framework.approval.GlobalApprovalConfig#

class framework.approval.GlobalApprovalConfig(global_mode, python_execution, memory)[source]#

Bases: object

Global approval configuration integrating all capability-specific settings.

Top-level configuration model that combines global approval mode settings with capability-specific configurations. This class implements the hierarchical configuration system where global modes can override individual capability settings for consistent system-wide approval behavior.

The global configuration supports three main modes: - disabled: All approvals disabled system-wide - selective: Use capability-specific settings - all_capabilities: All approvals enabled system-wide

Parameters:

  • global_mode (str) – System-wide approval mode controlling all capabilities

  • python_execution (PythonExecutionApprovalConfig) – Python code execution approval configuration

  • memory (MemoryApprovalConfig) – Memory operation approval configuration

Examples

Create global configuration:

>>> python_config = PythonExecutionApprovalConfig(
...     enabled=True, mode=ApprovalMode.EPICS_WRITES
... )
>>> memory_config = MemoryApprovalConfig(enabled=False)
>>> global_config = GlobalApprovalConfig(
...     global_mode="selective",
...     python_execution=python_config,
...     memory=memory_config
... )

Access capability configurations:

>>> print(f"Global mode: {global_config.global_mode}")
>>> print(f"Python enabled: {global_config.python_execution.enabled}")
>>> print(f"Memory enabled: {global_config.memory.enabled}")

Note

This is a frozen dataclass representing immutable configuration state. The configuration hierarchy allows global modes to override capability settings when applied by the ApprovalManager.

global_mode: str#
python_execution: PythonExecutionApprovalConfig#
memory: MemoryApprovalConfig#
classmethod from_dict(data)[source]#

Create global configuration instance from dictionary with comprehensive validation.

Factory method that creates a GlobalApprovalConfig instance from a complete configuration dictionary. Performs extensive validation of the global structure and delegates capability-specific validation to appropriate config classes.

The method applies security-first defaults for missing configuration sections and provides detailed error messages for configuration issues. All capability configurations are validated and instantiated as strongly-typed objects.

Required Structure:

  • global_mode: One of ‘disabled’, ‘selective’, ‘all_capabilities’

  • capabilities: Dictionary containing capability-specific settings

Parameters:

data (dict) – Complete approval configuration dictionary from config.yml

Returns:

Validated global configuration instance

Return type:

GlobalApprovalConfig

Raises:

ValueError – If configuration structure is invalid or contains invalid values

Examples

Create from complete configuration:

>>> config_dict = {
...     'global_mode': 'selective',
...     'capabilities': {
...         'python_execution': {'enabled': True, 'mode': 'epics_writes'},
...         'memory': {'enabled': False}
...     }
... }
>>> config = GlobalApprovalConfig.from_dict(config_dict)
>>> print(f"Global mode: {config.global_mode}")

Create with missing sections (secure defaults):

>>> minimal_config = {'global_mode': 'selective', 'capabilities': {}}
>>> config = GlobalApprovalConfig.from_dict(minimal_config)
>>> # Missing capabilities will use secure defaults

Handle validation errors:

>>> try:
...     config = GlobalApprovalConfig.from_dict({'global_mode': 'invalid'})
... except ValueError as e:
...     print(f"Configuration error: {e}")

Warning

Missing capability sections will be created with security-first defaults. This ensures the system remains secure even with incomplete configuration.

__init__(global_mode, python_execution, memory)#