Include pii hash and lei by default

pelle · pelle · commit e049c0ca5339 · 2025-06-16T09:30:02.000+02:00
diff --git a/tap-mcp/examples/pii_hashing_demo.rs b/tap-mcp/examples/pii_hashing_demo.rs
@@ -0,0 +1,65 @@
+//! Demonstration of PII hashing for TAP transfers
+
+use tap_msg::message::Party;
+use tap_msg::utils::NameHashable;
+
+fn main() {
+    println!("TAP Transfer PII Hashing Demonstration\n");
+
+    // Example 1: Natural Person - Alice Lee
+    println!("1. Natural Person Example:");
+    println!("   Name: Alice Lee");
+
+    let alice = Party::new("did:example:alice")
+        .with_name_hash("Alice Lee")
+        .with_country("US");
+
+    println!("   Party JSON:");
+    let alice_json = serde_json::to_string_pretty(&alice).unwrap();
+    println!("{}", alice_json);
+
+    // Example 2: Organization - Example Corp
+    println!("\n2. Organization Example:");
+    println!("   Legal Name: Example Corporation Ltd.");
+    println!("   LEI: 549300ZFEEJ2IP5VME73");
+
+    let corp = Party::new("did:web:example.com")
+        .with_lei("549300ZFEEJ2IP5VME73")
+        .with_country("US");
+
+    // For organizations, we could also add legal name in metadata
+    let mut corp_with_name = corp;
+    corp_with_name.add_metadata(
+        "legalName".to_string(),
+        serde_json::Value::String("Example Corporation Ltd.".to_string()),
+    );
+
+    println!("   Party JSON:");
+    let corp_json = serde_json::to_string_pretty(&corp_with_name).unwrap();
+    println!("{}", corp_json);
+
+    // Example 3: Show the difference
+    println!("\n3. Privacy Comparison:");
+    println!("   Without hashing (DO NOT USE IN PRODUCTION):");
+    let mut alice_with_pii = Party::new("did:example:alice");
+    alice_with_pii.add_metadata("givenName".to_string(), serde_json::json!("Alice"));
+    alice_with_pii.add_metadata("familyName".to_string(), serde_json::json!("Lee"));
+    println!("{}", serde_json::to_string_pretty(&alice_with_pii).unwrap());
+
+    println!("\n   With hashing (RECOMMENDED):");
+    println!("{}", alice_json);
+
+    // Example 4: Name hash verification
+    println!("\n4. Name Hash Verification:");
+    struct Hasher;
+    impl NameHashable for Hasher {}
+
+    let hash1 = Hasher::hash_name("Alice Lee");
+    let hash2 = Hasher::hash_name("alice lee"); // Different case
+    let hash3 = Hasher::hash_name("Alice  Lee"); // Extra space
+
+    println!("   'Alice Lee'  -> {}", hash1);
+    println!("   'alice lee'  -> {}", hash2);
+    println!("   'Alice  Lee' -> {}", hash3);
+    println!("   All hashes match: {}", hash1 == hash2 && hash2 == hash3);
+}
diff --git a/tap-mcp/src/tools/transaction_tools.rs b/tap-mcp/src/tools/transaction_tools.rs
@@ -14,6 +14,7 @@ use tap_msg::message::tap_message_trait::TapMessageBody;
 use tap_msg::message::{
     Agent, Authorize, Cancel, Complete, Party, Reject, Revert, Settle, Transfer,
 };
+use tap_node::storage::models::SchemaType;
 use tracing::{debug, error};
 
 /// Tool for creating transfer transactions
@@ -123,44 +124,66 @@ impl ToolHandler for CreateTransferTool {
             if let Some(_profile) = customer.profile.as_object() {
                 let mut metadata = HashMap::new();
 
