internal/domain/errors/errors.go (3)

42-50: Clarify duplicate vs already-exists semantics; consider length validation.

Having both ErrDuplicateDepartmentName and ErrDepartmentAlreadyExists can cause ambiguity at call sites. If “exists” strictly refers to a unique natural key (name), consider standardizing on one code or documenting distinct usage. Also, DB schema caps name at 100 chars—surface a specific validation to avoid DB-only failures.

Apply this diff to add an explicit name-length error (optional):

 var (
   ErrDepartmentNotFound        = DomainError{Code: "DEPARTMENT_NOT_FOUND", Message: "Department not found"}
   ErrInvalidDepartmentID       = DomainError{Code: "INVALID_DEPARTMENT_ID", Message: "Invalid department ID format", Field: "id"}
   ErrInvalidDepartmentName     = DomainError{Code: "INVALID_DEPARTMENT_NAME", Message: "Department name cannot be empty", Field: "name"}
   ErrDuplicateDepartmentName   = DomainError{Code: "DUPLICATE_DEPARTMENT_NAME", Message: "Department name already exists", Field: "name"}
   ErrInvalidDepartmentDescription = DomainError{Code: "INVALID_DEPARTMENT_DESCRIPTION", Message: "Department description cannot be empty", Field: "description"}
   ErrDepartmentAlreadyExists   = DomainError{Code: "DEPARTMENT_ALREADY_EXISTS", Message: "Department already exists"}
+  ErrInvalidDepartmentNameLength = DomainError{Code: "INVALID_DEPARTMENT_NAME_LENGTH", Message: "Department name must be <= 100 characters", Field: "name"}
 )

---

52-61: Add salary-range validation error to match schema/VO constraints.

Positions have min/max salary columns—expose a domain error for range violations so services can fail fast before persistence.

Apply this diff to add the error:

 var (
   ErrPositionNotFound        = DomainError{Code: "POSITION_NOT_FOUND", Message: "Position not found"}
   ErrInvalidPositionID       = DomainError{Code: "INVALID_POSITION_ID", Message: "Invalid position ID format", Field: "id"}
   ErrInvalidPositionTitle    = DomainError{Code: "INVALID_POSITION_TITLE", Message: "Position title cannot be empty", Field: "title"}
   ErrDuplicatePositionTitle  = DomainError{Code: "DUPLICATE_POSITION_TITLE", Message: "Position title already exists", Field: "title"}
   ErrInvalidPositionDescription = DomainError{Code: "INVALID_POSITION_DESCRIPTION", Message: "Position description cannot be empty", Field: "description"}
   ErrInvalidPositionRequirements = DomainError{Code: "INVALID_POSITION_REQUIREMENTS", Message: "Position requirements cannot be empty", Field: "requirements"}
   ErrPositionAlreadyExists   = DomainError{Code: "POSITION_ALREADY_EXISTS", Message: "Position already exists"}
+  ErrInvalidSalaryRange      = DomainError{Code: "INVALID_SALARY_RANGE", Message: "minSalary must be <= maxSalary", Field: "salary"}
 )

---

63-71: Cover invalid/overlapping leave date scenarios.

Common business rules: startDate <= endDate and no overlap with existing pending/approved leaves. Add explicit codes to standardize error handling across layers.

Apply this diff to add date-related errors:

 var (
   ErrLeaveNotFound        = DomainError{Code: "LEAVE_NOT_FOUND", Message: "Leave request not found"}
   ErrInvalidLeaveID       = DomainError{Code: "INVALID_LEAVE_ID", Message: "Invalid leave ID format", Field: "id"}
   ErrInvalidLeaveType     = DomainError{Code: "INVALID_LEAVE_TYPE", Message: "Invalid leave type", Field: "leaveType"}
   ErrInvalidLeaveStatus   = DomainError{Code: "INVALID_LEAVE_STATUS", Message: "Invalid leave status", Field: "status"}
   ErrInvalidLeaveReason   = DomainError{Code: "INVALID_LEAVE_REASON", Message: "Leave reason cannot be empty", Field: "reason"}
   ErrLeaveAlreadyExists   = DomainError{Code: "LEAVE_ALREADY_EXISTS", Message: "Leave request already exists"}
+  ErrInvalidLeaveDates    = DomainError{Code: "INVALID_LEAVE_DATES", Message: "startDate must be on/before endDate", Field: "dateRange"}
+  ErrLeaveOverlap         = DomainError{Code: "LEAVE_OVERLAP", Message: "Requested dates overlap an existing leave"}
 )

internal/domain/department/repository.go (2)

7-7: Pin mockgen version for reproducible generation.

