Counterparty Verification
A framework-agnostic PHP toolkit for counterparty due diligence: per-country registry lookups, sanctions screening, and optional AI-assisted risk research.
This is a due-diligence aid, not a compliance product. It does not make you “AML compliant” - compliance remains your responsibility. The risk score is advisory; the AI never decides hard pass/fail.
What it does
Given a counterparty (name, country, NIP, IBAN, EU VAT), the toolkit runs deterministic checks into a report of hard facts, then a risk strategy turns that report into an advisory assessment:
$outcome = $verifier->verify(new Counterparty('Acme Sp. z o.o.', 'PL', nip: '1234567890'));
$outcome->report->worstStatus(); // hard facts (pass / warning / fail / inconclusive)
$outcome->assessment->level; // advisory RiskLevel
$outcome->requiresHumanReview(); // true on adverse / inconclusive / low-confidence
Packages
The toolkit is developed as independent, single-purpose packages with lockstep versioning.
All four are published on Packagist - install
with composer require.
| Package | Packagist | Purpose |
|---|---|---|
| counterparty-core |  |
Domain, capability-aware registries, risk engine, PSR-18 adapters, contract tests |
| counterparty-ai |  |
Optional advisory AI risk research (native tool use) |
| counterparty-laravel |  |
Laravel bridge |
| counterparty-bundle |  |
Symfony bundle |
Documentation map
- Getting started - install and your first verification.
- Core concepts - architecture, domain model, the verification flow.
- Registries - capabilities, reference adapters, adding a country, contract tests.
- Sanctions screening - sanctions.network and OpenSanctions / yente.
- Risk engine - rules, country-specific scoring, custom strategies.
- AI risk research - providers, native tool use, grounding, deterministic tests.
- Framework integration - Laravel and Symfony.
- Recipes - end-to-end cookbooks.
- Configuration · Production & publishing · FAQ.
Design principles
- Hexagonal - the core depends only on PSR interfaces (HTTP, cache, log, clock).
- Capability-aware - checks ask “who can answer VAT status for PL?”, not “give me the
PL driver”. No coverage means an honest
inconclusive, never a guess. - Advisory AI - hard pass/fail is deterministic; the AI only contextualises, grounded in tool outputs with source URLs.
- Extensible in practice - adding a country is one driver + one registration, certified by a shipped contract test.