[Task] Access extraction Stage 6: Decouple Feature Modules #46

Closed
opened 2026-07-06 11:33:34 +02:00 by zemion · 2 comments
Owner

Imported from the GovOPlaN access extraction plan.

  • Source: /mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md
  • Line: 290
  • Section: Stage 6: Decouple Feature Modules

Plan excerpt:

### Stage 6: Decouple Feature Modules

Remove direct ORM/model imports from files, mail, and campaign.

Tasks:

- Replace `Group`, `Tenant`, `User`, and `UserGroupMembership` imports with
  directory/capability lookups.
- Replace direct cross-module cleanup/count queries with registered providers,
  events, or module-owned API contracts.
- Replace mail-profile ownership resolution with stable owner references.
- Replace campaign/file access checks with resource ACL provider contracts.

Acceptance criteria:

- `govoplan-files`, `govoplan-mail`, and `govoplan-campaign` do not import
  access implementation modules or sibling feature modules.
- Dependency-boundary allowlist shrinks after every replacement.

<!-- codex-backlog-fingerprint:b848c847008a8df7c732941b --> Imported from the GovOPlaN access extraction plan. - Source: `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md` - Line: `290` - Section: `Stage 6: Decouple Feature Modules` Plan excerpt: ```markdown ### Stage 6: Decouple Feature Modules Remove direct ORM/model imports from files, mail, and campaign. Tasks: - Replace `Group`, `Tenant`, `User`, and `UserGroupMembership` imports with directory/capability lookups. - Replace direct cross-module cleanup/count queries with registered providers, events, or module-owned API contracts. - Replace mail-profile ownership resolution with stable owner references. - Replace campaign/file access checks with resource ACL provider contracts. Acceptance criteria: - `govoplan-files`, `govoplan-mail`, and `govoplan-campaign` do not import access implementation modules or sibling feature modules. - Dependency-boundary allowlist shrinks after every replacement. ```
zemion added this to the Access Extraction milestone 2026-07-06 12:52:06 +02:00
Author
Owner

Codex status: progress note.

Do not close yet. The dependency-boundary checker currently passes with an empty transitional allowlist, and feature modules no longer import access ORM/model classes directly. However, campaign/mail/files routers still import govoplan_access.backend.auth.dependencies for ApiPrincipal and FastAPI scope dependencies. That is documented as the current published dependency API, but it is still not the final fully core-mediated shape requested for independent module boundaries.

Known remaining work:

  • introduce a stable kernel or public access API package for request principal dependencies, or otherwise formalize govoplan_access.backend.auth.dependencies as a public contract;
  • remove or explicitly bless remaining direct feature-module imports of access backend dependency paths;
  • keep files-specific cleanup out of the current quick-win batch per current scope.

Verification run while auditing this:

  • ./.venv/bin/python scripts/check_dependency_boundaries.py -> passed, 0 transitional exceptions
  • source scan found govoplan_access.backend.auth.dependencies imports in campaign/mail/files routers
Codex status: progress note. Do not close yet. The dependency-boundary checker currently passes with an empty transitional allowlist, and feature modules no longer import access ORM/model classes directly. However, campaign/mail/files routers still import `govoplan_access.backend.auth.dependencies` for `ApiPrincipal` and FastAPI scope dependencies. That is documented as the current published dependency API, but it is still not the final fully core-mediated shape requested for independent module boundaries. Known remaining work: - introduce a stable kernel or public access API package for request principal dependencies, or otherwise formalize `govoplan_access.backend.auth.dependencies` as a public contract; - remove or explicitly bless remaining direct feature-module imports of access backend dependency paths; - keep files-specific cleanup out of the current quick-win batch per current scope. Verification run while auditing this: - `./.venv/bin/python scripts/check_dependency_boundaries.py` -> passed, 0 transitional exceptions - source scan found `govoplan_access.backend.auth.dependencies` imports in campaign/mail/files routers
Author
Owner

Codex status: done.

Completed work:

  • Added the public access-owned request dependency API at govoplan_access.auth.
  • Moved feature routers in govoplan-files, govoplan-mail, and govoplan-campaign from the backend access dependency path to govoplan_access.auth.
  • Also moved platform routers in govoplan-admin, govoplan-tenancy, govoplan-policy, and govoplan-audit to the same public API so the rule is uniform.
  • Updated scripts/check_dependency_boundaries.py so govoplan_access.auth is the only allowed access import for external modules; backend access internals are rejected and the transitional allowlist remains empty.
  • Updated access extraction/module architecture docs to describe the public API and completed stage-6 cleanup.

Verification:

  • ./.venv/bin/python scripts/check_dependency_boundaries.py -> passed, 0 transitional exceptions
  • scan for govoplan_access.backend.auth.dependencies outside access internals -> no matches in core/admin/tenancy/policy/audit/files/mail/campaign source
  • ./.venv/bin/python -m compileall -q src/govoplan_core ../govoplan-access/src/govoplan_access ../govoplan-admin/src/govoplan_admin ../govoplan-tenancy/src/govoplan_tenancy ../govoplan-policy/src/govoplan_policy ../govoplan-audit/src/govoplan_audit ../govoplan-files/src/govoplan_files ../govoplan-mail/src/govoplan_mail ../govoplan-campaign/src/govoplan_campaign -> passed
  • ./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system -> 66 tests OK
  • fresh SQLite govoplan_core.devserver --smoke --no-reload with full product modules -> smoke check OK

Closing because feature modules no longer import access implementation internals or sibling feature modules, and the boundary checker enforces that state.

Codex status: done. Completed work: - Added the public access-owned request dependency API at `govoplan_access.auth`. - Moved feature routers in `govoplan-files`, `govoplan-mail`, and `govoplan-campaign` from the backend access dependency path to `govoplan_access.auth`. - Also moved platform routers in `govoplan-admin`, `govoplan-tenancy`, `govoplan-policy`, and `govoplan-audit` to the same public API so the rule is uniform. - Updated `scripts/check_dependency_boundaries.py` so `govoplan_access.auth` is the only allowed access import for external modules; backend access internals are rejected and the transitional allowlist remains empty. - Updated access extraction/module architecture docs to describe the public API and completed stage-6 cleanup. Verification: - `./.venv/bin/python scripts/check_dependency_boundaries.py` -> passed, 0 transitional exceptions - scan for `govoplan_access.backend.auth.dependencies` outside access internals -> no matches in core/admin/tenancy/policy/audit/files/mail/campaign source - `./.venv/bin/python -m compileall -q src/govoplan_core ../govoplan-access/src/govoplan_access ../govoplan-admin/src/govoplan_admin ../govoplan-tenancy/src/govoplan_tenancy ../govoplan-policy/src/govoplan_policy ../govoplan-audit/src/govoplan_audit ../govoplan-files/src/govoplan_files ../govoplan-mail/src/govoplan_mail ../govoplan-campaign/src/govoplan_campaign` -> passed - `./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system` -> 66 tests OK - fresh SQLite `govoplan_core.devserver --smoke --no-reload` with full product modules -> smoke check OK Closing because feature modules no longer import access implementation internals or sibling feature modules, and the boundary checker enforces that state.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#46
No description provided.