@nodii/approval 0.0.1 → 0.1.4

package/dist/errors.js

@@ -0,0 +1,82 @@
+// Typed error hierarchy for @nodii/approval per spec § 5.14.
+//
+// Every error has a stable code (the class name) and a message. The
+// downstream gRPC interceptor / Hono error middleware map these to
+// stable wire codes.
+export class ApprovalError extends Error {
+    name = "ApprovalError";
+}
+export class ApprovalNotInitialized extends ApprovalError {
+    name = "ApprovalNotInitialized";
+    constructor() {
+        super("@nodii/approval not initialised. Call `initApproval({...})` before any " +
+            "library API. See spec § 5.1.");
+    }
+}
+export class UnknownApprovalKind extends ApprovalError {
+    name = "UnknownApprovalKind";
+    constructor(kind, registered) {
+        super(`Approval kind '${kind}' is not registered. Service has registered: [${registered.join(", ")}]. See 10-approval-doctrine § 3.`);
+    }
+}
+export class HandlerForUnregisteredKind extends ApprovalError {
+    name = "HandlerForUnregisteredKind";
+    constructor(kind, registered) {
+        super(`bindApprovalHandlers: kind '${kind}' is not registered via defineApprovalKinds. Registered kinds: [${registered.join(", ")}]`);
+    }
+}
+export class HandlerNotRegistered extends ApprovalError {
+    name = "HandlerNotRegistered";
+    constructor(kind) {
+        super(`No handler registered for kind '${kind}'. Call bindApprovalHandlers({...}) at boot.`);
+    }
+}
+export class IdempotencyKeyRequired extends ApprovalError {
+    name = "IdempotencyKeyRequired";
+    constructor() {
+        super("requestApproval requires idempotencyKey. The library refuses to compute or persist anything without one. See 10-approval-doctrine § 5 + idempotency.md § 5.9.");
+    }
+}
+export class ReservedServiceNameViolation extends ApprovalError {
+    name = "ReservedServiceNameViolation";
+    constructor(serviceName, reserved) {
+        super(`defineApprovalKinds: serviceName '${serviceName}' is in the reserved namespace set [${reserved.join(", ")}]. Pass { bypassReservedNamespaceCheck: true } only if you are nodii-tenant-service.`);
+    }
+}
+export class InvalidApprovalSegment extends ApprovalError {
+    which;
+    value;
+    name = "InvalidApprovalSegment";
+    constructor(which, value, msg) {
+        super(msg);
+        this.which = which;
+        this.value = value;
+    }
+}
+export class ApproverRoleNotInCatalog extends ApprovalError {
+    name = "ApproverRoleNotInCatalog";
+    constructor(approverRole, kindName, knownRoles) {
+        super(`Kind '${kindName}' references approverRole '${approverRole}', but it is not declared in the module's role-catalog (known: [${knownRoles.join(", ")}]). See role-catalog.md § 5.1.`);
+    }
+}
+export class TaskCreationFailed extends ApprovalError {
+    cause;
+    name = "TaskCreationFailed";
+    constructor(cause, msg) {
+        super(msg);
+        this.cause = cause;
+    }
+}
+export class DeferredActionNotFound extends ApprovalError {
+    name = "DeferredActionNotFound";
+    constructor(taskId) {
+        super(`No deferred-action row found for task_id '${taskId}'.`);
+    }
+}
+export class TenantPolicyKindUnknown extends ApprovalError {
+    name = "TenantPolicyKindUnknown";
+    constructor(kind) {
+        super(`Tenant policy row exists for kind '${kind}', but the kind is not registered in the running service. Falling through to kind defaults; the policy row is stale and should be cleaned up.`);
+    }
+}
+//# sourceMappingURL=errors.js.map

package/dist/errors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.js","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAAA,6DAA6D;AAC7D,EAAE;AACF,oEAAoE;AACpE,mEAAmE;AACnE,qBAAqB;AAErB,MAAM,OAAO,aAAc,SAAQ,KAAK;IACpB,IAAI,GAAW,eAAe,CAAC;CAClD;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,yEAAyE;YACvE,8BAA8B,CACjC,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,aAAa;IAClC,IAAI,GAAG,qBAAqB,CAAC;IAC/C,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,kBAAkB,IAAI,iDAAiD,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,kCAAkC,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,0BAA2B,SAAQ,aAAa;IACzC,IAAI,GAAG,4BAA4B,CAAC;IACtD,YAAY,IAAY,EAAE,UAA6B;QACrD,KAAK,CACH,+BAA+B,IAAI,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAC/H,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,oBAAqB,SAAQ,aAAa;IACnC,IAAI,GAAG,sBAAsB,CAAC;IAChD,YAAY,IAAY;QACtB,KAAK,CACH,mCAAmC,IAAI,8CAA8C,CACtF,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD;QACE,KAAK,CACH,+JAA+J,CAChK,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,4BAA6B,SAAQ,aAAa;IAC3C,IAAI,GAAG,8BAA8B,CAAC;IACxD,YAAY,WAAmB,EAAE,QAA2B;QAC1D,KAAK,CACH,qCAAqC,WAAW,uCAAuC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,sFAAsF,CACjM,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IAGrC;IACA;IAHA,IAAI,GAAG,wBAAwB,CAAC;IAClD,YACkB,KAA0B,EAC1B,KAAa,EAC7B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAJK,UAAK,GAAL,KAAK,CAAqB;QAC1B,UAAK,GAAL,KAAK,CAAQ;IAI/B,CAAC;CACF;AAED,MAAM,OAAO,wBAAyB,SAAQ,aAAa;IACvC,IAAI,GAAG,0BAA0B,CAAC;IACpD,YACE,YAAoB,EACpB,QAAgB,EAChB,UAA6B;QAE7B,KAAK,CACH,SAAS,QAAQ,8BAA8B,YAAY,mEAAmE,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,gCAAgC,CACpL,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,kBAAmB,SAAQ,aAAa;IAGjC;IAFA,IAAI,GAAG,oBAAoB,CAAC;IAC9C,YACkB,KAAc,EAC9B,GAAW;QAEX,KAAK,CAAC,GAAG,CAAC,CAAC;QAHK,UAAK,GAAL,KAAK,CAAS;IAIhC,CAAC;CACF;AAED,MAAM,OAAO,sBAAuB,SAAQ,aAAa;IACrC,IAAI,GAAG,wBAAwB,CAAC;IAClD,YAAY,MAAc;QACxB,KAAK,CAAC,6CAA6C,MAAM,IAAI,CAAC,CAAC;IACjE,CAAC;CACF;AAED,MAAM,OAAO,uBAAwB,SAAQ,aAAa;IACtC,IAAI,GAAG,yBAAyB,CAAC;IACnD,YAAY,IAAY;QACtB,KAAK,CACH,sCAAsC,IAAI,+IAA+I,CAC1L,CAAC;IACJ,CAAC;CACF"}

