examples: add JSON config for payment guard service

[safal207]

Closes #147

What

Makes Agent Payment Guard HTTP service configurable via a JSON config file instead of relying only on CLI defaults.

Changes

New file

• examples/agent-payment-guard/payment_guard_service_config.json — config with mode, require_signed_intent, policy_path, audit_path, service.{host,port}, audit.{hash_chain, recent_records_default_limit, recent_records_max_limit}

Updated files

• examples/agent-payment-guard/payment_guard_service.py
  • New --config PATH argument; loads and validates config at startup, fails fast on invalid config with a clear error
  • Request body mode overrides config mode per-request; omitting mode uses config.mode
  • require_signed_intent: true in config merges with per-request strict mode — strictest wins → returns BLOCK / MISSING_INTENT_ENVELOPE when envelope absent
  • Audit limits (default_limit, max_limit) come from config; GET /v1/audit/records clamps and validates limit query param deterministically
  • Legacy CLI flags (--host, --port, --policy, --audit-path) still work and override config when both provided
• examples/agent-payment-guard/run_service_check.sh
  • Starts service with --config flag; all existing checks (health, enforce ACCEPT, shadow BLOCK, enforce HOLD, shadow HOLD, audit records, hash-chain) still pass
• docs/agent-payment-guard-service.md
  • Config-based startup example
  • Config field reference table
  • Audit endpoint limit behavior documented

Non-goals (not added)

No YAML, no real wallets, no token transfers, no private keys, no payment SDKs, no RPC, no smart contracts, no KYC/AML, no JWS/EIP-712.

Validation

bash examples/agent-payment-guard/run_demo_check.sh
bash examples/agent-payment-guard/run_service_check.sh
python3 scripts/verify_audit_log.py .proofpath/audit.jsonl

[safal207]

PR direction is good and close to merge-ready. The main shape matches #147: JSON config, fail-fast validation, request mode override, config-driven limits, config-based service startup, and no new dependencies.

Before merge, please fix these small gaps:

1. Add service test for config-default mode.

run_service_check.sh currently sends mode explicitly in every evaluate request, so it does not prove:

Missing request mode uses config mode.

Please add one request without mode and assert:

response.mode == enforce
ACCEPT

A valid proposal + valid envelope case is enough.

2. Add service test for require_signed_intent=true strictness.

The config sets:

"require_signed_intent": true

Please add one request with a valid proposal but without intent_envelope and assert:

BLOCK / MISSING_INTENT_ENVELOPE
execution_allowed=false
would_block=true

This proves config strictness, not just mode behavior.

3. Add at least one audit-limit behavior test.

Please test at least:

GET /v1/audit/records?limit=999 -> response.limit == configured max
GET /v1/audit/records?limit=abc -> HTTP 400 JSON error

If you want to keep it minimal, the clamp test is enough, but invalid-limit coverage would be better.

4. Fix a misleading comment in payment_guard_service.py.

The code currently says:

# Legacy CLI overrides kept for backwards compatibility; config takes precedence

but the actual behavior is that explicit CLI flags override config. Please change it to something like:

# Legacy CLI overrides kept for backwards compatibility; explicit CLI flags override config.

After these fixes, #148 should be merge-ready. Keep the non-goal boundary as-is: JSON only, no YAML dependency, no wallets, no SDKs, no RPC, no token transfers, no custody, no JWS, no EIP-712.