AlgoVoi open Decision chain (Apache-2.0): Passport + Mandate + Policy + Gate + Guardrail + Cancellation + Refund + Trust query — verifiable agentic-payment primitives

[chopmob-cloud]

Following the policy binding post, we've published Compliance Gate (lite), an open way to record a compliance decision and bind it to the policy it was made under, with no personal data in the record.

You bring a categorical screening verdict (ALLOW, REFER, or DENY) from your own sanctions, PEP, or AML provider. The package binds it to a no PII payer reference and a pinned subject reference:

payer_ref = "sha256:" + SHA-256(JCS({ address, network }))            # the address goes in, only its hash comes out



gate_ref  = "sha256:" + SHA-256(JCS({ payer_ref, subject_ref, verdict }))

subject_ref is imported by hash, so it can be a policy_bound_ref, a settlement action binding_ref, or a retention_chain_ref. Because the verdict is bound to the subject, a decision made under one policy snapshot does not recompute under a rotated policy. It is provably tied to the policy that was in force. No new cryptography is involved: the same RFC 8785 JCS and SHA-256 used across the substrate.

Install

pip install algovoi-compliance-gate-lite



npm install @algovoi/compliance-gate-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.

• Conformance: the compliance_gate_lite_v1 vector set (12 vectors) is in the public corpus, chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners you can run yourself.

• Spec: sections 7.8 and 8.11 of draft-hopley-x402-retention-chain (revision 05).

• Docs: https://docs.algovoi.co.uk/compliance-gate-lite

• The lite tier is content addressed, with no signature. A commercial tier adds post quantum (Falcon 1024) signing and a zero knowledge proof layer.

Feedback welcome.

---

Update: Spend Guardrail (lite) is now live too.

The pre-payment decision an agent platform makes before executing a payment. It binds a categorical ALLOW or DENY to the agent it was made for, the spend authority it was checked against, and the policy in force, each imported by hash, into one recomputable reference. It moves no funds.

guardrail_ref = "sha256:" + SHA-256(JCS({ agent_ref, mandate_ref, policy_bound_ref, verdict }))

An ALLOW made under one policy does not recompute under a rotated policy, and swapping the agent, the mandate, or the verdict diverges the reference. policy_bound_ref is the policy binding above, so the whole pre-payment decision composes into one content address.

Install

pip install algovoi-spend-guardrail-lite



npm install @algovoi/spend-guardrail-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.

• Conformance: the spend_guardrail_lite_v1 vector set (10 vectors) is in the same public corpus, with Python and Node runners.

• It is an instance of the same binding framework as sections 7.6 to 7.8 of draft-hopley-x402-retention-chain; the published conformance set is the byte level artifact.

• Docs: https://docs.algovoi.co.uk/spend-guardrail-lite

• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing on the decision receipt and the full Agent Passport and Payment Mandate enforcement stack.

---

Update: Substrate Guard (lite) is now live.

A deterministic input bounds gate that runs before canonicalization. A payload can be perfectly valid JSON and still be hostile by resource: very large, nested thousands deep, millions of keys, an oversized string, a number outside the safe integer range. Those pass "is it well formed?" and land in the canonicalizer and hasher, which is where a cheap denial of service lives. This gate is the front door: it accepts, or rejects with a named code (REJECT_OVER_DEPTH, REJECT_TOO_MANY_KEYS, REJECT_OVER_SIZE, and so on), before any JCS or SHA-256 work touches the payload. It never truncates and never repairs.

profile_ref = "sha256:" + SHA-256(JCS(profile))



guard(value, profile)  ->  accept, or raise a named code before canonicalization

The limits in force are content addressed, so a record can carry the profile_ref it was admitted under and an auditor can prove which bounds were enforced, not just that some validation happened. The default profile guard-receipt-v1 (max bytes 65536, depth 32, object keys 256, array length 1024, string length 8192, total nodes 4096, number safety on) addresses to sha256:a4791b13c67a16109b85ef67fc65700ea902b6ad40dad44d8556632c3d5524a6. Pin it, or content address your own.