package/dist/handlers.d.ts

@@ -0,0 +1,7 @@
+import type { HandlerSet } from "./types";
+export interface BindApprovalHandlersOpts {
+    serviceName: string;
+    handlers: Record<string, HandlerSet>;
+}
+export declare function bindApprovalHandlers(opts: BindApprovalHandlersOpts): void;
+//# sourceMappingURL=handlers.d.ts.map

package/dist/handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAE1C,MAAM,WAAW,wBAAwB;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;CACtC;AAED,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,wBAAwB,GAAG,IAAI,CAkBzE"}

package/dist/handlers.js

@@ -0,0 +1,20 @@
+// bindApprovalHandlers — register `onApproved`/`onRejected`/`onExpired`
+// triples per kind. Per spec § 5.1 + § 5.14 (`HandlerForUnregisteredKind`).
+import { HandlerForUnregisteredKind } from "./errors";
+import { requireHandlers, requireKindRegistry } from "./init";
+export function bindApprovalHandlers(opts) {
+    const reg = requireKindRegistry();
+    const handlers = requireHandlers();
+    for (const [kind, set] of Object.entries(opts.handlers)) {
+        if (!reg.has(kind)) {
+            throw new HandlerForUnregisteredKind(kind, reg.keys());
+        }
+        if (typeof set.onApproved !== "function" ||
+            typeof set.onRejected !== "function" ||
+            typeof set.onExpired !== "function") {
+            throw new TypeError(`bindApprovalHandlers: kind '${kind}' must declare onApproved / onRejected / onExpired functions`);
+        }
+        handlers.set(kind, set);
+    }
+}
+//# sourceMappingURL=handlers.js.map

