Agent install

Add enrichment without widening the data boundary.

Use this when the app already has safe transaction descriptors and needs display-safe merchant metadata.

Recipe

Give the coding agent the OpenAPI contract first, then this prompt. Keep the implementation to one endpoint, one descriptor at a time, deterministic caching, and explicit fallback behavior.

Agent prompt
You are modifying an existing fintech, expense, accounting, budgeting, or loyalty app.

Use this when the app already has safe transaction descriptors.

Integrate against `/openapi.json` and call `POST /v1/enrich` for one descriptor at a time.

Before the call:
- Reject card numbers, account numbers, full statements, bank credentials, emails, phone numbers, addresses, customer names, and customer PII.
- Keep card numbers, account numbers, full statements, bank credentials, emails, phone numbers, addresses, customer names, and customer PII out of requests, logs, cache keys, fixtures, and test output.

Store only display-safe enrichment fields:
- display_name
- normalized_merchant
- category and subcategory
- website
- logos
- confidence
- recurring_hint
- processor_hint
- location_hint
- signals and warnings

Cache successful responses by normalized merchant signature. Do not cache rejected sensitive input.

Handle low-confidence responses with fallback UI:
- show the cleaned or raw descriptor with warnings;
- do not invent merchant websites, categories, or logos.

Add tests with safe synthetic descriptors for Square, PayPal, Amazon marketplace, Apple billing, and a low-confidence local merchant.

Do not add batch enrichment, SDK generation, MCP tooling, or live merchant research. Do not call LLMs, crawlers, logo providers, or third-party enrichment APIs in the request path.

ChatGPT and custom GPT actions

For AI tools that can call APIs, use the same OpenAPI contract. Import /openapi.json, expose only POST /v1/enrich, and describe the action as one-descriptor enrichment for display-safe transaction data.

Authentication

Use API key authentication when public keys are available. Do not put secrets in prompts, examples, fixtures, browser code, or shared conversations.

Action boundary

Do not accept statement uploads or multi-transaction batches. The action should reject sensitive input before calling TxnKit.

Output handling

Use confidence, signals, and warnings as constraints. Do not invent missing websites, categories, logos, or merchant identities.