@aporthq/aport-agent-guardrails 1.0.8

package/external/aport-policies/finance.transaction.execute.v1/fastapi.example.py

@@ -0,0 +1,231 @@
+from fastapi import FastAPI, HTTPException, Request
+from pydantic import BaseModel
+from aport.middleware import require_policy
+import asyncio
+from typing import List, Optional
+from datetime import datetime
+
+app = FastAPI(title="Financial Transaction Service", version="1.0.0")
+
+class TransactionRequest(BaseModel):
+    transaction_type: str
+    amount: int
+    currency: str
+    asset_class: str
+    source_account_id: str
+    destination_account_id: str
+    source_account_type: Optional[str] = None
+    destination_account_type: Optional[str] = None
+    counterparty_id: Optional[str] = None
+    idempotency_key: str
+
+class BatchTransactionRequest(BaseModel):
+    transactions: List[TransactionRequest]
+
+class CancelRequest(BaseModel):
+    reason: str
+
+class TransactionResponse(BaseModel):
+    success: bool
+    transaction_id: str
+    transaction_type: str
+    amount: int
+    currency: str
+    asset_class: str
+    status: str
+    decision_id: str
+
+class TransactionStatus(BaseModel):
+    transaction_id: str
+    status: str
+    created_at: str
+    transaction_type: str
+    amount: int
+    currency: str
+    asset_class: str
+    source_account_id: str
+    destination_account_id: str
+
+@app.post("/finance/transaction")
+@require_policy("finance.transaction.execute.v1")
+async def execute_transaction(request: Request, transaction_data: TransactionRequest):
+    try:
+        passport = request.state.policy_result.passport
+        
+        # Additional business logic validation
+        if transaction_data.amount <= 0:
+            raise HTTPException(status_code=400, detail="Invalid transaction amount")
+        
+        # Check if required fields are provided
+        if not transaction_data.source_account_id or not transaction_data.destination_account_id:
+            raise HTTPException(status_code=400, detail="Source and destination accounts are required")
+        
+        # Process transaction using your financial system
+        transaction_id = await process_transaction({
+            "transaction_type": transaction_data.transaction_type,
+            "amount": transaction_data.amount,
+            "currency": transaction_data.currency,
+            "asset_class": transaction_data.asset_class,
+            "source_account_id": transaction_data.source_account_id,
+            "destination_account_id": transaction_data.destination_account_id,
+            "source_account_type": transaction_data.source_account_type,
+            "destination_account_type": transaction_data.destination_account_type,
+            "counterparty_id": transaction_data.counterparty_id,
+            "idempotency_key": transaction_data.idempotency_key,
+            "agent_id": passport.passport_id,
+            "agent_name": passport.metadata.get("template_name", "Unknown Agent") if passport.metadata else "Unknown Agent"
+        })
+        
+        # Log the transaction
+        print(f"Transaction processed: {transaction_id} for {transaction_data.amount} {transaction_data.currency} by agent {passport.passport_id}")
+        
+        return TransactionResponse(
+            success=True,
+            transaction_id=transaction_id,
+            transaction_type=transaction_data.transaction_type,
+            amount=transaction_data.amount,
+            currency=transaction_data.currency,
+            asset_class=transaction_data.asset_class,
+            status="processed",
+            decision_id=request.state.policy_result.decision_id
+        )
+        
+    except Exception as e:
+        print(f"Transaction processing error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+
+@app.post("/finance/transaction/batch")
+@require_policy("finance.transaction.execute.v1")
+async def execute_batch_transactions(request: Request, batch_data: BatchTransactionRequest):
+    try:
+        passport = request.state.policy_result.passport
+        
+        # Group transactions by counterparty for exposure checking
+        counterparty_totals = {}
+        for transaction in batch_data.transactions:
+            counterparty = transaction.counterparty_id or "default"
+            counterparty_totals[counterparty] = counterparty_totals.get(counterparty, 0) + transaction.amount
+        
+        # Check counterparty exposure limits
+        for counterparty, total_amount in counterparty_totals.items():
+            max_exposure = passport.limits.get("finance", {}).get("transaction", {}).get("max_exposure_per_counterparty_usd")
+            if max_exposure and total_amount > max_exposure:
