Skip to content

Build policy-roundtrip example (L2 policy delivery) #4

Description

@Faux16

Context

The examples README lists this as coming:

policy-roundtrip/ — Plane pushes a policy via HTTP, vendor accepts and applies it, vendor emits policy-stamped events (L2)

This is the missing L2 worked example — Flow B, policy delivery.

Goal

A self-contained example under examples/policy-roundtrip/ that demonstrates the full L2 round-trip:

  1. Plane pushes a signed policy descriptor to a vendor's POST /policies endpoint.
  2. Vendor verifies the policy signature, schema-validates it, stores it, and acknowledges (with the policy ID echoed).
  3. Vendor evaluates an incoming action against the stored policy using the Phase β evaluator.
  4. Vendor emits a signed event with the policy ID stamped into the event so the plane can verify which policy governed the action.

Acceptance

  • make demo walks through the four steps with narration, leaves signed artifacts in output/.
  • Uses one of the fixtures from openagp/spec/fixtures/policies/ (or a new one if needed).
  • README states: L2 — policy delivery exercised, real-time decisions still out of scope.
  • Smoke test fails if the policy-stamped event isn't byte-identical across vendor and plane verification.

Scope

  • Uses both Python SDK HTTP scaffolds and the existing Phase β policy evaluator.
  • Demonstrates the rejection path too (action blocked by policy → still a signed event, just with the deny decision recorded).

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:needs-triageNewly opened, not yet assessed by a maintainertype:featureAdditive change — new functionality

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions