textus 0.30.0 → 0.35.1

data/lib/textus/write/{refresh_orchestrator.rb → fetch_orchestrator.rb}

@@ -1,8 +1,8 @@
 module Textus
   module Write
-    class RefreshOrchestrator
-      # Collaborator (not a Dispatcher verb): constructed directly by RefreshWorker /
-      # GetOrRefresh, which pass their derived hook_context in. That's why this takes
+    class FetchOrchestrator
+      # Collaborator (not a Dispatcher verb): constructed directly by FetchWorker /
+      # GetOrFetch, which pass their derived hook_context in. That's why this takes
       # hook_context: explicitly while verb use cases derive their own.
       def initialize(worker:, store_root:, events:, hook_context: nil, detached_spawner: nil)
         @worker       = worker
@@ -14,9 +14,9 @@ module Textus
 
       def execute(action, key:)
         case action
-        when Textus::Domain::Action::Return       then Textus::Domain::Outcome::Skipped.new
-        when Textus::Domain::Action::RefreshSync  then run_sync(key)
-        when Textus::Domain::Action::RefreshTimed then run_timed(action.budget_ms, key)
+        when Textus::Domain::Action::Return then Textus::Domain::Outcome::Skipped.new
+        when Textus::Domain::Action::FetchSync  then run_sync(key)
+        when Textus::Domain::Action::FetchTimed then run_timed(action.budget_ms, key)
         else raise ArgumentError.new("unknown action: #{action.inspect}")
         end
       end
@@ -25,13 +25,13 @@ module Textus
 
       def run_sync(key)
         envelope = @worker.run(key)
-        Textus::Domain::Outcome::Refreshed.new(envelope: envelope)
+        Textus::Domain::Outcome::Fetched.new(envelope: envelope)
       rescue Textus::Error => e
         Textus::Domain::Outcome::Failed.new(error: e)
       end
 
       def run_timed(budget_ms, key)
-        return run_timed_with_fork(budget_ms, key) if Textus::Ports::Refresh::Detached.supported?
+        return run_timed_with_fork(budget_ms, key) if Textus::Ports::Fetch::Detached.supported?
 
         run_timed_cooperative(budget_ms, key)
       end
@@ -49,7 +49,7 @@ module Textus
           thread.kill
           return Textus::Domain::Outcome::Failed.new(
             error: Textus::UsageError.new(
-              "refresh exceeded budget #{budget_ms}ms (no fork available — cooperative cancel)",
+              "fetch exceeded budget #{budget_ms}ms (no fork available — cooperative cancel)",
             ),
           )
         end
@@ -57,7 +57,7 @@ module Textus
         if result.is_a?(Textus::Error)
           Textus::Domain::Outcome::Failed.new(error: result)
         else
-          Textus::Domain::Outcome::Refreshed.new(envelope: result)
+          Textus::Domain::Outcome::Fetched.new(envelope: result)
         end
       end
 
@@ -77,25 +77,25 @@ module Textus
           # Single-flight: if a sibling process / earlier fork holds the
           # per-leaf lock, don't fork another worker — they're already
           # doing this work.
-          probe = Textus::Ports::Refresh::Lock.new(root: @store_root, key: key)
+          probe = Textus::Ports::Fetch::Lock.new(root: @store_root, key: key)
           return Textus::Domain::Outcome::Detached.new unless probe.try_acquire
 
           probe.release
 
           payload = { key: key, started_at: Time.now.utc.iso8601, budget_ms: budget_ms }
           payload[:ctx] = @hook_context if @hook_context
-          @events.publish(:refresh_backgrounded, **payload)
+          @events.publish(:fetch_backgrounded, **payload)
           @detached_spawner.call(store_root: @store_root, key: key)
           Textus::Domain::Outcome::Detached.new
         elsif result.is_a?(Textus::Error)
           Textus::Domain::Outcome::Failed.new(error: result)
         else
-          Textus::Domain::Outcome::Refreshed.new(envelope: result)
+          Textus::Domain::Outcome::Fetched.new(envelope: result)
         end
       end
 
       def default_spawner
-        Textus::Ports::Refresh::Detached.method(:spawn)
+        Textus::Ports::Fetch::Detached.method(:spawn)
       end
     end
   end

data/lib/textus/write/{refresh_worker.rb → fetch_worker.rb}

@@ -2,20 +2,20 @@ require "timeout"
 
 module Textus
   module Write
-    class RefreshWorker
+    class FetchWorker
       FETCH_TIMEOUT_SECONDS = IntakeFetch::FETCH_TIMEOUT_SECONDS
 
       def initialize(container:, call:)
         @container    = container
         @call         = call
         @manifest     = container.manifest
+        @schemas      = container.schemas
         @events       = container.events
         @rpc          = container.rpc
-        @authorizer   = container.authorizer
       end
 
       # call(key) is the primary entry; run is kept as an alias for
-      # Orchestrator and RefreshAll which call worker.run(key).
+      # Orchestrator and FetchAll which call worker.run(key).
       def call(key)
         run(key)
       end
@@ -63,11 +63,11 @@ module Textus
 
       def fetch_timeout_for(key)
         rule = @manifest.rules.for(key)
-        rule&.refresh&.fetch_timeout_seconds || FETCH_TIMEOUT_SECONDS
+        rule&.fetch&.fetch_timeout_seconds || FETCH_TIMEOUT_SECONDS
       end
 
       def fetch_with_events(key, mentry, remaining)
-        @events.publish(:refresh_started, ctx: hook_context, key: key, mode: :sync)
+        @events.publish(:fetch_started, ctx: hook_context, key: key, mode: :sync)
         call_intake(key, mentry, remaining)
       end
 
@@ -80,23 +80,30 @@ module Textus
                       args: { trigger_key: key, leaf_segments: remaining || [] })
         end
       rescue Timeout::Error
-        @events.publish(:refresh_failed, ctx: hook_context, key: key,
-                                         error_class: "Timeout::Error",
-                                         error_message: "intake '#{mentry.handler}' exceeded #{timeout}s")
+        @events.publish(:fetch_failed, ctx: hook_context, key: key,
+                                       error_class: "Timeout::Error",
+                                       error_message: "intake '#{mentry.handler}' exceeded #{timeout}s")
         raise UsageError.new("intake '#{mentry.handler}' exceeded #{timeout}s timeout")
       rescue Textus::Error => e
-        @events.publish(:refresh_failed, ctx: hook_context, key: key, error_class: e.class.name,
-                                         error_message: e.message)
+        @events.publish(:fetch_failed, ctx: hook_context, key: key, error_class: e.class.name,
+                                       error_message: e.message)
         raise
       rescue StandardError => e
-        @events.publish(:refresh_failed, ctx: hook_context, key: key, error_class: e.class.name,
-                                         error_message: e.message)
+        @events.publish(:fetch_failed, ctx: hook_context, key: key, error_class: e.class.name,
+                                       error_message: e.message)
         raise UsageError.new("intake '#{mentry.handler}' raised: #{e.class}: #{e.message}")
       end
 
       def persist_and_notify(key, mentry, result, before_etag)
         normalized = self.class.normalize_action_result(result, format: mentry.format)
-        @authorizer.authorize_write!(mentry, role: @call.role)
+        Textus::Domain::Policy::GuardFactory.new(
+          manifest: @manifest, schemas: @schemas,
+        ).for(:fetch, key).check!(
+          Textus::Domain::Policy::Evaluation.new(
+            actor: @call.role, transition: :fetch, origin: nil,
+            target: key, envelope: nil, snapshot: @manifest
+          ),
+        )
         envelope = writer.put(
           key,
           mentry: mentry,
@@ -105,7 +112,7 @@ module Textus
           ),
         )
         change = detect_change(before_etag, envelope)
-        @events.publish(:entry_refreshed, ctx: hook_context, key: key, envelope: envelope, change: change) unless change == :unchanged
+        @events.publish(:entry_fetched, ctx: hook_context, key: key, envelope: envelope, change: change) unless change == :unchanged
         envelope
       end
 

data/lib/textus/write/mv.rb

@@ -6,7 +6,6 @@ module Textus
         @call         = call
         @manifest     = container.manifest
         @events       = container.events
-        @authorizer   = container.authorizer
       end
 
       def call(old_key, new_key, dry_run: false)
@@ -38,8 +37,8 @@ module Textus
         raise UnknownKey.new(old_key) unless reader.exists?(old_key)
 
         validate_zone_and_format!(old_res.entry, new_res.entry)
-        @authorizer.authorize_write!(old_res.entry, role: @call.role)
-        @authorizer.authorize_write!(new_res.entry, role: @call.role)
+        guard_for(:mv, old_key).check!(eval_for(:mv, target_key: old_key))
+        guard_for(:mv, new_key).check!(eval_for(:mv, target_key: new_key))
         raise UsageError.new("mv: target '#{new_key}' already exists at #{new_res.path}") if reader.exists?(new_key)
 
