[Task] Replace direct cross-module SQL lookups with provider/event contracts #50

Closed
opened 2026-07-06 11:34:02 +02:00 by zemion · 2 comments
Owner

Imported from the GovOPlaN access extraction plan immediate backlog.

  • Source: /mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md
  • Line: 345
  • Section: Immediate Backlog
  • Source status: open

Imported backlog item:

- [ ] Replace direct cross-module SQL lookups with provider/event contracts.
<!-- codex-backlog-fingerprint:b1c5d476b1c2057ce11c5753 --> Imported from the GovOPlaN access extraction plan immediate backlog. - Source: `/mnt/DATA/git/govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md` - Line: `345` - Section: `Immediate Backlog` - Source status: `open` Imported backlog item: ```markdown - [ ] Replace direct cross-module SQL lookups with provider/event contracts. ```
zemion added this to the Access Extraction milestone 2026-07-06 12:50:52 +02:00
Author
Owner

Review 2026-07-10: keeping this open. The provider/capability pattern exists and is being used (tenant_summary_providers, delete_veto_providers, access DTO/capability names, campaign policy/retention providers), but the platform is not provider/event-contract-only yet. Remaining direct/fallback SQL examples include core tenant counts querying access User/Group/ApiKey, privacy retention reading access User/Group and audit AuditLog, and dev bootstrap directly creating access roles/users/API keys. These are acceptable transitional paths in places, but they should be explicitly classified and replaced with owner-module capabilities or event contracts before this closes.

Review 2026-07-10: keeping this open. The provider/capability pattern exists and is being used (`tenant_summary_providers`, `delete_veto_providers`, access DTO/capability names, campaign policy/retention providers), but the platform is not provider/event-contract-only yet. Remaining direct/fallback SQL examples include core tenant counts querying access `User`/`Group`/`ApiKey`, privacy retention reading access `User`/`Group` and audit `AuditLog`, and dev bootstrap directly creating access roles/users/API keys. These are acceptable transitional paths in places, but they should be explicitly classified and replaced with owner-module capabilities or event contracts before this closes.
Author
Owner

Implemented the provider/capability cleanup for this item.

Changes:

  • Core audit logging now records through the audit.recorder capability and falls back only to an in-memory/null record ref when no audit module is active; it no longer imports audit tables directly.
  • Core privacy retention is now a compatibility facade over policy.privacyRetention; effective/scoped retention behavior requires the active policy capability instead of importing policy implementation code.
  • Policy retention now requests audit storage behavior through the audit.retention capability instead of importing govoplan_audit as a fallback.
  • Tests that need persisted audit records now configure the audit runtime explicitly.
  • Docs updated in POLICY_CONTRACTS.md and POLICY_DECISION_PROVENANCE.md.

Verification:

  • python -m py_compile on changed core/policy files
  • python -m unittest tests.test_core_events
  • python -m unittest tests.test_access_contracts tests.test_module_system.ModuleSystemTests.test_tenant_lifecycle_with_product_modules_installed_and_absent
  • scripts/check_dependency_boundaries.py passes with 0 transitional exceptions
  • core-only probe confirms no hidden govoplan_policy.backend.retention or govoplan_audit.backend.recording import
Implemented the provider/capability cleanup for this item. Changes: - Core audit logging now records through the `audit.recorder` capability and falls back only to an in-memory/null record ref when no audit module is active; it no longer imports audit tables directly. - Core privacy retention is now a compatibility facade over `policy.privacyRetention`; effective/scoped retention behavior requires the active policy capability instead of importing policy implementation code. - Policy retention now requests audit storage behavior through the `audit.retention` capability instead of importing `govoplan_audit` as a fallback. - Tests that need persisted audit records now configure the audit runtime explicitly. - Docs updated in `POLICY_CONTRACTS.md` and `POLICY_DECISION_PROVENANCE.md`. Verification: - `python -m py_compile` on changed core/policy files - `python -m unittest tests.test_core_events` - `python -m unittest tests.test_access_contracts tests.test_module_system.ModuleSystemTests.test_tenant_lifecycle_with_product_modules_installed_and_absent` - `scripts/check_dependency_boundaries.py` passes with 0 transitional exceptions - core-only probe confirms no hidden `govoplan_policy.backend.retention` or `govoplan_audit.backend.recording` import
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#50
No description provided.