Avoids breakage when upstream changes behavior.

Apply this diff:

-//go:generate go run github.com/golang/mock/mockgen -source=$GOFILE -destination=./mocks/mock_$GOFILE -package=mocks
+//go:generate go run github.com/golang/mock/[email protected] -source=$GOFILE -destination=./mocks/mock_$GOFILE -package=mocks

---

17-21: Document cursor semantics and limit contracts.

Clarify that an empty cursor yields the first page, and the returned string is the nextCursor (empty when no more pages). Note expected bounds for limit (e.g., 1–100).

internal/domain/department/service.go (3)

35-52: Clarify/normalize name uniqueness semantics (case, whitespace)

If DB uniqueness is case-sensitive (default in Postgres), “HR” and “hr” will be considered different here too. Decide on semantics and normalize (e.g., LOWER(name)), or enforce via a functional unique index to avoid drift between domain and DB.

---

62-67: Deletion rules placeholder—confirm business policy

Currently any existing department can be deleted. If departments with active employees must be protected, wire the employee/position repos here or add a TODO with follow-up.

---

70-83: Manager validation is too weak

Only checking for empty string allows invalid-but-non-empty IDs. Consider validating via an Employee repository (existence + eligibility), or at least add a stronger EmployeeID value-object validation.

internal/domain/position/repository.go (2)

18-22: Specify pagination contract (cursor semantics)

Document expected cursor format and stability guarantees, or introduce a typed Cursor to avoid misuse. Consider limit bounds (e.g., max) at interface level.

---

14-16: Title lookups: define case sensitivity

Align FindByTitle/ExistsByTitle with DB collation (case-sensitive by default). If titles are case-insensitive, enforce with normalization or functional index.

internal/application/department/mapper.go (2)

31-34: Prefer empty slice over nil for DTO lists

Prevents nulls in JSON and simplifies clients.

-if domainDepts == nil {
-  return nil
-}
+if len(domainDepts) == 0 {
+  return []*DepartmentDTO{}
+}

---

67-70: Prefer empty slice over nil for error lists

Consistent with API ergonomics.

-if errs == nil {
-  return nil
-}
+if len(errs) == 0 {
+  return []ErrorDTO{}
+}

migrations/004_create_departments_table.up.sql (3)

18-21: Verify trigger function exists

update_updated_at_column() must be created earlier; otherwise this migration will fail. Confirm presence or add it here.

---

4-4: Case-insensitive uniqueness (optional)

If “HR” and “hr” must be unique, switch name to CITEXT (with CREATE EXTENSION IF NOT EXISTS citext) or replace the constraint with a functional unique index on LOWER(name).

---

6-6: Consider FK for manager_id

If employees table exists, add manager_id UUID REFERENCES employees(id) ON DELETE SET NULL to enforce integrity.

internal/domain/leave/service.go (1)

70-77: Prefer central error codes/constants over string literals

If errors defines constants (e.g., CodeInvalidDeleteOperation), use them here to avoid drift.

api/graphql/department.graphqls (4)

36-36: Make error lists non-null for consistent payload semantics.

Avoids tri-state (null vs empty vs populated) handling in clients.

 type CreateDepartmentPayload {
   department: Department!
-  errors: [Error!]
+  errors: [Error!]!
 }
 
 type UpdateDepartmentPayload {
   department: Department!
-  errors: [Error!]
+  errors: [Error!]!
 }
 
 type DeleteDepartmentPayload {
   success: Boolean!
-  errors: [Error!]
+  errors: [Error!]!
 }

Also applies to: 41-41, 46-46

---

8-9: Use a proper Time/DateTime scalar instead of String.

