stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
0e764da736ca51bcc64acf7b024f2bc3f2b46c96
git.stella-ops.org/docs/features/checked/releaseorchestrator/approval-gateway-with-multi-approver-and-separation-of-duties.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

1.7 KiB
Raw Blame History

Approval Gateway with Multi-Approver and Separation of Duties

Module

ReleaseOrchestrator

Status

VERIFIED

Description

Approval workflow engine enforcing separation of duties (requester != approver), multi-approver requirements (N of M), group-based eligibility checking, approval history tracking, notification integration, and governance controls for release promotions.

Implementation Details

  • Modules: src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/
  • Key Classes:
    • ApprovalGateway (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/ApprovalGateway.cs) - approval workflow engine with multi-approver and group eligibility
    • SeparationOfDutiesEnforcer (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/SeparationOfDutiesEnforcer.cs) - enforces requester != approver constraint
  • Interfaces: IApprovalGateway, ISeparationOfDutiesEnforcer
  • Source: SPRINT_20260110_106_002_PROMOT_approval_gateway.md

E2E Test Plan

  • Submit an approval request and verify SeparationOfDutiesEnforcer rejects the requester from self-approving
  • Verify multi-approver: configure N of M requirement and verify approval is granted only after N approvals
  • Verify group eligibility: configure group-based approval and verify only group members can approve
  • Verify approval history: approve a request and confirm the approval record is persisted with timestamps
  • Verify rejection: deny an approval and confirm the promotion is blocked

Verification

  • Verified: 2026-02-13T21:00:00Z
  • Method: Tier 2d integration tests
  • Result: PASS