npm - @aporthq/aport-agent-guardrails - Versions diffs - 1.0.8 - Mend

@aporthq/aport-agent-guardrails 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (237) hide show

package/external/aport-policies/finance.payment.charge.v1/fastapi.example.py ADDED Viewed

@@ -0,0 +1,227 @@
+from fastapi import FastAPI, HTTPException, Request
+from pydantic import BaseModel
+from aport.middleware import require_policy
+import asyncio
+from typing import List, Optional
+from datetime import datetime
+app = FastAPI(title="Payment Charge Service", version="1.0.0")
+class ChargeItem(BaseModel):
+    sku: str
+    qty: int
+    category: Optional[str] = None
+class ChargeRequest(BaseModel):
+    amount: int
+    currency: str
+    merchant_id: str
+    region: str
+    shipping_country: Optional[str] = None
+    items: List[ChargeItem]
+    risk_score: Optional[float] = None
+    idempotency_key: str
+class BatchChargeRequest(BaseModel):
+    charges: List[ChargeRequest]
+class RefundRequest(BaseModel):
+    amount: int
+    reason: str
+class ChargeResponse(BaseModel):
+    success: bool
+    charge_id: str
+    amount: int
+    currency: str
+    status: str
+    decision_id: str
+class ChargeStatus(BaseModel):
+    charge_id: str
+    status: str
+    created_at: str
+    amount: int
+    currency: str
+    merchant_id: str
+    items: List[ChargeItem]
+@app.post("/payments/charge")
+@require_policy("finance.payment.charge.v1")
+async def process_charge(request: Request, charge_data: ChargeRequest):
+    try:
+        passport = request.state.policy_result.passport
+        # Additional business logic validation
+        if charge_data.amount <= 0:
+            raise HTTPException(status_code=400, detail="Invalid charge amount")
+        # Check if items are provided
+        if not charge_data.items or len(charge_data.items) == 0:
+            raise HTTPException(status_code=400, detail="Items are required")
+        # Process charge using your payment processor
+        charge_id = await process_charge_payment({
+            "amount": charge_data.amount,
+            "currency": charge_data.currency,
+            "merchant_id": charge_data.merchant_id,
+            "region": charge_data.region,
+            "shipping_country": charge_data.shipping_country,
+            "items": [item.dict() for item in charge_data.items],
+            "risk_score": charge_data.risk_score,
+            "idempotency_key": charge_data.idempotency_key,
+            "agent_id": passport.passport_id,
+            "agent_name": passport.metadata.get("template_name", "Unknown Agent") if passport.metadata else "Unknown Agent"
+        })
+        # Log the transaction
+        print(f"Charge processed: {charge_id} for {charge_data.amount} {charge_data.currency} by agent {passport.passport_id}")
+        return ChargeResponse(
+            success=True,
+            charge_id=charge_id,
+            amount=charge_data.amount,
+            currency=charge_data.currency,
+            status="processed",
+            decision_id=request.state.policy_result.decision_id
+        )
+    except Exception as e:
+        print(f"Charge processing error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+@app.post("/payments/charge/batch")
+@require_policy("finance.payment.charge.v1")
+async def process_batch_charges(request: Request, batch_data: BatchChargeRequest):
+    try:
+        passport = request.state.policy_result.passport
+        # Group charges by currency for daily cap checking
+        currency_totals = {}
+        for charge in batch_data.charges:
+            currency = charge.currency
+            currency_totals[currency] = currency_totals.get(currency, 0) + charge.amount
+        # Check daily caps per currency
+        for currency, total_amount in currency_totals.items():
+            currency_limits = passport.limits.get("payments", {}).get("charge", {}).get("currency_limits", {}).get(currency)
+            if currency_limits and currency_limits.get("daily_cap") and total_amount > currency_limits["daily_cap"]:
+                raise HTTPException(
