Move platform admin services and models into owning modules #63

Closed
opened 2026-07-06 13:45:00 +02:00 by zemion · 16 comments
Owner

Scope

Follow-up after the route-handler split. Route handlers now live in access, admin, tenancy, policy, and audit module routers; the remaining debt is that several service helpers, schemas kept for compatibility, and persistence models still live in the access/core compatibility layer.

Acceptance criteria

  • Tenancy service/model ownership is moved behind tenancy-owned APIs or explicit core/access contracts.
  • Policy service/model ownership is moved behind policy-owned APIs or explicit core contracts.
  • Audit service/model ownership is moved behind audit-owned APIs or explicit core contracts.
  • Access keeps only identity, auth, RBAC, account, group, role, API-key, and access-governance ownership.
  • Compatibility wrappers remain where needed but are clearly marked and no longer own implementation.
  • Dependency-boundary allowlist shrinks where contracts replace direct imports.

Out of scope

No table/data migration should be bundled blindly; persistence moves need explicit Alembic planning.

## Scope Follow-up after the route-handler split. Route handlers now live in access, admin, tenancy, policy, and audit module routers; the remaining debt is that several service helpers, schemas kept for compatibility, and persistence models still live in the access/core compatibility layer. ## Acceptance criteria - Tenancy service/model ownership is moved behind tenancy-owned APIs or explicit core/access contracts. - Policy service/model ownership is moved behind policy-owned APIs or explicit core contracts. - Audit service/model ownership is moved behind audit-owned APIs or explicit core contracts. - Access keeps only identity, auth, RBAC, account, group, role, API-key, and access-governance ownership. - Compatibility wrappers remain where needed but are clearly marked and no longer own implementation. - Dependency-boundary allowlist shrinks where contracts replace direct imports. ## Out of scope No table/data migration should be bundled blindly; persistence moves need explicit Alembic planning.
Author
Owner

Codex State: progress

Summary

  • Moved shared settings, tenant governance, slug/error, and tenant count helpers out of access internals.
  • Registered live access.directory and tenancy.tenantResolver capabilities backed by current compatibility tables.
  • Tracked remaining tenancy-to-access default-role seeding as an explicit transitional boundary exception.

Changed Files

  • src/govoplan_core/admin/common.py
  • src/govoplan_core/admin/settings.py
  • src/govoplan_core/tenancy/service.py
  • src/govoplan_core/core/runtime.py
  • src/govoplan_access/backend/directory.py
  • src/govoplan_tenancy/backend/capabilities.py
  • scripts/check_dependency_boundaries.py
  • docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • ./scripts/check-focused.sh: passed
  • python -m unittest tests.test_module_system tests.test_access_contracts: passed

Next / Blocked

  • Replace tenancy-to-access role seeding with a tenant-created lifecycle/event contract.
  • Move feature modules from direct User/Group/Tenant ORM imports to access.directory/tenancy.tenantResolver or resource ACL contracts.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Moved shared settings, tenant governance, slug/error, and tenant count helpers out of access internals. - Registered live access.directory and tenancy.tenantResolver capabilities backed by current compatibility tables. - Tracked remaining tenancy-to-access default-role seeding as an explicit transitional boundary exception. ### Changed Files - `src/govoplan_core/admin/common.py` - `src/govoplan_core/admin/settings.py` - `src/govoplan_core/tenancy/service.py` - `src/govoplan_core/core/runtime.py` - `src/govoplan_access/backend/directory.py` - `src/govoplan_tenancy/backend/capabilities.py` - `scripts/check_dependency_boundaries.py` - `docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `./scripts/check-focused.sh: passed` - `python -m unittest tests.test_module_system tests.test_access_contracts: passed` ### Next / Blocked - Replace tenancy-to-access role seeding with a tenant-created lifecycle/event contract. - Move feature modules from direct User/Group/Tenant ORM imports to access.directory/tenancy.tenantResolver or resource ACL contracts. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Replaced govoplan-files direct User/Group/Tenant compatibility-model imports with access.directory capability lookups for file spaces, group access, and share target validation.
  • Extended access.directory with groups_for_tenant and tightened the boundary checker to track remaining feature-module core model imports.

