Use Kratos traits as subject in Oathkeeper keto authorizer

Hi there, I deployed Oathkeeper, Kratos and Keto for my app and I want to use Kratos traits (username) as a subject for evaluating access control.
Keto role:

{"id": "agent","members": ["username0"]}

Keto policy:

            "id": "myorg:resources:policies:policy:role:agent",
            "description": "Agent policy.",
            "subjects": [
            "effect": "allow",
            "resources": [
            "actions": [

Oathkeeper rule:

    handler: cookie_session
  handler: keto_engine_acp_ory
    subject: "{{ print .Extra.identity.traits.username }}"
    required_action: "view"
    required_resource: "myorg:resources:sample-resources"
  - handler: id_token

I got 403 when access resource, but when I try with Keto API, I got allowed: true

curl --location --request POST 'http://keto-host:4456/engines/acp/ory/exact/allowed' --header 'Content-Type: application/json' --header 'Content-Type: application/json' --data-raw '{
  "action": "view",
  "resource": "myorg:resources:sample-resources",
  "subject": "username0"

What is correct syntax to use Kratos traits as subject in Oathkeeper Keto authorizer? And is there any way to debug the template substitution (print the substituted subject)?

I fixed it, add flavor: exact to my oathkeeper rules solved the problem. Default flavor is regex