@aporthq/aport-agent-guardrails 1.0.8

package/external/aport-policies/finance.transaction.execute.v1/tests/test_transactions_policy.py

@@ -0,0 +1,214 @@
+"""
+Test Suite: finance.transaction.execute.v1 Policy
+
+Tests the financial transaction execution policy with various scenarios
+including valid transactions, limit violations, and security controls.
+"""
+
+import json
+import os
+from typing import Dict, Any, List
+
+def evaluate_finance_transaction_execute_v1(passport: Dict[str, Any], context: Dict[str, Any]) -> Dict[str, Any]:
+    """Mock implementation of the finance.transaction.execute.v1 policy evaluation"""
+    reasons = []
+    allow = True
+
+    # Check agent status
+    if passport.get("status") in ["suspended", "revoked"]:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.passport_suspended",
+                "message": f"Agent is {passport.get('status')} and cannot perform operations",
+                "severity": "error"
+            }]
+        }
+
+    # Check capabilities
+    capabilities = passport.get("capabilities", [])
+    has_transaction_capability = any(
+        cap.get("id") == "finance.transaction" for cap in capabilities
+    )
+    if not has_transaction_capability:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.unknown_capability",
+                "message": "Agent does not have finance.transaction capability",
+                "severity": "error"
+            }]
+        }
+
+    # Check assurance level
+    required_assurance = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("require_assurance_at_least", "L3")
+    assurance_level = passport.get("assurance_level")
+    if assurance_level not in [required_assurance, "L4KYC", "L4FIN"]:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.assurance_insufficient",
+                "message": f"Assurance level {assurance_level} is insufficient, requires {required_assurance}",
+                "severity": "error"
+            }]
+        }
+
+    # Check required fields
+    required_fields = ["transaction_type", "amount", "currency", "asset_class", "source_account_id", "destination_account_id"]
+    missing_fields = [field for field in required_fields if not context.get(field)]
+    if missing_fields:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.invalid_context",
+                "message": f"Missing required fields: {', '.join(missing_fields)}",
+                "severity": "error"
+            }]
+        }
+
+    # Check transaction type is allowed
+    allowed_transaction_types = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("allowed_transaction_types", [])
+    if allowed_transaction_types and context.get("transaction_type") not in allowed_transaction_types:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.action_forbidden",
+                "message": f"Transaction type {context.get('transaction_type')} is not allowed",
+                "severity": "error"
+            }]
+        }
+
+    # Check asset class is allowed
+    allowed_asset_classes = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("allowed_asset_classes", [])
+    if allowed_asset_classes and context.get("asset_class") not in allowed_asset_classes:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.asset_class_forbidden",
+                "message": f"Asset class {context.get('asset_class')} is not allowed",
+                "severity": "error"
+            }]
+        }
+
+    # Check exposure limit
+    max_exposure = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("max_exposure_per_tx_usd")
+    if max_exposure and context.get("amount", 0) > max_exposure:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.limit_exceeded",
+                "message": f"Amount {context.get('amount')} exceeds maximum exposure limit {max_exposure}",
+                "severity": "error"
+            }]
+        }
+
+    # Check source account type restrictions
+    restricted_account_types = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("restricted_source_account_types", [])
+    if context.get("source_account_type") in restricted_account_types:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.account_type_restricted",
+                "message": f"Source account type {context.get('source_account_type')} is restricted",
+                "severity": "error"
+            }]
+        }
+
+    # Check allowed source account types
+    allowed_source_account_types = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("allowed_source_account_types", [])
+    if allowed_source_account_types and context.get("source_account_type") and context.get("source_account_type") not in allowed_source_account_types:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.account_type_restricted",
+                "message": f"Source account type {context.get('source_account_type')} is not allowed",
+                "severity": "error"
+            }]
+        }
+
+    # Check segregation of funds (prevent commingling)
+    if context.get("source_account_type") == "client_funds" and context.get("destination_account_type") == "proprietary":
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.commingling_of_funds_forbidden",
+                "message": "Cannot transfer from client funds to proprietary accounts",
+                "severity": "error"
+            }]
+        }
+
+    # Check counterparty exposure limit