         [old_res, new_res]
@@ -101,6 +100,19 @@ module Textus
         }
       end
 
+      def guard_for(transition, key, if_etag: nil)
+        Textus::Domain::Policy::GuardFactory.new(
+          manifest: @manifest, schemas: @container.schemas, extra: { if_etag: if_etag },
+        ).for(transition, key)
+      end
+
+      def eval_for(transition, target_key:, envelope: nil)
+        Textus::Domain::Policy::Evaluation.new(
+          actor: @call.role, transition: transition, origin: nil,
+          target: target_key, envelope: envelope, snapshot: @manifest
+        )
+      end
+
       def writer
         @writer ||= Textus::Envelope::IO::Writer.from(container: @container, call: @call)
       end

data/lib/textus/write/put.rb

@@ -5,14 +5,13 @@ module Textus
         @container    = container
         @call         = call
         @manifest     = container.manifest
-        @authorizer   = container.authorizer
         @events       = container.events
       end
 
       def call(key, meta: nil, body: nil, content: nil, if_etag: nil)
         Textus::Manifest::Data.validate_key!(key)
         mentry = @manifest.resolver.resolve(key).entry
-        @authorizer.authorize_write!(mentry, role: @call.role)
+        guard_for(:put, key, if_etag: if_etag).check!(eval_for(:put, target_key: key))
 
         envelope = writer.put(
           key,
@@ -33,6 +32,19 @@ module Textus
 
       private
 
+      def guard_for(transition, key, if_etag: nil)
+        Textus::Domain::Policy::GuardFactory.new(
+          manifest: @manifest, schemas: @container.schemas, extra: { if_etag: if_etag },
+        ).for(transition, key)
+      end
+
+      def eval_for(transition, target_key:, envelope: nil)
+        Textus::Domain::Policy::Evaluation.new(
+          actor: @call.role, transition: transition, origin: nil,
+          target: target_key, envelope: envelope, snapshot: @manifest
+        )
+      end
+
       def hook_context
         @hook_context ||= Textus::Hooks::Context.for(container: @container, call: @call)
       end

data/lib/textus/write/reject.rb

@@ -1,19 +1,21 @@
-require_relative "authority_gate"
-
 module Textus
   module Write
     class Reject
-      include AuthorityGate
-
       def initialize(container:, call:)
         @container    = container
         @call         = call
         @manifest     = container.manifest
+        @schemas      = container.schemas
         @events       = container.events
       end
 
       def call(pending_key)
-        assert_accept_authority!("reject")
+        guard.for(:reject, pending_key).check!(
+          Textus::Domain::Policy::Evaluation.new(
+            actor: @call.role, transition: :reject, origin: pending_key,
+            target: pending_key, envelope: nil, snapshot: @manifest
+          ),
+        )
 
         mentry = @manifest.resolver.resolve(pending_key).entry
         unless mentry.in_proposal_zone?(@manifest.policy)
@@ -40,6 +42,10 @@ module Textus
 