Changed Files

  • src/govoplan_core/core/access.py
  • src/govoplan_access/backend/directory.py
  • src/govoplan_files/backend/storage/access.py
  • src/govoplan_files/backend/storage/files.py
  • src/govoplan_files/backend/router.py
  • scripts/check_dependency_boundaries.py
  • docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • ./scripts/check-focused.sh: passed

Next / Blocked

  • Replace govoplan-mail mail-profile policy direct User/Group/Tenant imports.
  • Replace or isolate govoplan-campaign ORM relationship imports during the model/migration split.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Replaced govoplan-files direct User/Group/Tenant compatibility-model imports with access.directory capability lookups for file spaces, group access, and share target validation. - Extended access.directory with groups_for_tenant and tightened the boundary checker to track remaining feature-module core model imports. ### Changed Files - `src/govoplan_core/core/access.py` - `src/govoplan_access/backend/directory.py` - `src/govoplan_files/backend/storage/access.py` - `src/govoplan_files/backend/storage/files.py` - `src/govoplan_files/backend/router.py` - `scripts/check_dependency_boundaries.py` - `docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `./scripts/check-focused.sh: passed` ### Next / Blocked - Replace govoplan-mail mail-profile policy direct User/Group/Tenant imports. - Replace or isolate govoplan-campaign ORM relationship imports during the model/migration split. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Completed the remaining module-boundary split pass for feature modules: files, mail, and campaign no longer statically import sibling feature packages.
  • Added kernel campaign contracts for campaigns.access and campaigns.mailPolicyContext; campaign registers concrete providers, files/mail consume them through the registry.
  • Moved mail profile policy storage for system/tenant/user/group scopes into a mail-owned table with legacy-read fallback and module migration.
  • Replaced tenancy default-role seeding with access.tenantProvisioner so tenancy no longer imports access service internals.

Changed Files

  • govoplan_core/core/campaigns.py
  • govoplan_core/core/access.py
  • govoplan_files/backend/router.py
  • govoplan_files/backend/storage/files.py
  • govoplan_mail/backend/mail_profiles.py
  • govoplan_mail/backend/db/models.py
  • govoplan_campaign/backend/capabilities.py
  • govoplan_campaign/backend/router.py
  • docs/MODULE_ARCHITECTURE.md
  • docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • python -m compileall core/access/admin/tenancy/policy/audit/files/mail/campaign source trees: passed
  • scripts/check_dependency_boundaries.py: passed (8 transitional exceptions tracked)
  • python -m unittest tests.test_access_contracts tests.test_module_system: passed
  • selected tests.test_api_smoke tests: passed
  • empty SQLite migrate_database with full modules: passed, heads 2c3d4e5f7081 and 3d4e5f708192
  • scripts/check-focused.sh: passed, including WebUI module permutation builds and mail/campaign UI focused tests

Next / Blocked

  • Remaining split debt is now mostly core compatibility: celery task registration, retention cleanup, dev mailbox/system schema compatibility routes, create_all bootstrap compatibility, and live access/admin model ownership.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Completed the remaining module-boundary split pass for feature modules: files, mail, and campaign no longer statically import sibling feature packages. - Added kernel campaign contracts for campaigns.access and campaigns.mailPolicyContext; campaign registers concrete providers, files/mail consume them through the registry. - Moved mail profile policy storage for system/tenant/user/group scopes into a mail-owned table with legacy-read fallback and module migration. - Replaced tenancy default-role seeding with access.tenantProvisioner so tenancy no longer imports access service internals. ### Changed Files - `govoplan_core/core/campaigns.py` - `govoplan_core/core/access.py` - `govoplan_files/backend/router.py` - `govoplan_files/backend/storage/files.py` - `govoplan_mail/backend/mail_profiles.py` - `govoplan_mail/backend/db/models.py` - `govoplan_campaign/backend/capabilities.py` - `govoplan_campaign/backend/router.py` - `docs/MODULE_ARCHITECTURE.md` - `docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `python -m compileall core/access/admin/tenancy/policy/audit/files/mail/campaign source trees: passed` - `scripts/check_dependency_boundaries.py: passed (8 transitional exceptions tracked)` - `python -m unittest tests.test_access_contracts tests.test_module_system: passed` - `selected tests.test_api_smoke tests: passed` - `empty SQLite migrate_database with full modules: passed, heads 2c3d4e5f7081 and 3d4e5f708192` - `scripts/check-focused.sh: passed, including WebUI module permutation builds and mail/campaign UI focused tests` ### Next / Blocked - Remaining split debt is now mostly core compatibility: celery task registration, retention cleanup, dev mailbox/system schema compatibility routes, create_all bootstrap compatibility, and live access/admin model ownership. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Cleared the remaining files/mail/campaign dependency-boundary exceptions; the boundary checker now tracks 0 transitional exceptions.
  • Moved campaign schema routes into the campaign route contribution and development mailbox routes into the mail route contribution.
  • Replaced core Celery campaign/mail imports with the campaigns.deliveryTasks capability.
  • Replaced core retention campaign ORM access with campaigns.policyContext and campaigns.retention capabilities.
  • create_all now discovers enabled module metadata through the platform registry instead of importing feature models directly.