-                // Add name information if available
-                if let Some(given_name) = customer.given_name {
-                    metadata.insert(
-                        "givenName".to_string(),
-                        serde_json::Value::String(given_name),
-                    );
-                }
-                if let Some(family_name) = customer.family_name {
-                    metadata.insert(
-                        "familyName".to_string(),
-                        serde_json::Value::String(family_name),
-                    );
-                }
-                if let Some(display_name) = customer.display_name {
-                    metadata.insert("name".to_string(), serde_json::Value::String(display_name));
-                }
+                match customer.schema_type {
+                    SchemaType::Person => {
+                        // For natural persons, use name hash instead of PII
+                        let full_name = match (&customer.given_name, &customer.family_name) {
+                            (Some(given), Some(family)) => format!("{} {}", given, family),
+                            (Some(given), None) => given.clone(),
+                            (None, Some(family)) => family.clone(),
+                            (None, None) => customer.display_name.clone().unwrap_or_default(),
+                        };
+
+                        if !full_name.is_empty() {
+                            // Add name hash according to TAIP-12
+                            originator = originator.with_name_hash(&full_name);
+                        }
 
-                // Add address information if available
-                if let Some(country) = customer.address_country {
-                    metadata.insert(
-                        "addressCountry".to_string(),
-                        serde_json::Value::String(country),
-                    );
-                }
-                if let Some(locality) = customer.address_locality {
-                    metadata.insert(
-                        "addressLocality".to_string(),
-                        serde_json::Value::String(locality),
-                    );
-                }
-                if let Some(postal_code) = customer.postal_code {
-                    metadata.insert(
-                        "postalCode".to_string(),
-                        serde_json::Value::String(postal_code),
-                    );
+                        // Add address information if available (still needed for compliance)
+                        if let Some(country) = customer.address_country {
+                            metadata.insert(
+                                "addressCountry".to_string(),
+                                serde_json::Value::String(country),
+                            );
+                        }
+                    }
+                    SchemaType::Organization => {
+                        // For organizations, include LEI code if available
+                        if let Some(lei_code) = customer.lei_code {
+                            originator = originator.with_lei(&lei_code);
+                        }
+
+                        // Add legal name for organizations
+                        if let Some(legal_name) = customer.legal_name {
+                            metadata.insert(
+                                "legalName".to_string(),
+                                serde_json::Value::String(legal_name),
+                            );
+                        }
+
+                        // Add address information if available
+                        if let Some(country) = customer.address_country {
+                            metadata.insert(
+                                "addressCountry".to_string(),
+                                serde_json::Value::String(country),
+                            );
+                        }
+                    }
+                    SchemaType::Thing => {
+                        // For other entity types, include minimal metadata
+                        if let Some(display_name) = customer.display_name {
+                            metadata.insert(
+                                "name".to_string(),
+                                serde_json::Value::String(display_name),
+                            );
+                        }
+                    }
                 }
 
-                originator = Party::with_metadata(&originator.id, metadata);
+                // Apply any additional metadata
+                if !metadata.is_empty() {
+                    originator = Party::with_metadata(&originator.id, metadata);
+                }
             }
         }
         // Also merge any provided metadata
@@ -180,44 +203,66 @@ impl ToolHandler for CreateTransferTool {
             if let Some(_profile) = customer.profile.as_object() {
                 let mut metadata = HashMap::new();
 
-                // Add name information if available
-                if let Some(given_name) = customer.given_name {
-                    metadata.insert(
-                        "givenName".to_string(),
-                        serde_json::Value::String(given_name),
-                    );
-                }
-                if let Some(family_name) = customer.family_name {
-                    metadata.insert(
-                        "familyName".to_string(),
-                        serde_json::Value::String(family_name),
-                    );
-                }
-                if let Some(display_name) = customer.display_name {
-                    metadata.insert("name".to_string(), serde_json::Value::String(display_name));
-                }
+                match customer.schema_type {
+                    SchemaType::Person => {
+                        // For natural persons, use name hash instead of PII
+                        let full_name = match (&customer.given_name, &customer.family_name) {
+                            (Some(given), Some(family)) => format!("{} {}", given, family),
+                            (Some(given), None) => given.clone(),
+                            (None, Some(family)) => family.clone(),
+                            (None, None) => customer.display_name.clone().unwrap_or_default(),
+                        };
+
+                        if !full_name.is_empty() {
+                            // Add name hash according to TAIP-12
+                            beneficiary = beneficiary.with_name_hash(&full_name);
+                        }
 