+                raise HTTPException(
+                    status_code=403,
+                    detail={
+                        "error": "Batch total exceeds counterparty exposure limit",
+                        "counterparty": counterparty,
+                        "total": total_amount,
+                        "limit": max_exposure
+                    }
+                )
+        
+        # Process batch transactions
+        results = await asyncio.gather(*[
+            process_transaction({
+                "transaction_type": transaction.transaction_type,
+                "amount": transaction.amount,
+                "currency": transaction.currency,
+                "asset_class": transaction.asset_class,
+                "source_account_id": transaction.source_account_id,
+                "destination_account_id": transaction.destination_account_id,
+                "source_account_type": transaction.source_account_type,
+                "destination_account_type": transaction.destination_account_type,
+                "counterparty_id": transaction.counterparty_id,
+                "idempotency_key": transaction.idempotency_key,
+                "agent_id": passport.passport_id
+            })
+            for transaction in batch_data.transactions
+        ])
+        
+        return {
+            "success": True,
+            "processed": len(results),
+            "counterparty_totals": counterparty_totals,
+            "decision_id": request.state.policy_result.decision_id
+        }
+        
+    except Exception as e:
+        print(f"Batch transaction error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+
+@app.get("/finance/transaction/{transaction_id}")
+@require_policy("finance.transaction.execute.v1")
+async def get_transaction_status(request: Request, transaction_id: str):
+    try:
+        passport = request.state.policy_result.passport
+        
+        transaction_info = await get_transaction_status(transaction_id, passport.passport_id)
+        
+        if not transaction_info:
+            raise HTTPException(status_code=404, detail="Transaction not found")
+        
+        return transaction_info
+        
+    except Exception as e:
+        print(f"Transaction status error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+
+@app.post("/finance/transaction/{transaction_id}/cancel")
+@require_policy("finance.transaction.execute.v1")
+async def cancel_transaction(request: Request, transaction_id: str, cancel_data: CancelRequest):
+    try:
+        passport = request.state.policy_result.passport
+        
+        cancel_id = await cancel_transaction_payment({
+            "transaction_id": transaction_id,
+            "reason": cancel_data.reason,
+            "agent_id": passport.passport_id
+        })
+        
+        return {
+            "success": True,
+            "cancel_id": cancel_id,
+            "transaction_id": transaction_id,
+            "status": "cancelled",
+            "decision_id": request.state.policy_result.decision_id
+        }
+        
+    except Exception as e:
+        print(f"Transaction cancellation error: {e}")
+        raise HTTPException(status_code=500, detail="Internal server error")
+
+async def process_transaction(transaction_data: dict) -> str:
+    """Mock transaction processing function"""
+    # Simulate financial system call
+    await asyncio.sleep(0.15)
+    
+    # Log transaction details for audit
+    print(f"Processing transaction: {transaction_data}")
+    
+    return f"txn_{asyncio.get_event_loop().time()}_{hash(str(transaction_data)) % 1000000}"
+
+async def get_transaction_status(transaction_id: str, agent_id: str) -> Optional[TransactionStatus]:
+    """Mock transaction status lookup"""
+    await asyncio.sleep(0.05)
+    return TransactionStatus(
+        transaction_id=transaction_id,
+        status="completed",
+        created_at=datetime.now().isoformat(),
+        transaction_type="buy",
+        amount=10000,
+        currency="USD",
+        asset_class="equity",
+        source_account_id="acc_client_123",
+        destination_account_id="acc_trading_456"
+    )
+
+async def cancel_transaction_payment(cancel_data: dict) -> str:
+    """Mock transaction cancellation function"""
+    # Simulate transaction cancellation
+    await asyncio.sleep(0.1)
+    
+    print(f"Cancelling transaction: {cancel_data}")
+    
+    return f"cancel_{asyncio.get_event_loop().time()}_{hash(str(cancel_data)) % 1000000}"
+
+if __name__ == "__main__":
+    import uvicorn
+    print("Financial transaction service starting...")
+    print("Protected by APort finance.transaction.execute.v1 policy pack")
+    uvicorn.run(app, host="0.0.0.0", port=8000)