package/dist/handlers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"handlers.js","sourceRoot":"","sources":["../src/handlers.ts"],"names":[],"mappings":"AAAA,wEAAwE;AACxE,4EAA4E;AAE5E,OAAO,EAAE,0BAA0B,EAAE,MAAM,UAAU,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAQ9D,MAAM,UAAU,oBAAoB,CAAC,IAA8B;IACjE,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;IAClC,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;IACnC,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACxD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,0BAA0B,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;QACzD,CAAC;QACD,IACE,OAAO,GAAG,CAAC,UAAU,KAAK,UAAU;YACpC,OAAO,GAAG,CAAC,UAAU,KAAK,UAAU;YACpC,OAAO,GAAG,CAAC,SAAS,KAAK,UAAU,EACnC,CAAC;YACD,MAAM,IAAI,SAAS,CACjB,+BAA+B,IAAI,8DAA8D,CAClG,CAAC;QACJ,CAAC;QACD,QAAQ,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -1,2 +1,13 @@
-export declare const LIB_NAME: "approval";
-export declare const VERSION: "0.0.1";
+export declare const LIB_NAME = "approval";
+export declare const VERSION = "0.1.0";
+export { defineApprovalKinds, KindRegistry, type DefineApprovalKindsOpts, } from "./kinds";
+export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, registerKinds, _resetForTests, } from "./init";
+export { bindApprovalHandlers, type BindApprovalHandlersOpts, } from "./handlers";
+export { requestApproval } from "./request";
+export { startApprovalConsumer, stopApprovalConsumer, defaultQueueName, _resetConsumerForTests, type StartApprovalConsumerOpts, type ApprovalConsumerHandle, } from "./consumer";
+export { getApprovalMigrationSQL, splitStatements, type GetMigrationSQLOpts, } from "./migrations";
+export { TaskTrackingGrpcClient, TASK_SERVICE_DESCRIPTOR, type TaskTrackingGrpcClientOpts, } from "./task-tracking-client";
+export { ApprovalError, ApprovalNotInitialized, ApproverRoleNotInCatalog, DeferredActionNotFound, HandlerForUnregisteredKind, HandlerNotRegistered, IdempotencyKeyRequired, InvalidApprovalSegment, ReservedServiceNameViolation, TaskCreationFailed, TenantPolicyKindUnknown, UnknownApprovalKind, } from "./errors";
+export type { ApprovalKindDef, ApprovalKindDefInput, ApprovalPolicyRow, ApproverKind, CreateTaskRequest, CreateTaskResponse, DbRlsLike, DeferredActionRow, DefinedKindMap, HandlerContext, HandlerSet, InitApprovalConfig, MembershipRolesLookup, RequestApprovalOpts, RequestApprovalResult, RequestApprovalResultStatus, ResolvedApprovalConfig, ResolvedPolicy, TaskCompletedEvent, TaskServiceClient, } from "./types";
+export { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, DEFAULT_IDEMPOTENCY_TTL_SECONDS, RESERVED_SERVICE_NAMES, } from "./types";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,QAAQ,aAAa,CAAC;AACnC,eAAO,MAAM,OAAO,UAAU,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,KAAK,uBAAuB,GAC7B,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,oBAAoB,EACpB,KAAK,wBAAwB,GAC9B,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,EACtB,KAAK,yBAAyB,EAC9B,KAAK,sBAAsB,GAC5B,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,uBAAuB,EACvB,eAAe,EACf,KAAK,mBAAmB,GACzB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,EACvB,KAAK,0BAA0B,GAChC,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAElB,YAAY,EACV,eAAe,EACf,oBAAoB,EACpB,iBAAiB,EACjB,YAAY,EACZ,iBAAiB,EACjB,kBAAkB,EAClB,SAAS,EACT,iBAAiB,EACjB,cAAc,EACd,cAAc,EACd,UAAU,EACV,kBAAkB,EAClB,qBAAqB,EACrB,mBAAmB,EACnB,qBAAqB,EACrB,2BAA2B,EAC3B,sBAAsB,EACtB,cAAc,EACd,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,EACtB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -1,2 +1,16 @@
+// @nodii/approval — v0.1.0 public barrel.
+//
+// Spec: planning hub feature_doc serviceId=nodii-libs docKey=approval.
+// Polyglot ship: TS + Python + Go in parity. This is the TypeScript impl.
 export const LIB_NAME = "approval";
-export const VERSION = "0.0.1";
+export const VERSION = "0.1.0";
+export { defineApprovalKinds, KindRegistry, } from "./kinds";
+export { initApproval, requireApproval, getApprovalOrNull, requireKindRegistry, requireHandlers, registerKinds, _resetForTests, } from "./init";
+export { bindApprovalHandlers, } from "./handlers";
+export { requestApproval } from "./request";
+export { startApprovalConsumer, stopApprovalConsumer, defaultQueueName, _resetConsumerForTests, } from "./consumer";
+export { getApprovalMigrationSQL, splitStatements, } from "./migrations";
+export { TaskTrackingGrpcClient, TASK_SERVICE_DESCRIPTOR, } from "./task-tracking-client";
+export { ApprovalError, ApprovalNotInitialized, ApproverRoleNotInCatalog, DeferredActionNotFound, HandlerForUnregisteredKind, HandlerNotRegistered, IdempotencyKeyRequired, InvalidApprovalSegment, ReservedServiceNameViolation, TaskCreationFailed, TenantPolicyKindUnknown, UnknownApprovalKind, } from "./errors";
+export { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, DEFAULT_IDEMPOTENCY_TTL_SECONDS, RESERVED_SERVICE_NAMES, } from "./types";
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAE1E,MAAM,CAAC,MAAM,QAAQ,GAAG,UAAU,CAAC;AACnC,MAAM,CAAC,MAAM,OAAO,GAAG,OAAO,CAAC;AAE/B,OAAO,EACL,mBAAmB,EACnB,YAAY,GAEb,MAAM,SAAS,CAAC;AAEjB,OAAO,EACL,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,mBAAmB,EACnB,eAAe,EACf,aAAa,EACb,cAAc,GACf,MAAM,QAAQ,CAAC;AAEhB,OAAO,EACL,oBAAoB,GAErB,MAAM,YAAY,CAAC;AAEpB,OAAO,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EACL,qBAAqB,EACrB,oBAAoB,EACpB,gBAAgB,EAChB,sBAAsB,GAGvB,MAAM,YAAY,CAAC;AAEpB,OAAO,EACL,uBAAuB,EACvB,eAAe,GAEhB,MAAM,cAAc,CAAC;AAEtB,OAAO,EACL,sBAAsB,EACtB,uBAAuB,GAExB,MAAM,wBAAwB,CAAC;AAEhC,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,wBAAwB,EACxB,sBAAsB,EACtB,0BAA0B,EAC1B,oBAAoB,EACpB,sBAAsB,EACtB,sBAAsB,EACtB,4BAA4B,EAC5B,kBAAkB,EAClB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,UAAU,CAAC;AAyBlB,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,EACtB,+BAA+B,EAC/B,sBAAsB,GACvB,MAAM,SAAS,CAAC"}

package/dist/init.d.ts

@@ -0,0 +1,21 @@
+import { KindRegistry } from "./kinds";
+import type { ApprovalKindDef, HandlerSet, InitApprovalConfig, ResolvedApprovalConfig } from "./types";
+/**
+ * Initialise the approval library. Idempotent within a process — subsequent
+ * calls warn + no-op. Pass `kinds` so the library can cross-check approver
+ * roles against the role-catalog at boot (spec § 5.3).
+ */
+export declare function initApproval(cfg: InitApprovalConfig): void;
+export declare function requireApproval(): ResolvedApprovalConfig;
+export declare function getApprovalOrNull(): ResolvedApprovalConfig | null;
+export declare function requireKindRegistry(): KindRegistry;
+export declare function requireHandlers(): Map<string, HandlerSet>;
+/**
+ * Register a kind map produced by `defineApprovalKinds`. Cross-checks every
+ * kind's `approverRole` against the registered `knownRoles` set (spec § 5.3,
+ * "Approver-role cross-check at boot").
+ */
+export declare function registerKinds(defs: Record<string, ApprovalKindDef>): void;
+/** Test-only reset. Exposed via the public barrel for synthetic consumers. */
+export declare function _resetForTests(): void;
+//# sourceMappingURL=init.d.ts.map

package/dist/init.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.d.ts","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAcA,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAEvC,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,kBAAkB,EAClB,sBAAsB,EACvB,MAAM,SAAS,CAAC;AA2BjB;;;;GAIG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,kBAAkB,GAAG,IAAI,CAsE1D;AAED,wBAAgB,eAAe,IAAI,sBAAsB,CAGxD;AAED,wBAAgB,iBAAiB,IAAI,sBAAsB,GAAG,IAAI,CAEjE;AAED,wBAAgB,mBAAmB,IAAI,YAAY,CAGlD;AAED,wBAAgB,eAAe,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,CAAC,CAGzD;AAED;;;;GAIG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,IAAI,CAezE;AAED,8EAA8E;AAC9E,wBAAgB,cAAc,IAAI,IAAI,CAIrC"}

package/dist/init.js

@@ -0,0 +1,139 @@
+// Process-global init for @nodii/approval per spec § 5.1.
+//
+// `initApproval({...})` resolves the config + registers the kind registry
+// + handler registry. Calling twice in the same process is an error.
+//
+// Production-default wiring:
+//   - pgPool (or db-rls) — REAL postgres pool / @nodii/db-rls instance
+//   - redis — REAL ioredis client
+//   - taskServiceClient — REAL grpc-js client constructed from taskServiceUrl,
+//     OR caller-supplied (test wiring)
+//
+// No Noop default. No InMemory default. Per R1.
+import { ApprovalNotInitialized, ApproverRoleNotInCatalog } from "./errors";
+import { KindRegistry } from "./kinds";
+import { validateServiceName } from "./validation";
+import { DEFAULT_CONSUMER_LEASE_SECONDS, DEFAULT_CONSUMER_MAX_RETRIES, DEFAULT_EXPIRY_SECONDS, } from "./types";
+import { TaskTrackingGrpcClient } from "./task-tracking-client";
+let RESOLVED = null;
+let REGISTRY = null;
+let HANDLERS = null;
+const CONSOLE_LOGGER = {
+    info(msg, fields) {
+        // biome-ignore lint/suspicious/noConsole: default logger
+        console.info(`[@nodii/approval] ${msg}`, fields ?? {});
+    },
+    warn(msg, fields) {
+        // biome-ignore lint/suspicious/noConsole: default logger
+        console.warn(`[@nodii/approval] ${msg}`, fields ?? {});
+    },
+    error(msg, fields) {
+        // biome-ignore lint/suspicious/noConsole: default logger
+        console.error(`[@nodii/approval] ${msg}`, fields ?? {});
+    },
+};
+/**
+ * Initialise the approval library. Idempotent within a process — subsequent
+ * calls warn + no-op. Pass `kinds` so the library can cross-check approver
+ * roles against the role-catalog at boot (spec § 5.3).
+ */
+export function initApproval(cfg) {
+    if (RESOLVED) {
+        CONSOLE_LOGGER.warn("initApproval() called more than once; ignoring subsequent call.");
+        return;
+    }
+    if (!cfg.serviceName || cfg.serviceName.trim() === "") {
+        throw new TypeError("initApproval: serviceName is required");
+    }
+    // serviceName is interpolated unquoted into Postgres identifiers
+    // throughout the lib (`<service>_deferred_actions` etc.) — re-validate
+    // here (defineApprovalKinds + getApprovalMigrationSQL also validate;
+    // initApproval was the gap).
+    validateServiceName(cfg.serviceName);
+    if (!cfg.redis) {
+        throw new TypeError("initApproval: redis is required");
+    }
+    if (!cfg.pgPool && !cfg.dbRls) {
+        throw new TypeError("initApproval: either pgPool or dbRls must be provided");
+    }
+    if (!cfg.taskServiceClient &&
+        (!cfg.taskServiceUrl || cfg.taskServiceUrl.trim() === "")) {
+        throw new TypeError("initApproval: either taskServiceUrl (real grpc) or taskServiceClient (test override) must be provided");
+    }
+    if (!cfg.membershipRolesLookup) {
+        throw new TypeError("initApproval: membershipRolesLookup is required (used for self-action exception evaluation)");
+    }
+    const pgPool = cfg.dbRls ? cfg.dbRls.pool : cfg.pgPool;
+    if (!pgPool)
+        throw new TypeError("initApproval: pgPool resolution failed");
+    const taskServiceClient = cfg.taskServiceClient
+        ? cfg.taskServiceClient
+        : new TaskTrackingGrpcClient({
+            url: cfg.taskServiceUrl,
+            sourceModule: cfg.serviceName,
+            // Production wiring — adopters layer grpc-auth S2S envelope +
+            // TLS credentials + deadline via taskClientOptions per § 5.7.
+            interceptors: cfg.taskClientOptions?.interceptors
+                ? Array.from(cfg.taskClientOptions.interceptors)
+                : undefined,
+            credentials: cfg.taskClientOptions?.credentials,
+            deadlineMs: cfg.taskClientOptions?.deadlineMs,
+        });
+    RESOLVED = {
+        serviceName: cfg.serviceName,
+        pgPool,
+        dbRls: cfg.dbRls,
+        redis: cfg.redis,
+        taskServiceClient,
+        membershipRolesLookup: cfg.membershipRolesLookup,
+        defaultExpirySeconds: cfg.defaultExpirySeconds ?? DEFAULT_EXPIRY_SECONDS,
+        consumerLeaseSeconds: cfg.consumerLeaseSeconds ?? DEFAULT_CONSUMER_LEASE_SECONDS,
+        consumerMaxRetries: cfg.consumerMaxRetries ?? DEFAULT_CONSUMER_MAX_RETRIES,
+        knownRoles: new Set(cfg.knownRoles ?? []),
+        logger: cfg.logger ?? CONSOLE_LOGGER,
+    };
+    REGISTRY = new KindRegistry(cfg.serviceName);
+    HANDLERS = new Map();
+}
+export function requireApproval() {
+    if (!RESOLVED)
+        throw new ApprovalNotInitialized();
+    return RESOLVED;
+}
+export function getApprovalOrNull() {
+    return RESOLVED;
+}
+export function requireKindRegistry() {
+    if (!REGISTRY)
+        throw new ApprovalNotInitialized();
+    return REGISTRY;
+}
+export function requireHandlers() {
+    if (!HANDLERS)
+        throw new ApprovalNotInitialized();
+    return HANDLERS;
+}
+/**
+ * Register a kind map produced by `defineApprovalKinds`. Cross-checks every
+ * kind's `approverRole` against the registered `knownRoles` set (spec § 5.3,
+ * "Approver-role cross-check at boot").
+ */
+export function registerKinds(defs) {
+    const cfg = requireApproval();
+    const reg = requireKindRegistry();
+    if (cfg.knownRoles.size > 0) {
+        for (const [name, def] of Object.entries(defs)) {
+            if (!cfg.knownRoles.has(def.approverRole)) {
+                throw new ApproverRoleNotInCatalog(def.approverRole, name, Array.from(cfg.knownRoles));
+            }
+        }
+    }
+    reg.register(defs);
+}
+/** Test-only reset. Exposed via the public barrel for synthetic consumers. */
+export function _resetForTests() {
+    RESOLVED = null;
+    REGISTRY = null;
+    HANDLERS = null;
+}
+//# sourceMappingURL=init.js.map

