Context
The sdk-python README lists this under "Does NOT implement yet (Phase 1+)":
Real-time decision callback (Flow C)
Flow C is the L3 synchronous decision callback — vendor pauses an action, asks the plane "is this allowed?", and waits for a signed decision before proceeding. Today the SDK can produce and verify decision requests/responses (the schemas are bundled) but doesn't have a high-level client for actually doing the round-trip.
Goal
Ship openagp.flow_c (or similar) with:
- Vendor-side client. Sends a
DecisionRequest, waits for a signed DecisionResponse, verifies it, surfaces it to the caller.
- Plane-side server hook. Receives a
DecisionRequest, calls a user-supplied decision function (probably reusing the Phase β policy evaluator), produces a signed DecisionResponse.
- Timeout + retry semantics — clearly documented; a slow plane is its own failure mode and the vendor needs to decide fail-open vs. fail-closed per spec.
Scope
- Sync API surface (don't force async on apps that don't need it).
- Built on top of the HTTP scaffolds (related issue) — landing in the same release.
- Test vectors should be added to openagp/spec/test-vectors/ for byte-identical cross-SDK parity.
Pointers
Context
The sdk-python README lists this under "Does NOT implement yet (Phase 1+)":
Flow C is the L3 synchronous decision callback — vendor pauses an action, asks the plane "is this allowed?", and waits for a signed decision before proceeding. Today the SDK can produce and verify decision requests/responses (the schemas are bundled) but doesn't have a high-level client for actually doing the round-trip.
Goal
Ship
openagp.flow_c(or similar) with:DecisionRequest, waits for a signedDecisionResponse, verifies it, surfaces it to the caller.DecisionRequest, calls a user-supplied decision function (probably reusing the Phase β policy evaluator), produces a signedDecisionResponse.Scope
Pointers
realtime-decisionin openagp/examples