Changed Files

  • src/govoplan_core/core/campaigns.py
  • src/govoplan_core/celery_app.py
  • src/govoplan_core/privacy/retention.py
  • src/govoplan_core/db/bootstrap.py
  • src/govoplan_core/server/default_config.py
  • docs/MODULE_ARCHITECTURE.md
  • docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • ./.venv/bin/python scripts/check_dependency_boundaries.py
  • ./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system
  • ./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_system_governance_defaults_templates_and_central_accounts tests.test_api_smoke.ApiSmokeTests.test_policy_responses_include_source_provenance tests.test_api_smoke.ApiSmokeTests.test_health_schema_and_dev_mailbox_gates
  • ./.venv/bin/python -m unittest tests.test_database_migrations.DatabaseMigrationTests.test_repairs_create_all_schema_drift_and_upgrades_to_head tests.test_database_migrations.DatabaseMigrationTests.test_repairs_current_schema_stamped_at_file_folders
  • ./scripts/check-focused.sh

Next / Blocked

  • Remaining split work is larger ownership migration: move live admin/access model ownership and access-admin WebUI pages into their platform module contributions.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Cleared the remaining files/mail/campaign dependency-boundary exceptions; the boundary checker now tracks 0 transitional exceptions. - Moved campaign schema routes into the campaign route contribution and development mailbox routes into the mail route contribution. - Replaced core Celery campaign/mail imports with the campaigns.deliveryTasks capability. - Replaced core retention campaign ORM access with campaigns.policyContext and campaigns.retention capabilities. - create_all now discovers enabled module metadata through the platform registry instead of importing feature models directly. ### Changed Files - `src/govoplan_core/core/campaigns.py` - `src/govoplan_core/celery_app.py` - `src/govoplan_core/privacy/retention.py` - `src/govoplan_core/db/bootstrap.py` - `src/govoplan_core/server/default_config.py` - `docs/MODULE_ARCHITECTURE.md` - `docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `./.venv/bin/python scripts/check_dependency_boundaries.py` - `./.venv/bin/python -m unittest tests.test_access_contracts tests.test_module_system` - `./.venv/bin/python -m unittest tests.test_api_smoke.ApiSmokeTests.test_system_governance_defaults_templates_and_central_accounts tests.test_api_smoke.ApiSmokeTests.test_policy_responses_include_source_provenance tests.test_api_smoke.ApiSmokeTests.test_health_schema_and_dev_mailbox_gates` - `./.venv/bin/python -m unittest tests.test_database_migrations.DatabaseMigrationTests.test_repairs_create_all_schema_drift_and_upgrades_to_head tests.test_database_migrations.DatabaseMigrationTests.test_repairs_current_schema_stamped_at_file_folders` - `./scripts/check-focused.sh` ### Next / Blocked - Remaining split work is larger ownership migration: move live admin/access model ownership and access-admin WebUI pages into their platform module contributions. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Moved the legacy admin WebUI page tree into govoplan-access as @govoplan/access-webui and registered it as the access module's /admin frontend/nav contribution.
  • Core now passes onAuthChange through module route context and no longer imports AdminPage or injects the admin IconRail/default route directly.
  • Core WebUI dev/release manifests and module permutation builds now include the access WebUI package.

Changed Files

  • govoplan-access/webui/src/module.ts
  • govoplan-access/webui/src/features/admin
  • govoplan-access/src/govoplan_access/backend/manifest.py
  • govoplan-core/webui/src/App.tsx
  • govoplan-core/webui/src/layout/IconRail.tsx
  • govoplan-core/webui/src/platform/modules.ts
  • govoplan-core/tests/test_module_system.py

Verification

  • npm run build: passed before cleanup
  • npm run test:module-permutations: passed, including access-only and full-product
  • python -m unittest tests.test_module_system tests.test_access_contracts: passed
  • python scripts/check_dependency_boundaries.py: passed with 0 transitional exceptions