package/external/aport-policies/finance.transaction.execute.v1/minimal-example.js

@@ -0,0 +1,78 @@
+/**
+ * Minimal Example: finance.transaction.execute.v1 Policy
+ *
+ * This is a quick-start example showing the basic usage of the finance.transaction.execute.v1 policy.
+ * For production use, see the full express.example.js file.
+ */
+
+const express = require("express");
+const { requirePolicy } = require("@aporthq/middleware-express");
+
+const app = express();
+app.use(express.json());
+
+// Minimal transaction endpoint with policy protection
+app.post(
+  "/transaction",
+  requirePolicy("finance.transaction.execute.v1"),
+  async (req, res) => {
+    try {
+      const {
+        transaction_type,
+        amount,
+        currency,
+        asset_class,
+        source_account_id,
+        destination_account_id,
+      } = req.body;
+      const passport = req.policyResult.passport;
+
+      // Process the transaction (your business logic here)
+      const transaction_id = `txn_${Date.now()}`;
+
+      console.log(
+        `Transaction processed: ${transaction_id} for ${amount} ${currency}`
+      );
+
+      res.json({
+        success: true,
+        transaction_id,
+        transaction_type,
+        amount,
+        currency,
+        asset_class,
+        decision_id: req.policyResult.decision_id,
+      });
+    } catch (error) {
+      console.error("Transaction error:", error);
+      res.status(500).json({ error: "Internal server error" });
+    }
+  }
+);
+
+// Example client request
+const exampleRequest = {
+  transaction_type: "buy",
+  amount: 10000, // $100.00 in cents
+  currency: "USD",
+  asset_class: "equity",
+  source_account_id: "acc_client_123",
+  destination_account_id: "acc_trading_456",
+  source_account_type: "client_funds",
+  destination_account_type: "trading",
+  counterparty_id: "cpty_broker_789",
+  idempotency_key: "txn-buy-123",
+};
+
+console.log("Example request:", JSON.stringify(exampleRequest, null, 2));
+
+const PORT = process.env.PORT || 3000;
+app.listen(PORT, () => {
+  console.log(`Minimal transaction service running on port ${PORT}`);
+  console.log("Protected by APort finance.transaction.execute.v1 policy");
+  console.log(
+    `Try: curl -X POST http://localhost:${PORT}/transaction -H "Content-Type: application/json" -d '${JSON.stringify(
+      exampleRequest
+    )}'`
+  );
+});