Prevents ambiguous formatting and simplifies client parsing.

-  createdAt: String! # TODO: Change to Time scalar when custom scalar marshaling is implemented
-  updatedAt: String! # TODO: Change to Time scalar when custom scalar marshaling is implemented
+  createdAt: Time!
+  updatedAt: Time!

---

3-10: Expose manager object for richer graph traversal.

Keep managerId for edge ownership, but add manager: Employee for convenience.

 type Department {
   id: ID!
   name: String!
   description: String!
   managerId: ID
+  manager: Employee
   createdAt: Time!
   updatedAt: Time!
 }

---

12-15: Consider adding totalCount to the connection.

Helps clients render pagers without an extra count query.

 type DepartmentConnection {
   edges: [DepartmentEdge!]!
   pageInfo: PageInfo!
+  totalCount: Int!
 }

internal/domain/position/service.go (2)

54-67: Deletion rule is a stub; add guardrails (e.g., no active employees).

Even a light check prevents accidental referential breakage.

I can wire a read-only Employee repo interface here if you want a minimal dependency.

---

35-52: Minor: normalize unknown errors from FindByTitle with context.

Wrap to add operation context; helps observability.

-		return err
+		return fmt.Errorf("validate unique title: %w", err)

(Remember to import fmt.)

internal/domain/leave/repository.go (2)

21-26: Specify pagination ordering and cursor contract.

Document whether results are ordered by created_at ASC/DESC and what the cursor encodes (opaque vs raw ID). Prevents mismatched implementations across stores.

I can add godoc comments clarifying sort order and cursor encoding.

---

36-38: Prefer int64 for counts.

Avoids overflow on large datasets and matches sql COUNT() semantics.

-CountByEmployeeAndDateRange(ctx context.Context, employeeID EmployeeID, startDate, endDate time.Time) (int, error)
+CountByEmployeeAndDateRange(ctx context.Context, employeeID EmployeeID, startDate, endDate time.Time) (int64, error)

internal/infrastructure/persistence/sql/department_repository.go (3)

119-135: Use limit+1 to compute nextCursor accurately.

Prevents advertising a next page when there isn’t one.

-	var query string
+	var query string
 	var args []interface{}
+	fetchLimit := limit + 1
 
 	if cursor != "" {
 		query = `
 			SELECT id, name, description, manager_id, created_at, updated_at 
 			FROM departments 
 			WHERE id > $1
 			ORDER BY id 
-			LIMIT $2`
-		args = []interface{}{cursor, limit}
+			LIMIT $2`
+		args = []interface{}{cursor, fetchLimit}
 	} else {
 		query = `
 			SELECT id, name, description, manager_id, created_at, updated_at 
 			FROM departments 
 			ORDER BY id 
-			LIMIT $1`
-		args = []interface{}{limit}
+			LIMIT $1`
+		args = []interface{}{fetchLimit}
 	}
 ...
-	var nextCursor string
-	if len(departments) == limit {
-		nextCursor = lastID
-	}
+	var nextCursor string
+	if len(departments) == fetchLimit {
+		// Trim the extra record and set cursor
+		departments = departments[:limit]
+		nextCursor = lastID
+	}

Also applies to: 172-183

---

221-229: Shadowing function parameter ‘managerID’.

Rename local scan var to avoid confusion.

-		var deptID, name, description string
-		var managerID sql.NullString
+		var deptID, name, description string
+		var mgrID sql.NullString
 		var createdAt, updatedAt time.Time
 
-		err := rows.Scan(&deptID, &name, &description, &managerID, &createdAt, &updatedAt)
+		err := rows.Scan(&deptID, &name, &description, &mgrID, &createdAt, &updatedAt)
 ...
-		if managerID.Valid {
-			managerIDPtr = &managerID.String
+		if mgrID.Valid {
+			managerIDPtr = &mgrID.String
 		}

---

382-405: Log exclude_id as string (when present).

Improves log readability.