package/dist/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,EAAE;AACF,0EAA0E;AAC1E,qEAAqE;AACrE,EAAE;AACF,6BAA6B;AAC7B,uEAAuE;AACvE,kCAAkC;AAClC,+EAA+E;AAC/E,uCAAuC;AACvC,EAAE;AACF,gDAAgD;AAEhD,OAAO,EAAE,sBAAsB,EAAE,wBAAwB,EAAE,MAAM,UAAU,CAAC;AAC5E,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAOnD,OAAO,EACL,8BAA8B,EAC9B,4BAA4B,EAC5B,sBAAsB,GACvB,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,sBAAsB,EAAE,MAAM,wBAAwB,CAAC;AAEhE,IAAI,QAAQ,GAAkC,IAAI,CAAC;AACnD,IAAI,QAAQ,GAAwB,IAAI,CAAC;AACzC,IAAI,QAAQ,GAAmC,IAAI,CAAC;AAEpD,MAAM,cAAc,GAAG;IACrB,IAAI,CAAC,GAAW,EAAE,MAAgC;QAChD,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,GAAW,EAAE,MAAgC;QAChD,yDAAyD;QACzD,OAAO,CAAC,IAAI,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,KAAK,CAAC,GAAW,EAAE,MAAgC;QACjD,yDAAyD;QACzD,OAAO,CAAC,KAAK,CAAC,qBAAqB,GAAG,EAAE,EAAE,MAAM,IAAI,EAAE,CAAC,CAAC;IAC1D,CAAC;CACF,CAAC;AAEF;;;;GAIG;AACH,MAAM,UAAU,YAAY,CAAC,GAAuB;IAClD,IAAI,QAAQ,EAAE,CAAC;QACb,cAAc,CAAC,IAAI,CACjB,iEAAiE,CAClE,CAAC;QACF,OAAO;IACT,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;QACtD,MAAM,IAAI,SAAS,CAAC,uCAAuC,CAAC,CAAC;IAC/D,CAAC;IACD,iEAAiE;IACjE,uEAAuE;IACvE,qEAAqE;IACrE,6BAA6B;IAC7B,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IACrC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,SAAS,CAAC,iCAAiC,CAAC,CAAC;IACzD,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,CAAC;QAC9B,MAAM,IAAI,SAAS,CACjB,uDAAuD,CACxD,CAAC;IACJ,CAAC;IACD,IACE,CAAC,GAAG,CAAC,iBAAiB;QACtB,CAAC,CAAC,GAAG,CAAC,cAAc,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,EACzD,CAAC;QACD,MAAM,IAAI,SAAS,CACjB,uGAAuG,CACxG,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAAC;QAC/B,MAAM,IAAI,SAAS,CACjB,6FAA6F,CAC9F,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC;IACvD,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,SAAS,CAAC,wCAAwC,CAAC,CAAC;IAE3E,MAAM,iBAAiB,GAAG,GAAG,CAAC,iBAAiB;QAC7C,CAAC,CAAC,GAAG,CAAC,iBAAiB;QACvB,CAAC,CAAC,IAAI,sBAAsB,CAAC;YACzB,GAAG,EAAE,GAAG,CAAC,cAAwB;YACjC,YAAY,EAAE,GAAG,CAAC,WAAW;YAC7B,8DAA8D;YAC9D,8DAA8D;YAC9D,YAAY,EAAE,GAAG,CAAC,iBAAiB,EAAE,YAAY;gBAC/C,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,iBAAiB,CAAC,YAAY,CAAC;gBAChD,CAAC,CAAC,SAAS;YACb,WAAW,EAAE,GAAG,CAAC,iBAAiB,EAAE,WAAW;YAC/C,UAAU,EAAE,GAAG,CAAC,iBAAiB,EAAE,UAAU;SAC9C,CAAC,CAAC;IAEP,QAAQ,GAAG;QACT,WAAW,EAAE,GAAG,CAAC,WAAW;QAC5B,MAAM;QACN,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,KAAK,EAAE,GAAG,CAAC,KAAK;QAChB,iBAAiB;QACjB,qBAAqB,EAAE,GAAG,CAAC,qBAAqB;QAChD,oBAAoB,EAAE,GAAG,CAAC,oBAAoB,IAAI,sBAAsB;QACxE,oBAAoB,EAClB,GAAG,CAAC,oBAAoB,IAAI,8BAA8B;QAC5D,kBAAkB,EAAE,GAAG,CAAC,kBAAkB,IAAI,4BAA4B;QAC1E,UAAU,EAAE,IAAI,GAAG,CAAC,GAAG,CAAC,UAAU,IAAI,EAAE,CAAC;QACzC,MAAM,EAAE,GAAG,CAAC,MAAM,IAAI,cAAc;KACrC,CAAC;IACF,QAAQ,GAAG,IAAI,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC7C,QAAQ,GAAG,IAAI,GAAG,EAAE,CAAC;AACvB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,UAAU,eAAe;IAC7B,IAAI,CAAC,QAAQ;QAAE,MAAM,IAAI,sBAAsB,EAAE,CAAC;IAClD,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAC,IAAqC;IACjE,MAAM,GAAG,GAAG,eAAe,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAG,mBAAmB,EAAE,CAAC;IAClC,IAAI,GAAG,CAAC,UAAU,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;QAC5B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC1C,MAAM,IAAI,wBAAwB,CAChC,GAAG,CAAC,YAAY,EAChB,IAAI,EACJ,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,CAC3B,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IACD,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AACrB,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,cAAc;IAC5B,QAAQ,GAAG,IAAI,CAAC;IAChB,QAAQ,GAAG,IAAI,CAAC;IAChB,QAAQ,GAAG,IAAI,CAAC;AAClB,CAAC"}

