Skip to main content

RPC Resources

When enabled, the module registers these RPC resources. They are not public operations: callers must be authenticated, and permissions below are enforced when a RequiredPermission is shown.

RPC calls use the standard envelope documented in API: resource, action, version, params, and meta. Fields listed below as params.* are decoded from params; fields listed as meta.* are decoded from meta. The generated Runtime API Index contains the exhaustive JSON field ledger for every request and response DTO.

approval/category

ActionPermissionParamsNotes
find_treeapproval.category.queryCategorySearchTenant-scoped tree query
find_tree_optionsapproval.category.queryCategorySearch + DataOptionConfigTenant-scoped tree options
createapproval.category.createCategoryParamsNon-super-admin tenant is stamped from caller
updateapproval.category.updateCategoryParamsNon-super-admin can only mutate own tenant
deleteapproval.category.deletePrimary-key paramsNon-super-admin can only delete own tenant
ActionRequest fields
find_treemeta.name, meta.isActive, meta.sort
find_tree_optionsmeta.name, meta.isActive, meta.sort, plus option mapping metadata: meta.labelColumn, meta.valueColumn, meta.descriptionColumn, meta.metaColumns
createparams.id, params.tenantId required, params.code required, params.name required, params.icon, params.parentId, params.sortOrder, params.isActive, params.remark
updateparams.id, params.tenantId required, params.code required, params.name required, params.icon, params.parentId, params.sortOrder, params.isActive, params.remark
deleteparams.id required

approval/delegation

ActionPermissionParamsNotes
find_pageapproval.delegation.queryDelegationSearch + pageable metaNon-super-admin sees own delegations
createapproval.delegation.createDelegationParamsNon-super-admin delegator is stamped from caller
updateapproval.delegation.updateDelegationParamsNon-super-admin cannot reassign ownership
deleteapproval.delegation.deletePrimary-key paramsOwner-scoped for non-super-admin
ActionRequest fields
find_pagemeta.delegatorId, meta.delegateeId, meta.isActive, meta.sort, meta.page, meta.size
createparams.id, params.delegatorId required, params.delegateeId required, params.flowCategoryId, params.flowId, params.startTime, params.endTime, params.isActive, params.reason
updateparams.id, params.delegatorId required, params.delegateeId required, params.flowCategoryId, params.flowId, params.startTime, params.endTime, params.isActive, params.reason
deleteparams.id required

approval/flow

ActionPermissionParamsNotes
createapproval.flow.createCreateFlowParamsAudited
deployapproval.flow.deployDeployFlowParamsAudited
publish_versionapproval.flow.publishPublishVersionParamsAudited
updateapproval.flow.updateUpdateParamsAudited
toggle_activeapproval.flow.updateToggleActiveParamsAudited
get_graphapproval.flow.queryGetGraphParamsReads published graph
find_flowsapproval.flow.queryFindFlowsParamsPaged query
find_initiatorsapproval.flow.queryFindInitiatorsParamsLists initiator configuration
find_versionsapproval.flow.queryFindVersionsParamsLists versions for one flow
ActionRequest fields
createparams.tenantId required, params.code required, params.name required, params.categoryId required, params.bindingMode required, params.icon, params.description, params.businessBinding, params.adminUserIds, params.isAllInitiationAllowed, params.instanceTitleTemplate, params.initiators
deployparams.flowId required, params.description, params.flowDefinition required, params.formSchema, params.storageMode
publish_versionparams.versionId required
updateparams.flowId required, params.name required, params.bindingMode required, params.instanceTitleTemplate required, params.icon, params.description, params.businessBinding, params.adminUserIds, params.isAllInitiationAllowed, params.initiators
toggle_activeparams.flowId required, params.isActive
get_graphparams.flowId required, params.tenantId
find_flowsparams.tenantId, params.categoryId, params.keyword, params.isActive, params.page, params.pageSize
find_initiatorsparams.flowId required, params.tenantId
find_versionsparams.flowId required, params.tenantId

params.initiators entries use kind (user, role, or department) and ids. params.formSchema is the optional host-owned form-designer document, passed through opaque (see Form Schema and Derived Fields); flows without forms omit it. For business binding, params.businessBinding is an approval.BusinessBindingConfig object (tableName, keyColumns, statusColumn, instanceIdColumn required, optional startedAtColumn / finishedAtColumn / statusMapping); all identifiers are validated by ValidateBusinessIdentifier, the key must match a non-null primary or unique key on the live table, and binding settings stay frozen while instances are running (ErrFlowBindingLocked).

