Expand description
Shared governance enforcement helper. Wave 5b (v0.6.3) lifted the
match db::enforce_governance(...) block out of every governed
cmd_* so the printing-side of governance decisions has a single
testable home and the call-sites collapse to a 3-arm match on the
returned GovernanceOutcome.
§Why a separate module
Each governed command (store, delete, promote) used to repeat
the same 25-line block:
ⓘ
match db::enforce_governance(...)? {
Allow => {}
Deny(r) => { eprintln!(...); std::process::exit(1); }
Pending(id) => { /* print + return */ }
}That made the printing format (text vs JSON, the literal field names) invisible to unit tests because they couldn’t run a process-exit branch in-process. Lifting it here lets us:
- Test the printing side of Pending and Deny without crashing the test runner (the helper writes the message and returns; the caller decides whether to exit).
- Keep one canonical JSON shape for
pending_actionsresponses.
§Public surface
ⓘ
pub enum GovernanceOutcome { Allow, Pending, Deny }
pub fn enforce(
conn: &Connection,
action: GovernedAction,
namespace: &str,
caller_agent_id: &str,
memory_id: Option<&str>,
memory_owner: Option<&str>,
payload: &serde_json::Value,
json_out: bool,
out: &mut CliOutput<'_>,
) -> Result<GovernanceOutcome>;Allow: silent, caller proceeds.Pending: helper writes apending_actionsrecord (text or JSON shape,out.stdout) and returnsPending. Caller usually returnsOk(())immediately.Deny: helper writes the deny reason toout.stderrand returnsDeny. Caller is expected tostd::process::exit(1)after the helper returns — exiting stays inline so this module is testable.
Enums§
- Governance
Outcome - Outcome surfaced to the caller. Mirrors
GovernanceDecisionbut erases the inner strings — the helper has already printed them.
Functions§
- enforce
- Run
db::enforce_governanceand route the print-side of Pending/Deny throughout. Returns aGovernanceOutcomeso the caller can decide whether to continue, return, or exit.