# Domain Breakdown *Updated: 2026-04-05* The Angels platform decomposes into 7 bounded domains. Each domain owns its data, API surface, and business rules. Domains communicate through well-defined contracts. --- ## Domain Map ``` ┌─────────────────────────────────────────────────────────────┐ │ ANGELS PLATFORM │ ├──────────┬──────────┬──────────┬──────────┬────────────────┤ │ Identity │ Wellbeing│ Safety │ Circle │ Consent │ │ │ │ │ │ │ │ Auth │ Check-ins│ Plans │ Angels │ Sharing rules │ │ Personas │ Journals │ Crisis │ Invites │ Privacy guards │ │ Profiles │ Streaks │ Recovery │ Nudges │ Coercion det. │ │ Settings │ Trends │ │ │ │ ├──────────┴──────────┴──────────┴──────────┴────────────────┤ │ Insights (cross-domain reads) │ ├────────────────────────────────────────────────────────────┤ │ Notifications (cross-domain events) │ └────────────────────────────────────────────────────────────┘ ``` --- ## 1. Identity **Owns:** Users, personas, profiles, authentication, settings. **Core entities:** - `User` — account with email, auth method, created_at - `PersonaProfile` — one per user, type: survivor | guardian | recoverer | connector - `Settings` — notification prefs, quiet hours, data export config **Key rules:** - A user has exactly one persona (chosen during onboarding, changeable later) - Persona determines which onboarding flow runs - Settings are private to the user, never shared **Journeys served:** persona-selection, all onboarding flows, settings --- ## 2. Wellbeing **Owns:** Check-ins, mood data, journal entries, streaks, trends. **Core entities:** - `CheckIn` — mood (great|good|mixed|struggling), timestamp, optional journal - `JournalEntry` — freetext tied to a check-in, always private unless explicitly shared - `Streak` — current consecutive days, longest streak, last check-in date - `MoodTrend` — computed 7/30-day aggregates **Key rules:** - One check-in per day (re-check-in overwrites, doesn't duplicate) - Journal entries are NEVER shared by default — require explicit consent per-angel - Streaks reset after 48 hours without check-in (not 24 — timezone grace) - Mood trend computation is read-only derived data **Journeys served:** daily-checkin, home-navigation (check-in state, nudge) --- ## 3. Safety **Owns:** Safety plans, crisis events, post-crisis recovery. **Core entities:** - `SafetyPlan` — triggers[], copingStrategies[], emergencyContacts[], versioned - `CrisisEvent` — activated_at, resolved_at, type, false_alarm flag - `RecoveryCheckpoint` — day 1/3/7/14 post-crisis check-in with notes **Key rules:** - Safety plan is versioned — edits create new versions, old versions preserved - Crisis activation sends alerts to ALL connected angels (no consent check — crisis overrides consent) - Post-crisis recovery is a scheduled sequence (system events at day 1, 3, 7, 14) - Emotional readiness check gates trigger editing (REQ-001) **Journeys served:** safety-plan, crisis-flow, survivor-onboarding (initial plan creation) --- ## 4. Circle **Owns:** Angel connections, invitations, relationship management. **Core entities:** - `Circle` — a user's set of angel connections - `AngelConnection` — link between a user and an angel, with role and status - `Invitation` — pending/accepted/declined/deferred, with invite link and metadata - `Nudge` — system-generated prompt to check on someone **Key rules:** - Free tier: 1 angel connection max. Premium: unlimited. - Invitations expire after 30 days - Angels can set boundaries (notification level, quiet hours, health metrics visibility) - Nudges are suggestions, never obligations — language is "thinking of you", not "check on them" **Journeys served:** angel-invitation, guardian-onboarding, survivor-onboarding (invite step), home-navigation (nudge) --- ## 5. Consent **Owns:** Sharing rules, privacy safeguards, coercion detection. **Core entities:** - `ConsentRule` — metric + person + visibility level (hidden|summary|detailed) - `SharingProfile` — aggregated view of what each angel can see - `CoercionFlag` — system-detected pattern suggesting user is being pressured - `QuietExit` — record that user exited a sensitive flow without completing it **Key rules:** - Default sharing: NOTHING shared. Users opt IN, never opt OUT. - Consent can be withdrawn at any time, with immediate effect - Coercion detection triggers if: (a) consent rules change rapidly, (b) all metrics set to "detailed" for one person, (c) consent changed immediately after an angel message - Quiet exit is always available — no confirmation dialogs when leaving consent flows **Journeys served:** consent-wizard, privacy-response --- ## 6. Insights **Owns:** Cross-domain read models, pattern detection, trend visualisation. **Core entities:** - `MoodPattern` — detected trend (improving, declining, stable, volatile) - `CorrelationInsight` — relationship between mood and external factors (e.g., "mood dips on Mondays") - `StreakInsight` — contextual reflection based on streak data + mood history - `CareProviderView` — aggregated, anonymised data for therapist dashboard **Key rules:** - Read-only domain — never writes to other domains' data - Insights are generated, not entered — user sees them but can't edit them - Care provider views are opt-in and require explicit user consent per provider - All insights are computed from wellbeing + safety domain data **Journeys served:** home-navigation (insights tab), REQ-003 (streak context) --- ## 7. Notifications **Owns:** Push notifications, SMS alerts, in-app nudges, email digests. **Core entities:** - `NotificationPreference` — per-user channel + type configuration - `PendingNotification` — queued notification with delivery status - `CrisisAlert` — priority notification to angels (bypasses quiet hours) - `CheckInReminder` — daily reminder at user's preferred time **Key rules:** - Crisis alerts ALWAYS deliver (bypass quiet hours, bypass do-not-disturb) - Check-in reminders respect quiet hours and can be snoozed - Nudges are never repeated within 48 hours - SMS is only used for crisis alerts (cost control) **Journeys served:** all journeys (cross-cutting) --- ## Domain Dependencies ``` Identity ──────── required by ALL domains (auth, user context) Wellbeing ─────── reads from Identity (user profile) Safety ─────────── reads from Identity, Circle (angel list for alerts) Circle ─────────── reads from Identity (user profiles) Consent ─────────── reads from Identity, Circle (who to share with) Insights ────────── reads from Wellbeing, Safety (aggregation) Notifications ──── reads from ALL (event-driven delivery) ``` **No circular dependencies.** Identity is the root. Insights and Notifications are leaf domains that only read from others.