approval/instance

ActionPermissionParamsNotes
startapproval.instance.startStartParamsAudited
process_taskapproval.task.processProcessTaskParamsAudited; action must be approve, reject, transfer, rollback, or handle
withdrawapproval.instance.withdrawWithdrawParamsAudited
resubmitapproval.instance.resubmitResubmitParamsAudited; accepts returned or withdrawn instances
add_ccapproval.instance.ccAddCCParamsAudited
mark_cc_readapproval.instance.ccMarkCCReadParamsRead receipt, not audited
add_assigneeapproval.task.add_assigneeAddAssigneeParamsAudited; addType is before, after, or parallel
remove_assigneeapproval.task.remove_assigneeRemoveAssigneeParamsAudited
urge_taskapproval.task.urgeUrgeTaskParamsExtra rate limit: max 10 per 1m
ActionRequest fields
startparams.tenantId required, params.flowCode required, params.businessRef max 512 chars, params.formData
process_taskparams.taskId required, params.action required (approve, reject, transfer, rollback, or handle), params.opinion max 2000 chars, params.formData, params.attachments max 20 entries, each max 512 chars, params.transferToId, params.targetNodeId
withdrawparams.instanceId required, params.reason max 2000 chars
resubmitparams.instanceId required, params.formData
add_ccparams.instanceId required, params.ccUserIds required, 1-50 IDs
mark_cc_readparams.instanceId required
add_assigneeparams.taskId required, params.userIds required, 1-50 IDs, params.addType required (before, after, or parallel)
remove_assigneeparams.taskId required
urge_taskparams.taskId required, params.message max 500 chars

approval/my

Self-service queries do not declare RequiredPermission, but they still require the authenticated principal.

ActionParamsOutput
find_available_flowsFindAvailableFlowsParamspage.Page[my.AvailableFlow]
find_initiatedFindInitiatedParamspage.Page[my.InitiatedInstance]
find_pending_tasksFindPendingTasksParamspage.Page[my.PendingTask]
find_completed_tasksFindCompletedTasksParamspage.Page[my.CompletedTask]
find_cc_recordsFindCCRecordsParamspage.Page[my.CCRecord]
get_pending_countsGetPendingCountsParamsmy.PendingCounts
get_instance_detailGetInstanceDetailParamsmy.InstanceDetail
ActionRequest fields
find_available_flowsparams.tenantId, params.keyword, params.page, params.pageSize
find_initiatedparams.tenantId, params.status, params.keyword, params.page, params.pageSize
find_pending_tasksparams.tenantId, params.page, params.pageSize
find_completed_tasksparams.tenantId, params.page, params.pageSize
find_cc_recordsparams.tenantId, params.isRead, params.page, params.pageSize
get_pending_countsparams.tenantId
get_instance_detailparams.instanceId required

The my.InstanceDetail JSON payload includes instance, formSchema, timeline, flowGraph, availableActions, and fieldPermissions. instance.formData carries the submitted form data, instance.businessRef is the opaque business reference when the flow is business-bound, and formSchema is the version-pinned host form-designer document returned verbatim — the framework stores it as semantically equal JSON and never interprets it. fieldPermissions (v0.38) is the viewer-scoped field interactivity projection, materialized for every top-level form field (visible / editable / hidden / required); the client applies it verbatim, and instance.formData is already stripped of the fields the viewer may not see (see Node Field Permissions).

availableActions is a query-layer UI hint. For the applicant it includes withdraw when the instance can transition to withdrawn, and resubmit when the instance is returned or withdrawn. For pending tasks it includes handle for handle nodes, otherwise approve, then reject, plus transfer, rollback, add_assignee, or add_cc when the current node allows them. If the instance has any pending task, it also includes urge. Command handlers still perform their own validation.

approval/admin

ActionPermissionParamsNotes
find_instancesapproval.instance.queryAdminFindInstancesParamsTenant-filtered for non-super-admin
find_tasksapproval.task.queryAdminFindTasksParamsTenant-filtered for non-super-admin
get_instance_detailapproval.instance.detailAdminGetInstanceDetailParamsFull admin detail
find_action_logsapproval.action_log.queryAdminFindActionLogsParamsRequires instanceId
get_metricsapproval.metrics.queryAdminGetMetricsParamsAggregated metrics
find_business_projectionsapproval.binding.queryAdminFindBusinessProjectionsParamsDurable binding convergence state (v0.38)
terminate_instanceapproval.instance.terminateAdminTerminateInstanceParamsAudited
reassign_taskapproval.task.reassignAdminReassignTaskParamsAudited
retry_business_projectionapproval.binding.retryAdminRetryBusinessProjectionParamsAudited; immediately retries one eventual projection (v0.38)
ActionRequest fields
find_instancesparams.tenantId, params.applicantId, params.status, params.flowId, params.keyword, params.page, params.pageSize
find_tasksparams.tenantId, params.assigneeId, params.instanceId, params.status, params.page, params.pageSize
get_instance_detailparams.instanceId required
find_action_logsparams.instanceId required, params.tenantId, params.page, params.pageSize
get_metricsparams.tenantId
find_business_projectionsparams.tenantId, params.status (pending, processing, applied, failed), params.page, params.pageSize
terminate_instanceparams.instanceId required, params.reason max 2000 chars
reassign_taskparams.taskId required, params.newAssigneeId required, params.reason max 2000 chars
retry_business_projectionparams.projectionId required

For admin list and metrics queries, non-super-admin callers ignore a submitted tenantId override and are filtered to their own tenant. Super-admin callers may pass tenantId to filter one tenant or omit it for cross-tenant visibility.

Admin list/detail DTOs keep tenant scope on the wire as tenantId. The raw audit trail is still available through find_action_logs; detail responses carry timeline and flow-graph projections for rendering.

Response DTO Fields

Admin responses use the DTOs from approval/admin:

DTOJSON fields
admin.InstanceinstanceId, instanceNo, title, tenantId, flowId, flowName, applicant (UserInfo), status, currentNodeName, createdAt, finishedAt
admin.TasktaskId, instanceId, instanceTitle, flowName, nodeName, assignee (UserInfo), status, createdAt, deadline, finishedAt
admin.InstanceDetailinstance, formSchema (host designer document, verbatim), timeline, flowGraph
admin.InstanceDetailInfoinstanceId, instanceNo, title, tenantId, flowId, flowName, flowVersionId, applicant, status, currentNodeId, currentNodeName, businessRef, formData, createdAt, finishedAt
admin.ActionLoglogId, action, nodeId, taskId, operator, transferTo, rollbackToNodeId, addedAssignees, removedAssignees, ccUsers, opinion, attachments, createdAt
admin.MetricstenantId, capturedAt, instanceCounts, taskCounts, timeoutTaskCount, avgCompletionSeconds, pendingBindingFailures, businessProjectionCounts, pendingBusinessProjections
admin.BusinessProjectionprojectionId, tenantId, flowId, flowVersionId, ownerInstanceId, appliedOwnerInstanceId, businessTable, recordKey, consistency, desiredStatus, desiredStartedAt, desiredFinishedAt, desiredRevision, appliedRevision, status, attemptCount, nextAttemptAt, leaseUntil, lastError, appliedAt, updatedAt

Self-service responses use the DTOs from approval/my:

DTOJSON fields
my.AvailableFlowflowId, flowCode, flowName, flowIcon, description, categoryId, categoryName
my.InitiatedInstanceinstanceId, instanceNo, title, flowName, flowIcon, status, currentNodeName, createdAt, finishedAt
my.PendingTasktaskId, instanceId, instanceTitle, instanceNo, flowName, flowIcon, applicant (UserInfo), nodeName, createdAt, deadline, isTimeout
my.CompletedTasktaskId, instanceId, instanceTitle, instanceNo, flowName, flowIcon, applicant (UserInfo), nodeName, status, finishedAt
my.CCRecordccRecordId, instanceId, instanceTitle, instanceNo, flowName, flowIcon, applicant (UserInfo), nodeName, isRead, createdAt
my.PendingCountspendingTaskCount, unreadCcCount
my.InstanceDetailinstance, formSchema (host designer document, verbatim), timeline, flowGraph, availableActions, fieldPermissions
my.InstanceInfoinstanceId, instanceNo, title, flowName, flowIcon, applicant, status, currentNodeId, currentNodeName, businessRef, formData, createdAt, finishedAt

Error Surface

The importable approval package exports four plain Go sentinels. They are recognized with errors.Is, but they are not result.Error values and do not carry an API code or HTTP status by themselves.