-	r.logger.DebugContext(ctx, "Checking if department exists by name", "name", name.String(), "exclude_id", excludeID)
+	var exclude string
+	if excludeID != nil {
+		exclude = excludeID.String()
+	}
+	r.logger.DebugContext(ctx, "Checking if department exists by name", "name", name.String(), "exclude_id", exclude)

api/graphql/query.graphqls (1)

10-15: Consistency: align ID argument naming across queries.

You use departmentId and managerId; ensure Position/Department single fetchers align similarly (good). For Employee queries above (department as String!), consider migrating to departmentId: ID! for consistency.

I can draft the schema changes and resolver arg updates if you want to proceed.

api/graphql/position.graphqls (2)

9-10: Avoid Float for currency; use a Decimal/Money scalar.

Float can introduce rounding errors for salaries. Prefer a decimal-based scalar to preserve cents.

Apply this change:

-  minSalary: Float!
-  maxSalary: Float!
+  minSalary: Decimal!
+  maxSalary: Decimal!

---

3-13: Expose department object for better GraphQL ergonomics.

Add a department field to allow nested selection without extra round-trips.

 type Position {
   id: ID!
   title: String!
   description: String!
   departmentId: ID
+  department: Department
   requirements: String!
   minSalary: Float!
   maxSalary: Float!
   createdAt: String! # TODO: Change to Time scalar when custom scalar marshaling is implemented
   updatedAt: String! # TODO: Change to Time scalar when custom scalar marshaling is implemented
 }

migrations/005_create_positions_table.up.sql (1)

4-4: Drop redundant index on a UNIQUE column.

UNIQUE on title already creates an index; the extra idx_positions_title duplicates it.

 CREATE TABLE positions (
     id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
     title VARCHAR(100) UNIQUE NOT NULL,
@@
 -- Create indexes for better query performance
-CREATE INDEX idx_positions_title ON positions(title);
 CREATE INDEX idx_positions_department_id ON positions(department_id);

Also applies to: 16-16

migrations/006_create_leaves_table.up.sql (2)

2-17: Prevent overlapping leaves per employee (optional, but valuable).

Consider an exclusion constraint to block overlapping date ranges for the same employee (for PENDING/APPROVED). Requires btree_gist.

-- Pre-req in an earlier migration:
-- CREATE EXTENSION IF NOT EXISTS btree_gist;

ALTER TABLE leaves
  ADD CONSTRAINT ex_leaves_no_overlap
  EXCLUDE USING gist (
    employee_id WITH =,
    daterange(start_date, end_date, '[]') WITH &&
  )
  WHERE (status IN ('PENDING','APPROVED'));

---

9-12: Tie approval fields to status.

Keep data coherent by enforcing relations between status, approved_by, and approved_at.

ALTER TABLE leaves
  ADD CONSTRAINT chk_leaves_approval_fields
  CHECK (
    (status IN ('PENDING','CANCELLED') AND approved_by IS NULL AND approved_at IS NULL) OR
    (status IN ('APPROVED','REJECTED') AND approved_by IS NOT NULL AND approved_at IS NOT NULL)
  );

api/graphql/leave.graphqls (2)

6-11: Use GraphQL enums for leaveType and status.

Enums align with DB checks and improve type-safety.

-  leaveType: String!
+  leaveType: LeaveType!
@@
-  status: String!
+  status: LeaveStatus!

Add enum definitions:

enum LeaveType { VACATION SICK PERSONAL MATERNITY PATERNITY BEREAVEMENT UNPAID OTHER }
enum LeaveStatus { PENDING APPROVED REJECTED CANCELLED }

---

7-14: Switch date/time fields to a Time/Date scalar.

You’ve noted the TODOs; prioritize moving to a proper scalar to avoid string parsing issues.

internal/application/department/service.go (7)

98-103: Cap page size to prevent abuse.

Set a sane upper bound to avoid expensive scans.

   limit := req.Limit
   if limit == 0 {
     limit = 10 // Default page size
   }
+  if limit > 100 {
+    limit = 100
+  }

---

113-119: Only emit nextCursor when there’s a next page.

