Skip to main content
This page documents policy enforcement behavior for protected actions.

Governor Policy Model

Policies define:
  • risk level (safe, caution, danger)
  • confirm mode (NONE, CONFIRM, WO_CODE)
  • approval requirement and approval type

Enforcement Paths

Server-side enforcement:
  • withGovernor() for approval + typed confirm gates
  • enforceActionPolicy() for typed-confirm-only actions
  • enforceGovernor() when a route cannot use the wrapper pattern

Approval Lifecycle

Approvals are persisted with statuses:
  • pending
  • approved
  • rejected
UI supports individual and batch approval decisions.

Typical Error Patterns

Protected route failures return structured errors such as:
  • APPROVAL_REQUIRED
  • APPROVAL_PENDING
  • APPROVAL_REJECTED
  • TYPED_CONFIRM_REQUIRED
  • TYPED_CONFIRM_INVALID

Last updated

2026-02-13