Oban worker that re-validates a governed tool approval before it can proceed to execution.
This is the Phase 15 deliverable: the "stale-plan" re-validation gate (Terraform semantics).
An approval valid at decision time is re-checked against the CURRENT policy/scope at resume
time before transitioning to :execution_pending.
Branch Logic
The resume worker is enqueued by Governance.approve/3, which has already transitioned the
lane to :approved. It therefore acts on :approved approvals (the documented state axis:
:approved → resume → :execution_pending). A still-:pending lane (awaiting an operator
decision) is a no-op — re-validation must never bypass the approval gate.
nilapproval (deleted) →:ok— idempotent no-op.:approved+expires_at < now→:expired+:expiredevent (lazy guard, D15-12).:approved+ re-validation pass →:execution_pending+:revalidation_passedevent. STOP — does NOT callrun/3(Phase 16 seam, D15-10).:approved+ re-validation fail →:invalidated+:revalidation_failedevent with humanized reason (fail-closed, APRV-03).- Any other status (
:pending,:rejected, etc.) →:ok— idempotent no-op.
Idempotency
unique: [period: :infinity, keys: [:approval_id]] prevents double-enqueue (D15-09).
perform/1 re-checks status so a duplicate job is a true no-op.
Telemetry
:approval_transition event emitted AFTER the with pipeline succeeds (D-29).