feat: config-driven approval gateway; auto mode skips UI noise for both push modes

- Add AutoApprovalGateway: immediately approves clean pushes, no polling
- Add server.approval-mode config key (auto/ui/servicenow, default: auto)
- Thread ApprovalGateway into PushFinalizerFilter so transparent proxy also
  forwards immediately in auto mode instead of blocking pending re-push
- Suppress dashboard links and waiting messages in auto mode for S&F output
- Add approvesImmediately() to ApprovalGateway interface

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: coopernetes

jgit-proxy-core/src/main/java/org/finos/gitproxy/approval/ApprovalGateway.java

@@ -12,4 +12,14 @@ public interface ApprovalGateway {
      * heartbeat progress messages to keep the git client alive.
      */
     ApprovalResult waitForApproval(String pushId, ProgressSender progress, Duration timeout);
+
+    /**
+     * Returns {@code true} if this gateway approves pushes immediately without requiring human review.
+     *
+     * <p>Used by the transparent-proxy finalizer to decide whether to forward the push on the first attempt or block it
+     * pending a re-push after dashboard approval.
+     */
+    default boolean approvesImmediately() {
+        return false;
+    }
 }

jgit-proxy-core/src/main/java/org/finos/gitproxy/approval/AutoApprovalGateway.java

@@ -0,0 +1,47 @@
+package org.finos.gitproxy.approval;
+
+import java.time.Duration;
+import lombok.extern.slf4j.Slf4j;
+import org.finos.gitproxy.db.PushStore;
+import org.finos.gitproxy.db.model.Attestation;
+
+/**
+ * Approval gateway that immediately approves every clean push without waiting for human review. Suitable for standalone
+ * deployments where no approval UI is available.
+ *
+ * <p>This gateway is only ever invoked for pushes that passed all validation checks (status {@code BLOCKED} pending
+ * review). Pushes that fail validation are rejected before the approval gate is reached.
+ */
+@Slf4j
+public class AutoApprovalGateway implements ApprovalGateway {
+
+    private final PushStore pushStore;
+
+    public AutoApprovalGateway(PushStore pushStore) {
+        this.pushStore = pushStore;
+    }
+
+    @Override
+    public boolean approvesImmediately() {
+        return true;
+    }
+
+    @Override
+    public ApprovalResult waitForApproval(String pushId, ProgressSender progress, Duration timeout) {
+        try {
+            pushStore.approve(
+                    pushId,
+                    Attestation.builder()
+                            .pushId(pushId)
+                            .type(Attestation.Type.APPROVAL)
+                            .reviewerUsername("auto-approval")
+                            .reason("Automatically approved — no validation issues found")
+                            .automated(true)
+                            .build());
+            log.info("Auto-approved push: {}", pushId);
+        } catch (Exception e) {
+            log.warn("Failed to record auto-approval for push {}", pushId, e);
+        }
+        return ApprovalResult.APPROVED;
+    }
+}

jgit-proxy-core/src/main/java/org/finos/gitproxy/git/ApprovalPreReceiveHook.java

@@ -81,6 +81,12 @@ var record = pushStore.findById(validationRecordId).orElse(null);
 
         // All clean pushes are BLOCKED pending human review
         if (record.getStatus() == PushStatus.BLOCKED) {
+            if (approvalGateway.approvesImmediately()) {
+                // Auto-approval: approve silently, no waiting messages or dashboard links
+                approvalGateway.waitForApproval(validationRecordId, msg -> {}, timeout);
+                return;
+            }
+
             sendAndFlush(
                     rp, msgOut, color(YELLOW, "" + sym(WARNING) + "  Push requires review. Waiting for approval..."));
             sendAndFlush(rp, msgOut, color(CYAN, "" + sym(KEY) + "  Push ID: " + validationRecordId));

jgit-proxy-core/src/main/java/org/finos/gitproxy/git/PushStorePersistenceHook.java

@@ -54,6 +54,7 @@ public class PushStorePersistenceHook {
     private final GitProxyProvider provider;
     private PushContext pushContext;
     private String serviceUrl;
+    private boolean autoApproval;
 
     public PushStorePersistenceHook(PushStore pushStore, GitProxyProvider provider) {
         this.pushStore = pushStore;
@@ -70,6 +71,11 @@ public void setServiceUrl(String serviceUrl) {
         this.serviceUrl = serviceUrl;
     }
 