+                    status_code=403,
+                    detail={
+                        "error": "Batch total exceeds daily cap",
+                        "currency": currency,
+                        "total": total_amount,
+                        "limit": currency_limits["daily_cap"]
+                    }
+                )
+        # Process batch charges
+        results = await asyncio.gather(*[
+            process_charge_payment({
+                "amount": charge.amount,
+                "currency": charge.currency,
+                "merchant_id": charge.merchant_id,
+                "region": charge.region,
+                "shipping_country": charge.shipping_country,
+                "items": [item.dict() for item in charge.items],
+                "risk_score": charge.risk_score,
+                "idempotency_key": charge.idempotency_key,
+                "agent_id": passport.passport_id
+            })
+            for charge in batch_data.charges
+        ])
+        return {
+            "success": True,
+            "processed": len(results),
+            "currency_totals": currency_totals,
+            "decision_id": request.state.policy_result.decision_id
+        }
+    except Exception as e:
+        print(f"Batch charge error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+@app.get("/payments/charge/{charge_id}")
+@require_policy("finance.payment.charge.v1")
+async def get_charge_status(request: Request, charge_id: str):
+    try:
+        passport = request.state.policy_result.passport
+        charge_info = await get_charge_status(charge_id, passport.passport_id)
+        if not charge_info:
+            raise HTTPException(status_code=404, detail="Charge not found")
+        return charge_info
+    except Exception as e:
+        print(f"Charge status error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+@app.post("/payments/charge/{charge_id}/refund")
+@require_policy("finance.payment.charge.v1")
+async def process_refund(request: Request, charge_id: str, refund_data: RefundRequest):
+    try:
+        passport = request.state.policy_result.passport
+        refund_id = await process_refund_payment({
+            "charge_id": charge_id,
+            "amount": refund_data.amount,
+            "reason": refund_data.reason,
+            "agent_id": passport.passport_id
+        })
+        return {
+            "success": True,
+            "refund_id": refund_id,
+            "charge_id": charge_id,
+            "amount": refund_data.amount,
+            "status": "refunded",
+            "decision_id": request.state.policy_result.decision_id
+        }
+    except Exception as e:
+        print(f"Refund processing error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+async def process_charge_payment(charge_data: dict) -> str:
+    """Mock charge processing function"""
+    # Simulate payment processor call
+    await asyncio.sleep(0.1)
+    # Log charge details for audit
+    print(f"Processing charge: {charge_data}")
+    return f"chg_{asyncio.get_event_loop().time()}_{hash(str(charge_data)) % 1000000}"
+async def get_charge_status(charge_id: str, agent_id: str) -> Optional[ChargeStatus]:
+    """Mock charge status lookup"""
+    await asyncio.sleep(0.05)
+    return ChargeStatus(
+        charge_id=charge_id,
+        status="completed",
+        created_at=datetime.now().isoformat(),
+        amount=1299,
+        currency="USD",
+        merchant_id="merch_abc",
+        items=[
+            ChargeItem(sku="SKU-1", qty=1, category="electronics")
+        ]
+    )
+async def process_refund_payment(refund_data: dict) -> str:
+    """Mock refund processing function"""
+    # Simulate refund processing
+    await asyncio.sleep(0.1)
+    print(f"Processing refund: {refund_data}")
+    return f"ref_{asyncio.get_event_loop().time()}_{hash(str(refund_data)) % 1000000}"
+if __name__ == "__main__":
+    import uvicorn
+    print("Payment charge service starting...")
+    print("Protected by APort finance.payment.charge.v1 policy pack")
+    uvicorn.run(app, host="0.0.0.0", port=8000)