Next / Blocked

  • Live access/admin model ownership still needs an explicit schema/data decision because extracted access model candidates use access_* table names while live installations use legacy accounts/users/roles/api_keys tables.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Moved the legacy admin WebUI page tree into govoplan-access as @govoplan/access-webui and registered it as the access module's /admin frontend/nav contribution. - Core now passes onAuthChange through module route context and no longer imports AdminPage or injects the admin IconRail/default route directly. - Core WebUI dev/release manifests and module permutation builds now include the access WebUI package. ### Changed Files - `govoplan-access/webui/src/module.ts` - `govoplan-access/webui/src/features/admin` - `govoplan-access/src/govoplan_access/backend/manifest.py` - `govoplan-core/webui/src/App.tsx` - `govoplan-core/webui/src/layout/IconRail.tsx` - `govoplan-core/webui/src/platform/modules.ts` - `govoplan-core/tests/test_module_system.py` ### Verification - `npm run build: passed before cleanup` - `npm run test:module-permutations: passed, including access-only and full-product` - `python -m unittest tests.test_module_system tests.test_access_contracts: passed` - `python scripts/check_dependency_boundaries.py: passed with 0 transitional exceptions` ### Next / Blocked - Live access/admin model ownership still needs an explicit schema/data decision because extracted access model candidates use access_* table names while live installations use legacy accounts/users/roles/api_keys tables. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Moved live legacy ORM table definitions out of govoplan-core and into govoplan-access while preserving historical table names such as accounts, users, roles, api_keys, auth_sessions, tenants, governance_templates, system_settings, and audit_log.
  • Converted govoplan_core.db.models into a compatibility re-export of govoplan_access.backend.db.models so existing imports remain stable during the staged split.
  • Removed the active access_* candidate metadata by making AccessBase share core Base metadata and updating the stale access auth role helper to use live assignment tables.

Changed Files

  • govoplan-access/src/govoplan_access/backend/db/models.py
  • govoplan-access/src/govoplan_access/backend/db/base.py
  • govoplan-access/src/govoplan_access/backend/auth/roles.py
  • govoplan-core/src/govoplan_core/db/models.py
  • govoplan-core/src/govoplan_core/db/bootstrap.py
  • govoplan-core/tests/test_module_system.py
  • govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • python -m compileall core/access/admin/tenancy/audit/policy packages: passed
  • python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: passed
  • python -m unittest tests.test_api_smoke: passed
  • python scripts/check_dependency_boundaries.py: passed with 0 transitional exceptions

Next / Blocked

  • Later split the transitional access-owned legacy model graph further into tenancy, policy, audit, admin, and core settings ownership once each module has stable live metadata boundaries.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Moved live legacy ORM table definitions out of govoplan-core and into govoplan-access while preserving historical table names such as accounts, users, roles, api_keys, auth_sessions, tenants, governance_templates, system_settings, and audit_log. - Converted govoplan_core.db.models into a compatibility re-export of govoplan_access.backend.db.models so existing imports remain stable during the staged split. - Removed the active access_* candidate metadata by making AccessBase share core Base metadata and updating the stale access auth role helper to use live assignment tables. ### Changed Files - `govoplan-access/src/govoplan_access/backend/db/models.py` - `govoplan-access/src/govoplan_access/backend/db/base.py` - `govoplan-access/src/govoplan_access/backend/auth/roles.py` - `govoplan-core/src/govoplan_core/db/models.py` - `govoplan-core/src/govoplan_core/db/bootstrap.py` - `govoplan-core/tests/test_module_system.py` - `govoplan-core/docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `python -m compileall core/access/admin/tenancy/audit/policy packages: passed` - `python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: passed` - `python -m unittest tests.test_api_smoke: passed` - `python scripts/check_dependency_boundaries.py: passed with 0 transitional exceptions` ### Next / Blocked - Later split the transitional access-owned legacy model graph further into tenancy, policy, audit, admin, and core settings ownership once each module has stable live metadata boundaries. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Moved live table ownership to the intended modules: tenants -> tenancy, access accounts/users/groups/roles/sessions/API keys -> access, governance templates -> admin, audit_log -> audit, system_settings -> core.
  • Preserved historical table names and compatibility imports through govoplan_core.db.models; no data table rename was introduced.
  • Reversed the tenancy/access package and runtime direction: access now depends on tenancy, and the registry inserts tenancy before access when authenticated modules are enabled.
  • Registered module migration metadata for tenancy/admin/audit and deduplicated shared metadata in the migration planner.
  • Synced the updated architecture, access extraction, roadmap, and README documentation into the Gitea wikis.