-                // Add address information if available
-                if let Some(country) = customer.address_country {
-                    metadata.insert(
-                        "addressCountry".to_string(),
-                        serde_json::Value::String(country),
-                    );
-                }
-                if let Some(locality) = customer.address_locality {
-                    metadata.insert(
-                        "addressLocality".to_string(),
-                        serde_json::Value::String(locality),
-                    );
-                }
-                if let Some(postal_code) = customer.postal_code {
-                    metadata.insert(
-                        "postalCode".to_string(),
-                        serde_json::Value::String(postal_code),
-                    );
+                        // Add address information if available (still needed for compliance)
+                        if let Some(country) = customer.address_country {
+                            metadata.insert(
+                                "addressCountry".to_string(),
+                                serde_json::Value::String(country),
+                            );
+                        }
+                    }
+                    SchemaType::Organization => {
+                        // For organizations, include LEI code if available
+                        if let Some(lei_code) = customer.lei_code {
+                            beneficiary = beneficiary.with_lei(&lei_code);
+                        }
+
+                        // Add legal name for organizations
+                        if let Some(legal_name) = customer.legal_name {
+                            metadata.insert(
+                                "legalName".to_string(),
+                                serde_json::Value::String(legal_name),
+                            );
+                        }
+
+                        // Add address information if available
+                        if let Some(country) = customer.address_country {
+                            metadata.insert(
+                                "addressCountry".to_string(),
+                                serde_json::Value::String(country),
+                            );
+                        }
+                    }
+                    SchemaType::Thing => {
+                        // For other entity types, include minimal metadata
+                        if let Some(display_name) = customer.display_name {
+                            metadata.insert(
+                                "name".to_string(),
+                                serde_json::Value::String(display_name),
+                            );
+                        }
+                    }
                 }
 
