Summary
Enforce global uniqueness of Henallux email addresses across DataDrop identities and deny verification when an already-used email is attempted on another Discord account, with staff notification and audit logging.
Problem
The specification defines the Henallux email as a real-world identity signal bound to a single person.
This means:
- the email must not be usable by multiple Discord accounts
- identity conflicts must be detected early
- staff must be notified when a duplicate-email verification attempt occurs
Without this, the global verification model can be bypassed or corrupted by duplicate identity binding.
Why This Matters
This rule protects:
- the integrity of global verification identity
- anti-account-sharing enforcement
- auditability of identity conflicts
- security of web and bot access gating
It is a foundational identity rule for multi-tenant DataDrop behavior.
Required Behavior
- A Henallux email already bound to one verified Discord user cannot be bound to another Discord user.
- If a duplicate email verification attempt occurs, verification must be denied.
- Staff must be notified with enough context to investigate.
- The conflict must be recorded in an audit trail.
- The special case where a student becomes a teacher and receives a new email remains valid, because that is a new email identity, not a duplicate binding.
Acceptance Criteria
- Duplicate email verification attempt from another Discord account is rejected.
- Existing verified binding remains unchanged.
- Staff notification is emitted with guild/user/email context.
- Conflict is written to audit trail with reason code.
- Regression tests prove same Discord user can continue normally with its own bound email while different Discord users cannot claim it.
Suggested Implementation Targets
- src/events/interactionCreate.ts
- src/services/PostgresDatabaseService.ts
- prisma/schema.prisma
Suggested Technical Direction
Introduce a global uniqueness constraint or equivalent conflict-check path around canonical verified email identity.
Conflict handling should distinguish:
- same Discord user reusing its own bound email
- different Discord user attempting to claim an already-bound email
Only the second case is denied and escalated.
Validation
- unit test: same email + same user is allowed according to expected flow
- unit test: same email + different user is rejected
- integration test: duplicate attempt emits staff notification
- integration test: duplicate attempt creates audit record
Traceability
- Spec: docs/specs/issue-93-specification.md
- Matrix rule: TRC-007
- Related docs:
- docs/specs/traceability-matrix.md
- docs/specs/issue-drafts.md
- docs/specs/state-machine.md
Related Issues
Summary
Enforce global uniqueness of Henallux email addresses across DataDrop identities and deny verification when an already-used email is attempted on another Discord account, with staff notification and audit logging.
Problem
The specification defines the Henallux email as a real-world identity signal bound to a single person.
This means:
Without this, the global verification model can be bypassed or corrupted by duplicate identity binding.
Why This Matters
This rule protects:
It is a foundational identity rule for multi-tenant DataDrop behavior.
Required Behavior
Acceptance Criteria
Suggested Implementation Targets
Suggested Technical Direction
Introduce a global uniqueness constraint or equivalent conflict-check path around canonical verified email identity.
Conflict handling should distinguish:
Only the second case is denied and escalated.
Validation
Traceability
Related Issues