Changed Files

  • govoplan_core/db/models.py
  • govoplan_core/server/registry.py
  • govoplan_core/core/migrations.py
  • govoplan_core/docs/MODULE_ARCHITECTURE.md
  • govoplan_core/docs/ACCESS_EXTRACTION_PLAN.md
  • govoplan_access/backend/db/models.py
  • govoplan_tenancy/backend/db/models.py
  • govoplan_admin/backend/db/models.py
  • govoplan_audit/backend/db/models.py

Verification

  • python -m compileall core/access/admin/tenancy/audit/policy sources: passed
  • python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: 24 passed
  • python -m unittest tests.test_api_smoke: 39 passed
  • npm run test:module-permutations: passed
  • scripts/check_dependency_boundaries.py: passed

Next / Blocked

  • Keep the remaining access-admin compatibility routes as the next cleanup slice; model/table ownership is now split.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Moved live table ownership to the intended modules: tenants -> tenancy, access accounts/users/groups/roles/sessions/API keys -> access, governance templates -> admin, audit_log -> audit, system_settings -> core. - Preserved historical table names and compatibility imports through govoplan_core.db.models; no data table rename was introduced. - Reversed the tenancy/access package and runtime direction: access now depends on tenancy, and the registry inserts tenancy before access when authenticated modules are enabled. - Registered module migration metadata for tenancy/admin/audit and deduplicated shared metadata in the migration planner. - Synced the updated architecture, access extraction, roadmap, and README documentation into the Gitea wikis. ### Changed Files - `govoplan_core/db/models.py` - `govoplan_core/server/registry.py` - `govoplan_core/core/migrations.py` - `govoplan_core/docs/MODULE_ARCHITECTURE.md` - `govoplan_core/docs/ACCESS_EXTRACTION_PLAN.md` - `govoplan_access/backend/db/models.py` - `govoplan_tenancy/backend/db/models.py` - `govoplan_admin/backend/db/models.py` - `govoplan_audit/backend/db/models.py` ### Verification - `python -m compileall core/access/admin/tenancy/audit/policy sources: passed` - `python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: 24 passed` - `python -m unittest tests.test_api_smoke: 39 passed` - `npm run test:module-permutations: passed` - `scripts/check_dependency_boundaries.py: passed` ### Next / Blocked - Keep the remaining access-admin compatibility routes as the next cleanup slice; model/table ownership is now split. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Completed the compatibility/admin route cleanup slice for governance templates: access no longer registers /admin/system/governance-templates.
  • Moved governance-template CRUD/materialization helpers, schemas, and route handlers to govoplan-admin while preserving the stable API URL.
  • Kept core compatibility schema imports and the legacy govoplan_core.admin.governance helper shim for old imports.

Changed Files

  • govoplan_admin/backend/governance.py
  • govoplan_admin/backend/api/v1/routes.py
  • govoplan_admin/backend/api/v1/schemas.py
  • govoplan_access/backend/api/v1/routes.py
  • govoplan_access/backend/admin/governance.py
  • govoplan_core/api/v1/admin_schemas.py
  • govoplan_core/admin/governance.py
  • docs/MODULE_ARCHITECTURE.md
  • docs/ACCESS_EXTRACTION_PLAN.md

Verification

  • python -m compileall core/access/admin/tenancy/audit sources: passed
  • python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: 25 passed
  • python -m unittest tests.test_api_smoke: 39 passed
  • scripts/check_dependency_boundaries.py: passed
  • git diff --check in core/access/admin: passed

Next / Blocked

  • Remaining compatibility cleanup is now outside governance-template routing: old core/admin import shims and any direct admin WebUI/API package overlap can be retired later once release compatibility requirements are explicit.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Completed the compatibility/admin route cleanup slice for governance templates: access no longer registers /admin/system/governance-templates. - Moved governance-template CRUD/materialization helpers, schemas, and route handlers to govoplan-admin while preserving the stable API URL. - Kept core compatibility schema imports and the legacy govoplan_core.admin.governance helper shim for old imports. ### Changed Files - `govoplan_admin/backend/governance.py` - `govoplan_admin/backend/api/v1/routes.py` - `govoplan_admin/backend/api/v1/schemas.py` - `govoplan_access/backend/api/v1/routes.py` - `govoplan_access/backend/admin/governance.py` - `govoplan_core/api/v1/admin_schemas.py` - `govoplan_core/admin/governance.py` - `docs/MODULE_ARCHITECTURE.md` - `docs/ACCESS_EXTRACTION_PLAN.md` ### Verification - `python -m compileall core/access/admin/tenancy/audit sources: passed` - `python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations: 25 passed` - `python -m unittest tests.test_api_smoke: 39 passed` - `scripts/check_dependency_boundaries.py: passed` - `git diff --check in core/access/admin: passed` ### Next / Blocked - Remaining compatibility cleanup is now outside governance-template routing: old core/admin import shims and any direct admin WebUI/API package overlap can be retired later once release compatibility requirements are explicit. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Added @govoplan/admin-webui and moved admin-owned overview/system settings/governance-template panels behind the admin.sections UI capability.
  • Access now keeps the /admin route shell and consumes module-owned admin section contributions without importing admin WebUI panels.

