Skip to main content

auths_sdk/domains/compliance/
error.rs

1use auths_core::error::AuthsErrorInfo;
2use thiserror::Error;
3
4/// Errors from approval workflow operations.
5#[derive(Debug, Error)]
6#[non_exhaustive]
7pub enum ApprovalError {
8    /// The decision is not RequiresApproval.
9    #[error("decision is not RequiresApproval")]
10    NotApprovalRequired,
11
12    /// Approval request not found.
13    #[error("approval request not found: {hash}")]
14    RequestNotFound {
15        /// The hex-encoded request hash.
16        hash: String,
17    },
18
19    /// Approval request expired.
20    #[error("approval request expired at {expires_at}")]
21    RequestExpired {
22        /// When the request expired.
23        expires_at: chrono::DateTime<chrono::Utc>,
24    },
25
26    /// Approval JTI already used (replay attempt).
27    #[error("approval already used (JTI: {jti})")]
28    ApprovalAlreadyUsed {
29        /// The consumed JTI.
30        jti: String,
31    },
32
33    /// Approval partially applied — attestation stored but nonce/cleanup failed.
34    #[error("approval partially applied — attestation stored but nonce/cleanup failed: {0}")]
35    PartialApproval(String),
36
37    /// A storage operation failed.
38    #[error("storage error: {0}")]
39    ApprovalStorage(#[source] crate::error::SdkStorageError),
40}
41
42impl AuthsErrorInfo for ApprovalError {
43    fn error_code(&self) -> &'static str {
44        match self {
45            Self::NotApprovalRequired => "AUTHS-E5701",
46            Self::RequestNotFound { .. } => "AUTHS-E5702",
47            Self::RequestExpired { .. } => "AUTHS-E5703",
48            Self::ApprovalAlreadyUsed { .. } => "AUTHS-E5704",
49            Self::PartialApproval(_) => "AUTHS-E5705",
50            Self::ApprovalStorage(_) => "AUTHS-E5706",
51        }
52    }
53
54    fn suggestion(&self) -> Option<&'static str> {
55        match self {
56            Self::NotApprovalRequired => Some(
57                "This operation does not require approval; run it directly without the --approve flag",
58            ),
59            Self::RequestNotFound { .. } => {
60                Some("Run `auths approval list` to see pending requests")
61            }
62            Self::RequestExpired { .. } => Some("Submit a new approval request"),
63            Self::ApprovalAlreadyUsed { .. } => Some("Submit a new approval request"),
64            Self::PartialApproval(_) => Some("Check approval status and retry if needed"),
65            Self::ApprovalStorage(_) => Some("Check file permissions and disk space"),
66        }
67    }
68}