package/external/aport-policies/finance.payment.charge.v1/minimal-example.js ADDED Viewed

@@ -0,0 +1,64 @@
+/**
+ * Minimal Example: finance.payment.charge.v1 Policy
+ *
+ * This is a quick-start example showing the basic usage of the finance.payment.charge.v1 policy.
+ * For production use, see the full express.example.js file.
+ */
+const express = require("express");
+const { requirePolicy } = require("@aporthq/middleware-express");
+const app = express();
+app.use(express.json());
+// Minimal charge endpoint with policy protection
+app.post(
+  "/charge",
+  requirePolicy("finance.payment.charge.v1"),
+  async (req, res) => {
+    try {
+      const { amount, currency, merchant_id, items } = req.body;
+      const passport = req.policyResult.passport;
+      // Process the charge (your business logic here)
+      const charge_id = `chg_${Date.now()}`;
+      console.log(`Charge processed: ${charge_id} for ${amount} ${currency}`);
+      res.json({
+        success: true,
+        charge_id,
+        amount,
+        currency,
+        decision_id: req.policyResult.decision_id,
+      });
+    } catch (error) {
+      console.error("Charge error:", error);
+      res.status(500).json({ error: "Internal server error" });
+    }
+  }
+);
+// Example client request
+const exampleRequest = {
+  amount: 1299, // $12.99 in cents
+  currency: "USD",
+  merchant_id: "merch_abc",
+  region: "US",
+  shipping_country: "US",
+  items: [{ sku: "SKU-1", qty: 1, category: "electronics" }],
+  idempotency_key: "charge-ord-123",
+};
+console.log("Example request:", JSON.stringify(exampleRequest, null, 2));
+const PORT = process.env.PORT || 3000;
+app.listen(PORT, () => {
+  console.log(`Minimal charge service running on port ${PORT}`);
+  console.log("Protected by APort finance.payment.charge.v1 policy");
+  console.log(
+    `Try: curl -X POST http://localhost:${PORT}/charge -H "Content-Type: application/json" -d '${JSON.stringify(
+      exampleRequest
+    )}'`
+  );
+});

package/external/aport-policies/finance.payment.charge.v1/policy.json ADDED Viewed