Changed Files

  • govoplan-core/webui/src/types.ts
  • govoplan-core/webui/src/platform/moduleLogic.ts
  • govoplan-core/webui/src/components/admin/
  • govoplan-access/webui/src/features/admin/AdminPage.tsx
  • govoplan-admin/webui/src/

Verification

  • npm run build passed in govoplan-core/webui
  • npm run test:module-permutations passed, including admin-only and access-with-admin
  • python3 scripts/check_dependency_boundaries.py passed

Next / Blocked

  • Continue moving tenant/policy/audit-specific admin sections out of the access shell when those WebUI packages are ready.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Added @govoplan/admin-webui and moved admin-owned overview/system settings/governance-template panels behind the admin.sections UI capability. - Access now keeps the /admin route shell and consumes module-owned admin section contributions without importing admin WebUI panels. ### Changed Files - `govoplan-core/webui/src/types.ts` - `govoplan-core/webui/src/platform/moduleLogic.ts` - `govoplan-core/webui/src/components/admin/` - `govoplan-access/webui/src/features/admin/AdminPage.tsx` - `govoplan-admin/webui/src/` ### Verification - `npm run build passed in govoplan-core/webui` - `npm run test:module-permutations passed, including admin-only and access-with-admin` - `python3 scripts/check_dependency_boundaries.py passed` ### Next / Blocked - Continue moving tenant/policy/audit-specific admin sections out of the access shell when those WebUI packages are ready. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Removed old core compatibility imports/re-exports for access models, access routes, admin service helpers, and access-owned security services.
  • Moved live callers to module-owned model/service imports and moved the tenant /audit list route into govoplan-audit.
  • Boundary checker now tracks four explicit platform-to-access ORM exceptions instead of hiding them behind govoplan_core.db.models.

Changed Files

  • govoplan-core/src/govoplan_core/db/models.py
  • govoplan-core/src/govoplan_core/access/
  • govoplan-core/src/govoplan_core/api/v1/audit.py
  • govoplan-core/src/govoplan_core/auth/dependencies.py
  • govoplan-audit/src/govoplan_audit/backend/api/v1/routes.py
  • govoplan-admin/src/govoplan_admin/backend/
  • govoplan-tenancy/src/govoplan_tenancy/backend/api/v1/routes.py

Verification

  • python3 -m compileall passed for core/access/admin/tenancy/audit/policy/files/mail/campaign
  • python3 scripts/check_dependency_boundaries.py passed; 4 explicit transitional exceptions tracked
  • ./.venv/bin/python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations passed
  • ./.venv/bin/python -m govoplan_core.devserver --smoke --no-reload passed

Next / Blocked

  • Replace the four explicit platform-to-access ORM exceptions with access-directory/provisioner/query capabilities.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Removed old core compatibility imports/re-exports for access models, access routes, admin service helpers, and access-owned security services. - Moved live callers to module-owned model/service imports and moved the tenant /audit list route into govoplan-audit. - Boundary checker now tracks four explicit platform-to-access ORM exceptions instead of hiding them behind govoplan_core.db.models. ### Changed Files - `govoplan-core/src/govoplan_core/db/models.py` - `govoplan-core/src/govoplan_core/access/` - `govoplan-core/src/govoplan_core/api/v1/audit.py` - `govoplan-core/src/govoplan_core/auth/dependencies.py` - `govoplan-audit/src/govoplan_audit/backend/api/v1/routes.py` - `govoplan-admin/src/govoplan_admin/backend/` - `govoplan-tenancy/src/govoplan_tenancy/backend/api/v1/routes.py` ### Verification - `python3 -m compileall passed for core/access/admin/tenancy/audit/policy/files/mail/campaign` - `python3 scripts/check_dependency_boundaries.py passed; 4 explicit transitional exceptions tracked` - `./.venv/bin/python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations passed` - `./.venv/bin/python -m govoplan_core.devserver --smoke --no-reload passed` ### Next / Blocked - Replace the four explicit platform-to-access ORM exceptions with access-directory/provisioner/query capabilities. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Moved FastAPI auth dependencies out of core into govoplan-access as the published dependency API.
  • Replaced the four remaining platform-to-access ORM boundary exceptions with access capabilities for administration, governance materialization, and tenant owner provisioning.
  • Dependency boundary checker now passes with zero transitional exceptions.