Every bound is a pure structural property of the parsed value (depth, count, length), so independent implementations enforce it identically. It changes no hash and adds no crypto primitive, so everything already built on the canonicalization base gets the protection by adding one line: guard(value) before your existing reference construction.

Install

pip install algovoi-substrate-guard



npm install @algovoi/substrate-guard

• Apache 2.0. Python and TypeScript reject the same hostile inputs with the same code and compute the same profile_ref, byte for byte.

• Conformance: the substrate_guard_v1 vector set (15 vectors) is in the public corpus, chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners you can run yourself.

• Honest scope: a deterministic structural validator plus a content addressed profile, not cryptography, and not rate limiting or replay windows (those stay in the runtime layer).

• Docs: https://docs.algovoi.co.uk/substrate-guard

The open roadmap is progressing steadily. Substrate Guard is the first of the native security and hardening layers we are building directly on the canonicalization base. More are on the way, alongside open agent identity and payment mandate references that compose with the Spend Guardrail above.

---

Adopting any of these, and a free v0 key.

All of these lite packages are free under Apache 2.0. If you build on one and pin it, you also qualify for a free v0 licence key for algovoi-mandate-auditor. The check is the same for every package in this post:

1. Depend on the package, so it appears in your lockfile or manifest.

2. Run the conformance vectors yourself and keep a canonical hash anchor from the set in your project.

3. Preserve the NOTICE file in your distribution.

4. Pin the version (for example algovoi-substrate-guard==0.1.0).

Send those (your import by hash evidence and a copy of the NOTICE) to chopmob@gmail.com and we issue the key. The point is structural: the thing you pin is one of our content addresses, so the adoption is provable on both sides.

Verify it yourself, live. Substrate Guard now has a runnable test surface on the open Agent Trust Bench (agent-trust-bench.algovoi.co.uk, free, no account, works with any x402 facilitator): a resource-bounds profile family generated one to one from the published substrate_guard_v1 vectors, one challenge per named reject code. Point an agent at it and it accepts the in-bounds control and rejects each resource-hostile payload with the same code the package enforces, on a live endpoint.

The bench also exposes a reputation result as OpenTelemetry GenAI trust telemetry: agent.trust_score with a producer-scoped .method token (the bench methodology version), so a score travels with the exact methodology and profile set it was computed under. This tracks the agentic-authorization SemConv work in open-telemetry/semantic-conventions-genai#180.

Feedback welcome.

---

Update: Agent Passport (lite) is now live.

A content addressed reference to an agent's identity claim: who the agent is, who issued it, the scope, and the validity window. It is exactly the agent_ref the Spend Guardrail decision binds, so identity composes straight into the pre-payment decision. It asserts no authority by itself; it is a recomputable handle to the identity claim.

passport_ref = "sha256:" + SHA-256(JCS({ agent_id, issuer, scope, validity_window }))

All four fields are load bearing: change the agent, the issuer, the scope, or the window and the reference diverges, and an empty field is rejected. Because passport_ref is the same agent_ref the Spend Guardrail binds, agent identity, spend authority, and policy in force chain into one recomputable pre-payment decision.

Install

pip install algovoi-agent-passport-lite


npm install @algovoi/agent-passport-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.

• Conformance: the agent_passport_lite_v1 vector set (11 vectors) is in the public corpus, chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners you can run yourself.

• Docs: https://docs.algovoi.co.uk/agent-passport-lite

• Pinned edition for adopters, with a free key. Depend on it, pin algovoi-agent-passport-lite==0.1.0, anchor a passport_ref vector hash from the corpus, and keep the NOTICE. That four check gate earns a free v0 licence key for algovoi-mandate-auditor: email chopmob@gmail.com with your import by hash evidence and a copy of the NOTICE.

• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing and full enforcement (issuer trust lists, revocation, validity window).

---

Update: Payment Mandate (lite) is now live. This completes the open pre-payment decision triad.