package/external/aport-policies/finance.transaction.execute.v1/policy.json

@@ -0,0 +1,189 @@
+{
+  "id": "finance.transaction.execute.v1",
+  "name": "Financial Transaction Execution Policy",
+  "description": "Pre-action governance for agent-initiated financial transactions like trades or transfers. Enforces rules on asset classes, exposure limits, and account types.",
+  "version": "1.0.0",
+  "status": "active",
+  "requires_capabilities": ["finance.transaction"],
+  "min_assurance": "L3",
+  "limits_required": [
+    "allowed_transaction_types",
+    "allowed_asset_classes",
+    "max_exposure_per_tx_usd",
+    "allowed_source_account_types",
+    "restricted_source_account_types",
+    "max_exposure_per_counterparty_usd",
+    "approval_required"
+  ],
+  "required_fields": [
+    "transaction_type",
+    "amount",
+    "currency",
+    "asset_class",
+    "source_account_id",
+    "destination_account_id"
+  ],
+  "optional_fields": [
+    "source_account_type",
+    "idempotency_key",
+    "destination_account_type",
+    "counterparty_id"
+  ],
+  "enforcement": {
+    "transaction_type_allowed": true,
+    "asset_class_allowed": true,
+    "exposure_limit_enforced": true,
+    "account_segregation_enforced": true,
+    "segregation_of_funds_enforced": true,
+    "counterparty_exposure_enforced": true,
+    "idempotency_required": true
+  },
+  "mcp": {
+    "require_allowlisted_if_present": true
+  },
+  "advice": [
+    "Cache /verify with ETag; 60s TTL",
+    "Subscribe to status webhooks for instant suspend",
+    "Log all transaction attempts for Verifiable Attestation",
+    "Implement daily exposure tracking per counterparty to prevent concentration risk",
+    "Always use unique idempotency keys to prevent duplicate transactions",
+    "Maintain strict segregation between client and proprietary funds",
+    "Monitor counterparty exposure limits to prevent over-concentration",
+    "Implement real-time balance checks before transaction execution",
+    "Use progressive limits for new counterparties",
+    "Maintain audit trails for all financial transactions"
+  ],
+  "cache": {
+    "default_ttl_seconds": 60,
+    "suspend_invalidate_seconds": 30
+  },
+  "required_context": {
+    "$schema": "http://json-schema.org/draft-07/schema#",
+    "type": "object",
+    "required": [
+      "transaction_type",
+      "amount",
+      "currency",
+      "asset_class",
+      "source_account_id",
+      "destination_account_id"
+    ],
+    "properties": {
+      "transaction_type": {
+        "type": "string",
+        "enum": ["buy", "sell", "transfer", "short_sell"],
+        "description": "The type of financial transaction being executed."
+      },
+      "amount": {
+        "type": "integer",
+        "description": "Transaction amount in minor units (e.g., cents)."
+      },
+      "currency": {
+        "type": "string",
+        "pattern": "^[A-Z]{3}$",
+        "description": "ISO 4217 currency code."
+      },
+      "asset_class": {
+        "type": "string",
+        "description": "The class of the asset being transacted (e.g., 'equity', 'bond', 'crypto', 'cash')."
+      },
+      "source_account_id": {
+        "type": "string",
+        "description": "The ID of the account from which funds/assets are being moved."
+      },
+      "source_account_type": {
+        "type": "string",
+        "description": "The type of the source account (e.g., 'client_funds', 'trust_funds', 'proprietary')."
+      },
+      "destination_account_id": {
+        "type": "string",
+        "description": "The ID of the destination account."
+      },
+      "idempotency_key": {
+        "type": "string",
+        "description": "Idempotency key to prevent duplicate transactions."
+      },
+      "destination_account_type": {
+        "type": "string",
+        "description": "The type of the destination account (e.g., 'client_funds', 'proprietary'). Solves for Segregation of Funds."
+      },
+      "counterparty_id": {
+        "type": "string",
+        "description": "A unique identifier for the counterparty in a trade. Solves for Counterparty Exposure."
+      },
+      "mcp_servers": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "MCP servers being used in this request (e.g., [\"https://mcp.plaid.com\"])"
+      },
+      "mcp_tools": {
+        "type": "array",
+        "items": { "type": "string" },
+        "description": "MCP tools being used in this request (e.g., [\"plaid.transactions.execute\"])"
+      },
+      "mcp_server": {
+        "type": "string",
+        "description": "Single MCP server being used (backward compatibility - use mcp_servers array for multiple)"
+      },
+      "mcp_tool": {
+        "type": "string",
+        "description": "Single MCP tool being used (backward compatibility - use mcp_tools array for multiple)"
+      },
+      "mcp_session": {
+        "type": "string",
+        "description": "MCP session identifier for audit trail (optional)"
+      }
+    }
+  },
+  "evaluation_rules": [
+    {
+      "name": "passport_status_active",
+      "condition": "passport.status == 'active'",
+      "deny_code": "oap.passport_suspended"
+    },
+    {
+      "name": "transaction_type_allowed",
+      "condition": "context.transaction_type in passport.limits.finance.transaction.allowed_transaction_types",
+      "deny_code": "oap.action_forbidden"
+    },
+    {
+      "name": "asset_class_allowed",
+      "condition": "context.asset_class in passport.limits.finance.transaction.allowed_asset_classes",
+      "deny_code": "oap.asset_class_forbidden"
+    },
+    {
+      "name": "exposure_limit_check",
+      "condition": "context.amount <= passport.limits.finance.transaction.max_exposure_per_tx_usd",
+      "deny_code": "oap.limit_exceeded"
+    },
+    {
+      "name": "account_segregation_check",
+      "condition": "context.source_account_type not in passport.limits.finance.transaction.restricted_source_account_types",
+      "deny_code": "oap.account_type_restricted"
+    },
+    {
+      "name": "account_type_check",
+      "condition": "context.source_account_type in passport.limits.finance.transaction.allowed_source_account_types",
+      "deny_code": "oap.account_type_restricted",
+      "description": "Restricts agent access to specific account classes (e.g., trust, retirement)."
+    },
+    {
+      "name": "segregation_of_funds_check",
+      "condition": "not (context.source_account_type == 'client_funds' and context.destination_account_type == 'proprietary')",
+      "deny_code": "oap.commingling_of_funds_forbidden",
+      "description": "Enforces policies preventing the commingling of client and corporate funds."
+    },
+    {
+      "name": "counterparty_exposure_check",
+      "condition": "daily_counterparty_total[context.counterparty_id] + context.amount <= passport.limits.finance.transaction.max_exposure_per_counterparty_usd",
+      "deny_code": "oap.counterparty_limit_exceeded",
+      "description": "Limits total daily exposure to any single counterparty."
+    },
+    {
+      "name": "idempotency_check",
+      "condition": "context.idempotency_key not in recent_keys",
+      "deny_code": "oap.idempotency_conflict",
+      "description": "Idempotency key must be unique to prevent duplicate transactions."
+    }
+  ]
+}

package/external/aport-policies/finance.transaction.execute.v1/tests/contexts.jsonl

