Oversight Service

Approvals, committees, audit trails, and compliance management.

Installation

pnpm add @aicr/oversight-core

Quick Start

import { requestApproval, getApprovalStatus, recordAuditEvent } from '@aicr/oversight-core';
 
// Request approval for a plan change
const approval = await requestApproval({
  type: 'plan-change',
  resourceId: planId,
  requiredApprovers: ['finance-lead', 'legal'],
  expiresIn: '7d'
});
 
// Check status
const status = await getApprovalStatus(approval.id);
if (status.isApproved) {
  // Proceed with change
}
 
// Record audit event
await recordAuditEvent({
  action: 'plan.updated',
  resourceId: planId,
  actor: userId,
  details: { changes: [...] }
});

API Reference

`requestApproval(input)`

Request approval for an action.

interface ApprovalRequest {
  type: 'plan-change' | 'exception' | 'budget' | 'policy-override' | 'access';
  resourceId: string;
  resourceType: string;
  requiredApprovers: string[];  // Role IDs or user IDs
  quorum?: number;             // Min approvals needed (default: all)
  expiresIn?: string;          // e.g., '7d', '24h'
  description?: string;
  metadata?: Record<string, unknown>;
}
 
interface Approval {
  id: string;
  type: string;
  status: 'pending' | 'approved' | 'denied' | 'expired';
  requiredApprovers: string[];
  currentApprovals: { approverId: string; approvedAt: Date }[];
  expiresAt: Date;
  createdAt: Date;
}

`approveRequest(approvalId, decision)`

Approve or deny a request.

await approveRequest(approvalId, {
  decision: 'approved',  // or 'denied'
  notes: 'Approved per policy exception clause 4.2'
});

`recordAuditEvent(event)`

Record an audit trail event.

interface AuditEvent {
  action: string;         // e.g., 'plan.created', 'user.login'
  resourceId?: string;
  resourceType?: string;
  actor: string;
  actorType?: 'user' | 'system' | 'api';
  details?: Record<string, unknown>;
  severity?: 'info' | 'warning' | 'critical';
}

`getAuditTrail(query)`

Query audit events.

const events = await getAuditTrail({
  resourceId: planId,
  startDate: '2024-01-01',
  endDate: '2024-01-31',
  actions: ['plan.created', 'plan.updated'],
  limit: 100
});

Committees

`submitToCommittee(submission)`

Submit a request to a committee.

await submitToCommittee({
  committee: 'compensation-committee',
  type: 'exception-request',
  subject: 'Q4 Accelerator Exception',
  resourceId: requestId,
  documents: [docId1, docId2],
  requestedDate: '2024-02-15'  // Meeting date preference
});

`getCommitteeDecisions(committeeId)`

Get committee decisions.

const decisions = await getCommitteeDecisions('compensation-committee', {
  status: 'decided',
  since: '2024-01-01'
});

HTTP API

`POST /api/oversight/approvals`

curl -X POST /api/oversight/approvals \
  -d '{"type": "plan-change", "resourceId": "plan-123", "requiredApprovers": ["finance"]}'

`POST /api/oversight/approvals/:id/decide`

curl -X POST /api/oversight/approvals/appr-123/decide \
  -d '{"decision": "approved", "notes": "..."}'

`GET /api/oversight/audit`

curl "/api/oversight/audit?resourceId=plan-123&limit=50"

Dispute Service GOCC (Trust Layer)