Avoid confusing clients by clearing nextCursor on the last page.

   hasNextPage := len(domainDepts) > limit
   if hasNextPage {
     domainDepts = domainDepts[:limit] // Remove the extra item
   }
+  if !hasNextPage {
+    nextCursor = ""
+  }

---

149-154: Cap page size in “by manager” listing.

Mirror the limit cap here.

   limit := req.Limit
   if limit == 0 {
     limit = 10 // Default page size
   }
+  if limit > 100 {
+    limit = 100
+  }

---

164-170: Clear nextCursor when no next page (by manager).

Keep pagination semantics consistent.

   hasNextPage := len(domainDepts) > limit
   if hasNextPage {
     domainDepts = domainDepts[:limit] // Remove the extra item
   }
+  if !hasNextPage {
+    nextCursor = ""
+  }

---

381-385: Validate ID unconditionally (or drop this pre-check).

Current logic only validates when empty. Either always validate here or rely solely on NewDepartmentID.

 func (s *service) validateGetDepartmentRequest(req GetDepartmentRequest) error {
-  if req.ID == "" {
-    return department.ValidateDepartmentID(req.ID)
-  }
-  return nil
+  return department.ValidateDepartmentID(req.ID)
 }

---

426-433: Same here: validate ID regardless of emptiness.

 func (s *service) validateUpdateDepartmentRequest(req UpdateDepartmentRequest) error {
-  if req.ID == "" {
-    return department.ValidateDepartmentID(req.ID)
-  }
+  if err := department.ValidateDepartmentID(req.ID); err != nil {
+    return err
+  }
   if req.Name != nil {
     if err := department.ValidateDepartmentName(*req.Name); err != nil {
       return err
     }
   }

---

443-448: Ditto for delete: validate the ID directly.

 func (s *service) validateDeleteDepartmentRequest(req DeleteDepartmentRequest) error {
-  if req.ID == "" {
-    return department.ValidateDepartmentID(req.ID)
-  }
-  return nil
+  return department.ValidateDepartmentID(req.ID)
 }

internal/domain/department/department.go (1)

52-86: Optionally validate on construction.

Consider calling Validate() before returning to avoid propagating invalid aggregates reconstructed from persistence.

api/graphql/mutation.graphqls (1)

18-21: Clarify input type naming for rejectLeave
Schema only defines input ApproveLeaveInput (no RejectLeaveInput). To avoid confusion:

• Create a dedicated RejectLeaveInput if its fields diverge.
• Or rename/reuse the existing type to a more generic name (e.g. LeaveActionInput).

internal/domain/department/value_objects.go (2)

3-9: Compile regex once and broaden allowed characters for real-world department names.

Reduce per-call allocations and support names like “R&D”, “Sales/EMEA”, “People Ops (US)”.

 import (
   "regexp"
   "strings"
@@
 )
 
+// Compiled once to avoid per-call allocations; allows letters (all locales), numbers,
+// spaces, hyphens, underscores, ampersand, slash, dot, apostrophe, parentheses.
+var validDeptNameRegex = regexp.MustCompile(`^[\p{L}\p{N}\s\-_&/.'()]+$`)
+
@@
-  // Check for valid characters (letters, numbers, spaces, hyphens, underscores)
-  validNameRegex := regexp.MustCompile(`^[a-zA-Z0-9\s\-_]+$`)
-  if !validNameRegex.MatchString(trimmed) {
+  if !validDeptNameRegex.MatchString(trimmed) {
     return Name{}, errors.DomainError{
       Code:    "INVALID_DEPARTMENT_NAME_CHARACTERS",
-      Message: "Department name can only contain letters, numbers, spaces, hyphens, and underscores",
+      Message: "Department name contains unsupported characters",
       Field:   "name",
     }
   }
@@
-  validNameRegex := regexp.MustCompile(`^[a-zA-Z0-9\s\-_]+$`)
-  if !validNameRegex.MatchString(trimmed) {
+  if !validDeptNameRegex.MatchString(trimmed) {
     return errors.DomainError{
       Code:    "INVALID_DEPARTMENT_NAME_CHARACTERS",
-      Message: "Department name can only contain letters, numbers, spaces, hyphens, and underscores",
+      Message: "Department name contains unsupported characters",
       Field:   "name",
     }
   }

Also applies to: 69-77, 190-197

---

158-169: Avoid duplicated validation logic between constructors and Validate helpers.*

To keep rules in one place, have ValidateDepartment* call the corresponding New* and map errors, or vice versa.