+    /** When {@code true}, suppresses dashboard links in user-facing output (auto-approval mode). */
+    public void setAutoApproval(boolean autoApproval) {
+        this.autoApproval = autoApproval;
+    }
+
     /** Returns a {@link PreReceiveHook} that creates the initial push record. Should be the first hook in the chain. */
     public PreReceiveHook preReceiveHook() {
         return (ReceivePack rp, Collection<ReceiveCommand> commands) -> {
@@ -161,7 +167,7 @@ public PreReceiveHook validationResultHook(ValidationContext validationContext)
                         }
                         rp.sendMessage("────────────────────────────────────────");
 
-                        if (serviceUrl != null) {
+                        if (serviceUrl != null && !autoApproval) {
                             rp.sendMessage(color(
                                     CYAN,
                                     "" + sym(LINK) + "  View push record: " + serviceUrl + "/#/push/"
@@ -197,7 +203,7 @@ public PreReceiveHook validationResultHook(ValidationContext validationContext)
                         rp.sendMessage(summary);
                     }
                     rp.sendMessage("────────────────────────────────────────");
-                    if (serviceUrl != null) {
+                    if (serviceUrl != null && !autoApproval) {
                         rp.sendMessage(color(
                                 CYAN,
                                 "" + sym(LINK) + "  View push record: " + serviceUrl + "/#/push/" + record.getId()));

jgit-proxy-core/src/main/java/org/finos/gitproxy/git/StoreAndForwardReceivePackFactory.java

@@ -101,6 +101,7 @@ public ReceivePack create(HttpServletRequest req, Repository db)
         if (persistenceHook != null) {
             persistenceHook.setPushContext(pushContext);
             persistenceHook.setServiceUrl(serviceUrl);
+            persistenceHook.setAutoApproval(approvalGateway != null && approvalGateway.approvesImmediately());
         }
 
         // Hook chain - order matters:

jgit-proxy-core/src/main/java/org/finos/gitproxy/servlet/filter/PushFinalizerFilter.java

@@ -12,6 +12,7 @@
 import jakarta.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Set;
+import org.finos.gitproxy.approval.ApprovalGateway;
 import org.finos.gitproxy.git.GitRequestDetails;
 import org.finos.gitproxy.git.HttpOperation;
 
@@ -38,10 +39,12 @@ public class PushFinalizerFilter extends AbstractGitProxyFilter {
     private static final int ORDER = 5000;
 
     private final String serviceUrl;
+    private final ApprovalGateway approvalGateway;
 
-    public PushFinalizerFilter(String serviceUrl) {
+    public PushFinalizerFilter(String serviceUrl, ApprovalGateway approvalGateway) {
         super(ORDER, Set.of(HttpOperation.PUSH));
         this.serviceUrl = serviceUrl;
+        this.approvalGateway = approvalGateway;
     }
 
     /**
@@ -91,7 +94,13 @@ public void doHttpFilter(HttpServletRequest request, HttpServletResponse respons
             return;
         }
 
-        // First push that passed validation - block pending review
+        // If the gateway approves immediately (e.g. auto mode), forward the push without blocking
+        if (approvalGateway.approvesImmediately()) {
+            details.setResult(GitRequestDetails.GitResult.ALLOWED);
+            return;
+        }
+
+        // First push that passed validation - block pending review (dashboard/ServiceNow mode)
         details.setResult(GitRequestDetails.GitResult.BLOCKED);
         String pushId = details.getId().toString();
         String summary = buildValidationSummary(details.getSteps());

jgit-proxy-core/src/test/java/org/finos/gitproxy/approval/AutoApprovalGatewayTest.java

