"""POST /governance/complete/ — GSAP §5.4""" import uuid from datetime import datetime, UTC from fastapi import APIRouter, Depends, HTTPException from sqlmodel.ext.asyncio.session import AsyncSession from sqlmodel import select from gsap_broker.db import get_session from gsap_broker.db_models import AuthorizationContextDB, CompletionReceiptDB from gsap_broker.models import CompleteRequest, CompleteResponse from gsap_broker import chronicle router = APIRouter() @router.post("/complete/", response_model=CompleteResponse, summary="Receive CR (GSAP §5.4)") async def complete(request: CompleteRequest, db: AsyncSession = Depends(get_session)): result = await db.exec(select(AuthorizationContextDB).where( AuthorizationContextDB.context_id == request.context_id, AuthorizationContextDB.status == "authorized")) ac_db = result.first() if not ac_db: raise HTTPException(status_code=404, detail="AC not found or already consumed.") sig_verified = bool((request.signature or {}).get("value")) cr_db = CompletionReceiptDB( id=uuid.uuid4(), context_id=request.context_id, outcome=request.outcome.value, completed_at=request.completed_at, failure_reason=request.failure_reason or "", chronicle_session_id=request.chronicle_session_id or "", chronicle_events=request.chronicle_evidence.events, merkle_root=request.chronicle_evidence.merkle_root or "", behavioral_attestation_status=request.behavioral_attestation.status.value, ffc_did=request.ffc.get("did", ""), ffc_signature=(request.signature or {}).get("value", ""), signature_verified=sig_verified) db.add(cr_db) ac_db.status = "consumed"; ac_db.consumed_at = datetime.now(UTC) cid = await chronicle.emit("GSAP_CR_RECEIVED", {"event_code": "0x2706", "context_id": str(request.context_id), "outcome": request.outcome.value}) cr_db.chronicle_event_cid = cid await db.commit() return CompleteResponse(receipt_id=cr_db.id, signature_verified=sig_verified, chronicle_event_cid=cid or None)