Also applies to: 171-201, 202-222

internal/domain/position/position.go (1)

11-19: Cross-aggregate ID type duplication.

*DepartmentID here is local to the position package; consider reusing department.DepartmentID (or a shared identity VO) to improve type-safety across aggregates.

Also applies to: 129-133

internal/domain/leave/leave.go (1)

253-256: Optional: clear approval metadata on cancel.

If a previously approved leave is cancelled, consider nulling approvedBy/approvedAt to reflect current state.

internal/application/department/dto.go (2)

19-21: Avoid emitting empty nextCursor

Use omitempty so empty cursors don’t show up in responses.

 type DepartmentConnectionDTO struct {
   Departments []*DepartmentDTO `json:"departments"`
-  NextCursor  string           `json:"nextCursor"`
+  NextCursor  string           `json:"nextCursor,omitempty"`
 }

---

34-44: Consider adding HasNext to connection DTOs

A boolean HasNext (and optionally TotalCount) makes pagination decisions easier for clients, aligning better with GraphQL PageInfo patterns.

internal/domain/position/value_objects.go (3)

69-77: Don’t recompile regex on every call

Compile the title regex once at package scope and reuse it in both constructors and validators.

@@
-import (
+import (
+	"math"
 	"regexp"
 	"strings"
@@
 )
+
+var titleRegex = regexp.MustCompile(`^[a-zA-Z0-9\s\-_]+$`)
@@
-	// Check for valid characters (letters, numbers, spaces, hyphens, underscores)
-	validTitleRegex := regexp.MustCompile(`^[a-zA-Z0-9\s\-_]+$`)
-	if !validTitleRegex.MatchString(trimmed) {
+	// Check for valid characters (letters, numbers, spaces, hyphens, underscores)
+	if !titleRegex.MatchString(trimmed) {
@@
-	validTitleRegex := regexp.MustCompile(`^[a-zA-Z0-9\s\-_]+$`)
-	if !validTitleRegex.MatchString(trimmed) {
+	if !titleRegex.MatchString(trimmed) {

Also applies to: 280-287

---

214-217: Float equality is brittle

Direct float equality can be unstable. Either store monetary values as integer cents or compare within a small epsilon.

---

219-223: Misleading comment about reuse

This defines a local DepartmentID type; it’s not “reused” from the department domain. Reword to avoid confusion.

-// DepartmentID represents a department identifier (reused from department domain)
+// DepartmentID represents a department identifier (local VO mirroring department domain)

internal/domain/leave/value_objects.go (2)

61-71: Use set membership idiom for valid types/statuses

Tiny optimization/readability: use map[string]struct{} and membership checks.

-var validLeaveTypes = map[string]bool{
+var validLeaveTypes = map[string]struct{}{
-	LeaveTypeVacation:    true,
-	LeaveTypeSick:        true,
-	LeaveTypePersonal:    true,
-	LeaveTypeMaternity:   true,
-	LeaveTypePaternity:   true,
-	LeaveTypeBereavement: true,
-	LeaveTypeUnpaid:      true,
-	LeaveTypeOther:       true,
+	LeaveTypeVacation:    {},
+	LeaveTypeSick:        {},
+	LeaveTypePersonal:    {},
+	LeaveTypeMaternity:   {},
+	LeaveTypePaternity:   {},
+	LeaveTypeBereavement: {},
+	LeaveTypeUnpaid:      {},
+	LeaveTypeOther:       {},
 }
@@
-	if !validLeaveTypes[upperValue] {
+	if _, ok := validLeaveTypes[upperValue]; !ok {
 		return LeaveType{}, errors.ErrInvalidLeaveType
 	}
@@
-var validStatuses = map[string]bool{
+var validStatuses = map[string]struct{}{
-	StatusPending:   true,
-	StatusApproved:  true,
-	StatusRejected:  true,
-	StatusCancelled: true,
+	StatusPending:   {},
+	StatusApproved:  {},
+	StatusRejected:  {},
+	StatusCancelled: {},
 }
@@
-	if !validStatuses[upperValue] {
+	if _, ok := validStatuses[upperValue]; !ok {
 		return Status{}, errors.ErrInvalidLeaveStatus
 	}
@@
-	if !validStatuses[upperValue] {
+	if _, ok := validStatuses[upperValue]; !ok {
 		return errors.ErrInvalidLeaveStatus
 	}