-                beneficiary = Party::with_metadata(&beneficiary.id, metadata);
+                // Apply any additional metadata
+                if !metadata.is_empty() {
+                    beneficiary = Party::with_metadata(&beneficiary.id, metadata);
+                }
             }
         }
         // Also merge any provided metadata
diff --git a/tap-mcp/tests/test_pii_hashing.rs b/tap-mcp/tests/test_pii_hashing.rs
@@ -0,0 +1,108 @@
+//! Test for PII hashing functionality in transfers
+
+use serde_json::json;
+use tap_node::storage::models::{Customer, SchemaType};
+
+#[tokio::test]
+async fn test_transfer_with_person_uses_name_hash() {
+    // Create a test setup with a person customer
+    let customer = Customer {
+        id: "did:example:alice".to_string(),
+        agent_did: "did:example:agent".to_string(),
+        schema_type: SchemaType::Person,
+        given_name: Some("Alice".to_string()),
+        family_name: Some("Lee".to_string()),
+        display_name: Some("Alice Lee".to_string()),
+        legal_name: None,
+        lei_code: None,
+        mcc_code: None,
+        address_country: Some("US".to_string()),
+        address_locality: None,
+        postal_code: None,
+        street_address: None,
+        profile: json!({
+            "@type": "Person",
+            "givenName": "Alice",
+            "familyName": "Lee"
+        }),
+        ivms101_data: None,
+        verified_at: None,
+        created_at: chrono::Utc::now().to_rfc3339(),
+        updated_at: chrono::Utc::now().to_rfc3339(),
+    };
+
+    // The expected name hash for "Alice Lee" according to TAIP-12
+    let expected_name_hash = "b117f44426c9670da91b563db728cd0bc8bafa7d1a6bb5e764d1aad2ca25032e";
+
+    // TODO: Complete test implementation once we have a proper test setup
+    // This would need:
+    // 1. Mock TAP integration
+    // 2. Mock storage that returns our test customer
+    // 3. Call CreateTransferTool with the customer's DID
+    // 4. Verify the resulting transfer has nameHash instead of PII
+
+    assert_eq!(expected_name_hash.len(), 64); // SHA-256 produces 64 hex chars
+}
+
+#[tokio::test]
+async fn test_transfer_with_organization_uses_lei_code() {
+    // Create a test setup with an organization customer
+    let customer = Customer {
+        id: "did:web:example.com".to_string(),
+        agent_did: "did:example:agent".to_string(),
+        schema_type: SchemaType::Organization,
+        given_name: None,
+        family_name: None,
+        display_name: Some("Example Corp".to_string()),
+        legal_name: Some("Example Corporation Ltd.".to_string()),
+        lei_code: Some("549300ZFEEJ2IP5VME73".to_string()), // Example LEI
+        mcc_code: Some("5812".to_string()),
+        address_country: Some("US".to_string()),
+        address_locality: Some("New York".to_string()),
+        postal_code: Some("10001".to_string()),
+        street_address: None,
+        profile: json!({
+            "@type": "Organization",
+            "legalName": "Example Corporation Ltd.",
+            "leiCode": "549300ZFEEJ2IP5VME73"
+        }),
+        ivms101_data: None,
+        verified_at: None,
+        created_at: chrono::Utc::now().to_rfc3339(),
+        updated_at: chrono::Utc::now().to_rfc3339(),
+    };
+
+    // TODO: Complete test implementation
+    // This would verify that:
+    // 1. LEI code is included in the transfer
+    // 2. Legal name is included
+    // 3. No name hash is generated for organizations
+
+    assert_eq!(customer.lei_code.unwrap().len(), 20); // LEI codes are 20 chars
+}
+
+#[test]
+fn test_name_hash_generation() {
+    use tap_msg::utils::NameHashable;
+
+    struct TestHasher;
+    impl NameHashable for TestHasher {}
+
+    // Test cases from TAIP-12
+    let hash1 = TestHasher::hash_name("Alice Lee");
+    assert_eq!(
+        hash1,
+        "b117f44426c9670da91b563db728cd0bc8bafa7d1a6bb5e764d1aad2ca25032e"
+    );
+
+    let hash2 = TestHasher::hash_name("Bob Smith");
+    assert_eq!(
+        hash2,
+        "5432e86b4d4a3a2b4be57b713b12c5c576c88459fe1cfdd760fd6c99a0e06686"
+    );
+
+    // Test normalization
+    assert_eq!(TestHasher::hash_name("ALICE LEE"), hash1);
+    assert_eq!(TestHasher::hash_name("alice lee"), hash1);
+    assert_eq!(TestHasher::hash_name("Alice  Lee"), hash1);
+}
diff --git a/tap-node/benches/stress_test.rs b/tap-node/benches/stress_test.rs
@@ -24,7 +24,7 @@ async fn create_test_message(
 ) -> (PlainMessage, Transfer) {
     // Create a simple transfer message
     let body = Transfer {
-        transaction_id: uuid::Uuid::new_v4().to_string(),
+        transaction_id: Some(uuid::Uuid::new_v4().to_string()),
         asset: tap_caip::AssetId::from_str(
             "eip155:1/erc20:0x6b175474e89094c44da98b954eedeac495271d0f",
         )

Original file line number	Diff line number	Diff line change
`@@ -24,7 +24,7 @@ async fn create_test_message(`
`24`	`24`	`) -> (PlainMessage, Transfer) {`
`25`	`25`	`// Create a simple transfer message`
`26`	`26`	`let body = Transfer {`
`27`		`- transaction_id: uuid::Uuid::new_v4().to_string(),`
	`27`	`+ transaction_id: Some(uuid::Uuid::new_v4().to_string()),`
`28`	`28`	`asset: tap_caip::AssetId::from_str(`
`29`	`29`	`"eip155:1/erc20:0x6b175474e89094c44da98b954eedeac495271d0f",`
`30`	`30`	`)`