Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From ap2-agentic-payments
Implements AP2 Cart Mandate to create, sign, and verify carts binding merchant offers to user authorization for human-present checkouts.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin ap2-agentic-paymentsHow this skill is triggered — by the user, by Claude, or both
Slash command
/ap2-agentic-payments:ap2-cart-mandateThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Fetch live docs**:
Implements AP2 Payment Mandate VDC to signal AI involvement and user authorization in payments. Guides schema fetch, construction for merchant processors in auth flows, tokenization.
Implements UCP AP2 Mandates for autonomous agent payments using SD-JWT credentials, JWS merchant signatures, and Agent Payments Protocol in 7-step flow with security lock.
Implements ACP REST checkout API: create, update, retrieve, complete, cancel sessions with state machine, data models, and headers. For merchant endpoints and AI agent flows.
Share bugs, ideas, or general feedback.
Fetch live docs:
https://ap2-protocol.org/specification/ for the Cart Mandate schemasite:github.com google-agentic-commerce AP2 src/ap2/types mandate for the Python type definitionssite:github.com google-agentic-commerce AP2 samples cart mandate for sample implementationshttps://ap2-protocol.org/topics/core-concepts/ for Cart Mandate conceptual detailsThe Cart Mandate is the primary VDC for human-present transactions. It captures explicit user authorization for a specific set of items at specific prices, cryptographically binding the user's identity and consent to the exact transaction details.
The Merchant Endpoint creates and signs the Cart Mandate after receiving an Intent Mandate from the Shopping Agent. The merchant's signature guarantees fulfillment of the specified items at the specified prices.
Two signatures are required:
A CartMandate has two parts: contents (CartContents) and merchant_authorization (a JWT).
CartContents fields: id, user_cart_confirmation_required, payment_request (W3C PaymentRequest), cart_expiry, merchant_name.
Based on the specification, key fields include:
{
"contents": {
"id": "cart_identifier",
"user_cart_confirmation_required": true,
"payment_request": {
"method_data": [
{
"supportedMethods": "https://processor.example.com/pay",
"data": { ... }
}
],
"details": {
"id": "order_id",
"displayItems": [
{ "label": "Product Name", "amount": { "currency": "USD", "value": "29.99" } }
],
"total": {
"label": "Total",
"amount": { "currency": "USD", "value": "29.99" }
},
"shipping_options": null
},
"options": {
"requestPayerName": true,
"requestShipping": true,
"requestPayerEmail": false,
"requestPayerPhone": false
}
},
"cart_expiry": "2025-09-01T13:00:00Z",
"merchant_name": "Example Merchant"
},
"merchant_authorization": "<base64url-header>..<base64url-signature>"
}
Cart Mandates embed the W3C Payment Request API structure:
The merchant_authorization is a Base64url-encoded JWT using detached JWS format: <base64url-header>..<base64url-signature> (double dots — the payload is omitted because it is the canonicalized CartContents).
Supported signing algorithms: ES256, ES384, ES512 (ECDSA with P-256, P-384, P-521 curves).
JCS (RFC 8785) canonicalization is applied to the CartContents JSON before signing, ensuring deterministic serialization.
The JWT header MUST include alg and kid claims. The JWT payload includes: iss, aud, iat, exp, jti, cart_hash.
The merchant authorization guarantees:
The user signature proves:
Fetch the specification for exact Cart Mandate fields, signature format, and the payment_request schema before implementing.