Add agent capability policy evaluation layer for validating allowed actions

[David-patrick-chuks]

Summary

Introduce a policy evaluation layer that can validate whether an agent is allowed to perform specific categories of actions.

Context

Agent capabilities currently exist as data on records, but future financial and tool-execution workflows will need clearer policy evaluation logic.

Scope

• Define a capability evaluation abstraction
• Add a reusable policy-oriented service or helper layer
• Keep the design compatible with future payments, tools, and authorization rules
• Add tests for representative policy checks

Acceptance Criteria

• Capability policy evaluation has a dedicated home in the codebase
• The pattern is reusable for future agent-sensitive actions
• Tests cover representative allow/deny behavior
• The design aligns with future authorization work

Out of Scope

• Full RBAC system
• Wallet signing authorization
• External policy engines

Dependencies

Should align with #10 and #19.
Richer agent workflows and authorization scaffolding make this issue more valuable.

[gtx20060124-bot]

Hi David, I can help add an agent capability policy evaluation layer. Defining clear policy checks for agent actions will be important as financial and tool-execution workflows are added.

I'll define a capability evaluation abstraction, add a reusable policy-oriented service layer, and include tests for representative allow/deny behavior.

Ready to start on this.

[gtx20060124-bot]

Hi David, following up on agent capability policy evaluation. We're ready to implement a capability evaluation abstraction with policy-oriented service layer.

Defining clear policy checks for agent actions will be important as financial and tool-execution workflows are added. Let us know!