       private
 
+      def guard
+        @guard ||= Textus::Domain::Policy::GuardFactory.new(manifest: @manifest, schemas: @schemas)
+      end
+
       def hook_context
         @hook_context ||= Textus::Hooks::Context.for(container: @container, call: @call)
       end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: textus
 version: !ruby/object:Gem::Version
-  version: 0.30.0
+  version: 0.35.1
 platform: ruby
 authors:
 - Patrick
@@ -119,10 +119,10 @@ files:
 - lib/textus/call.rb
 - lib/textus/cli.rb
 - lib/textus/cli/group.rb
+- lib/textus/cli/group/fetch.rb
 - lib/textus/cli/group/hook.rb
 - lib/textus/cli/group/key.rb
 - lib/textus/cli/group/mcp.rb
-- lib/textus/cli/group/refresh.rb
 - lib/textus/cli/group/rule.rb
 - lib/textus/cli/group/schema.rb
 - lib/textus/cli/group/zone.rb
@@ -135,6 +135,8 @@ files:
 - lib/textus/cli/verb/delete.rb
 - lib/textus/cli/verb/deps.rb
 - lib/textus/cli/verb/doctor.rb
+- lib/textus/cli/verb/fetch.rb
+- lib/textus/cli/verb/fetch_stale.rb
 - lib/textus/cli/verb/freshness.rb
 - lib/textus/cli/verb/get.rb
 - lib/textus/cli/verb/hook_run.rb
@@ -149,8 +151,6 @@ files:
 - lib/textus/cli/verb/pulse.rb
 - lib/textus/cli/verb/put.rb
 - lib/textus/cli/verb/rdeps.rb
-- lib/textus/cli/verb/refresh.rb
-- lib/textus/cli/verb/refresh_stale.rb
 - lib/textus/cli/verb/reject.rb
 - lib/textus/cli/verb/retain.rb
 - lib/textus/cli/verb/rule_explain.rb
@@ -168,13 +168,14 @@ files:
 - lib/textus/doctor.rb
 - lib/textus/doctor/check.rb
 - lib/textus/doctor/check/audit_log.rb
+- lib/textus/doctor/check/fetch_locks.rb
 - lib/textus/doctor/check/handler_allowlist.rb
 - lib/textus/doctor/check/hooks.rb
 - lib/textus/doctor/check/illegal_keys.rb
 - lib/textus/doctor/check/intake_registration.rb
 - lib/textus/doctor/check/manifest_files.rb
+- lib/textus/doctor/check/proposal_targets.rb
 - lib/textus/doctor/check/protocol_version.rb
-- lib/textus/doctor/check/refresh_locks.rb
 - lib/textus/doctor/check/rule_ambiguity.rb
 - lib/textus/doctor/check/schema_parse_error.rb
 - lib/textus/doctor/check/schema_violations.rb
@@ -183,7 +184,6 @@ files:
 - lib/textus/doctor/check/templates.rb
 - lib/textus/doctor/check/unowned_schema_fields.rb
 - lib/textus/domain/action.rb
-- lib/textus/domain/authorizer.rb
 - lib/textus/domain/duration.rb
 - lib/textus/domain/freshness.rb
 - lib/textus/domain/freshness/evaluator.rb
@@ -191,13 +191,20 @@ files:
 - lib/textus/domain/freshness/verdict.rb
 - lib/textus/domain/outcome.rb
 - lib/textus/domain/permission.rb
+- lib/textus/domain/policy/base_guards.rb
+- lib/textus/domain/policy/evaluation.rb
+- lib/textus/domain/policy/fetch.rb
+- lib/textus/domain/policy/guard.rb
+- lib/textus/domain/policy/guard_factory.rb
 - lib/textus/domain/policy/handler_allowlist.rb
 - lib/textus/domain/policy/matcher.rb
-- lib/textus/domain/policy/predicates/accept_authority_signed.rb
+- lib/textus/domain/policy/predicates/author_held.rb
+- lib/textus/domain/policy/predicates/etag_match.rb
+- lib/textus/domain/policy/predicates/fresh_within.rb
+- lib/textus/domain/policy/predicates/registry.rb
 - lib/textus/domain/policy/predicates/schema_valid.rb
-- lib/textus/domain/policy/promote.rb
-- lib/textus/domain/policy/promotion.rb
-- lib/textus/domain/policy/refresh.rb
+- lib/textus/domain/policy/predicates/target_is_canon.rb
+- lib/textus/domain/policy/predicates/zone_writable_by.rb
 - lib/textus/domain/policy/retention.rb
 - lib/textus/domain/retention.rb
 - lib/textus/domain/sentinel.rb
@@ -234,6 +241,7 @@ files:
 - lib/textus/maintenance/rule_lint.rb
 - lib/textus/maintenance/zone_mv.rb
 - lib/textus/manifest.rb
+- lib/textus/manifest/capabilities.rb
 - lib/textus/manifest/data.rb
 - lib/textus/manifest/entry.rb
 - lib/textus/manifest/entry/base.rb
@@ -250,7 +258,6 @@ files:
 - lib/textus/manifest/entry/validators/publish_each.rb
 - lib/textus/manifest/policy.rb
 - lib/textus/manifest/resolver.rb
-- lib/textus/manifest/role_kinds.rb
 - lib/textus/manifest/rules.rb
 - lib/textus/manifest/schema.rb
 - lib/textus/mcp.rb
@@ -264,9 +271,9 @@ files:
 - lib/textus/ports/audit_subscriber.rb
 - lib/textus/ports/build_lock.rb
 - lib/textus/ports/clock.rb
+- lib/textus/ports/fetch/detached.rb
+- lib/textus/ports/fetch/lock.rb
 - lib/textus/ports/publisher.rb
-- lib/textus/ports/refresh/detached.rb
-- lib/textus/ports/refresh/lock.rb
 - lib/textus/ports/sentinel_store.rb
 - lib/textus/ports/storage/file_stat.rb
 - lib/textus/ports/storage/file_store.rb
@@ -278,7 +285,7 @@ files:
 - lib/textus/read/doctor.rb
 - lib/textus/read/freshness.rb
 - lib/textus/read/get.rb
-- lib/textus/read/get_or_refresh.rb
+- lib/textus/read/get_or_fetch.rb
 - lib/textus/read/list.rb
 - lib/textus/read/policy_explain.rb
 - lib/textus/read/published.rb
@@ -300,16 +307,15 @@ files:
 - lib/textus/uid.rb
 - lib/textus/version.rb
 - lib/textus/write/accept.rb
-- lib/textus/write/authority_gate.rb
 - lib/textus/write/delete.rb
+- lib/textus/write/fetch_all.rb
+- lib/textus/write/fetch_orchestrator.rb
+- lib/textus/write/fetch_worker.rb
 - lib/textus/write/intake_fetch.rb
 - lib/textus/write/materializer.rb
 - lib/textus/write/mv.rb
 - lib/textus/write/publish.rb
 - lib/textus/write/put.rb
-- lib/textus/write/refresh_all.rb
-- lib/textus/write/refresh_orchestrator.rb
-- lib/textus/write/refresh_worker.rb
 - lib/textus/write/reject.rb
 - lib/textus/write/retention_sweep.rb
 homepage: https://github.com/patrick204nqh/textus

