framework.approval.ApprovalManager#

class framework.approval.ApprovalManager(approval_config)[source]#

Bases: object

Pure configuration service providing strongly typed approval models.

Serves as the centralized configuration management system for all approval settings across the framework. This class implements a clean separation of concerns by handling only configuration loading, validation, and provision of typed configuration objects to capabilities.

The manager implements a hierarchical configuration system where global approval modes can override capability-specific settings, ensuring consistent security posture across the entire system while allowing for granular control when needed.

Responsibilities:

  • Load and validate approval configuration from global config system

  • Apply global mode overrides to capability-specific settings

  • Provide strongly typed configuration objects with validation

  • Create configured evaluator instances for capabilities

  • Maintain audit trail through comprehensive logging

Explicitly NOT responsible for:

  • Business logic implementation (delegated to evaluators)

  • Approval decision making (capability-specific in evaluators)

  • State management (stateless configuration service)

Configuration Hierarchy:

  1. Global mode settings (disabled, selective, all_capabilities)

  2. Capability-specific settings (python_execution, memory, etc.)

  3. Resolved effective configuration (global overrides applied)

Parameters:

approval_config (dict) – Raw approval configuration dictionary from config.yml

Examples

Initialize with configuration:

>>> config_dict = {
...     'global_mode': 'selective',
...     'capabilities': {
...         'python_execution': {'enabled': True, 'mode': 'epics_writes'},
...         'memory': {'enabled': False}
...     }
... }
>>> manager = ApprovalManager(config_dict)

Access resolved configuration:

>>> python_config = manager.get_python_execution_config()
>>> print(f"Effective setting: {python_config.enabled}")

Create evaluators:

>>> evaluator = manager.get_python_execution_evaluator()
>>> # Evaluator is configured with resolved settings

Note

The manager is designed to be instantiated once at application startup and reused throughout the application lifecycle.

Warning

Configuration validation failures will raise ValueError to prevent insecure default behavior in production environments.

Initialize with approval configuration.

Parameters:

approval_config (dict) – Raw approval configuration from config.yml

Raises:

ValueError – If configuration is invalid or missing required fields

__init__(approval_config)[source]#

Initialize with approval configuration.

Parameters:

approval_config (dict) – Raw approval configuration from config.yml

Raises:

ValueError – If configuration is invalid or missing required fields

get_python_execution_config()[source]#

Get strongly typed Python execution approval configuration.

Applies global mode overrides to capability-specific settings, ensuring consistent behavior across the approval system.

Returns:

Configuration object with resolved approval settings

Return type:

PythonExecutionApprovalConfig

get_memory_config()[source]#

Get strongly typed memory approval configuration.

Applies global mode overrides to capability-specific settings, ensuring consistent behavior across the approval system.

Returns:

Configuration object with resolved approval settings

Return type:

MemoryApprovalConfig

get_python_execution_evaluator()[source]#

Get configured Python execution approval evaluator.

Creates a new evaluator instance with current configuration settings. The evaluator contains the business logic for making approval decisions.

Returns:

Evaluator instance configured with current settings

Return type:

PythonExecutionApprovalEvaluator

get_memory_evaluator()[source]#

Get configured memory approval evaluator.

Creates a new evaluator instance with current configuration settings. The evaluator contains the business logic for making approval decisions.

Returns:

Evaluator instance configured with current settings

Return type:

MemoryApprovalEvaluator

get_config_summary()[source]#

Get configuration summary for debugging and monitoring.

Provides a structured view of current approval configuration settings for logging, debugging, and administrative review.

Returns:

Dictionary containing configuration summary with keys: - ‘global_mode’: Current global approval mode - ‘python_execution’: Python execution approval settings - ‘memory’: Memory operation approval settings

Return type:

dict