Changed Files

  • govoplan-core/src/govoplan_core/core/access.py
  • govoplan-core/scripts/check_dependency_boundaries.py
  • govoplan-access/src/govoplan_access/backend/auth/dependencies.py
  • govoplan-access/src/govoplan_access/backend/administration.py
  • govoplan-access/src/govoplan_access/backend/governance_materializer.py
  • govoplan-access/src/govoplan_access/backend/tenancy/provisioning.py
  • govoplan-admin/src/govoplan_admin/backend/governance.py
  • govoplan-admin/src/govoplan_admin/backend/api/v1/routes.py
  • govoplan-tenancy/src/govoplan_tenancy/backend/api/v1/routes.py
  • govoplan-audit/src/govoplan_audit/backend/api/v1/routes.py

Verification

  • python3 -m compileall -q src/govoplan_core ../govoplan-access/src/govoplan_access ../govoplan-admin/src/govoplan_admin ../govoplan-tenancy/src/govoplan_tenancy ../govoplan-audit/src/govoplan_audit ../govoplan-policy/src/govoplan_policy ../govoplan-files/src/govoplan_files ../govoplan-mail/src/govoplan_mail ../govoplan-campaign/src/govoplan_campaign
  • python3 scripts/check_dependency_boundaries.py
  • ./.venv/bin/python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations

Next / Blocked

  • Run devserver smoke after final cleanup and docs sync.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Moved FastAPI auth dependencies out of core into govoplan-access as the published dependency API. - Replaced the four remaining platform-to-access ORM boundary exceptions with access capabilities for administration, governance materialization, and tenant owner provisioning. - Dependency boundary checker now passes with zero transitional exceptions. ### Changed Files - `govoplan-core/src/govoplan_core/core/access.py` - `govoplan-core/scripts/check_dependency_boundaries.py` - `govoplan-access/src/govoplan_access/backend/auth/dependencies.py` - `govoplan-access/src/govoplan_access/backend/administration.py` - `govoplan-access/src/govoplan_access/backend/governance_materializer.py` - `govoplan-access/src/govoplan_access/backend/tenancy/provisioning.py` - `govoplan-admin/src/govoplan_admin/backend/governance.py` - `govoplan-admin/src/govoplan_admin/backend/api/v1/routes.py` - `govoplan-tenancy/src/govoplan_tenancy/backend/api/v1/routes.py` - `govoplan-audit/src/govoplan_audit/backend/api/v1/routes.py` ### Verification - `python3 -m compileall -q src/govoplan_core ../govoplan-access/src/govoplan_access ../govoplan-admin/src/govoplan_admin ../govoplan-tenancy/src/govoplan_tenancy ../govoplan-audit/src/govoplan_audit ../govoplan-policy/src/govoplan_policy ../govoplan-files/src/govoplan_files ../govoplan-mail/src/govoplan_mail ../govoplan-campaign/src/govoplan_campaign` - `python3 scripts/check_dependency_boundaries.py` - `./.venv/bin/python -m unittest tests.test_module_system tests.test_access_contracts tests.test_database_migrations` ### Next / Blocked - Run devserver smoke after final cleanup and docs sync. Suggested status label: `status/in-progress`
Author
Owner

Codex State: progress

Summary

  • Devserver smoke passed after the access/auth boundary cleanup.
  • Targeted wiki sync updated govoplan-access README; govoplan-core wiki sync stalled on a page fetch and was interrupted.

Verification

  • ./.venv/bin/python -m govoplan_core.devserver --smoke --no-reload

Next / Blocked

  • Retry govoplan-core wiki sync later with --repo govoplan-core when Gitea responds normally.

Suggested status label: status/in-progress

## Codex State: progress ### Summary - Devserver smoke passed after the access/auth boundary cleanup. - Targeted wiki sync updated govoplan-access README; govoplan-core wiki sync stalled on a page fetch and was interrupted. ### Verification - `./.venv/bin/python -m govoplan_core.devserver --smoke --no-reload` ### Next / Blocked - Retry govoplan-core wiki sync later with --repo govoplan-core when Gitea responds normally. Suggested status label: `status/in-progress`
zemion added the
status
ready
label 2026-07-08 02:58:31 +02:00
Author
Owner

Codex State: checked 2026-07-09

Most of the acceptance is now complete: route/model ownership has been split, module WebUI contributions are in place, and python3 scripts/check_dependency_boundaries.py passes with 0 transitional exceptions.

