use auths_core::error::AuthsErrorInfo;
use thiserror::Error;
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum ApprovalError {
#[error("decision is not RequiresApproval")]
NotApprovalRequired,
#[error("approval request not found: {hash}")]
RequestNotFound {
hash: String,
},
#[error("approval request expired at {expires_at}")]
RequestExpired {
expires_at: chrono::DateTime<chrono::Utc>,
},
#[error("approval already used (JTI: {jti})")]
ApprovalAlreadyUsed {
jti: String,
},
#[error("approval partially applied — attestation stored but nonce/cleanup failed: {0}")]
PartialApproval(String),
#[error("storage error: {0}")]
ApprovalStorage(#[source] crate::error::SdkStorageError),
}
impl AuthsErrorInfo for ApprovalError {
fn error_code(&self) -> &'static str {
match self {
Self::NotApprovalRequired => "AUTHS-E5701",
Self::RequestNotFound { .. } => "AUTHS-E5702",
Self::RequestExpired { .. } => "AUTHS-E5703",
Self::ApprovalAlreadyUsed { .. } => "AUTHS-E5704",
Self::PartialApproval(_) => "AUTHS-E5705",
Self::ApprovalStorage(_) => "AUTHS-E5706",
}
}
fn suggestion(&self) -> Option<&'static str> {
match self {
Self::NotApprovalRequired => Some(
"This operation does not require approval; run it directly without the --approve flag",
),
Self::RequestNotFound { .. } => {
Some("Run `auths approval list` to see pending requests")
}
Self::RequestExpired { .. } => Some("Submit a new approval request"),
Self::ApprovalAlreadyUsed { .. } => Some("Submit a new approval request"),
Self::PartialApproval(_) => Some("Check approval status and retry if needed"),
Self::ApprovalStorage(_) => Some("Check file permissions and disk space"),
}
}
}