC-08 | Billing idempotency integration |
| DESK-US-055–058 | DESK-EPIC-09 | Report export E2E; admin guards |
| DESK-US-059–062 | DESK-EPIC-10 | AI route lint + IPC tests |
| DESK-US-063–068 | DESK-EPIC-11 | Perf/a11y E2E; CI smoke |
Per-story status: backlog/IMPLEMENTATION_STATUS.md.