Also applies to: 79-85, 110-116, 125-131, 241-253, 261-267

---

199-203: Misleading comment about reuse

This defines a local EmployeeID; it’s not actually reused from the employee domain. Reword to avoid confusion.

-// EmployeeID represents an employee identifier (reused from employee domain)
+// EmployeeID represents an employee identifier (local VO mirroring the employee domain)

internal/interfaces/graphql/model/models_gen.go (4)

48-50: Use a Time/DateTime scalar instead of String for all temporal fields

String dates are error‑prone. Prefer a Time scalar mapped to time.Time for StartDate/EndDate and CreatedAt/UpdatedAt.

Schema examples:

# api/graphql/leave.graphqls
+scalar Time

-type Leave {
+type Leave {
   id: ID!
   employeeId: ID!
-  leaveType: String!
-  startDate: String!
-  endDate: String!
+  leaveType: String!
+  startDate: Time!
+  endDate: Time!
   reason: String!
-  status: String!
+  status: String!
   approvedBy: ID
-  approvedAt: String
-  createdAt: String!
-  updatedAt: String!
+  approvedAt: Time
+  createdAt: Time!
+  updatedAt: Time!
 }
 
-input CreateLeaveInput {
-  employeeId: ID!
-  leaveType: String!
-  startDate: String!
-  endDate: String!
+input CreateLeaveInput {
+  employeeId: ID!
+  leaveType: String!
+  startDate: Time!
+  endDate: Time!
   reason: String!
 }

# api/graphql/department.graphqls
-type Department {
+type Department {
   id: ID!
   name: String!
   description: String!
   managerId: ID
-  createdAt: String!
-  updatedAt: String!
+  createdAt: Time!
+  updatedAt: Time!
 }

# api/graphql/position.graphqls
-type Position {
+type Position {
   id: ID!
   title: String!
   description: String!
   departmentId: ID
   requirements: String!
   minSalary: Float!
   maxSalary: Float!
-  createdAt: String!
-  updatedAt: String!
+  createdAt: Time!
+  updatedAt: Time!
 }

gqlgen config (gqlgen.yml):

 models:
+  Time:
+    model: time.Time

Also applies to: 112-113, 159-160, 165-166, 197-198

---

47-47: Prefer GraphQL enums for LeaveType and Status

Enums prevent invalid values and improve type‑safety across API/clients.

# api/graphql/leave.graphqls
+enum LeaveType { SICK VACATION UNPAID OTHER }
+enum LeaveStatus { PENDING APPROVED REJECTED CANCELED }

 type Leave {
   id: ID!
   employeeId: ID!
-  leaveType: String!
+  leaveType: LeaveType!
   ...
-  status: String!
+  status: LeaveStatus!
 }

-input CreateLeaveInput { ..., leaveType: String!, ... }
+input CreateLeaveInput { ..., leaveType: LeaveType!, ... }

-input UpdateLeaveInput { leaveType: String, ... }
+input UpdateLeaveInput { leaveType: LeaveType, ... }

Also applies to: 158-158, 162-162, 245-245

---

219-223: UpdateDepartmentInput: enforce “at least one field provided”

Guard against no-op updates in the resolver/service.

Example check (Go resolver/service):

if in.Name == nil && in.Description == nil && in.ManagerID == nil {
    return errorResponse("No fields to update")
}

---

107-114: Confirm ManagerID refers to EmployeeID and add Manager field
managerId in the GraphQL Department maps to the internal EmployeeID. Align the GraphQL mapper to use EmployeeID semantics, and optionally expose a nullable manager *Employee field on Department for easier nested resolution.

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting