From 00e4044234dbb9279946f76e003ec362f9c54ecd Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 13:42:55 +0100 Subject: [PATCH 01/11] =?UTF-8?q?docs(ap2):=20AlgoVoi=20PQC/ZKP=20credenti?= =?UTF-8?q?al=20binding=20+=20ZKP=20receipt=20=E2=80=94=20production=20dep?= =?UTF-8?q?loyment=20notice?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/ap2/pqc_zkp_credential_binding.md | 170 +++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100644 docs/ap2/pqc_zkp_credential_binding.md diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md new file mode 100644 index 00000000..fc767898 --- /dev/null +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -0,0 +1,170 @@ +# AP2 — PQC credential binding + ZKP receipt in production + +**Repo:** google-agentic-commerce/AP2 +**Related open PRs:** #270 (lifecycle), #271 (settlement), #272 (trust query), #273 (RFC 9421), #274 (PEF) +**Type:** Production deployment notice + +--- + +## Production status + +AlgoVoi's AP2 `POST /ap2/confirm` is **live in production** with ZKP-bound payment evidence and full agent session spend tracking as of 2026-06-04. + +--- + +## New response headers on `POST /ap2/confirm` (Phase 2 ATB sessions only) + +```http +HTTP/1.1 200 OK +X-ZKP-Receipt-Payload: +X-Composite-Trust-Verdict: TRUSTED + +{"verified": true, "access_token": "...", "settlement_attestation": {"settlement_result": "SETTLED", ...}} +``` + +Additionally: **agent session spend cap is now wired** to `/ap2/confirm` — payments made via session JWT decrement the cap; exceeded cap returns `402 agent_spend_cap_exceeded`. + +Both headers are **only present for Phase 2 ATB sessions**. All existing AP2 flows are unaffected. + +--- + +## Agent credential flow for AP2 + +AP2 is a mandate-based protocol. The ZKP credential binds at the `/ap2/confirm` step, after the `CartMandate` and `PaymentMandate` have been accepted: + +``` +1. Agent → POST /auth/token + Headers: X-Tenant-Id, Authorization: Bearer + Body: { "atb_zk_credential": "", "spend_cap_usd": 100.0 } + ← session JWT issued; ZKP commitment + proof bound to session; spend cap initialised + +2. Agent → POST /ap2/intent (IntentMandate) + Authorization: Bearer + +3. Agent → POST /ap2/cart (CartMandate, merchant-signed) + Authorization: Bearer + +4. Agent → POST /ap2/pay (initiate on-chain payment) + Authorization: Bearer + +5. Agent → POST /ap2/confirm + Authorization: Bearer + Body: { "tx_id": "...", "network": "...", "payment_id": "..." } + ← 200 OK with X-ZKP-Receipt-Payload + X-Composite-Trust-Verdict + Spend cap decremented by confirmed payment amount +``` + +The session token is valid across the full AP2 lifecycle. Once `spend_cap_usd` is exhausted, further payments return `402 agent_spend_cap_exceeded`. + +--- + +## Composite trust verdict + +The `X-Composite-Trust-Verdict` header composes the AP2 settlement attestation with the ZKP receipt at confirmation time. Independently reproducible: + +```http +POST https://api.algovoi.co.uk/compliance/trust-query +Content-Type: application/json + +{ + "receipts": [ + { + "settlement_result": "SETTLED", + "settlement_provider_did": "did:web:api.algovoi.co.uk" + }, + { + "type": "zkp_receipt", + "threshold_met": true, + "bench_issuer": "did:web:agent-trust-bench.algovoi.co.uk" + } + ] +} +``` + +```json +{ + "trust_outcome": "TRUSTED", + "composite_hash": "36042eb288b6557aed801ed9a2fe6e077b31bd7261a4dffbe8107ef078867f10", + "receipt_count": 2 +} +``` + +Possible verdicts: `TRUSTED` · `PROVISIONAL` (`PENDING_FINALITY`) · `INSUFFICIENT_EVIDENCE` · `UNTRUSTED`. +Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) — open PR #272. + +--- + +## Validation stages + +**Stage 1 — Specification** + +| Reference | Subject | +|---|---| +| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorisation | +| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` | +| [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | +| [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | + +**Stage 2 — Implementation** + +Production deployment to `api.algovoi.co.uk` as of 2026-06-04: +- `algovoi-federation-validator` v0.1.1 — 59/59 tests pass +- `algovoi-zkp-receipt` v0.1.0 — 13/13 tests pass +- Gateway agent auth + ZKP receipt pipeline — 75/75 tests pass +- ATB ZKP service (Rust / Bulletproofs / Ristretto255) — live +- AP2 spend cap wiring — now complete (was missing; fixed 2026-06-04) + +**Stage 3 — Cross-language