A content addressed reference to the terms of a spend authority: who authorised it, the per-period cap, the period, and whether it is still live. It is exactly the mandate_ref the Spend Guardrail decision binds, so a spend authority composes straight into the pre-payment decision. It authorises no charge by itself; it is a recomputable handle to the terms.

mandate_ref = "sha256:" + SHA-256(JCS({ cap, payer, period, revocation_state }))

All four fields are load bearing: change the payer, the cap, the period, or the revocation state and the reference diverges, and an empty field is rejected. With this, the three inputs the Spend Guardrail binds are all open and pinnable: passport_ref (the agent), mandate_ref (the spend authority), and policy_bound_ref (the policy in force) compose into one recomputable guardrail_ref decision.

Install

pip install algovoi-payment-mandate-lite


npm install @algovoi/payment-mandate-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.

• Conformance: the payment_mandate_lite_v1 vector set (11 vectors) is in the public corpus, chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners you can run yourself. mandate_1 and mandate_2 equal the mandate_ref in the spend_guardrail_lite_v1 set, so the chain composes byte for byte.

• Docs: https://docs.algovoi.co.uk/payment-mandate-lite

• Pinned edition for adopters, with a free key. Depend on it, pin algovoi-payment-mandate-lite==0.1.0, anchor a mandate_ref vector hash from the corpus, and keep the NOTICE. That four check gate earns a free v0 licence key for algovoi-mandate-auditor: email chopmob@gmail.com with your import by hash evidence and a copy of the NOTICE.

• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing and the full authorise-charge engine (per-period cap checks, revocation).

---

Update: the open pre-payment decision chain is now provable end to end.

The three lite inputs a Spend Guardrail decision binds, the agent (passport_ref), the spend authority (mandate_ref), and the policy in force (policy_bound_ref), now compose into one recomputable guardrail_ref, proven byte for byte for both ALLOW and DENY.

passport_ref + mandate_ref + policy_bound_ref  ->  guardrail_ref

A new composition keystone in the public corpus recomputes each reference from its raw fields, shows each equals the published output of its own lite set and is exactly the reference the decision binds, then recomputes guardrail_ref from the three and matches the published reference. No new vectors and no new hashing primitive: it is the composition itself.

• Conformance: the spend_decision_chain_v1 keystone in chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners. It is part of the single command corpus check (verify_corpus.py).

• Verify it yourself: pip install rfc8785 ; python verify_chain.py and node verify_chain.mjs. Both reproduce every value byte for byte, so Python and a Node reimplementation agree on the whole chain.

• Docs: https://docs.algovoi.co.uk/spend-decision-chain

• It fits the existing draft-hopley-x402-retention-chain binding framework (sections 7.6 to 7.8, plus the section 7.1 reference construction); no new section. Apache 2.0, no signature; the commercial tiers add Falcon 1024 signing and enforcement on each link.

---

Update: Cancellation Receipt (lite) is now live. The open lifecycle now closes on the authority side.

A content addressed reference to the cancellation of a spend authority: which authority was cancelled (the mandate_ref, by hash) and why (a closed enum: USER_REQUESTED, MERCHANT_REQUESTED, COMPLIANCE_TERMINATED, EXPIRED).

cancellation_ref = "sha256:" + SHA-256(JCS({ cancellation_reason, mandate_ref }))

Because it binds the same mandate_ref the pre-payment decision was checked against, a cancellation composes onto the decision chain and cannot be re-pointed to another authority. The keystone now proves the chain end to end through cancellation.

Install

pip install algovoi-cancellation-receipt-lite
npm install @algovoi/cancellation-receipt-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.
• Conformance: the cancellation_receipt_lite_v1 vector set (10 vectors) in chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners. cn-001/002/003 cancel the mandate_ref Spend Guardrail binds, and the line is folded into the spend_decision_chain_v1 keystone (now 6/6, byte for byte).
• Docs: https://docs.algovoi.co.uk/cancellation-receipt-lite
• Pinned edition for adopters, with a free key. Pin algovoi-cancellation-receipt-lite==0.1.0, anchor a cancellation_ref vector hash, and keep the NOTICE; that four check gate earns a free v0 licence key for algovoi-mandate-auditor (email chopmob@gmail.com with your import by hash evidence and the NOTICE).
• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing, effective-from timing, and cross-chain propagation.