@@ -0,0 +1,224 @@
+{
+  "id": "finance.payment.charge.v1",
+  "name": "Payment Charge Policy",
+  "description": "Pre-action governance for agent-initiated payments. Enforces per-currency caps, merchant/region allowlists, category blocks, assurance minimums, and idempotency.",
+  "version": "1.0.0",
+  "status": "active",
+  "requires_capabilities": ["payments.charge"],
+  "min_assurance": "L2",
+  "limits_required": [
+    "currency_limits",
+    "allowed_merchant_ids",
+    "allowed_countries",
+    "blocked_categories",
+    "max_items_per_tx",
+    "require_assurance_at_least",
+    "idempotency_required",
+    "approval_required"
+  ],
+  "required_fields": [
+    "amount",
+    "currency",
+    "merchant_id",
+    "region",
+    "items",
+    "idempotency_key"
+  ],
+  "optional_fields": ["shipping_country", "risk_score"],
+  "enforcement": {
+    "currency_supported": true,
+    "region_in": true,
+    "idempotency_required": true,
+    "amount_lte": "limits.payments.charge.currency_limits.{currency}.max_per_tx",
+    "daily_cap_check": "limits.payments.charge.currency_limits.{currency}.daily_cap",
+    "merchant_allowlist": "limits.payments.charge.allowed_merchant_ids",
+    "country_allowlist": "limits.payments.charge.allowed_countries",
+    "category_blocklist": "limits.payments.charge.blocked_categories",
+    "item_count_cap": "limits.payments.charge.max_items_per_tx"
+  },
+  "mcp": {
+    "require_allowlisted_if_present": true
+  },
+  "advice": [
+    "Cache /verify with ETag; 60s TTL",
+    "Subscribe to status webhooks for instant suspend",
+    "Log all charge attempts for Verifiable Attestation",
+    "Implement daily spend tracking per currency to prevent abuse",
+    "Always use unique idempotency keys to prevent duplicate charges",
+    "Provide clear error messages to help agents self-remediate",
+    "Maintain merchant allowlists for trusted partners",
+    "Block high-risk categories (weapons, illicit goods)"
+  ],
+  "required_context": {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "required": [
+      "amount",
+      "currency",
+      "merchant_id",
+      "region",
+      "items",
+      "idempotency_key"
+    ],
+    "properties": {
+      "amount": {
+        "type": "integer",
+        "minimum": 1,
+        "description": "Minor units (e.g., cents)"
+      },
+      "currency": {
+        "type": "string",
+        "pattern": "^[A-Z]{3}$",
+        "description": "ISO 4217 currency code"
+      },
+      "merchant_id": {
+        "type": "string",
+        "description": "Merchant identifier"
+      },
+      "region": {
+        "type": "string",
+        "description": "Geographic region"
+      },
+      "shipping_country": {
+        "type": "string",
+        "description": "Shipping country code"
+      },
+      "items": {
+        "type": "array",
+        "minItems": 1,
+        "description": "Array of items being purchased",
+        "items": {
+          "type": "object",
+          "required": ["sku", "qty", "price"],
+          "properties": {
+            "sku": {
+              "type": "string",
+              "description": "Stock keeping unit"
+            },
+            "qty": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Quantity"
+            },
+            "name": {
+              "type": "string",
+              "maxLength": 200,
+              "description": "Item name for audit and compliance"
+            },
+            "price": {
+              "type": "integer",
+              "minimum": 1,
+              "description": "Price in minor currency units (e.g., cents)"
+            },
+            "category": {
+              "type": "string",
+              "description": "Item category"
+            }
+          }
+        }
+      },
+      "risk_score": {
+        "type": "number",
+        "minimum": 0,
+        "maximum": 100,
+        "description": "Risk score (0-100)"
+      },
+      "idempotency_key": {
+        "type": "string",
+        "minLength": 8,
+        "description": "Idempotency key for duplicate prevention"
+      },
+      "mcp_servers": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "MCP servers being used in this request (e.g., [\"https://mcp.stripe.com\"])"
+      },
+      "mcp_tools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "MCP tools being used in this request (e.g., [\"stripe.charges.create\"])"
+      },
+      "mcp_server": {
+        "type": "string",
+        "description": "Single MCP server being used (backward compatibility - use mcp_servers array for multiple)"
+      },
+      "mcp_tool": {
+        "type": "string",
+        "description": "Single MCP tool being used (backward compatibility - use mcp_tools array for multiple)"
+      },
+      "mcp_session": {
+        "type": "string",
+        "description": "MCP session identifier for audit trail (optional)"
+      }
+    }
+  },
+  "evaluation_rules": [
+    {
+      "name": "passport_status_active",
+      "condition": "passport.status == 'active'",
+      "deny_code": "oap.passport_suspended",
+      "description": "Passport must be active"
+    },
+    {
+      "name": "assurance_minimum",
+      "condition": "passport.assurance_level >= limits.payments.charge.require_assurance_at_least",
+      "deny_code": "oap.assurance_insufficient",
+      "description": "Assurance level must meet minimum requirement"
+    },
+    {
+      "name": "currency_supported",
+      "condition": "currency in limits.payments.charge.currency_limits",
+      "deny_code": "oap.currency_unsupported",
+      "description": "Currency must be supported"
+    },
+    {
+      "name": "per_tx_amount_cap",
+      "condition": "amount <= limits.payments.charge.currency_limits[currency].max_per_tx",
+      "deny_code": "oap.limit_exceeded",
+      "description": "Amount must not exceed per-transaction limit"
+    },
+    {
+      "name": "item_count_cap",
+      "condition": "items.length <= limits.payments.charge.max_items_per_tx",
+      "deny_code": "oap.limit_exceeded",
+      "description": "Item count must not exceed limit"
+    },
+    {
+      "name": "merchant_allowed",
+      "condition": "merchant_id in limits.payments.charge.allowed_merchant_ids OR limits.payments.charge.allowed_merchant_ids is empty",
+      "deny_code": "oap.merchant_forbidden",
+      "description": "Merchant must be in allowlist"
+    },
+    {
+      "name": "country_allowed",
+      "condition": "shipping_country in limits.payments.charge.allowed_countries OR limits.payments.charge.allowed_countries is empty",
+      "deny_code": "oap.region_blocked",
+      "description": "Shipping country must be allowed"
+    },
+    {
+      "name": "category_block",
+      "condition": "NOT any(item.category in limits.payments.charge.blocked_categories for item in items)",
+      "deny_code": "oap.category_blocked",
+      "description": "Items must not be in blocked categories"
+    },
+    {
+      "name": "daily_cap_check",
+      "condition": "daily_total + amount <= limits.payments.charge.currency_limits[currency].daily_cap",
+      "deny_code": "oap.limit_exceeded",
+      "description": "Daily cap must not be exceeded"
+    },
+    {
+      "name": "idempotency_check",
+      "condition": "idempotency_key not in recent_keys",
+      "deny_code": "oap.idempotency_conflict",
+      "description": "Idempotency key must be unique"
+    }
+  ],
+  "cache": {
+    "default_ttl_seconds": 60,
+    "suspend_invalidate_seconds": 30
+  },
+  "deprecation": null,
+  "created_at": "2025-01-30T00:00:00Z",
+  "updated_at": "2025-01-30T00:00:00Z"
+}