package/dist/kinds.d.ts

@@ -0,0 +1,20 @@
+import type { ApprovalKindDef, ApprovalKindDefInput, DefinedKindMap } from "./types";
+export interface DefineApprovalKindsOpts {
+    /** Only used by nodii-tenant-service for `platform_ops.*` kinds. */
+    bypassReservedNamespaceCheck?: boolean;
+}
+export declare function defineApprovalKinds<S extends string, const T extends Record<string, ApprovalKindDefInput>>(serviceName: S, defs: T, opts?: DefineApprovalKindsOpts): DefinedKindMap<S, T>;
+/** Process-local registry of all kinds for the running service. */
+export declare class KindRegistry {
+    readonly serviceName: string;
+    private readonly map;
+    constructor(serviceName: string);
+    /** Register a previously-defined kind map. */
+    register(defs: Record<string, ApprovalKindDef>): void;
+    get(kind: string): ApprovalKindDef | undefined;
+    has(kind: string): boolean;
+    keys(): readonly string[];
+    values(): readonly ApprovalKindDef[];
+    size(): number;
+}
+//# sourceMappingURL=kinds.d.ts.map

package/dist/kinds.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"kinds.d.ts","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,cAAc,EACf,MAAM,SAAS,CAAC;AAGjB,MAAM,WAAW,uBAAuB;IACtC,oEAAoE;IACpE,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC;AAED,wBAAgB,mBAAmB,CACjC,CAAC,SAAS,MAAM,EAChB,KAAK,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,oBAAoB,CAAC,EAEpD,WAAW,EAAE,CAAC,EACd,IAAI,EAAE,CAAC,EACP,IAAI,GAAE,uBAA4B,GACjC,cAAc,CAAC,CAAC,EAAE,CAAC,CAAC,CAmCtB;AAED,mEAAmE;AACnE,qBAAa,YAAY;IACvB,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAsC;gBAE9C,WAAW,EAAE,MAAM;IAI/B,8CAA8C;IAC9C,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,IAAI;IAWrD,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS;IAI9C,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO;IAI1B,IAAI,IAAI,SAAS,MAAM,EAAE;IAIzB,MAAM,IAAI,SAAS,eAAe,EAAE;IAIpC,IAAI,IAAI,MAAM;CAGf"}

package/dist/kinds.js

@@ -0,0 +1,72 @@
+// defineApprovalKinds — type-safe kind registry per spec § 5.3.
+//
+// Compile-time: TypeScript template literal types narrow `kind` to the
+// exact string `${service}.${resource}.${verb}`.
+// Runtime: validates serviceName + resource + verb segments via
+// `validation.ts`. Rejects reserved namespaces unless explicitly bypassed.
+import { validatePermissionSegment, validateServiceName } from "./validation";
+export function defineApprovalKinds(serviceName, defs, opts = {}) {
+    validateServiceName(serviceName, opts);
+    const out = {};
+    const seen = new Set();
+    for (const [name, raw] of Object.entries(defs)) {
+        if (raw === null || typeof raw !== "object") {
+            throw new TypeError(`defineApprovalKinds: entry '${name}' must be an object, got ${typeof raw}`);
+        }
+        const def = raw;
+        validatePermissionSegment(def.resource, "resource");
+        validatePermissionSegment(def.verb, "verb");
+        const shortKind = `${def.resource}.${def.verb}`;
+        const kind = `${serviceName}.${shortKind}`;
+        if (seen.has(kind)) {
+            throw new TypeError(`defineApprovalKinds: duplicate kind '${kind}' in service '${serviceName}'`);
+        }
+        seen.add(kind);
+        out[name] = {
+            shortKind,
+            kind,
+            resource: def.resource,
+            verb: def.verb,
+            description: def.description ?? "",
+            approverRole: def.approverRole,
+            optInDefault: def.optInDefault ?? true,
+            selfActionAllowed: def.selfActionAllowed ?? false,
+            expirySeconds: def.expirySeconds,
+            actionButtonLabel: def.actionButtonLabel,
+        };
+    }
+    return out;
+}
+/** Process-local registry of all kinds for the running service. */
+export class KindRegistry {
+    serviceName;
+    map = new Map();
+    constructor(serviceName) {
+        this.serviceName = serviceName;
+    }
+    /** Register a previously-defined kind map. */
+    register(defs) {
+        for (const def of Object.values(defs)) {
+            if (this.map.has(def.kind)) {
+                throw new TypeError(`KindRegistry: kind '${def.kind}' already registered`);
+            }
+            this.map.set(def.kind, def);
+        }
+    }
+    get(kind) {
+        return this.map.get(kind);
+    }
+    has(kind) {
+        return this.map.has(kind);
+    }
+    keys() {
+        return Array.from(this.map.keys());
+    }
+    values() {
+        return Array.from(this.map.values());
+    }
+    size() {
+        return this.map.size;
+    }
+}
+//# sourceMappingURL=kinds.js.map