ErrorSource packageMeaning
approval.ErrCrossTenantAccessapprovalnon-super-admin caller attempted cross-tenant access
approval.ErrInvalidBusinessIdentifierapprovalbusiness table / field identifier failed the SQL-identifier whitelist
approval.ErrUnknownNodeKindapprovalNodeDefinition.ParseData saw an unsupported kind
approval.ErrNodeDataUnmarshalapprovalNodeDefinition.ParseData could not decode node data

Built-in approval resources return module-owned result.Error values through the normal API envelope. Those values live under internal packages, so host applications should treat the code/message pair below as the public wire surface rather than importing the internal Go symbols.

CodeCode constantError valuei18n message keyNotes
40001ErrCodeFlowNotFoundErrFlowNotFoundapproval_flow_not_foundflow lookup failed
40002ErrCodeFlowNotActiveErrFlowNotActiveapproval_flow_not_activeflow is disabled
40003ErrCodeNoPublishedVersionErrNoPublishedVersionapproval_no_published_versionflow has no published version
40004ErrCodeVersionNotDraftErrVersionNotDraftapproval_version_not_draftoperation requires a draft version
40005ErrCodeInvalidFlowDesignErrInvalidFlowDesignapproval_invalid_flow_designgraph or node design failed validation
40006ErrCodeFlowCodeExistsErrFlowCodeExistsapproval_flow_code_existsduplicate flow code
40007ErrCodeVersionNotFoundErrVersionNotFoundapproval_version_not_foundflow version lookup failed
40008ErrCodeInvalidBusinessIdentifierErrInvalidBusinessIdentifierapproval_invalid_business_identifierbusiness table / field identifier failed validation
40009ErrCodeInvalidTitleTemplateErrInvalidTitleTemplateapproval_invalid_title_templateinstance title template failed parsing
40010ErrCodeInvalidFormDesignErrInvalidFormDesignapproval_invalid_form_designform schema failed design-time validation
40011ErrCodeBindingIncompleteErrBindingIncompleteapproval_binding_incompletebusiness binding is missing required table / key / status / instance-id fields
40012ErrCodeInvalidBindingModeErrInvalidBindingModeapproval_invalid_binding_modeflow binding mode is out of enum
40013ErrCodeInvalidInitiatorKindErrInvalidInitiatorKindapproval_invalid_initiator_kindflow initiator kind is out of enum
40014ErrCodeInvalidStorageModeErrInvalidStorageModeapproval_invalid_storage_modedeploy requested a storage mode other than json or table
40015ErrCodeFlowBindingLockedErrFlowBindingLockedapproval_flow_binding_lockedretained as a stable error surface; version-pinned binding snapshots mean current flow commands no longer return it
40016ErrCodeBindingColumnsConflictErrBindingColumnsConflictapproval_binding_columns_conflicttwo business-binding fields name the same column
40017ErrCodeBindingUnexpectedErrBindingUnexpectedapproval_binding_unexpectedbusiness binding supplied on a standalone flow
40018ErrCodeBindingSchemaInvalidErrBindingSchemaInvalidapproval_binding_schema_invalidconfigured binding table or columns do not exist in the primary database
40019ErrCodeBindingKeyNotUniqueErrBindingKeyNotUniqueapproval_binding_key_not_uniquekey columns are not backed by one complete, non-null primary or unique key
40020ErrCodeBindingStatusMappingInvalidErrBindingStatusMappingInvalidapproval_binding_status_mapping_invalidstatus mapping names an unknown status or maps to a blank value
40101ErrCodeInstanceNotFoundErrInstanceNotFoundapproval_instance_not_foundinstance lookup failed
40102ErrCodeInstanceCompletedErrInstanceCompletedapproval_instance_completedinstance is already complete
40103ErrCodeNotAllowedInitiateErrNotAllowedInitiateapproval_not_allowed_initiatecaller cannot initiate this flow
40104ErrCodeWithdrawNotAllowedErrWithdrawNotAllowedapproval_withdraw_not_allowedwithdraw is not allowed in the current state
40105ErrCodeResubmitNotAllowedErrResubmitNotAllowedapproval_resubmit_not_allowedresubmit is not allowed in the current state
40106ErrCodeInvalidInstanceTransitionErrInvalidInstanceTransitionapproval_invalid_instance_transitioninstance state transition is invalid
40107ErrCodeBusinessRefRequiredErrBusinessRefRequiredapproval_business_ref_requiredbusiness-bound flow started without a business reference
40108ErrCodeBindingTargetBusyErrBindingTargetBusyapproval_binding_target_busythe business record is already claimed by a non-final approval instance