I would keep this open for the remaining strict ownership cleanup: tenant/policy/audit-specific service and UI pieces are not fully in their owning modules yet, and core tenancy/bootstrap/retention still directly touch access models in a few places. A good next slice is extracting tenant counts/governance helpers and remaining service calls behind tenancy/access capabilities, then reassessing closure.

## Codex State: checked 2026-07-09 Most of the acceptance is now complete: route/model ownership has been split, module WebUI contributions are in place, and python3 scripts/check_dependency_boundaries.py passes with 0 transitional exceptions. I would keep this open for the remaining strict ownership cleanup: tenant/policy/audit-specific service and UI pieces are not fully in their owning modules yet, and core tenancy/bootstrap/retention still directly touch access models in a few places. A good next slice is extracting tenant counts/governance helpers and remaining service calls behind tenancy/access capabilities, then reassessing closure.
Author
Owner

Review 2026-07-10: keeping this open. scripts/check_dependency_boundaries.py passes with 0 transitional exceptions, but strict ownership is not complete yet. Current remaining examples: core bootstrap still imports access services/models (govoplan_core/db/bootstrap.py), core tenant summary counts still query access User/Group/ApiKey (govoplan_core/tenancy/service.py), and retention/audit plumbing still imports audit/access ORM models directly (govoplan_core/privacy/retention.py, govoplan_core/audit/logging.py). Admin still aggregates system settings, governance, tenant counts, and retention policy surfaces across module boundaries. Close path: replace the remaining cross-module service/model access with capabilities/providers/events, then keep direct SQL only inside the owning module.

Review 2026-07-10: keeping this open. `scripts/check_dependency_boundaries.py` passes with 0 transitional exceptions, but strict ownership is not complete yet. Current remaining examples: core bootstrap still imports access services/models (`govoplan_core/db/bootstrap.py`), core tenant summary counts still query access `User`/`Group`/`ApiKey` (`govoplan_core/tenancy/service.py`), and retention/audit plumbing still imports audit/access ORM models directly (`govoplan_core/privacy/retention.py`, `govoplan_core/audit/logging.py`). Admin still aggregates system settings, governance, tenant counts, and retention policy surfaces across module boundaries. Close path: replace the remaining cross-module service/model access with capabilities/providers/events, then keep direct SQL only inside the owning module.
Author
Owner

Progress 2026-07-10: implemented a focused ownership cleanup slice. Core no longer statically imports access ORM/admin/API-key services for tenant counts, user/group privacy settings, or dev bootstrap. AccessAdministration now owns tenant counts and scoped user/group settings access; TenantAccessProvisioner now owns development admin/user/API-key bootstrap. Core audit logging no longer statically imports AuditLog; audit SQL recording and audit-detail retention are now audit-owned providers (audit.recorder, audit.retention). Boundary check still passes with 0 transitional exceptions. Keeping this open because policy retention service ownership still lives in core, govoplan_core.auth remains a compatibility re-export of access auth, and the broader provider/event-contract inventory is intentionally deferred to #50.

Progress 2026-07-10: implemented a focused ownership cleanup slice. Core no longer statically imports access ORM/admin/API-key services for tenant counts, user/group privacy settings, or dev bootstrap. `AccessAdministration` now owns tenant counts and scoped user/group settings access; `TenantAccessProvisioner` now owns development admin/user/API-key bootstrap. Core audit logging no longer statically imports `AuditLog`; audit SQL recording and audit-detail retention are now audit-owned providers (`audit.recorder`, `audit.retention`). Boundary check still passes with 0 transitional exceptions. Keeping this open because policy retention service ownership still lives in core, `govoplan_core.auth` remains a compatibility re-export of access auth, and the broader provider/event-contract inventory is intentionally deferred to #50.
Author
Owner

Completed the platform admin/service/model ownership cleanup targeted by this issue: audit persistence is behind audit capabilities, retention implementation moved to govoplan-policy with a core compatibility facade, tenant counts/settings access use access capabilities, and govoplan_core.auth no longer imports govoplan_access. Focused tests and dependency boundary checks pass. Closing; remaining historical migration and direct fallback SQL cleanup are tracked in #78/#50.

Completed the platform admin/service/model ownership cleanup targeted by this issue: audit persistence is behind audit capabilities, retention implementation moved to `govoplan-policy` with a core compatibility facade, tenant counts/settings access use access capabilities, and `govoplan_core.auth` no longer imports `govoplan_access`. Focused tests and dependency boundary checks pass. Closing; remaining historical migration and direct fallback SQL cleanup are tracked in #78/#50.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: add-ideas/govoplan-core#63
No description provided.