+    max_counterparty_exposure = passport.get("limits", {}).get("finance", {}).get("transaction", {}).get("max_exposure_per_counterparty_usd")
+    if max_counterparty_exposure and context.get("counterparty_id") and context.get("amount", 0) > max_counterparty_exposure:
+        return {
+            "allow": False,
+            "reasons": [{
+                "code": "oap.counterparty_limit_exceeded",
+                "message": f"Amount {context.get('amount')} exceeds counterparty exposure limit {max_counterparty_exposure}",
+                "severity": "error"
+            }]
+        }
+
+    # If all checks pass, allow the transaction
+    return {
+        "allow": True,
+        "reasons": [{
+            "code": "oap.allowed",
+            "message": "Transaction within limits and policy requirements",
+            "severity": "info"
+        }]
+    }
+
+def run_tests():
+    """Run the test suite"""
+    print("🧪 Running finance.transaction.execute.v1 Policy Tests\n")
+
+    # Load test data
+    test_dir = os.path.dirname(os.path.abspath(__file__))
+    
+    with open(os.path.join(test_dir, "passport.instance.json"), "r") as f:
+        passport = json.load(f)
+    
+    with open(os.path.join(test_dir, "contexts.jsonl"), "r") as f:
+        contexts = [json.loads(line) for line in f.read().strip().split("\n")]
+    
+    with open(os.path.join(test_dir, "expected.jsonl"), "r") as f:
+        expected = [json.loads(line) for line in f.read().strip().split("\n")]
+
+    passed = 0
+    failed = 0
+
+    for i, test_case in enumerate(contexts):
+        expected_result = expected[i]
+
+        try:
+            result = evaluate_finance_transaction_execute_v1(passport, test_case["context"])
+            
+            # Compare results
+            allow_match = result["allow"] == expected_result["expected"]["allow"]
+            reasons_match = json.dumps(result["reasons"]) == json.dumps(expected_result["expected"]["reasons"])
+
+            if allow_match and reasons_match:
+                print(f"✅ {test_case['name']}: PASS")
+                passed += 1
+            else:
+                print(f"❌ {test_case['name']}: FAIL")
+                print(f"   Expected: {json.dumps(expected_result['expected'])}")
+                print(f"   Got: {json.dumps(result)}")
+                failed += 1
+        except Exception as error:
+            print(f"❌ {test_case['name']}: ERROR - {str(error)}")
+            failed += 1
+
+    print(f"\n📊 Test Results: {passed} passed, {failed} failed")
+    
+    if failed == 0:
+        print("🎉 All tests passed!")
+        return True
+    else:
+        print("💥 Some tests failed!")
+        return False
+
+if __name__ == "__main__":
+    success = run_tests()
+    exit(0 if success else 1)

package/external/aport-policies/finance.transaction.execute.v1/tests/transactions-policy.test.js

@@ -0,0 +1,306 @@
+/**
+ * Test Suite: finance.transaction.execute.v1 Policy
+ *
+ * Tests the financial transaction execution policy with various scenarios
+ * including valid transactions, limit violations, and security controls.
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+// Mock the policy evaluation function
+async function evaluateFinanceTransactionExecuteV1(passport, context) {
+  // Mock implementation based on the actual policy logic
+  const reasons = [];
+  let allow = true;
+
+  // Check agent status
+  if (passport.status === "suspended" || passport.status === "revoked") {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.passport_suspended",
+          message: `Agent is ${passport.status} and cannot perform operations`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check capabilities
+  const hasTransactionCapability = passport.capabilities?.some(
+    (cap) => cap.id === "finance.transaction"
+  );
+  if (!hasTransactionCapability) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.unknown_capability",
+          message: "Agent does not have finance.transaction capability",
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check assurance level
+  const requiredAssurance =
+    passport.limits?.finance?.transaction?.require_assurance_at_least || "L3";
+  if (
+    passport.assurance_level !== requiredAssurance &&
+    passport.assurance_level !== "L4KYC" &&
+    passport.assurance_level !== "L4FIN"
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.assurance_insufficient",
+          message: `Assurance level ${passport.assurance_level} is insufficient, requires ${requiredAssurance}`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check required fields
+  const requiredFields = [
+    "transaction_type",
+    "amount",
+    "currency",
+    "asset_class",
+    "source_account_id",
+    "destination_account_id",
+  ];
+  const missingFields = requiredFields.filter((field) => !context[field]);
+  if (missingFields.length > 0) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.invalid_context",
+          message: `Missing required fields: ${missingFields.join(", ")}`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check transaction type is allowed
+  const allowedTransactionTypes =
+    passport.limits?.finance?.transaction?.allowed_transaction_types || [];
+  if (
+    allowedTransactionTypes.length > 0 &&
+    !allowedTransactionTypes.includes(context.transaction_type)