@@ -0,0 +1,12 @@
+{"name":"allow_buy_equity_10k","context":{"transaction_type":"buy","amount":10000,"currency":"USD","asset_class":"equity","source_account_id":"acc_client_123","destination_account_id":"acc_trading_456","source_account_type":"client_funds","destination_account_type":"trading","counterparty_id":"cpty_broker_789","idempotency_key":"txn-buy-1001"}}
+{"name":"deny_transaction_type_forbidden","context":{"transaction_type":"short_sell","amount":5000,"currency":"USD","asset_class":"equity","source_account_id":"acc_client_123","destination_account_id":"acc_trading_456","idempotency_key":"txn-short-1002"}}
+{"name":"deny_asset_class_forbidden","context":{"transaction_type":"buy","amount":5000,"currency":"USD","asset_class":"commodity","source_account_id":"acc_client_123","destination_account_id":"acc_trading_456","idempotency_key":"txn-commodity-1003"}}
+{"name":"deny_over_exposure_limit","context":{"transaction_type":"buy","amount":60000,"currency":"USD","asset_class":"equity","source_account_id":"acc_client_123","destination_account_id":"acc_trading_456","idempotency_key":"txn-over-limit-1004"}}
+{"name":"deny_restricted_account_type","context":{"transaction_type":"buy","amount":5000,"currency":"USD","asset_class":"equity","source_account_id":"acc_trust_123","destination_account_id":"acc_trading_456","source_account_type":"trust_funds","idempotency_key":"txn-trust-1005"}}
+{"name":"deny_account_type_not_allowed","context":{"transaction_type":"buy","amount":5000,"currency":"USD","asset_class":"equity","source_account_id":"acc_retirement_123","destination_account_id":"acc_trading_456","source_account_type":"retirement","idempotency_key":"txn-retirement-1006"}}
+{"name":"deny_commingling_funds","context":{"transaction_type":"transfer","amount":5000,"currency":"USD","asset_class":"cash","source_account_id":"acc_client_123","destination_account_id":"acc_proprietary_456","source_account_type":"client_funds","destination_account_type":"proprietary","idempotency_key":"txn-commingling-1007"}}
+{"name":"allow_sell_bond_5k","context":{"transaction_type":"sell","amount":5000,"currency":"USD","asset_class":"bond","source_account_id":"acc_trading_123","destination_account_id":"acc_client_456","source_account_type":"trading","destination_account_type":"client_funds","counterparty_id":"cpty_broker_789","idempotency_key":"txn-sell-1008"}}
+{"name":"allow_transfer_crypto_2k","context":{"transaction_type":"transfer","amount":2000,"currency":"USD","asset_class":"crypto","source_account_id":"acc_trading_123","destination_account_id":"acc_cold_storage_456","source_account_type":"trading","destination_account_type":"custodial","counterparty_id":"cpty_exchange_789","idempotency_key":"txn-transfer-1009"}}
+{"name":"deny_counterparty_exposure_exceeded","context":{"transaction_type":"buy","amount":250000,"currency":"USD","asset_class":"equity","source_account_id":"acc_client_123","destination_account_id":"acc_trading_456","counterparty_id":"cpty_broker_789","idempotency_key":"txn-counterparty-1010"}}
+{"name":"deny_missing_required_fields","context":{"transaction_type":"buy","amount":5000,"currency":"USD","asset_class":"equity","idempotency_key":"txn-missing-1011"}}
+{"name":"allow_cash_transfer_1k","context":{"transaction_type":"transfer","amount":1000,"currency":"USD","asset_class":"cash","source_account_id":"acc_client_123","destination_account_id":"acc_savings_456","source_account_type":"client_funds","destination_account_type":"client_funds","idempotency_key":"txn-cash-1012"}}

package/external/aport-policies/finance.transaction.execute.v1/tests/expected.jsonl

