stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
fa4823f46c4bc090294580a9136fb6b0e11e50f9
git.stella-ops.org/docs/features/unchecked/releaseorchestrator/approval-gateway-with-multi-approver-and-separation-of-duties.md

1.6 KiB
Raw Blame History

Approval Gateway with Multi-Approver and Separation of Duties

Module

ReleaseOrchestrator

Status

IMPLEMENTED

Description

Approval workflow engine enforcing separation of duties (requester != approver), multi-approver requirements (N of M), group-based eligibility checking, approval history tracking, notification integration, and governance controls for release promotions.

Implementation Details

  • Modules: src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/
  • Key Classes:
    • ApprovalGateway (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/ApprovalGateway.cs) - approval workflow engine with multi-approver and group eligibility
    • SeparationOfDutiesEnforcer (src/ReleaseOrchestrator/__Libraries/StellaOps.ReleaseOrchestrator.Promotion/Approval/SeparationOfDutiesEnforcer.cs) - enforces requester != approver constraint
  • Interfaces: IApprovalGateway, ISeparationOfDutiesEnforcer
  • Source: SPRINT_20260110_106_002_PROMOT_approval_gateway.md

E2E Test Plan

  • Submit an approval request and verify SeparationOfDutiesEnforcer rejects the requester from self-approving
  • Verify multi-approver: configure N of M requirement and verify approval is granted only after N approvals
  • Verify group eligibility: configure group-based approval and verify only group members can approve
  • Verify approval history: approve a request and confirm the approval record is persisted with timestamps
  • Verify rejection: deny an approval and confirm the promotion is blocked