[Task] Wave 0 access principal context for admin, policy, and audit surfaces #8

Closed
opened 2026-07-08 20:42:30 +02:00 by zemion · 1 comment
Owner

Goal

Provide the access-owned principal, permission, group, and tenant context needed by Wave 0 admin, policy, and audit views without leaking access internals into other modules.

Scope

  • Keep public access DTOs/helpers stable for user/account labels, tenant membership, group membership, and permission checks.
  • Ensure admin/policy/audit modules can resolve actor and scope display data through access-owned APIs or core capabilities.
  • Document which request-principal and label-resolution interfaces are public.
  • Add focused tests for public access contracts where the boundary is used by other Wave 0 modules.

Acceptance Criteria

  • Other modules do not need to import govoplan_access.backend.* internals for actor/scope display.
  • Audit and admin surfaces can show useful principal context for operator actions.
  • Permission-dependent UI can distinguish missing permission from missing module/capability.
  • Public access APIs remain usable with partial module deployments.
  • Wave 0 platform hardening.
  • Admin preflight/audit visibility, policy decision display, and audit trace context issues.
## Goal Provide the access-owned principal, permission, group, and tenant context needed by Wave 0 admin, policy, and audit views without leaking access internals into other modules. ## Scope - Keep public access DTOs/helpers stable for user/account labels, tenant membership, group membership, and permission checks. - Ensure admin/policy/audit modules can resolve actor and scope display data through access-owned APIs or core capabilities. - Document which request-principal and label-resolution interfaces are public. - Add focused tests for public access contracts where the boundary is used by other Wave 0 modules. ## Acceptance Criteria - Other modules do not need to import `govoplan_access.backend.*` internals for actor/scope display. - Audit and admin surfaces can show useful principal context for operator actions. - Permission-dependent UI can distinguish missing permission from missing module/capability. - Public access APIs remain usable with partial module deployments. ## Related - Wave 0 platform hardening. - Admin preflight/audit visibility, policy decision display, and audit trace context issues.
Author
Owner

Implemented and verified.

  • PrincipalRef is the stable principal DTO with serialization/deserialization and public capability contracts in core.
  • Auth responses expose principal; modules can use govoplan_access.auth or core access DTOs without importing govoplan_access.backend.* internals.
  • govoplan-access/README.md and docs/ACCESS_MODULE_BOUNDARY.md document the public principal context boundary.
  • Focused checks: tests/test_access_contracts.py passed.
Implemented and verified. - `PrincipalRef` is the stable principal DTO with serialization/deserialization and public capability contracts in core. - Auth responses expose `principal`; modules can use `govoplan_access.auth` or core access DTOs without importing `govoplan_access.backend.*` internals. - `govoplan-access/README.md` and `docs/ACCESS_MODULE_BOUNDARY.md` document the public principal context boundary. - Focused checks: `tests/test_access_contracts.py` passed.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-access#8
No description provided.