data/lib/textus/cli/verb/refresh.rb

@@ -1,14 +0,0 @@
-module Textus
-  class CLI
-    class Verb
-      class Refresh < Verb
-        option :as_flag, "--as=ROLE"
-
-        def call(store)
-          key = positional.shift or raise UsageError.new("refresh requires a key")
-          emit(session_for(store).refresh(key).to_h_for_wire)
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/authorizer.rb

@@ -1,37 +0,0 @@
-# frozen_string_literal: true
-
-module Textus
-  module Domain
-    # Authorization service. Single source of truth for "given a manifest
-    # entry and a role, may this caller read/write?". Lives in Domain
-    # alongside Permission.
-    class Authorizer
-      def initialize(manifest:)
-        @manifest = manifest
-      end
-
-      def can_write?(zone, role:)
-        @manifest.policy.permission_for(zone.to_s).allows_write?(role)
-      end
-
-      def can_read?(zone, role:)
-        @manifest.policy.permission_for(zone.to_s).allows_read?(role)
-      end
-
-      def authorize_write!(mentry, role:)
-        return if can_write?(mentry.zone, role: role)
-
-        writers = @manifest.policy.zone_writers(mentry.zone)
-        raise WriteForbidden.new(mentry.key, mentry.zone, writers: writers)
-      end
-
-      def authorize_read!(mentry, role:)
-        return if can_read?(mentry.zone, role: role)
-
-        readers = @manifest.policy.zone_readers[mentry.zone]
-        readers = nil if readers == :all
-        raise ReadForbidden.new(mentry.key, mentry.zone, readers: readers)
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/predicates/accept_authority_signed.rb

@@ -1,33 +0,0 @@
-module Textus
-  module Domain
-    module Policy
-      module Predicates
-        # Promotion predicate: the role driving the promotion must have
-        # role_kind == :accept_authority in the active manifest.
-        #
-        # Accept/Reject already gate on this kind before reaching the
-        # promotion policy, so in the default control-flow this predicate
-        # trivially passes. It is kept so manifests can express the
-        # requirement explicitly in `rules[].promotion.requires`.
-        class AcceptAuthoritySigned
-          attr_reader :reason
-
-          def name
-            "accept_authority_signed"
-          end
-
-          def call(role:, manifest:, entry: nil) # rubocop:disable Lint/UnusedMethodArgument
-            role_str = role&.to_s
-            return true if role_str.nil? || role_str.empty?
-
-            kind = manifest.policy.role_kind(role_str)
-            return true if kind == :accept_authority
-
-            @reason = "role '#{role_str}' has kind '#{kind.inspect}', expected ':accept_authority'"
-            false
-          end
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/promote.rb

