{ "contract": { "capsule": 0.1, "effects": [ { "read": "CustomerDB.claims" }, { "approval_required_above_usd": 50, "call": "RefundAPI.issue_refund", "max_amount_usd": 100 } ], "identity": { "attestation": "required", "credentials": "short_lived", "cryptographic": "required", "id": "agent:RefundReviewer", "kind": "agent", "owner": "human:ClaimsLead" }, "inputs": [ "RefundRequest" ], "memory": { "default": "isolated", "stores": [ { "hash_validation": "on_read", "id": "mem:refund-session", "isolation": "per_session", "source_attribution": "required", "ttl": "24h" } ] }, "module": "claims.refund_reviewer", "outputs": [ "RefundDecision" ], "policy": { "default": "deny", "escalation": [ { "if": "amount_usd > 50", "require": [ "human_approval" ] } ] }, "purpose": "Review refund requests and issue approved small refunds through mediated gates.", "runtime": { "backend_preference": [ "docker", "seatbelt" ], "command": [ "refund-reviewer", "run" ], "doorkeeper_endpoint": "https://doorkeeper.internal/mcp", "image": "ghcr.io/acme/refund-reviewer@sha256:REPLACE_WITH_DIGEST", "workdir": "/workspace" }, "telemetry": { "export": [ "otel", "siem", "ledger" ], "required": true, "tamper_evident": true }, "version": "1.2.0" }, "contractHash": "e9e513cc6b5fc144db339f2ef906238dd089439d5cce3ac8924f04dafbaa3094", "edl": { "agent": { "command": [ "refund-reviewer", "run" ], "id": "agent:RefundReviewer", "image": "ghcr.io/acme/refund-reviewer@sha256:REPLACE_WITH_DIGEST", "kind": "agent", "supply_chain": { "image_digest_required": true, "sbom_required": true, "signed_image_required": true }, "workdir": "/workspace" }, "assertions": { "impossible": [ "agent_has_target_credential", "agent_can_reach_protected_target_directly", "protected_effect_without_receipt" ], "negative_tests": [ { "attempt": "direct-call http.call.RefundAPI.issue_refund", "expect": "mediated_gate_required", "name": "protected_effect_requires_gate" } ] }, "authority": { "capabilities": [ { "effects": [ "db.read.CustomerDB.claims" ], "id": "cap:db-read-customerdb-claims", "principal": "agent:RefundReviewer", "resources": [ "CustomerDB.claims" ], "ttl": "10m" }, { "effects": [ "http.call.RefundAPI.issue_refund" ], "id": "cap:http-call-refundapi-issue-refund", "max_amount_usd": 100, "principal": "agent:RefundReviewer", "requires": { "approval": "human:ClaimsLead", "liveness": "passkey" }, "resources": [ "RefundAPI.issue_refund" ], "single_use": true, "ttl": "5m" } ], "delegations": [ { "expires_after": "30m", "from": "human:ClaimsLead", "id": "delegation:claims-refund-reviewer", "mandate": "mandate:claims-refund-reviewer", "may_delegate": false, "to": "agent:RefundReviewer" } ], "mandates": [ { "id": "mandate:claims-refund-reviewer", "issued_by": "human:ClaimsLead", "issued_to": "agent:RefundReviewer", "purpose": "Review refund requests and issue approved small refunds through mediated gates.", "revocable": true, "valid_for": "30m" } ], "principals": [ { "id": "human:ClaimsLead", "identity": "passkey_or_oidc", "kind": "human" }, { "attestation": "required", "credential": "short_lived", "id": "agent:RefundReviewer", "identity": "cryptographic", "kind": "agent" } ] }, "compile": { "targets": [ "capsulang", "docker", "seatbelt", "doorkeeper", "telemetry", "negative_tests" ] }, "edl": "0.1", "enclosure": { "backend_preference": [ "docker", "seatbelt" ], "fail_closed": true, "filesystem": { "deny": [ "~/.ssh", "~/.git-credentials", "~/.config/gh", "/var/run/docker.sock" ], "mounts": [ { "access": "read_write", "guest": "/workspace", "host": "./workspace" } ], "root": "read_only", "workdir": { "access": "read_write", "path": "/workspace" } }, "id": "enc:claims-refund-reviewer", "mode": "enforce", "network": { "allow": [ { "id": "doorkeeper", "ports": [ 443 ], "url": "https://doorkeeper.internal" } ], "default": "deny" }, "process": { "cpu": 2, "disallow": [ "docker", "gh auth", "ssh-add" ], "drop_linux_capabilities": "all", "memory": "4Gi", "no_new_privileges": true, "pids_max": 256, "seccomp": "default_or_stricter", "timeout": "30m", "user": "non_root" }, "secrets": { "allowed_runtime_tokens": [ { "audience": "doorkeeper", "ttl": "5m" } ], "ambient": "deny", "host_keychain": "deny", "mount_tokens": "deny", "ssh_agent": "deny" } }, "gates": [ { "actions": [ { "decision": "allow", "effect": "db.read.CustomerDB.claims", "parameters": { "require_schema": "schemas/db-read-customerdb-claims.json" }, "requires_receipt": true }, { "decision": "escalate", "effect": "http.call.RefundAPI.issue_refund", "postcondition": { "event": "http.call.RefundAPI.issue_refund.completed", "verify": "receipt.effect == \"http.call.RefundAPI.issue_refund\"" }, "requires_capability": "cap:http-call-refundapi-issue-refund", "requires_receipt": true } ], "credential_custody": "server_side_only", "endpoint": "https://doorkeeper.internal/mcp", "id": "gate:capsule", "kind": "mcp_doorkeeper", "target": "claims-refund-reviewer" } ], "memory": { "default": "isolated", "stores": [ { "hash_validation": "on_read", "id": "mem:refund-session", "isolation": "per_session", "source_attribution": "required", "ttl": "24h" } ] }, "name": "claims-refund-reviewer", "policies": [ { "default": "deny", "id": "policy:capsule", "rules": [ { "decision": "allow", "when": "effect == \"db.read.CustomerDB.claims\"" }, { "decision": "escalate", "require": [ "approval", "liveness", "single_use_capability" ], "when": "effect == \"http.call.RefundAPI.issue_refund\" and (amount_usd > 50)" } ] } ], "receipts": { "action_bound": true, "postcondition_required_for": [ "http.call.RefundAPI.issue_refund" ], "single_use_for_high_risk": true }, "reconciliation": [ { "events": [ "http.call.RefundAPI.issue_refund.completed" ], "id": "recon:http-call-refundapi-issue-refund", "match_receipt": { "event": "effect_executed", "fields": [ "effect", "principal_id", "capability_jti" ] }, "on_missing_receipt": "violation", "on_non_gate_actor": "violation", "source": "gate.receipt" } ], "telemetry": { "export": [ "otel", "siem", "ledger" ], "include": [ "trace_id", "span_id", "agent_id", "principal_id", "mandate_id", "delegation_id", "capability_jti", "contract_hash", "enclosure_id", "effect_intent_id", "policy_id", "gate_id" ], "must_emit": [ "invocation.start", "invocation.end", "enclosure.attested", "policy.evaluated", "capability.issued", "effect.intent", "effect.denied", "effect.escalated", "effect.executed", "receipt.emitted" ], "required": true, "tamper_evident": true, "trace": "opentelemetry" }, "version": "1.2.0" }, "enclosureIr": { "agent": { "command": [ "refund-reviewer", "run" ], "id": "agent:RefundReviewer", "image": "ghcr.io/acme/refund-reviewer@sha256:REPLACE_WITH_DIGEST", "kind": "agent", "supply_chain": { "image_digest_required": true, "sbom_required": true, "signed_image_required": true }, "workdir": "/workspace" }, "assertions": { "impossible": [ "agent_has_target_credential", "agent_can_reach_protected_target_directly", "protected_effect_without_receipt" ], "negative_tests": [ { "attempt": "direct-call http.call.RefundAPI.issue_refund", "expect": "mediated_gate_required", "name": "protected_effect_requires_gate" } ] }, "authority": { "capabilities": [ { "effects": [ "db.read.CustomerDB.claims" ], "id": "cap:db-read-customerdb-claims", "principal": "agent:RefundReviewer", "resources": [ "CustomerDB.claims" ], "ttl": "10m" }, { "effects": [ "http.call.RefundAPI.issue_refund" ], "id": "cap:http-call-refundapi-issue-refund", "max_amount_usd": 100, "principal": "agent:RefundReviewer", "requires": { "approval": "human:ClaimsLead", "liveness": "passkey" }, "resources": [ "RefundAPI.issue_refund" ], "single_use": true, "ttl": "5m" } ], "delegations": [ { "expires_after": "30m", "from": "human:ClaimsLead", "id": "delegation:claims-refund-reviewer", "mandate": "mandate:claims-refund-reviewer", "may_delegate": false, "to": "agent:RefundReviewer" } ], "mandates": [ { "id": "mandate:claims-refund-reviewer", "issued_by": "human:ClaimsLead", "issued_to": "agent:RefundReviewer", "purpose": "Review refund requests and issue approved small refunds through mediated gates.", "revocable": true, "valid_for": "30m" } ], "principals": [ { "id": "human:ClaimsLead", "identity": "passkey_or_oidc", "kind": "human" }, { "attestation": "required", "credential": "short_lived", "id": "agent:RefundReviewer", "identity": "cryptographic", "kind": "agent" } ] }, "compile": { "targets": [ "capsulang", "docker", "seatbelt", "doorkeeper", "telemetry", "negative_tests" ] }, "contractHash": "f538164f2b935b326506f04b143c250ddda0b5f1a09c993ee07df658eca98e75", "edl": "0.1", "enclosure": { "backend_preference": [ "docker", "seatbelt" ], "fail_closed": true, "filesystem": { "deny": [ "~/.ssh", "~/.git-credentials", "~/.config/gh", "/var/run/docker.sock" ], "mounts": [ { "access": "read_write", "guest": "/workspace", "host": "./workspace" } ], "root": "read_only", "workdir": { "access": "read_write", "path": "/workspace" } }, "id": "enc:claims-refund-reviewer", "mode": "enforce", "network": { "allow": [ { "id": "doorkeeper", "ports": [ 443 ], "url": "https://doorkeeper.internal" } ], "default": "deny" }, "process": { "cpu": 2, "disallow": [ "docker", "gh auth", "ssh-add" ], "drop_linux_capabilities": "all", "memory": "4Gi", "no_new_privileges": true, "pids_max": 256, "seccomp": "default_or_stricter", "timeout": "30m", "user": "non_root" }, "secrets": { "allowed_runtime_tokens": [ { "audience": "doorkeeper", "ttl": "5m" } ], "ambient": "deny", "host_keychain": "deny", "mount_tokens": "deny", "ssh_agent": "deny" } }, "gates": [ { "actions": [ { "decision": "allow", "effect": "db.read.CustomerDB.claims", "parameters": { "require_schema": "schemas/db-read-customerdb-claims.json" }, "requires_receipt": true }, { "decision": "escalate", "effect": "http.call.RefundAPI.issue_refund", "postcondition": { "event": "http.call.RefundAPI.issue_refund.completed", "verify": "receipt.effect == \"http.call.RefundAPI.issue_refund\"" }, "requires_capability": "cap:http-call-refundapi-issue-refund", "requires_receipt": true } ], "credential_custody": "server_side_only", "endpoint": "https://doorkeeper.internal/mcp", "id": "gate:capsule", "kind": "mcp_doorkeeper", "target": "claims-refund-reviewer" } ], "kind": "capsulang.enclosure_ir", "memory": { "default": "isolated", "stores": [ { "hash_validation": "on_read", "id": "mem:refund-session", "isolation": "per_session", "source_attribution": "required", "ttl": "24h" } ] }, "name": "claims-refund-reviewer", "policies": [ { "default": "deny", "id": "policy:capsule", "rules": [ { "decision": "allow", "when": "effect == \"db.read.CustomerDB.claims\"" }, { "decision": "escalate", "require": [ "approval", "liveness", "single_use_capability" ], "when": "effect == \"http.call.RefundAPI.issue_refund\" and (amount_usd > 50)" } ] } ], "receipts": { "action_bound": true, "postcondition_required_for": [ "http.call.RefundAPI.issue_refund" ], "single_use_for_high_risk": true }, "reconciliation": [ { "events": [ "http.call.RefundAPI.issue_refund.completed" ], "id": "recon:http-call-refundapi-issue-refund", "match_receipt": { "event": "effect_executed", "fields": [ "effect", "principal_id", "capability_jti" ] }, "on_missing_receipt": "violation", "on_non_gate_actor": "violation", "source": "gate.receipt" } ], "schemaVersion": 1, "sourceSha256": "36f16b1b5ad0e6e1c6f3c1cd4f51f7122c870b74e15176acee52518d37707101", "symbols": { "capabilities": { "cap:db-read-customerdb-claims": "CapDbReadCustomerdbClaims", "cap:http-call-refundapi-issue-refund": "CapHttpCallRefundapiIssueRefund" }, "delegations": { "delegation:claims-refund-reviewer": "DelegationClaimsRefundReviewer" }, "gates": { "gate:capsule": "GateCapsule" }, "mandates": { "mandate:claims-refund-reviewer": "MandateClaimsRefundReviewer" }, "memory": { "mem:refund-session": "MemRefundSession" }, "policies": { "policy:capsule": "PolicyCapsule" }, "principals": { "agent:RefundReviewer": "AgentRefundReviewer", "human:ClaimsLead": "HumanClaimsLead" } }, "telemetry": { "export": [ "otel", "siem", "ledger" ], "include": [ "trace_id", "span_id", "agent_id", "principal_id", "mandate_id", "delegation_id", "capability_jti", "contract_hash", "enclosure_id", "effect_intent_id", "policy_id", "gate_id" ], "must_emit": [ "invocation.start", "invocation.end", "enclosure.attested", "policy.evaluated", "capability.issued", "effect.intent", "effect.denied", "effect.escalated", "effect.executed", "receipt.emitted" ], "required": true, "tamper_evident": true, "trace": "opentelemetry" }, "version": "1.2.0" }, "kind": "capsulang.capsule_ir", "module": "claims.refund_reviewer", "schemaVersion": 1, "sourceSha256": "b4de40dae5c38e454803bf2b32f2166bb1b4be0a5365fc43bc95e96ba9621155", "version": "1.2.0" }