@@ -0,0 +1,80 @@
+package org.finos.gitproxy.approval;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.List;
+import org.finos.gitproxy.db.memory.InMemoryPushStore;
+import org.finos.gitproxy.db.model.PushRecord;
+import org.finos.gitproxy.db.model.PushStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+class AutoApprovalGatewayTest {
+
+    private InMemoryPushStore pushStore;
+    private AutoApprovalGateway gateway;
+
+    @BeforeEach
+    void setUp() {
+        pushStore = new InMemoryPushStore();
+        gateway = new AutoApprovalGateway(pushStore);
+    }
+
+    private PushRecord blockedRecord() {
+        PushRecord r = PushRecord.builder().build();
+        r.setStatus(PushStatus.BLOCKED);
+        pushStore.save(r);
+        return r;
+    }
+
+    @Test
+    void returnsApproved_immediately() {
+        PushRecord r = blockedRecord();
+
+        ApprovalResult result = gateway.waitForApproval(r.getId(), msg -> {}, Duration.ofSeconds(30));
+
+        assertEquals(ApprovalResult.APPROVED, result);
+    }
+
+    @Test
+    void recordsApprovalInStore() {
+        PushRecord r = blockedRecord();
+
+        gateway.waitForApproval(r.getId(), msg -> {}, Duration.ofSeconds(30));
+
+        PushRecord updated = pushStore.findById(r.getId()).orElseThrow();
+        assertEquals(PushStatus.APPROVED, updated.getStatus());
+    }
+
+    @Test
+    void attestation_isMarkedAutomated() {
+        PushRecord r = blockedRecord();
+
+        gateway.waitForApproval(r.getId(), msg -> {}, Duration.ofSeconds(30));
+
+        PushRecord updated = pushStore.findById(r.getId()).orElseThrow();
+        assertNotNull(updated.getAttestation(), "Attestation should be set");
+        assertTrue(updated.getAttestation().isAutomated(), "Attestation should be automated");
+        assertEquals("auto-approval", updated.getAttestation().getReviewerUsername());
+    }
+
+    @Test
+    void sendsNoProgressMessages() {
+        PushRecord r = blockedRecord();
+        List<String> messages = new ArrayList<>();
+
+        gateway.waitForApproval(r.getId(), messages::add, Duration.ofSeconds(30));
+
+        assertTrue(messages.isEmpty(), "AutoApprovalGateway should not send any progress messages");
+    }
+
+    @Test
+    void returnsApproved_evenWhenStoreUpdateFails() {
+        // Gateway should still return APPROVED if the store throws (e.g. record not found)
+        ApprovalResult result = gateway.waitForApproval("no-such-id", msg -> {}, Duration.ofSeconds(30));
+
+        assertEquals(ApprovalResult.APPROVED, result);
+    }
+}

jgit-proxy-core/src/test/java/org/finos/gitproxy/servlet/filter/PushFinalizerFilterTest.java

@@ -16,6 +16,9 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.concurrent.atomic.AtomicBoolean;
+import org.finos.gitproxy.approval.ApprovalGateway;
+import org.finos.gitproxy.approval.AutoApprovalGateway;
+import org.finos.gitproxy.db.PushStoreFactory;
 import org.finos.gitproxy.git.GitRequestDetails;
 import org.finos.gitproxy.git.HttpOperation;
 import org.junit.jupiter.api.Test;
@@ -101,7 +104,7 @@ private GitRequestDetails pendingPushDetails() {
     @Test
     void pendingPush_isBlockedPendingReview() throws Exception {
         GitRequestDetails details = pendingPushDetails();
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         filter.doHttpFilter(mockPushRequest(details), fakeResponse.mock);
@@ -114,7 +117,7 @@ void pendingPush_isBlockedPendingReview() throws Exception {
     void rejectedPush_isLeftAlone() throws Exception {
         GitRequestDetails details = pendingPushDetails();
         details.setResult(GitRequestDetails.GitResult.REJECTED);
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         filter.doHttpFilter(mockPushRequest(details), fakeResponse.mock);
@@ -127,7 +130,7 @@ void rejectedPush_isLeftAlone() throws Exception {
     void errorPush_isLeftAlone() throws Exception {
         GitRequestDetails details = pendingPushDetails();
         details.setResult(GitRequestDetails.GitResult.ERROR);
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         filter.doHttpFilter(mockPushRequest(details), fakeResponse.mock);
@@ -141,7 +144,7 @@ void preApprovedPush_isAllowed() throws Exception {
         GitRequestDetails details = pendingPushDetails();
         HttpServletRequest req = mockPushRequest(details);
         when(req.getAttribute(PRE_APPROVED_ATTR)).thenReturn(Boolean.TRUE);
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         filter.doHttpFilter(req, fakeResponse.mock);
@@ -154,7 +157,7 @@ void preApprovedPush_isAllowed() throws Exception {
     void refDeletion_isAllowed() throws Exception {
         GitRequestDetails details = pendingPushDetails();
         details.setCommitTo(ZERO_OID);
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         filter.doHttpFilter(mockPushRequest(details), fakeResponse.mock);
@@ -167,9 +170,22 @@ void refDeletion_isAllowed() throws Exception {
     void nullDetails_doesNotThrow() throws Exception {
         HttpServletRequest req = mock(HttpServletRequest.class);
         when(req.getAttribute(GIT_REQUEST_ATTR)).thenReturn(null);
-        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080");
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", mock(ApprovalGateway.class));
         FakeResponse fakeResponse = new FakeResponse();
 
