Skip to main content

Module approval

polyc_crypto

Module approval 

Source
Expand description

HITL approval payload encoders/decoders and signer.

The approval flow persists two event payloads in the conversation eventlog:

  • approval_request — minted when polyc_agent::run_turn surfaces a pending tool call that needs human consent.
  • approval_response — minted by ApprovalService::Respond (or the POLYCHROME_APPROVE_ALL auto-approve fast path) carrying a signed decision.

The encoders / decoders live in polyc-crypto (this crate) rather than the control-plane binary so the harness pod can verify inbound approval_response payloads on its own — the harness sits in a sandbox and shouldn’t trust the wire blindly.

Structs§

ApprovalSigner
Ed25519 signer that mints provenance signatures for approval_response payloads. Wraps Signer in an Arc so the gRPC service and the connect path share one instance.
DecodedResponse
Every decoded field of an approval_response payload (unverified). tool_name / args_json are present only for v2 payloads.
ReceiptPayload
The receipt body fields receipt_payload signs, named at the call site.
VerifiedReceipt
A decoded payment_receipt payload after signature verification.
VerifiedResponse
A decoded approval_response payload after signature verification.

Constants§

RECEIPT_VERSION
Current signed payment_receipt schema version.
RESPONSE_VERSION
Current signed approval_response schema version.

Functions§

decode_request_fields
Extract (request_id, tool_name, args_json) from an approval_request payload — the fields a v2 approval_response must sign to bind the approval to the request identity.
decode_request_id
Extract request_id from an approval_request payload.
decode_response_full
Decode every field of an approval_response payload without verifying.
decode_response_minimal
Extract (request_id, approved) from an approval_response payload.
receipt_payload
JSON payload for a payment_receipt event.
request_payload
JSON payload for an approval_request event.
response_payload
JSON payload for an approval_response event (schema v2).
verify_signed_receipt
Verify a persisted payment_receipt payload.
verify_signed_response
Verify a persisted approval_response payload.
verify_wire_response
Verify a wire-form v2 approval_response, binding the approval to its (request_id, tool_name, args_json) identity.