@@ -1,26 +0,0 @@
-module Textus
-  module Domain
-    module Policy
-      class Promote
-        KNOWN = %i[schema_valid accept_authority_signed].freeze
-        attr_reader :requires
-
-        def initialize(requires:)
-          syms = Array(requires).map { |r| r.to_s.to_sym }
-          unknown = syms - KNOWN
-          unless unknown.empty?
-            raise Textus::UsageError.new(
-              "unknown promote requirement: #{unknown.first.inspect} (known: #{KNOWN.join(", ")})",
-            )
-          end
-
-          @requires = syms
-        end
-
-        def demands?(req)
-          @requires.include?(req)
-        end
-      end
-    end
-  end
-end

data/lib/textus/domain/policy/promotion.rb

@@ -1,57 +0,0 @@
-require_relative "predicates/schema_valid"
-require_relative "predicates/accept_authority_signed"
-
-module Textus
-  module Domain
-    module Policy
-      class Promotion
-        Result = Struct.new(:ok?, :reasons, keyword_init: true)
-
-        REGISTRY = {
-          "schema_valid" => -> { Predicates::SchemaValid.new },
-          "accept_authority_signed" => -> { Predicates::AcceptAuthoritySigned.new },
-        }.freeze
-
-        def self.from_names(names)
-          predicates = Array(names).map do |n|
-            ctor = REGISTRY[n.to_s] or raise Textus::UsageError.new(
-              "unknown promotion predicate: '#{n}' (known: #{REGISTRY.keys.join(", ")})",
-            )
-            ctor.call
-          end
-          new(predicates: predicates)
-        end
-
-        attr_reader :predicates
-
-        def initialize(predicates:)
-          @predicates = predicates
-        end
-
-        def predicate_names
-          @predicates.map(&:name)
-        end
-
-        def evaluate(entry:, schemas:, manifest:, role:)
-          reasons = []
-          @predicates.each do |pred|
-            ok = invoke(pred, entry: entry, schemas: schemas, manifest: manifest, role: role)
-            reasons << "#{pred.name}: #{pred.reason || "predicate failed"}" unless ok
-          end
-          Result.new(ok?: reasons.empty?, reasons: reasons)
-        end
-
-        private
-
-        def invoke(pred, entry:, schemas:, manifest:, role:)
-          case pred.name
-          when "accept_authority_signed"
-            pred.call(role: role, manifest: manifest, entry: entry)
-          else
-            pred.call(entry: entry, schemas: schemas, manifest: manifest)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/textus/manifest/role_kinds.rb

@@ -1,21 +0,0 @@
-module Textus
-  class Manifest
-    module RoleKinds
-      DEFAULT_MAPPING = {
-        "human" => :accept_authority,
-        "agent" => :proposer,
-        "builder" => :generator,
-        "runner" => :runner,
-      }.freeze
-
-      # Returns { role_name => kind_symbol }. When `roles:` is declared we use
-      # exactly that; defaults are *not* layered in (declaring roles is an opt-in
-      # to a fully user-defined vocabulary).
-      def self.resolve(raw_roles)
-        return DEFAULT_MAPPING if raw_roles.nil?
-
-        raw_roles.to_h { |r| [r["name"], r["kind"].to_sym] }.freeze
-      end
-    end
-  end
-end

data/lib/textus/write/authority_gate.rb

@@ -1,24 +0,0 @@
-module Textus
-  module Write
-    # Shared gate for write verbs that require the caller to hold the
-    # manifest's accept_authority role. Provides one method, expressed
-    # as two early-returns rather than a ternary, so each failure mode
-    # reads on its own line.
-    module AuthorityGate
-      def assert_accept_authority!(verb)
-        return if @manifest.policy.role_kind(@call.role) == :accept_authority
-
-        authority = @manifest.policy.roles_with_kind(:accept_authority).first
-        if authority.nil?
-          raise ProposalError.new(
-            "no role with accept_authority kind is declared in this manifest; #{verb} is disabled",
-          )
-        end
-
-        raise ProposalError.new(
-          "only #{authority} role can #{verb} proposals; got '#{@call.role}'",
-        )
-      end
-    end
-  end
-end