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.action_forbidden",
+          message: `Transaction type ${context.transaction_type} is not allowed`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check asset class is allowed
+  const allowedAssetClasses =
+    passport.limits?.finance?.transaction?.allowed_asset_classes || [];
+  if (
+    allowedAssetClasses.length > 0 &&
+    !allowedAssetClasses.includes(context.asset_class)
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.asset_class_forbidden",
+          message: `Asset class ${context.asset_class} is not allowed`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check exposure limit
+  const maxExposure =
+    passport.limits?.finance?.transaction?.max_exposure_per_tx_usd;
+  if (maxExposure && context.amount > maxExposure) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.limit_exceeded",
+          message: `Amount ${context.amount} exceeds maximum exposure limit ${maxExposure}`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check source account type restrictions
+  const restrictedAccountTypes =
+    passport.limits?.finance?.transaction?.restricted_source_account_types ||
+    [];
+  if (
+    context.source_account_type &&
+    restrictedAccountTypes.includes(context.source_account_type)
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.account_type_restricted",
+          message: `Source account type ${context.source_account_type} is restricted`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check allowed source account types
+  const allowedSourceAccountTypes =
+    passport.limits?.finance?.transaction?.allowed_source_account_types || [];
+  if (
+    allowedSourceAccountTypes.length > 0 &&
+    context.source_account_type &&
+    !allowedSourceAccountTypes.includes(context.source_account_type)
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.account_type_restricted",
+          message: `Source account type ${context.source_account_type} is not allowed`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check segregation of funds (prevent commingling)
+  if (
+    context.source_account_type === "client_funds" &&
+    context.destination_account_type === "proprietary"
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.commingling_of_funds_forbidden",
+          message: "Cannot transfer from client funds to proprietary accounts",
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // Check counterparty exposure limit
+  const maxCounterpartyExposure =
+    passport.limits?.finance?.transaction?.max_exposure_per_counterparty_usd;
+  if (
+    maxCounterpartyExposure &&
+    context.counterparty_id &&
+    context.amount > maxCounterpartyExposure
+  ) {
+    return {
+      allow: false,
+      reasons: [
+        {
+          code: "oap.counterparty_limit_exceeded",
+          message: `Amount ${context.amount} exceeds counterparty exposure limit ${maxCounterpartyExposure}`,
+          severity: "error",
+        },
+      ],
+    };
+  }
+
+  // If all checks pass, allow the transaction
+  return {
+    allow: true,
+    reasons: [
+      {
+        code: "oap.allowed",
+        message: "Transaction within limits and policy requirements",
+        severity: "info",
+      },
+    ],
+  };
+}
+
+// Test runner
+async function runTests() {
+  console.log("🧪 Running finance.transaction.execute.v1 Policy Tests\n");
+
+  // Load test data
+  const passportPath = path.join(__dirname, "passport.instance.json");
+  const contextsPath = path.join(__dirname, "contexts.jsonl");
+  const expectedPath = path.join(__dirname, "expected.jsonl");
+
+  const passport = JSON.parse(fs.readFileSync(passportPath, "utf8"));
+  const contexts = fs
+    .readFileSync(contextsPath, "utf8")
+    .trim()
+    .split("\n")
+    .map((line) => JSON.parse(line));
+  const expected = fs
+    .readFileSync(expectedPath, "utf8")
+    .trim()
+    .split("\n")
+    .map((line) => JSON.parse(line));
+
+  let passed = 0;
+  let failed = 0;
+
+  for (let i = 0; i < contexts.length; i++) {
+    const testCase = contexts[i];
+    const expectedResult = expected[i];
+
+    try {
+      const result = await evaluateFinanceTransactionExecuteV1(
+        passport,
+        testCase.context
+      );
+
+      // Compare results
+      const allowMatch = result.allow === expectedResult.expected.allow;
+      const reasonsMatch =
+        JSON.stringify(result.reasons) ===
+        JSON.stringify(expectedResult.expected.reasons);
+
+      if (allowMatch && reasonsMatch) {
+        console.log(`✅ ${testCase.name}: PASS`);
+        passed++;
+      } else {
+        console.log(`❌ ${testCase.name}: FAIL`);
+        console.log(`   Expected: ${JSON.stringify(expectedResult.expected)}`);
+        console.log(`   Got: ${JSON.stringify(result)}`);
+        failed++;
+      }
+    } catch (error) {
+      console.log(`❌ ${testCase.name}: ERROR - ${error.message}`);
+      failed++;
+    }
+  }
+
+  console.log(`\n📊 Test Results: ${passed} passed, ${failed} failed`);
+
+  if (failed === 0) {
+    console.log("🎉 All tests passed!");
+    process.exit(0);
+  } else {
+    console.log("💥 Some tests failed!");
+    process.exit(1);
+  }
+}
+
+// Run tests if this file is executed directly
+if (require.main === module) {
+  runTests().catch(console.error);
+}
+
+module.exports = { evaluateFinanceTransactionExecuteV1, runTests };