Approval And Actor Context
Summary
Approvals are state changes made by an actor in a tenant context. The platform should preserve that context every time a human decision changes workflow state.
Problem
Without actor context, a later audit cannot distinguish a system transition from an operator decision, a service account action, or an administrator repair.
Principle
Every mutating workflow action should know the tenant, actor, and reason that authorized it.
Platform Shape
Auth and module-access services establish the authorization boundary. Workflow reviews and events provide the place to record decisions and transitions. API routes should adapt request context into service calls rather than burying authorization assumptions inside UI code or persistence helpers.
Source Evidence
docs/reference/auth.mdservices/authservices/workflow/reviewsservices/workflow/events
Related Reading
docs/engineering/reference/auth-and-module-access.mddocs/engineering/concepts/context-everywhere.md