Context
The examples README lists this as coming:
policy-roundtrip/ — Plane pushes a policy via HTTP, vendor accepts and applies it, vendor emits policy-stamped events (L2)
This is the missing L2 worked example — Flow B, policy delivery.
Goal
A self-contained example under examples/policy-roundtrip/ that demonstrates the full L2 round-trip:
- Plane pushes a signed policy descriptor to a vendor's
POST /policies endpoint.
- Vendor verifies the policy signature, schema-validates it, stores it, and acknowledges (with the policy ID echoed).
- Vendor evaluates an incoming action against the stored policy using the Phase β evaluator.
- Vendor emits a signed event with the policy ID stamped into the event so the plane can verify which policy governed the action.
Acceptance
make demo walks through the four steps with narration, leaves signed artifacts in output/.
- Uses one of the fixtures from openagp/spec/fixtures/policies/ (or a new one if needed).
- README states: L2 — policy delivery exercised, real-time decisions still out of scope.
- Smoke test fails if the policy-stamped event isn't byte-identical across vendor and plane verification.
Scope
- Uses both Python SDK HTTP scaffolds and the existing Phase β policy evaluator.
- Demonstrates the rejection path too (action blocked by policy → still a signed event, just with the deny decision recorded).
Context
The examples README lists this as coming:
This is the missing L2 worked example — Flow B, policy delivery.
Goal
A self-contained example under
examples/policy-roundtrip/that demonstrates the full L2 round-trip:POST /policiesendpoint.Acceptance
make demowalks through the four steps with narration, leaves signed artifacts inoutput/.Scope