package/external/aport-policies/finance.payment.charge.v1/tests/contexts.jsonl ADDED Viewed

@@ -0,0 +1,12 @@
+{"name":"allow_usd_12_99","context":{"amount":1299,"currency":"USD","merchant_id":"merch_abc","region":"US","shipping_country":"US","items":[{"sku":"SKU-1","qty":1,"category":"electronics"}],"idempotency_key":"charge-ord-1001"}}
+{"name":"deny_currency_unsupported","context":{"amount":1000,"currency":"GBP","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-2","qty":1,"category":"books"}],"idempotency_key":"charge-ord-1002"}}
+{"name":"deny_over_per_tx","context":{"amount":25000,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-3","qty":1,"category":"electronics"}],"idempotency_key":"charge-ord-1003"}}
+{"name":"deny_items_exceeded","context":{"amount":1500,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"A","qty":1},{"sku":"B","qty":1},{"sku":"C","qty":1},{"sku":"D","qty":1},{"sku":"E","qty":1},{"sku":"F","qty":1}],"idempotency_key":"charge-ord-1004"}}
+{"name":"deny_merchant_forbidden","context":{"amount":500,"currency":"USD","merchant_id":"merch_bad","region":"US","items":[{"sku":"SKU-4","qty":1}],"idempotency_key":"charge-ord-1005"}}
+{"name":"deny_country_blocked","context":{"amount":500,"currency":"USD","merchant_id":"merch_abc","region":"US","shipping_country":"BR","items":[{"sku":"SKU-5","qty":1}],"idempotency_key":"charge-ord-1006"}}
+{"name":"deny_category_blocked","context":{"amount":5000,"currency":"USD","merchant_id":"merch_abc","region":"US","shipping_country":"US","items":[{"sku":"SKU-6","qty":1,"category":"weapons"}],"idempotency_key":"charge-ord-1007"}}
+{"name":"allow_eur_10","context":{"amount":1000,"currency":"EUR","merchant_id":"merch_xyz","region":"EU","shipping_country":"DE","items":[{"sku":"SKU-7","qty":1,"category":"books"}],"idempotency_key":"charge-ord-1008"}}
+{"name":"deny_daily_cap_exceeded_step1","context":{"amount":60000,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-8","qty":1}],"idempotency_key":"charge-ord-1009"}}
+{"name":"deny_daily_cap_exceeded_step2","context":{"amount":50000,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-9","qty":1}],"idempotency_key":"charge-ord-1010"}}
+{"name":"deny_idempotency_replay","context":{"amount":1299,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-1","qty":1}],"idempotency_key":"charge-ord-1001"}}
+{"name":"deny_assurance_insufficient","overridePassport":{"assurance_level":"L1"},"context":{"amount":500,"currency":"USD","merchant_id":"merch_abc","region":"US","items":[{"sku":"SKU-10","qty":1}],"idempotency_key":"charge-ord-1011"}}

package/external/aport-policies/finance.payment.charge.v1/tests/expected.jsonl ADDED Viewed