         assertDoesNotThrow(() -> filter.doHttpFilter(req, fakeResponse.mock));
     }
+
+    @Test
+    void autoApprovalGateway_allowsPushWithoutBlocking() throws Exception {
+        GitRequestDetails details = pendingPushDetails();
+        var gateway = new AutoApprovalGateway(PushStoreFactory.inMemory());
+        PushFinalizerFilter filter = new PushFinalizerFilter("http://localhost:8080", gateway);
+        FakeResponse fakeResponse = new FakeResponse();
+
+        filter.doHttpFilter(mockPushRequest(details), fakeResponse.mock);
+
+        assertEquals(GitRequestDetails.GitResult.ALLOWED, details.getResult());
+        assertFalse(fakeResponse.committed.get(), "Auto-approval must not send a git error to the client");
+    }
 }

jgit-proxy-dashboard/src/main/java/org/finos/gitproxy/dashboard/GitProxyWithDashboardApplication.java

@@ -8,6 +8,7 @@
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
+import org.finos.gitproxy.approval.UiApprovalGateway;
 import org.finos.gitproxy.config.InMemoryProviderConfigurationSource;
 import org.finos.gitproxy.config.ProviderConfigurationSource;
 import org.finos.gitproxy.db.PushStore;
@@ -51,6 +52,11 @@ public static void main(String[] args) throws Exception {
         PushStore pushStore = configBuilder.buildPushStore();
         log.info("Push store initialized: {}", pushStore.getClass().getSimpleName());
 
+        // Always use UiApprovalGateway when running with the dashboard — the REST API is what drives approval.
+        // This is intentionally not derived from approval-mode config: the dashboard deployment always needs
+        // UI-based review regardless of what is set in the config file.
+        var approvalGateway = new UiApprovalGateway(pushStore);
+
         var storeForwardCache = new LocalRepositoryCache(Files.createTempDirectory("jgit-proxy-sf-"), 0, true);
         var proxyCache = new LocalRepositoryCache();
 
@@ -65,10 +71,10 @@ public static void main(String[] args) throws Exception {
         for (GitProxyProvider provider : providerConfig.getProviders()) {
             log.info("Registering provider: {}", provider.getName());
             GitProxyServletRegistrar.registerGitServlet(
-                    context, provider, storeForwardCache, commitConfig, pushStore, serviceUrl);
+                    context, provider, storeForwardCache, commitConfig, pushStore, serviceUrl, approvalGateway);
             GitProxyServletRegistrar.registerProxyServlet(context, provider);
             GitProxyServletRegistrar.registerFilters(
-                    context, provider, proxyCache, configBuilder, commitConfig, pushStore, serviceUrl);
+                    context, provider, proxyCache, configBuilder, commitConfig, pushStore, serviceUrl, approvalGateway);
         }
 
         // Spring MVC DispatcherServlet at /* - git-specific paths take precedence per servlet spec

jgit-proxy-server/src/main/java/org/finos/gitproxy/jetty/GitProxyJettyApplication.java

@@ -7,6 +7,7 @@
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
+import org.finos.gitproxy.approval.ApprovalGateway;
 import org.finos.gitproxy.config.InMemoryProviderConfigurationSource;
 import org.finos.gitproxy.db.PushStore;
 import org.finos.gitproxy.git.LocalRepositoryCache;
@@ -50,6 +51,8 @@ public static void main(String[] args) throws Exception {
         PushStore pushStore = configBuilder.buildPushStore();
         log.info("Push store initialized: {}", pushStore.getClass().getSimpleName());
 
+        ApprovalGateway approvalGateway = configBuilder.buildApprovalGateway(pushStore);
+
         var storeForwardCache = new LocalRepositoryCache(Files.createTempDirectory("jgit-proxy-sf-"), 0, true);
         log.info("Initialized store-and-forward LocalRepositoryCache (full clone)");
 
@@ -66,10 +69,10 @@ public static void main(String[] args) throws Exception {
         for (GitProxyProvider provider : providerConfig.getProviders()) {
             log.info("Registering provider: {}", provider.getName());
             GitProxyServletRegistrar.registerGitServlet(
-                    context, provider, storeForwardCache, commitConfig, pushStore, serviceUrl);
+                    context, provider, storeForwardCache, commitConfig, pushStore, serviceUrl, approvalGateway);
             GitProxyServletRegistrar.registerProxyServlet(context, provider);
             GitProxyServletRegistrar.registerFilters(
-                    context, provider, proxyCache, configBuilder, commitConfig, pushStore, serviceUrl);
+                    context, provider, proxyCache, configBuilder, commitConfig, pushStore, serviceUrl, approvalGateway);
         }
 
         server.setHandler(context);