approval

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 2, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrGrantNotFound          = errors.New("grant not found")
	ErrGrantNotActive         = errors.New("grant is not active")
	ErrGrantNotSuspended      = errors.New("grant is not suspended")
	ErrGrantRevoked           = errors.New("grant is permanently revoked")
	ErrInvalidGrantTransition = errors.New("invalid grant status transition")
)

Grant lifecycle errors.

View Source 
var (
	ErrSurfaceNotFound    = errors.New("surface not found")
	ErrApprovalForbidden  = errors.New("approval forbidden")
	ErrInvalidStatus      = errors.New("surface is not awaiting approval")
	ErrInvalidTransition  = errors.New("transition not permitted")
	ErrProfileNotFound    = errors.New("profile not found")
	ErrProfileNotInReview = errors.New("profile is not in review state")
	ErrProfileNotActive   = errors.New("profile is not in active state")
)

Functions

func CanApproveSurface 

func CanApproveSurface(policy Policy, submitter identity.Principal, approver identity.Principal, s *surface.DecisionSurface) bool

CanApproveSurface returns true if approver is allowed to approve the surface.

Types

type GrantRepository 

type GrantRepository interface {
	FindByID(ctx context.Context, id string) (*authority.AuthorityGrant, error)
	Update(ctx context.Context, g *authority.AuthorityGrant) error
}

GrantRepository is the subset of authority.GrantRepository required for grant lifecycle operations.

type GrantService 

type GrantService struct {
	// contains filtered or unexported fields
}

GrantService orchestrates grant lifecycle governance: suspend, revoke, reinstate.

If a controlaudit.Repository is provided (via NewGrantServiceFull), a control-plane audit record is appended after each successful lifecycle transition.

If an outbox.Repository is provided, a grant lifecycle outbox event is appended in the same call sequence as the repository Update. For transactional atomicity, the GrantRepository and the outbox.Repository must be bound to the same database transaction by the caller.

func NewGrantService 

func NewGrantService(repo GrantRepository) *GrantService

NewGrantService constructs a GrantService without outbox or audit emission.

func NewGrantServiceFull 

func NewGrantServiceFull(repo GrantRepository, outboxRepo outbox.Repository, controlAuditRepo controlaudit.Repository) *GrantService

NewGrantServiceFull constructs a GrantService with outbox event emission and control-plane audit recording. Either outboxRepo or controlAuditRepo may be nil; nil repositories are no-ops.

func (*GrantService) ReinstateGrant 

func (s *GrantService) ReinstateGrant(ctx context.Context, grantID, reinstatedBy string) (*authority.AuthorityGrant, error)

ReinstateGrant transitions a suspended grant back to active. Only suspended grants may be reinstated; revoked grants are permanent.

func (*GrantService) RevokeGrant 

func (s *GrantService) RevokeGrant(ctx context.Context, grantID, revokedBy, reason string) (*authority.AuthorityGrant, error)

RevokeGrant transitions an active or suspended grant to revoked. Revocation is permanent and cannot be undone.

func (*GrantService) SuspendGrant 

func (s *GrantService) SuspendGrant(ctx context.Context, grantID, suspendedBy, reason string) (*authority.AuthorityGrant, error)

SuspendGrant transitions an active grant to suspended.

type Policy 

type Policy struct {
	RequireDifferentApprover bool
}

Policy defines the standalone approval rules for governed artefacts.

func DefaultPolicy 

func DefaultPolicy() Policy

DefaultPolicy returns the MVP maker-checker policy.

type ProfileRepository 

type ProfileRepository interface {
	FindByIDAndVersion(ctx context.Context, id string, version int) (*authority.AuthorityProfile, error)
	Update(ctx context.Context, p *authority.AuthorityProfile) error
}

ProfileRepository is the minimal read/write interface required by profile lifecycle operations.

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service orchestrates surface lifecycle governance: approval and deprecation.

If an outbox.Repository is provided (via NewServiceWithOutbox), a surface.approved or surface.deprecated event is appended in the same call sequence as the repository Update. For transactional atomicity, the SurfaceRepository and the outbox.Repository must be bound to the same database transaction by the caller.

If a controlaudit.Repository is provided, a control-plane audit record is appended after each successful lifecycle transition.

func NewService 

func NewService(repo SurfaceRepository, policy Policy) *Service

NewService constructs a Service without outbox emission. Existing callers are unaffected; surface lifecycle transitions produce no outbox events.

func NewServiceWithAll 

func NewServiceWithAll(repo SurfaceRepository, policy Policy, outboxRepo outbox.Repository, controlAuditRepo controlaudit.Repository) *Service

NewServiceWithAll constructs a Service with outbox and control-plane audit repositories. Either may be nil; nil repositories are no-ops.

func NewServiceWithOutbox 

func NewServiceWithOutbox(repo SurfaceRepository, policy Policy, outboxRepo outbox.Repository) *Service

NewServiceWithOutbox constructs a Service that emits surface.approved and surface.deprecated outbox events via outboxRepo after each successful update. outboxRepo must be bound to the same transaction as repo for atomic delivery.

func NewServiceWithProfile 

func NewServiceWithProfile(repo SurfaceRepository, profileRepo ProfileRepository, policy Policy) *Service

NewServiceWithProfile constructs a Service with both surface and profile repositories. This is the constructor to use when profile lifecycle governance (approve/deprecate) is needed.

func NewServiceWithProfileAndOutbox 

func NewServiceWithProfileAndOutbox(repo SurfaceRepository, profileRepo ProfileRepository, policy Policy, outboxRepo outbox.Repository, controlAuditRepo controlaudit.Repository) *Service

NewServiceWithProfileAndOutbox constructs a fully-wired Service supporting surface and profile lifecycle governance with outbox event emission.

func (*Service) ApproveProfile 

func (s *Service) ApproveProfile(ctx context.Context, profileID string, version int, approvedBy string) (*authority.AuthorityProfile, error)

ApproveProfile promotes a profile from review to active.

Only profiles in review status may be approved. Profiles in any other status return ErrProfileNotInReview. The approver's identity is captured on the profile record.

func (*Service) ApproveSurface 

func (s *Service) ApproveSurface(ctx context.Context, surfaceID string, submitter identity.Principal, approver identity.Principal) (*surface.DecisionSurface, error)

ApproveSurface promotes a surface from review to active.

The caller supplies the submitter (who applied the surface) and the approver (who is authorising it). The approval policy determines whether the approver is permitted to approve the surface given those identities.

Only surfaces in review status may be approved. Surfaces in any other status return ErrInvalidStatus.

func (*Service) DeprecateProfile 

func (s *Service) DeprecateProfile(ctx context.Context, profileID string, version int, deprecatedBy string) (*authority.AuthorityProfile, error)

DeprecateProfile transitions an active profile to deprecated status.

Only profiles in active status may be deprecated. Profiles in any other status return ErrProfileNotActive.

func (*Service) DeprecateSurface 

func (s *Service) DeprecateSurface(ctx context.Context, surfaceID string, deprecatedBy string, reason string, successorID string) (*surface.DecisionSurface, error)

DeprecateSurface transitions a surface from active to deprecated.

The caller supplies the deprecatedBy actor (who is initiating the deprecation), a reason for deprecation, and an optional successor surface ID.

Only surfaces in active status may be deprecated.

type SurfaceRepository 

type SurfaceRepository interface {
	FindLatestByID(ctx context.Context, id string) (*surface.DecisionSurface, error)
	Update(ctx context.Context, s *surface.DecisionSurface) error
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.