@@ -0,0 +1,12 @@
+{"name":"allow_buy_equity_10k","expected":{"allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements","severity":"info"}]}}
+{"name":"deny_transaction_type_forbidden","expected":{"allow":false,"reasons":[{"code":"oap.action_forbidden","message":"Transaction type short_sell is not allowed","severity":"error"}]}}
+{"name":"deny_asset_class_forbidden","expected":{"allow":false,"reasons":[{"code":"oap.asset_class_forbidden","message":"Asset class commodity is not allowed","severity":"error"}]}}
+{"name":"deny_over_exposure_limit","expected":{"allow":false,"reasons":[{"code":"oap.limit_exceeded","message":"Amount 60000 exceeds maximum exposure limit 50000","severity":"error"}]}}
+{"name":"deny_restricted_account_type","expected":{"allow":false,"reasons":[{"code":"oap.account_type_restricted","message":"Source account type trust_funds is restricted","severity":"error"}]}}
+{"name":"deny_account_type_not_allowed","expected":{"allow":false,"reasons":[{"code":"oap.account_type_restricted","message":"Source account type retirement is not allowed","severity":"error"}]}}
+{"name":"deny_commingling_funds","expected":{"allow":false,"reasons":[{"code":"oap.commingling_of_funds_forbidden","message":"Cannot transfer from client funds to proprietary accounts","severity":"error"}]}}
+{"name":"allow_sell_bond_5k","expected":{"allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements","severity":"info"}]}}
+{"name":"allow_transfer_crypto_2k","expected":{"allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements","severity":"info"}]}}
+{"name":"deny_counterparty_exposure_exceeded","expected":{"allow":false,"reasons":[{"code":"oap.counterparty_limit_exceeded","message":"Amount 250000 exceeds counterparty exposure limit 200000","severity":"error"}]}}
+{"name":"deny_missing_required_fields","expected":{"allow":false,"reasons":[{"code":"oap.invalid_context","message":"Missing required fields: source_account_id, destination_account_id","severity":"error"}]}}
+{"name":"allow_cash_transfer_1k","expected":{"allow":true,"reasons":[{"code":"oap.allowed","message":"Transaction within limits and policy requirements","severity":"info"}]}}

package/external/aport-policies/finance.transaction.execute.v1/tests/passport.instance.json

@@ -0,0 +1,42 @@
+{
+  "passport_id": "ap_a2d10232c6534523812423eec8a1425c45678",
+  "kind": "instance",
+  "spec_version": "oap/1.0",
+  "owner_id": "org_demo_co",
+  "owner_type": "org",
+  "assurance_level": "L3",
+  "status": "active",
+  "capabilities": [
+    {
+      "id": "finance.transaction",
+      "params": {
+        "max_amount": 100000,
+        "currency": "USD"
+      }
+    }
+  ],
+  "limits": {
+    "finance.transaction": {
+      "allowed_transaction_types": ["buy", "sell", "transfer"],
+      "allowed_asset_classes": ["equity", "bond", "crypto", "cash"],
+      "max_exposure_per_tx_usd": 50000,
+      "allowed_source_account_types": [
+        "client_funds",
+        "trading",
+        "proprietary"
+      ],
+      "restricted_source_account_types": ["trust_funds", "retirement"],
+      "max_exposure_per_counterparty_usd": 200000,
+      "require_assurance_at_least": "L3",
+      "idempotency_required": true
+    }
+  },
+  "regions": ["US", "CA", "EU"],
+  "metadata": {
+    "template_name": "Demo Transaction Agent",
+    "description": "Instance for financial transaction operations"
+  },
+  "created_at": "2025-01-30T00:00:00Z",
+  "updated_at": "2025-01-30T00:00:00Z",
+  "version": "1.0.0"
+}

package/external/aport-policies/finance.transaction.execute.v1/tests/passport.template.json

@@ -0,0 +1,42 @@
+{
+  "passport_id": "550e8400-e29b-41d4-a716-446655440001",
+  "kind": "template",
+  "spec_version": "oap/1.0",
+  "owner_id": "org_demo_co",
+  "owner_type": "org",
+  "assurance_level": "L3",
+  "status": "active",
+  "capabilities": [
+    {
+      "id": "finance.transaction",
+      "params": {
+        "max_amount": 100000,
+        "currency": "USD"
+      }
+    }
+  ],
+  "limits": {
+    "finance.transaction": {
+      "allowed_transaction_types": ["buy", "sell", "transfer"],
+      "allowed_asset_classes": ["equity", "bond", "crypto", "cash"],
+      "max_exposure_per_tx_usd": 50000,
+      "allowed_source_account_types": [
+        "client_funds",
+        "trading",
+        "proprietary"
+      ],
+      "restricted_source_account_types": ["trust_funds", "retirement"],
+      "max_exposure_per_counterparty_usd": 200000,
+      "require_assurance_at_least": "L3",
+      "idempotency_required": true
+    }
+  },
+  "regions": ["US", "CA", "EU"],
+  "metadata": {
+    "template_name": "Demo Transaction Template",
+    "description": "Template for financial transaction operations"
+  },
+  "created_at": "2025-01-30T00:00:00Z",
+  "updated_at": "2025-01-30T00:00:00Z",
+  "version": "1.0.0"
+}