Approval And Actor Context

Summary

Approvals are state changes made by an actor in a tenant context. The platform should preserve that context every time a human decision changes workflow state.

Problem

Without actor context, a later audit cannot distinguish a system transition from an operator decision, a service account action, or an administrator repair.

Principle

Every mutating workflow action should know the tenant, actor, and reason that authorized it.

Platform Shape

Auth and module-access services establish the authorization boundary. Workflow reviews and events provide the place to record decisions and transitions. API routes should adapt request context into service calls rather than burying authorization assumptions inside UI code or persistence helpers.

Source Evidence

  • docs/reference/auth.md
  • services/auth
  • services/workflow/reviews
  • services/workflow/events
  • docs/engineering/reference/auth-and-module-access.md
  • docs/engineering/concepts/context-everywhere.md