package/dist/kinds.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kinds.js","sourceRoot":"","sources":["../src/kinds.ts"],"names":[],"mappings":"AAAA,gEAAgE;AAChE,EAAE;AACF,uEAAuE;AACvE,iDAAiD;AACjD,gEAAgE;AAChE,2EAA2E;AAO3E,OAAO,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAO9E,MAAM,UAAU,mBAAmB,CAIjC,WAAc,EACd,IAAO,EACP,OAAgC,EAAE;IAElC,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,GAAG,GAAoC,EAAE,CAAC;IAChD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAC;IAC/B,KAAK,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;YAC5C,MAAM,IAAI,SAAS,CACjB,+BAA+B,IAAI,4BAA4B,OAAO,GAAG,EAAE,CAC5E,CAAC;QACJ,CAAC;QACD,MAAM,GAAG,GAAG,GAAG,CAAC;QAChB,yBAAyB,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;QACpD,yBAAyB,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;QAChD,MAAM,IAAI,GAAG,GAAG,WAAW,IAAI,SAAS,EAAE,CAAC;QAC3C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,SAAS,CACjB,wCAAwC,IAAI,iBAAiB,WAAW,GAAG,CAC5E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACf,GAAG,CAAC,IAAI,CAAC,GAAG;YACV,SAAS;YACT,IAAI;YACJ,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,WAAW,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE;YAClC,YAAY,EAAE,GAAG,CAAC,YAAY;YAC9B,YAAY,EAAE,GAAG,CAAC,YAAY,IAAI,IAAI;YACtC,iBAAiB,EAAE,GAAG,CAAC,iBAAiB,IAAI,KAAK;YACjD,aAAa,EAAE,GAAG,CAAC,aAAa;YAChC,iBAAiB,EAAE,GAAG,CAAC,iBAAiB;SACzC,CAAC;IACJ,CAAC;IACD,OAAO,GAA2B,CAAC;AACrC,CAAC;AAED,mEAAmE;AACnE,MAAM,OAAO,YAAY;IACd,WAAW,CAAS;IACZ,GAAG,GAAG,IAAI,GAAG,EAA2B,CAAC;IAE1D,YAAY,WAAmB;QAC7B,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED,8CAA8C;IAC9C,QAAQ,CAAC,IAAqC;QAC5C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACtC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,IAAI,SAAS,CACjB,uBAAuB,GAAG,CAAC,IAAI,sBAAsB,CACtD,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9B,CAAC;IACH,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,GAAG,CAAC,IAAY;QACd,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAED,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACrC,CAAC;IAED,MAAM;QACJ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACvC,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACvB,CAAC;CACF"}

package/dist/migrations.d.ts

@@ -0,0 +1,27 @@
+export interface GetMigrationSQLOpts {
+    /** Default false — set true if the adopting service is in the reserved
+     *  namespace (e.g. nodii-tenant-service for `platform` kinds). */
+    bypassReservedNamespaceCheck?: boolean;
+}
+/**
+ * Return the SQL string ready to apply against the adopting service's
+ * postgres. Substitutes every `__SERVICE__` occurrence with `serviceName`.
+ *
+ * The returned string contains all three statements (policies table,
+ * deferred-actions table, consumed_events table) concatenated; callers
+ * either run them as one batch or split on `;` if their pg client
+ * requires per-statement execution.
+ */
+export declare function getApprovalMigrationSQL(serviceName: string, opts?: GetMigrationSQLOpts): string;
+/** Convenience: split a SQL blob into per-statement executions, skipping
+ *  comment-only lines + empty statements.
+ *
+ *  CONSTRAINT: this splitter is intentionally naive — `/;\s*(?:\n|$)/`
+ *  cuts at every top-level semicolon. It will mis-cut SQL containing
+ *  embedded semicolons inside string literals or `DO $$ ... ; ... $$`
+ *  blocks. The 001/002 migrations shipped today have neither, so it's
+ *  safe. If a future migration grows DO/FUNCTION bodies, replace this
+ *  with a real SQL tokenizer (e.g. pg-query-emscripten) — do NOT just
+ *  bolt on more regex. */
+export declare function splitStatements(sql: string): string[];
+//# sourceMappingURL=migrations.d.ts.map

package/dist/migrations.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrations.d.ts","sourceRoot":"","sources":["../src/migrations.ts"],"names":[],"mappings":"AAoCA,MAAM,WAAW,mBAAmB;IAClC;sEACkE;IAClE,4BAA4B,CAAC,EAAE,OAAO,CAAC;CACxC;AAED;;;;;;;;GAQG;AACH,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,MAAM,EACnB,IAAI,GAAE,mBAAwB,GAC7B,MAAM,CAKR;AAED;;;;;;;;;0BAS0B;AAC1B,wBAAgB,eAAe,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,EAAE,CAWrD"}