@@ -0,0 +1,12 @@
+{"decision_id":"550e8400-e29b-41d4-a716-446655440002","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440003","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.currency_unsupported","message":"Currency GBP is not supported"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440004","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.limit_exceeded","message":"Amount exceeds per-transaction limit"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440005","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.limit_exceeded","message":"Item count exceeds maximum allowed"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440006","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.merchant_forbidden","message":"Merchant not in allowlist"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440007","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.region_blocked","message":"Shipping country not allowed"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440008","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.category_blocked","message":"Item category is blocked"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440009","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440010","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440011","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.limit_exceeded","message":"Daily cap exceeded"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440012","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L2","allow":false,"reasons":[{"code":"oap.idempotency_conflict","message":"Idempotency key already used"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}
+{"decision_id":"550e8400-e29b-41d4-a716-446655440013","policy_id":"finance.payment.charge.v1","agent_id":"550e8400-e29b-41d4-a716-446655440001","owner_id":"org_demo_co","assurance_level":"L1","allow":false,"reasons":[{"code":"oap.assurance_insufficient","message":"Assurance level too low"}],"created_at":"2025-01-30T10:30:00Z","expires_in":3600,"passport_digest":"sha256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef","signature":"ed25519:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx1234yzab5678cdef==","kid":"oap:registry:key-2025-01"}

package/external/aport-policies/finance.payment.charge.v1/tests/passport.instance.json ADDED Viewed

@@ -0,0 +1,42 @@
+{
+  "passport_id": "550e8400-e29b-41d4-a716-446655440001",
+  "kind": "instance",
+  "spec_version": "oap/1.0",
+  "parent_agent_id": "550e8400-e29b-41d4-a716-446655440000",
+  "owner_id": "org_demo_co",
+  "owner_type": "org",
+  "assurance_level": "L2",
+  "status": "active",
+  "capabilities": [
+    {
+      "id": "payments.charge",
+      "params": {
+        "max_amount": 20000,
+        "currency": "USD"
+      }
+    }
+  ],
+  "limits": {
+    "payments.charge": {
+      "currency_limits": {
+        "USD": { "max_per_tx": 20000, "daily_cap": 100000 },
+        "EUR": { "max_per_tx": 18000, "daily_cap": 90000 }
+      },
+      "allowed_countries": ["US", "CA", "DE", "FR"],
+      "blocked_categories": ["weapons", "illicit"],
+      "allowed_merchant_ids": ["merch_abc", "merch_xyz"],
+      "max_items_per_tx": 5,
+      "require_assurance_at_least": "L2",
+      "idempotency_required": true
+    }
+  },
+  "regions": ["US", "CA", "EU"],
+  "metadata": {
+    "tenant": "shop-123",
+    "deployment_id": "deploy_xyz789",
+    "environment": "production"
+  },
+  "created_at": "2025-01-30T00:00:00Z",
+  "updated_at": "2025-01-30T00:00:00Z",
+  "version": "1.0.0"
+}

package/external/aport-policies/finance.payment.charge.v1/tests/passport.template.json ADDED Viewed

@@ -0,0 +1,40 @@
+{
+  "passport_id": "550e8400-e29b-41d4-a716-446655440000",
+  "kind": "template",
+  "spec_version": "oap/1.0",
+  "owner_id": "org_demo_co",
+  "owner_type": "org",
+  "assurance_level": "L2",
+  "status": "active",
+  "capabilities": [
+    {
+      "id": "payments.charge",
+      "params": {
+        "max_amount": 20000,
+        "currency": "USD"
+      }
+    }
+  ],
+  "limits": {
+    "payments.charge": {
+      "currency_limits": {
+        "USD": { "max_per_tx": 20000, "daily_cap": 100000 },
+        "EUR": { "max_per_tx": 18000, "daily_cap": 90000 }
+      },
+      "allowed_countries": ["US", "CA", "DE", "FR"],
+      "blocked_categories": ["weapons", "illicit"],
+      "allowed_merchant_ids": ["merch_abc", "merch_xyz"],
+      "max_items_per_tx": 5,
+      "require_assurance_at_least": "L2",
+      "idempotency_required": true
+    }
+  },
+  "regions": ["US", "CA", "EU"],
+  "metadata": {
+    "template_name": "Demo Charge Template",
+    "description": "Template for payment charge operations"
+  },
+  "created_at": "2025-01-30T00:00:00Z",
+  "updated_at": "2025-01-30T00:00:00Z",
+  "version": "1.0.0"
+}