---

Update: Refund Receipt (lite) is now live. The open lifecycle now closes after settlement too.

A content addressed reference to the refund of a prior payment: which payment was refunded (the subject_ref, by hash), the outcome (a closed enum: FULL, PARTIAL, REJECTED), and the amount.

refund_ref = "sha256:" + SHA-256(JCS({ refund_amount, refund_result, subject_ref }))

Its subject_ref is the same guardrail_ref the pre-payment decision produced, so a refund composes onto the decision chain and cannot be re-pointed to another payment. Where cancellation closes the authority before payment, refund closes the authorized payment after it.

Install

pip install algovoi-refund-receipt-lite
npm install @algovoi/refund-receipt-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.
• Conformance: the refund_receipt_lite_v1 vector set (11 vectors) in chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners. rf-001/002/003 refund the ALLOW guardrail_ref Spend Guardrail produced, and the line is folded into the spend_decision_chain_v1 keystone (now 7/7, byte for byte).
• Docs: https://docs.algovoi.co.uk/refund-receipt-lite
• Pinned edition for adopters, with a free key. Pin algovoi-refund-receipt-lite==0.1.0, anchor a refund_ref vector hash, and keep the NOTICE; that four check gate earns a free v0 licence key for algovoi-mandate-auditor (email chopmob@gmail.com with your import by hash evidence and the NOTICE).
• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing, provider and timing and jurisdiction, and cross-chain propagation.

---

Update: Composite Trust Query (lite) is now live. The open lifecycle is complete.

A content addressed reference to a trust verdict over an ordered set of pinned references: which references were assessed (subject_refs, each by hash, order and membership load-bearing) and the outcome (a closed enum: TRUSTED, PROVISIONAL, INSUFFICIENT_EVIDENCE, UNTRUSTED).

trust_query_ref = "sha256:" + SHA-256(JCS({ subject_refs, trust_outcome }))

Its subject_refs can be the exact references the chain produced (passport_ref, mandate_ref, policy_bound_ref, guardrail_ref), so one verdict caps the whole chain and cannot silently drop a reference it claimed to assess. The lite tier binds only; the scoring that produces the verdict stays commercial.

Install

pip install algovoi-composite-trust-query-lite
npm install @algovoi/composite-trust-query-lite

• Apache 2.0. Python and TypeScript produce identical bytes on the same input.
• Conformance: the composite_trust_query_lite_v1 vector set (12 vectors) in chopmob-cloud/algovoi-jcs-conformance-vectors, with Python and Node runners. tq-001/002/003 assess the full chain [passport_ref, mandate_ref, policy_bound_ref, guardrail_ref(ALLOW)], and the line caps the spend_decision_chain_v1 keystone (now 8/8, byte for byte).
• Docs: https://docs.algovoi.co.uk/composite-trust-query-lite
• Pinned edition for adopters, with a free key. Pin algovoi-composite-trust-query-lite==0.1.0, anchor a trust_query_ref vector hash, and keep the NOTICE; that four check gate earns a free v0 licence key for algovoi-mandate-auditor (email chopmob@gmail.com with your import by hash evidence and the NOTICE).
• Lite is content addressed, no signature. A commercial tier adds Falcon 1024 signing, audit chain scoring, and a signed verdict.

With this, the open chain runs end to end: identity, authority, policy, decision, cancellation, refund, and composite verdict, every reference recomputable byte for byte.

[chopmob-cloud]

Thanks @geneknit, that is completely fair and appreciated. Consolidating here on this thread, with the Agent Trust Bench updates staying on #1855. All future updates (new packages, version bumps, conformance changes) will go here as edits or comments rather than new discussions. Thanks for the steer, and for the kind words.

[chopmob-cloud]

Notice: Major upgrades coming to the OpenSource Substrate. The Keystone was the first step.