conformance** + +`zkp_receipt_v1` payload canonicalisation validated byte-for-byte across 8 independent JCS implementations: + +| Language | Result | +|---|---| +| Python `rfc8785 0.1.4` | **8/8 PASS** | +| Node.js `canonicalize 3.0.0` | **8/8 PASS** | +| Ruby `json-canonicalization 1.0.0` | **8/8 PASS** | +| PHP `root23/php-json-canonicalization 1.0.1` | **8/8 PASS** | +| Go `gowebpki/jcs v1.0.1` | **8/8 PASS** | +| Rust / Java / .NET | By transitivity — 320/320 prior attestation | + +Attestation: [`2026-06-04-zkp-receipt-v1-cross-validation.md`](https://github.com/chopmob-cloud/algovoi-jcs-conformance-vectors/blob/main/_attestations/2026-06-04-zkp-receipt-v1-cross-validation.md) +Cumulative: **664/664** byte-for-byte agreements across 9 vector sets, 8 JCS implementations. + +**Stage 4 — Live production smoke** + +- 13/13 service checks pass +- All four CTQ verdicts verified live +- ATB bench score: 128/138 (92.8%) +- 7 chains: Algorand, VOI, Hedera, Stellar, Base, Solana, Tempo + +--- + +## Licensing — these packages are not open source + +Three deployment paths are available: + +**1. Hosted commercial application** +Use `api.algovoi.co.uk` directly — the full PQC/ZKP/Federation stack is live under the standard AlgoVoi 0.50% transaction fee. No additional licence required. All response headers are available to session-authenticated tenants. + +**2. Commercial Docker instances** +Run `algovoi-federation-validator` and `algovoi-zkp-receipt` as Docker containers on your own infrastructure under the **AlgoVoi Commercial License v1.0**. Production-grade Docker images are available to licence holders. Evaluation use (non-commercial, non-production) is free. + +**3. Enterprise / OEM / acquisition** +Custom on-premise deployments, white-label integrations, and acquisition enquiries. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). + +--- + +The **self-hosted implementation packages are proprietary and will not be open-sourced under any circumstances**: + +| Package | Licence | +|---|---| +| `algovoi-federation-validator` | **AlgoVoi Commercial License v1.0 — not open source** | +| `algovoi-zkp-receipt` | **AlgoVoi Commercial License v1.0 — not open source** | + +There is no Apache, MIT, or community-licence path for these packages. Production deployment, revenue-generating use, or managed-service operation requires a written Commercial Licence Agreement. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). + +All 31 AlgoVoi substrate packages remain Apache 2.0. + +--- + +*AlgoVoi (chopmob-cloud) -- [docs.algovoi.co.uk/pqc-substrate](https://docs.algovoi.co.uk/pqc-substrate)* From f0fdddfaea8fbaeeca45570973b894e225df79a0 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 13:45:15 +0100 Subject: [PATCH 02/11] Update docs/ap2/pqc_zkp_credential_binding.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- docs/ap2/pqc_zkp_credential_binding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index fc767898..a8e3fc0c 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -150,7 +150,7 @@ Use `api.algovoi.co.uk` directly — the full PQC/ZKP/Federation stack is live u Run `algovoi-federation-validator` and `algovoi-zkp-receipt` as Docker containers on your own infrastructure under the **AlgoVoi Commercial License v1.0**. Production-grade Docker images are available to licence holders. Evaluation use (non-commercial, non-production) is free. **3. Enterprise / OEM / acquisition** -Custom on-premise deployments, white-label integrations, and acquisition enquiries. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). +Custom on-premises deployments, white-label integrations, and acquisition enquiries. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). --- From 9b74c415cccf9233f8a63f38d6bbf95ee234f793 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 13:45:34 +0100 Subject: [PATCH 03/11] Update docs/ap2/pqc_zkp_credential_binding.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> --- docs/ap2/pqc_zkp_credential_binding.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index a8e3fc0c..e482dd5c 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -161,7 +161,7 @@ The **self-hosted implementation packages are proprietary and will not be open-s | `algovoi-federation-validator` | **AlgoVoi Commercial License v1.0 — not open source** | | `algovoi-zkp-receipt` | **AlgoVoi Commercial License v1.0 — not open source** | -There is no Apache, MIT, or community-licence path for these packages. Production deployment, revenue-generating use, or managed-service operation requires a written Commercial Licence Agreement. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). +There is no Apache, MIT, or community-licence path for these packages. Production deployment, revenue-generating use, or managed-service operation requires a written Commercial License Agreement. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). All 31 AlgoVoi substrate packages remain Apache 2.0. From b193dac75edd8b42d84a52c7ede9f4ab8dfdf02b Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 13:53:21 +0100 Subject: [PATCH 04/11] fix(lint): headings, table style, code block lang, spellcheck words --- docs/ap2/pqc_zkp_credential_binding.md | 31 +++++++++++++------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index e482dd5c..cd41ac65 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -32,11 +32,11 @@ Both headers are **only present for Phase 2 ATB sessions**. All existing AP2 flo AP2 is a mandate-based protocol. The ZKP credential binds at the `/ap2/confirm` step, after the `CartMandate` and `PaymentMandate` have been accepted: -``` +```text 1. Agent → POST /auth/token Headers: X-Tenant-Id, Authorization: Bearer Body: { "atb_zk_credential": "", "spend_cap_usd": 100.0 } - ← session JWT issued; ZKP commitment + proof bound to session; spend cap initialised + ← session JWT issued; ZKP commitment + proof bound to session; spend cap initialized 2. Agent → POST /ap2/intent (IntentMandate) Authorization: Bearer @@ -96,30 +96,31 @@ Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.iet ## Validation stages -**Stage 1 — Specification** +### Stage 1 — Specification | Reference | Subject | -|---|---| -| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorisation | +| --- | --- | +| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization | | [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` | | [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | | [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | -**Stage 2 — Implementation** +### Stage 2 — Implementation Production deployment to `api.algovoi.co.uk` as of 2026-06-04: + - `algovoi-federation-validator` v0.1.1 — 59/59 tests pass - `algovoi-zkp-receipt` v0.1.0 — 13/13 tests pass - Gateway agent auth + ZKP receipt pipeline — 75/75 tests pass - ATB ZKP service (Rust / Bulletproofs / Ristretto255) — live - AP2 spend cap wiring — now complete (was missing; fixed 2026-06-04) -**Stage 3 — Cross-language conformance** +### Stage 3 — Cross-language conformance -`zkp_receipt_v1` payload canonicalisation validated byte-for-byte across 8 independent JCS implementations: +`zkp_receipt_v1` payload canonicalization validated byte-for-byte across 8 independent JCS implementations: | Language | Result | -|---|---| +| --- | --- | | Python `rfc8785 0.1.4` | **8/8 PASS** | | Node.js `canonicalize 3.0.0` | **8/8 PASS** | | Ruby `json-canonicalization 1.0.0` | **8/8 PASS** | @@ -130,7 +131,7 @@ Production deployment to `api.algovoi.co.uk` as of 2026-06-04: Attestation: [`2026-06-04-zkp-receipt-v1-cross-validation.md`](https://github.com/chopmob-cloud/algovoi-jcs-conformance-vectors/blob/main/_attestations/2026-06-04-zkp-receipt-v1-cross-validation.md) Cumulative: **664/664** byte-for-byte agreements across 9 vector sets, 8 JCS implementations. -**Stage 4 — Live production smoke** +### Stage 4 — Live production smoke - 13/13 service checks pass - All four CTQ verdicts verified live @@ -144,10 +145,10 @@ Cumulative: **664/664** byte-for-byte agreements across 9 vector sets, 8 JCS imp Three deployment paths are available: **1. Hosted commercial application** -Use `api.algovoi.co.uk` directly — the full PQC/ZKP/Federation stack is live under the standard AlgoVoi 0.50% transaction fee. No additional licence required. All response headers are available to session-authenticated tenants. +Use `api.algovoi.co.uk` directly — the full PQC/ZKP/Federation stack is live under the standard AlgoVoi 0.50% transaction fee. No additional license required. All response headers are available to session-authenticated tenants. **2. Commercial Docker instances** -Run `algovoi-federation-validator` and `algovoi-zkp-receipt` as Docker containers on your own infrastructure under the **AlgoVoi Commercial License v1.0**. Production-grade Docker images are available to licence holders. Evaluation use (non-commercial, non-production) is free. +Run `algovoi-federation-validator` and `algovoi-zkp-receipt` as Docker containers on your own infrastructure under the **AlgoVoi Commercial License v1.0**. Production-grade Docker images are available to license holders. Evaluation use (non-commercial, non-production) is free. **3. Enterprise / OEM / acquisition** Custom on-premises deployments, white-label integrations, and acquisition enquiries. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). @@ -156,12 +157,12 @@ Custom on-premises deployments, white-label integrations, and acquisition enquir The **self-hosted implementation packages are proprietary and will not be open-sourced under any circumstances**: -| Package | Licence | -|---|---| +| Package | License | +| --- | --- | | `algovoi-federation-validator` | **AlgoVoi Commercial License v1.0 — not open source** | | `algovoi-zkp-receipt` | **AlgoVoi Commercial License v1.0 — not open source** | -There is no Apache, MIT, or community-licence path for these packages. Production deployment, revenue-generating use, or managed-service operation requires a written Commercial License Agreement. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). +There is no Apache, MIT, or community-license path for these packages. Production deployment, revenue-generating use, or managed-service operation requires a written Commercial License Agreement. Contact [hello@algovoi.co.uk](mailto:hello@algovoi.co.uk). All 31 AlgoVoi substrate packages remain Apache 2.0. From 03bde0a3f1b62c3dac6147ae13eaf255f5c44ff1 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 14:00:53 +0100 Subject: [PATCH 05/11] fix(spellcheck): add AlgoVoi domain words to custom wordlist --- .cspell/custom-words.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.cspell/custom-words.txt b/.cspell/custom-words.txt index ce73c361..0b16463a 100644 --- a/.cspell/custom-words.txt +++ b/.cspell/custom-words.txt @@ -185,3 +185,15 @@ XVCJ Yapily Zalopay Zalora + +algovoi +AlgoVoi +Voi's +IACR +Ristretto +canonicalization +gowebpki +Hedera +chopmob +hopley +Hopley From 0d812a8de6c5fb8ffcef350ceebdbbf80af1b54f Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 14:05:56 +0100 Subject: [PATCH 06/11] fix(lint): add biome.json exclusion for web-client --- biome.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 biome.json diff --git a/biome.json b/biome.json new file mode 100644 index 00000000..b867da0b --- /dev/null +++ b/biome.json @@ -0,0 +1,5 @@ +{ + "files": { + "includes": ["**", "!code/web-client"] + } +} From f62e183c234b06af772e9d2ce1c028c7460eb302 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 14:12:26 +0100 Subject: [PATCH 07/11] docs: mark IETF drafts as under review --- docs/ap2/pqc_zkp_credential_binding.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index cd41ac65..a89b12e6 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -100,8 +100,8 @@ Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.iet | Reference | Subject | | --- | --- | -| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization | -| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` | +| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under IETF review | +| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under IETF review | | [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | | [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | From 36e945ac65f7e817cdbbfe27760acbb4589a5c59 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 14:30:06 +0100 Subject: [PATCH 08/11] =?UTF-8?q?docs:=20IETF=20drafts=20=E2=80=94=20under?= =?UTF-8?q?=20editor=20review?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/ap2/pqc_zkp_credential_binding.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index a89b12e6..b951b995 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -100,8 +100,8 @@ Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.iet | Reference | Subject | | --- | --- | -| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under IETF review | -| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under IETF review | +| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under editor review | +| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under editor review | | [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | | [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | From 7a58ef1a6d11978b71b78d48585d93cefb6e5796 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 15:20:18 +0100 Subject: [PATCH 09/11] fix: correct IETF datatracker URLs (remove -00 version suffix) --- docs/ap2/pqc_zkp_credential_binding.