package/dist/migrations.js

@@ -0,0 +1,67 @@
+// Per-service migration SQL emit helper per spec § 5.12.
+//
+// `getApprovalMigrationSQL("billing")` → returns the SQL ready to apply
+// against a `billing` service's postgres (i.e. with `__SERVICE__`
+// substituted). Adopting services run this output through their normal
+// migration tooling (postgres.js raw exec, sqlc, alembic, etc.).
+import { readFileSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { validateServiceName } from "./validation";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/** Resolve a migration file from the published package layout.
+ *
+ *  Published consumers receive both `dist/` (compiled JS+d.ts) and the
+ *  source SQL files at `src/migrations/*.sql` per `package.json#files`.
+ *  At runtime in `node_modules/@nodii/approval/dist/migrations.js`,
+ *  `__dirname` is `dist/`, so we resolve to `../src/migrations/<file>`.
+ *  In source-mode (running directly via bun from `src/migrations.ts`),
+ *  `__dirname` IS the src directory, so we resolve to `migrations/<file>`. */
+function loadMigrationFile(filename) {
+    // Source-mode path: src/migrations/ relative to src/migrations.ts.
+    const srcPath = join(__dirname, "migrations", filename);
+    // Published-package path: dist/migrations.js → ../src/migrations/.
+    const publishedSrcPath = join(__dirname, "..", "src", "migrations", filename);
+    try {
+        return readFileSync(srcPath, "utf8");
+    }
+    catch {
+        return readFileSync(publishedSrcPath, "utf8");
+    }
+}
+/**
+ * Return the SQL string ready to apply against the adopting service's
+ * postgres. Substitutes every `__SERVICE__` occurrence with `serviceName`.
+ *
+ * The returned string contains all three statements (policies table,
+ * deferred-actions table, consumed_events table) concatenated; callers
+ * either run them as one batch or split on `;` if their pg client
+ * requires per-statement execution.
+ */
+export function getApprovalMigrationSQL(serviceName, opts = {}) {
+    validateServiceName(serviceName, opts);
+    const a = loadMigrationFile("001-approval-policies.sql");
+    const b = loadMigrationFile("002-deferred-actions.sql");
+    return [a, b].map((s) => s.replaceAll("__SERVICE__", serviceName)).join("\n");
+}
+/** Convenience: split a SQL blob into per-statement executions, skipping
+ *  comment-only lines + empty statements.
+ *
+ *  CONSTRAINT: this splitter is intentionally naive — `/;\s*(?:\n|$)/`
+ *  cuts at every top-level semicolon. It will mis-cut SQL containing
+ *  embedded semicolons inside string literals or `DO $$ ... ; ... $$`
+ *  blocks. The 001/002 migrations shipped today have neither, so it's
+ *  safe. If a future migration grows DO/FUNCTION bodies, replace this
+ *  with a real SQL tokenizer (e.g. pg-query-emscripten) — do NOT just
+ *  bolt on more regex. */
+export function splitStatements(sql) {
+    return sql
+        .split(/;\s*(?:\n|$)/)
+        .map((s) => s.trim())
+        .filter((s) => s.length > 0 &&
+        !s
+            .split("\n")
+            .every((l) => l.trim().startsWith("--") || l.trim() === ""));
+}
+//# sourceMappingURL=migrations.js.map

package/dist/migrations.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"migrations.js","sourceRoot":"","sources":["../src/migrations.ts"],"names":[],"mappings":"AAAA,yDAAyD;AACzD,EAAE;AACF,wEAAwE;AACxE,kEAAkE;AAClE,uEAAuE;AACvE,iEAAiE;AAEjE,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACvC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAEnD,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC;;;;;;;8EAO8E;AAC9E,SAAS,iBAAiB,CAAC,QAAgB;IACzC,mEAAmE;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IACxD,mEAAmE;IACnE,MAAM,gBAAgB,GAAG,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC9E,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;AACH,CAAC;AAQD;;;;;;;;GAQG;AACH,MAAM,UAAU,uBAAuB,CACrC,WAAmB,EACnB,OAA4B,EAAE;IAE9B,mBAAmB,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,iBAAiB,CAAC,2BAA2B,CAAC,CAAC;IACzD,MAAM,CAAC,GAAG,iBAAiB,CAAC,0BAA0B,CAAC,CAAC;IACxD,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAChF,CAAC;AAED;;;;;;;;;0BAS0B;AAC1B,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,OAAO,GAAG;SACP,KAAK,CAAC,cAAc,CAAC;SACrB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CACL,CAAC,CAAC,EAAE,EAAE,CACJ,CAAC,CAAC,MAAM,GAAG,CAAC;QACZ,CAAC,CAAC;aACC,KAAK,CAAC,IAAI,CAAC;aACX,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAChE,CAAC;AACN,CAAC"}

package/dist/policies.d.ts

@@ -0,0 +1,21 @@
+import type { ApprovalKindDef, ApprovalPolicyRow, ResolvedApprovalConfig, ResolvedPolicy, SqlExecutor } from "./types";
+export declare function findPolicy(cfg: ResolvedApprovalConfig, pg: SqlExecutor, tenantId: string, kind: string): Promise<ApprovalPolicyRow | null>;
+/**
+ * Resolve the effective policy for a (tenant, kind) — uses the tenant row
+ * if present, otherwise falls through to kind defaults.
+ *
+ * Returns `{enabled: false, fallthrough: true}` when no row exists AND
+ * the kind's `optInDefault` is false (the spec § 5.10 opt-in-disabled
+ * short-circuit case).
+ */
+export declare function resolvePolicy(cfg: ResolvedApprovalConfig, pg: SqlExecutor, tenantId: string, kindDef: ApprovalKindDef): Promise<ResolvedPolicy>;
+/** Upsert a policy row. Used by the per-service policy gRPC service. */
+export declare function upsertPolicy(cfg: ResolvedApprovalConfig, pg: SqlExecutor, args: {
+    tenantId: string;
+    kind: string;
+    enabled: boolean;
+    approverRole: string;
+    thresholdParams: Record<string, unknown> | null;
+    expirySeconds: number | null;
+}): Promise<void>;
+//# sourceMappingURL=policies.d.ts.map

package/dist/policies.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"policies.d.ts","sourceRoot":"","sources":["../src/policies.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,cAAc,EACd,WAAW,EACZ,MAAM,SAAS,CAAC;AAMjB,wBAAsB,UAAU,CAC9B,GAAG,EAAE,sBAAsB,EAC3B,EAAE,EAAE,WAAW,EACf,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC,CAmBnC;AAED;;;;;;;GAOG;AACH,wBAAsB,aAAa,CACjC,GAAG,EAAE,sBAAsB,EAC3B,EAAE,EAAE,WAAW,EACf,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,eAAe,GACvB,OAAO,CAAC,cAAc,CAAC,CA4BzB;AAED,wEAAwE;AACxE,wBAAsB,YAAY,CAChC,GAAG,EAAE,sBAAsB,EAC3B,EAAE,EAAE,WAAW,EACf,IAAI,EAAE;IACJ,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAChD,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,GACA,OAAO,CAAC,IAAI,CAAC,CAuBf"}