feat: add financial_governance spec block and purchasing-agent example#39
Open
Danbi58 wants to merge 1 commit intoopen-gitagent:mainfrom
Open
feat: add financial_governance spec block and purchasing-agent example#39Danbi58 wants to merge 1 commit intoopen-gitagent:mainfrom
Danbi58 wants to merge 1 commit intoopen-gitagent:mainfrom
Conversation
Demonstrates the proposed financial_governance block in a realistic purchasing agent scenario with spending caps, category allowlists, human approval threshold, and Slack/email/SMS notifications.
Contributor
|
Reviewed. This PR only adds an example agent.yaml — it does not add the schema definition, spec update, validation rules, export support, or audit support that were discussed in #38. Issues:
This needs a schema PR first, then the example. Closing — please resubmit after addressing the #38 feedback. |
Author
|
Appreciate the detailed review, all five points are fair. The
vendor-neutrality issue in particular is a valid structural issue to
address.
I’ll take this back to the drawing board, start with the schema definition
as suggested, and make sure the financial_governance block is
implementation-agnostic before resubmitting.
Will pick up the #38 thread before opening a new PR. Thank you.
…On Thu, 26 Mar 2026 at 07:38, Shreyas Kapale ***@***.***> wrote:
*shreyas-lyzr* left a comment (open-gitagent/gitagent#39)
<#39?email_source=notifications&email_token=BBBYC55G5KMDZ6G2TFUBZM34SQ7SVA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIMJSHE3DCNZQG4ZKM4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2LK4DSL5RW63LNMVXHIX3POBSW4X3DNRUWG2Y#issuecomment-4129617072>
Reviewed. This PR only adds an example agent.yaml — it does *not* add the
schema definition, spec update, validation rules, export support, or audit
support that were discussed in #38
<#38>.
Issues:
1. *No schema change* — financial_governance isn't defined in
spec/schemas/agent-yaml.schema.json, so gitagent validate will reject
this file with additionalProperties errors
2. *Vendor lock-in* — firewall: valkurai and firewall_endpoint bake in
a specific vendor as discussed in #38
<#38>. Needs to be
generic.
3. *Duplicate fields* — audit.retention_period and audit.immutable
duplicate compliance.recordkeeping. Should reference, not repeat.
4. *Placement* — Should be compliance.financial_governance, not
top-level. Discussed in #38
<#38>.
5. *Trailing backticks* — The file ends with a stray ```` which makes
it invalid YAML.
This needs a schema PR first, then the example. Closing — please resubmit
after addressing the #38
<#38> feedback.
—
Reply to this email directly, view it on GitHub
<#39?email_source=notifications&email_token=BBBYC55G5KMDZ6G2TFUBZM34SQ7SVA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTIMJSHE3DCNZQG4ZKM4TFMFZW63VGMF2XI2DPOKSWK5TFNZ2LK4DSL5RW63LNMVXHIX3POBSW4X3DNRUWG2Y#issuecomment-4129617072>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BBBYC5YPTLNDPZSUW4JIJ4T4SQ7SVAVCNFSM6AAAAACW3G2HNKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DCMRZGYYTOMBXGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Demonstrates the proposed financial_governance block in a realistic
purchasing agent scenario with spending caps, category allowlists,
human approval threshold, and Slack/email/SMS notifications.
What
Adds two things:
examples/financial-agent/agent.yaml— a complete purchasingagent example demonstrating the proposed
financial_governanceblock in a realistic compliance scenario
financial_governanceblock itself — a new optional specaddition that lets payment-capable agents declare runtime
financial controls directly in their agent definition
Why
The
complianceblock handles agent identity, SOD, and auditlogging at the definition level. But there's currently no standard
way to declare runtime financial controls — spending caps,
category allowlists, human approval thresholds, and which financial
firewall enforces them.
Recent incidents illustrate why this matters:
no spending cap to limit the damage
to a random address with no transaction cap
The
financial_governanceblock fills this gap. It is additive,optional, disabled by default, and ignored cleanly by exporters
that don't implement it.
Closes #38
How Tested
Checklist
``