ArmorPay Bundle Templates
Reference guide for all pre-built ArmorPay financial policy bundles - AP, Finance, and Payroll agent templates.
Overview
ArmorPay ships with 9 pre-built bundle templates - three per financial agent. Each bundle represents a different enforcement posture (standard, restricted, or permissive).
AP Agent Templates
Standard AP Controls
- ID:
qbo-ap-standard - Enforcement:
allow_log - Rate Limit: 200 requests/hour
- Key Rules:
- Hold invoices exceeding $10,000
- Hold payments exceeding $5,000
- Log all financial tool calls
Restricted AP Controls
- ID:
qbo-ap-restricted - Enforcement:
block - Rate Limit: 50 requests/hour
- Key Rules:
- Block all tool calls by default
- Hold all write operations for approval
- $1,000 threshold for any financial action
Permissive AP Controls
- ID:
qbo-ap-permissive - Enforcement:
allow_log - Rate Limit: 500 requests/hour
- Key Rules:
- High thresholds: $100,000 invoices, $50,000 payments
- All tools allowed with logging
Finance Agent Templates
Read-Only Finance
- ID:
qbo-finance-readonly - Enforcement:
block - Rate Limit: 100 requests/hour
- Key Rules:
- Block all write operations
- Allow P&L and balance sheet read tools only
Restricted Finance
- ID:
qbo-finance-restricted - Enforcement:
block - Rate Limit: 50 requests/hour
- Key Rules:
- P&L report tool only
- All other tools blocked
Full Access Finance
- ID:
qbo-finance-full-access - Enforcement:
allow_log - Rate Limit: 200 requests/hour
- Key Rules:
- All 3 read tools enabled (P&L, balance sheet, trial balance)
- All calls logged
Payroll Agent Templates
Controlled Payroll
- ID:
qbo-payroll-controlled - Enforcement:
hold - Rate Limit: 50 requests/hour
- Key Rules:
- PII fields automatically protected
- Manager approval required for sensitive operations
- Employee data read with restrictions
Restricted Payroll
- ID:
qbo-payroll-restricted - Enforcement:
block - Rate Limit: 25 requests/hour
- Key Rules:
- Read-only access to payroll data
- Block all create and update operations
Permissive Payroll
- ID:
qbo-payroll-permissive - Enforcement:
allow_log - Rate Limit: 100 requests/hour
- Key Rules:
- No holds on operations
- Employee create operations allowed
- All calls logged
YAML Structure
All ArmorPay bundles compile to a FinancialPolicy kind YAML document:
kind: FinancialPolicy
metadata:
name: "Standard AP Controls"
targetType: agent
targetId: ap-agent
enforcement:
defaultAction: allow_log
rateLimit: 200
memberRoles:
- role: AP
members: []
toolEnforcement:
- toolName: create_invoice
financial: true
amountField: amount
holdAbove: 10000The toolEnforcement array allows per-tool overrides of the default enforcement action, with financial-specific fields like amountField and holdAbove.