40109ErrCodeInvalidBusinessRefErrInvalidBusinessRefapproval_invalid_business_refthe business reference could not be resolved into the configured record key
40110ErrCodeBindingProjectionNotFoundErrBindingProjectionNotFoundapproval_binding_projection_not_foundprojection lookup failed (admin retry)
40201ErrCodeTaskNotFoundErrTaskNotFoundapproval_task_not_foundtask lookup failed
40202ErrCodeTaskNotPendingErrTaskNotPendingapproval_task_not_pendingtask is not pending
40203ErrCodeNotAssigneeErrNotAssigneeapproval_not_assigneecaller is not assigned to the task
40204ErrCodeInvalidTaskTransitionErrInvalidTaskTransitionapproval_invalid_task_transitiontask state transition is invalid
40205ErrCodeRollbackNotAllowedErrRollbackNotAllowedapproval_rollback_not_allowedrollback is disabled or not valid here
40206ErrCodeAddAssigneeNotAllowedErrAddAssigneeNotAllowedapproval_add_assignee_not_alloweddynamic assignee insertion is disabled
40207ErrCodeTransferNotAllowedErrTransferNotAllowedapproval_transfer_not_allowedtransfer is disabled
40208ErrCodeOpinionRequiredErrOpinionRequiredapproval_opinion_requiredrequired opinion is blank
40209ErrCodeManualCcNotAllowedErrManualCcNotAllowedapproval_manual_cc_not_allowedmanual CC is disabled
40210ErrCodeRemoveAssigneeNotAllowedErrRemoveAssigneeNotAllowedapproval_remove_assignee_not_alloweddynamic assignee removal is disabled
40211ErrCodeInvalidAddAssigneeTypeErrInvalidAddAssigneeTypeapproval_invalid_add_assignee_typeaddType is not one of before, after, parallel
40212ErrCodeNotApplicantErrNotApplicantapproval_not_applicantcaller is not the applicant
40213ErrCodeInvalidRollbackTargetErrInvalidRollbackTargetapproval_invalid_rollback_targetrollback target is not allowed
40214ErrCodeLastAssigneeRemovalErrLastAssigneeRemovalapproval_last_assignee_removalremoval would leave no active assignee
40215ErrCodeInvalidTransferTargetErrInvalidTransferTargetapproval_invalid_transfer_targettransfer or reassignment target is invalid
40216ErrCodeNoUsersSpecifiedErrNoUsersSpecifiedapproval_no_users_specifieduser-list operation received no target users
40301ErrCodeNoAssigneeErrNoAssigneeapproval_no_assigneeno assignee could be resolved
40302ErrCodeAssigneeResolveFailedErrAssigneeResolveFailedapproval_assignee_resolve_failedassignee resolver failed
40401ErrCodeFormValidationFailedErrFormValidationFailedapproval_form_validation_failedgeneral form validation failure
40401ErrCodeFormValidationFailedErrFormDataTooLargeapproval_form_data_too_largesame code; JSON-encoded formData exceeded 64 KiB
40401ErrCodeFormValidationFaileddynamic form validation result.Errapproval_form_field_not_defined, approval_form_field_required, approval_form_field_must_be_string, approval_form_field_must_be_number, approval_form_field_must_be_integer, approval_form_field_min_length, approval_form_field_max_length, approval_form_field_invalid_validation, approval_form_field_pattern_mismatch, approval_form_field_min_value, approval_form_field_max_value, approval_form_field_empty, approval_form_field_invalid_file_item, approval_form_field_must_be_file, approval_form_field_invalid_value, approval_form_field_must_be_row_list, approval_form_field_must_be_row_object, approval_form_field_min_rows, approval_form_field_max_rows, approval_form_field_table_cellfield-level validation messages are constructed dynamically
40601ErrCodeUrgeCooldowndynamic urge result.Errapproval_urge_too_frequentno static sentinel; message is rendered with minutes; non-positive urgeCooldownMinutes defaults to 30 minutes
40701ErrCodeAccessDeniedErrAccessDeniedapproval_access_deniedcaller lacks approval-domain access
40702ErrCodeTerminateNotAllowedErrTerminateNotAllowedapproval_terminate_not_allowedterminate is not allowed from the current instance state

Startup and tenant-resolution diagnostics such as ErrEventRouteNotTransactional, ErrEventRouteNotSubscribable, and ErrTenantNotResolved live under internal/approval/...; they are not importable public Go API, but operators may see their wrapped messages when event routing or tenant principal details are misconfigured.


Next: Flow Design for the designer wire shapes behind deploy, or Instance Runtime for lifecycle semantics behind the instance actions.