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index b951b995..fb4183f1 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -100,8 +100,8 @@ Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.iet | Reference | Subject | | --- | --- | -| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding-00/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under editor review | -| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp-00/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under editor review | +| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under editor review | +| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under editor review | | [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | | [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | From 28577d5712738494642758b8319c9de311fa2ccb Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Thu, 4 Jun 2026 15:22:28 +0100 Subject: [PATCH 10/11] fix: remove -00 version suffix from IETF draft link text --- docs/ap2/pqc_zkp_credential_binding.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index fb4183f1..06f16516 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -100,8 +100,8 @@ Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.iet | Reference | Subject | | --- | --- | -| [`draft-hopley-x402-pqc-credential-binding-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under editor review | -| [`draft-hopley-x402-federation-zkp-00`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under editor review | +| [`draft-hopley-x402-pqc-credential-binding`](https://datatracker.ietf.org/doc/draft-hopley-x402-pqc-credential-binding/) | Falcon-1024 / ML-DSA-65 (NIST FIPS 204/206) credential binding to AP2 payment authorization — under editor review | +| [`draft-hopley-x402-federation-zkp`](https://datatracker.ietf.org/doc/draft-hopley-x402-federation-zkp/) | Cross-issuer ZKP composition; composite commitment: `SHA-256(domain ‖ comm_0 ‖ … ‖ nonce)` — under editor review | | [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) | Composite trust verdict — open PR #272 | | [IACR ePrint 2026/109852](https://eprint.iacr.org/2026/109852) | *"Agent Trust Bench: Adversarial Payment Profiling for Autonomous Agents with Post-Quantum Credential Binding and Cross-Issuer Federation"* — under IACR editor review | From 47e13f0dce3dd62f8f81d830bb9c8bb357e20d32 Mon Sep 17 00:00:00 2001 From: iLoveChicken Date: Sat, 6 Jun 2026 05:32:54 +0100 Subject: [PATCH 11/11] fix(lint): fenced code language (MD040) and table separator spacing (MD060) --- docs/ap2/pqc_zkp_credential_binding.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/ap2/pqc_zkp_credential_binding.md b/docs/ap2/pqc_zkp_credential_binding.md index 06f16516..5591424b 100644 --- a/docs/ap2/pqc_zkp_credential_binding.md +++ b/docs/ap2/pqc_zkp_credential_binding.md @@ -20,7 +20,7 @@ X-ZKP-Receipt-Payload: X-Composite-Trust-Verdict: TRUSTED {"verified": true, "access_token": "...", "settlement_attestation": {"settlement_result": "SETTLED", ...}} -``` +```text Additionally: **agent session spend cap is now wired** to `/ap2/confirm` — payments made via session JWT decrement the cap; exceeded cap returns `402 agent_spend_cap_exceeded`. @@ -52,7 +52,7 @@ AP2 is a mandate-based protocol. The ZKP credential binds at the `/ap2/confirm` Body: { "tx_id": "...", "network": "...", "payment_id": "..." } ← 200 OK with X-ZKP-Receipt-Payload + X-Composite-Trust-Verdict Spend cap decremented by confirmed payment amount -``` +```text The session token is valid across the full AP2 lifecycle. Once `spend_cap_usd` is exhausted, further payments return `402 agent_spend_cap_exceeded`. @@ -79,7 +79,7 @@ Content-Type: application/json } ] } -``` +```text ```json { @@ -87,7 +87,7 @@ Content-Type: application/json "composite_hash": "36042eb288b6557aed801ed9a2fe6e077b31bd7261a4dffbe8107ef078867f10", "receipt_count": 2 } -``` +```text Possible verdicts: `TRUSTED` · `PROVISIONAL` (`PENDING_FINALITY`) · `INSUFFICIENT_EVIDENCE` · `UNTRUSTED`. Specified in [`draft-hopley-x402-composite-trust-query`](https://datatracker.ietf.org/doc/draft-hopley-x402-composite-trust-query/) — open PR #272.