ap2-payment-handler 1.0.0

package/README.md

@@ -0,0 +1,133 @@
+# ap2-payment-handler
+
+> Non-custodial crypto payment handler for the AP2 Agent Payment Protocol. The first open-source, zero-escrow AP2 implementation.
+
+[![npm version](https://badge.fury.io/js/ap2-payment-handler.svg)](https://www.npmjs.com/package/ap2-payment-handler)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+## What is AP2?
+
+AP2 (Agent Payment Protocol) is Google's emerging standard for agentic commerce — enabling AI agents to negotiate and execute payments autonomously on behalf of users. This package implements the AP2 mandate lifecycle with a non-custodial, crypto-native approach.
+
+## Installation
+
+```bash
+npm install ap2-payment-handler
+```
+
+## Quick Start
+
+```typescript
+import { AP2PaymentHandler } from 'ap2-payment-handler';
+
+const handler = new AP2PaymentHandler({
+  supportedMethods: ['usdc_base', 'x402'],
+});
+
+// Create an intent mandate (agent-initiated)
+const mandate = handler.createIntentMandate({
+  agentId: 'my-agent-001',
+  merchantId: 'merchant-xyz',
+  maxAmount: 10.0,
+  currency: 'USDC',
+  ttl: Date.now() + 5 * 60_000, // 5 minutes
+});
+
+// Process payment
+const response = await handler.handle({
+  mandate,
+  preferredMethod: 'usdc_base',
+});
+
+if (response.success) {
+  console.log('Payment initiated:', response.transactionId);
+  console.log('Audit trail:', response.paymentMandate?.auditTrail);
+}
+```
+
+## Cart Payments
+
+```typescript
+const cartMandate = handler.createCartMandate({
+  agentId: 'my-agent-001',
+  lineItems: [
+    { name: 'API Credits', price: 5.0, qty: 2 },
+    { name: 'Priority Queue', price: 3.0, qty: 1 },
+  ],
+  total: 13.0,
+  currency: 'USDC',
+});
+
+const response = await handler.handle({
+  mandate: cartMandate,
+  preferredMethod: 'usdc_base',
+});
+```
+
+## HTTP 402 Payment Required (x402)
+
+```typescript
+import { X402Bridge } from 'ap2-payment-handler';
+
+const bridge = new X402Bridge();
+
+// When your agent receives a 402 response
+const paymentResponse = await bridge.handleResponse({
+  status: 402,
+  headers: response.headers,
+});
+
+if (paymentResponse) {
+  // Build proof and retry request
+  const proof = await bridge.buildPaymentProof({
+    amount: '5.00',
+    currency: 'USDC',
+    address: '0x...',
+    agentId: 'my-agent-001',
+  });
+}
+```
+
+## Supported Payment Methods
+
+| Method | Network | Description |
+|--------|---------|-------------|
+| `usdc_base` | Base (Coinbase L2) | USDC on Base — low fees, fast finality |
+| `x402` | Any | HTTP 402 Payment Required flow |
+| `usdc_arbitrum` | Arbitrum | USDC on Arbitrum One |
+| `usdc_optimism` | Optimism | USDC on Optimism |
+
+## Non-Custodial Design
+
+This package is **zero-escrow** by design:
+
+- **No private keys stored** — signing is delegated to your wallet/signer
+- **No funds held** — payment proofs reference on-chain transactions
+- **Full audit trail** — every mandate lifecycle step is logged
+- **EIP-712 compatible** — structured signing for human-readable approval
+
+All `PaymentMandate` objects carry `isNonCustodial: true` as a type-level guarantee.
+
+## API Reference
+
+### `AP2PaymentHandler`
+
+- `constructor({ supportedMethods })` — initialize with supported payment methods
+- `handle(request)` — process an AP2 payment request
+- `createIntentMandate(params)` — create an agent-initiated intent mandate
+- `createCartMandate(params)` — create a cart mandate from line items
+- `getSupportedMethods()` — list configured methods
+
+### `X402Bridge`
+
+- `parsePaymentRequired(headers)` — extract payment details from 402 headers
+- `buildPaymentProof(params)` — create a non-custodial payment proof
+- `handleResponse(response)` — handle HTTP responses, returns AP2PaymentResponse for 402
+
+### `validateMandate(mandate)`
+
+Validates a mandate and throws `AP2ValidationError` on failure.
+
+## License
+
+MIT © [AI Agent Economy](https://ai-agent-economy.com)

package/dist/__tests__/handler.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=handler.test.d.ts.map

package/dist/__tests__/handler.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/handler.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/handler.test.js

@@ -0,0 +1,251 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const handler_1 = require("../handler");
+const x402_1 = require("../x402");
+const validation_1 = require("../validation");
+const futureTime = Date.now() + 60000; // 1 minute from now
+const pastTime = Date.now() - 60000; // 1 minute ago
+function makeIntentMandate(overrides = {}) {
+    return {
+        type: 'intent',
+        agentId: 'agent-123',
+        merchantId: 'merchant-456',
+        maxAmount: 10.0,
+        currency: 'USDC',
+        ttl: futureTime,
+        isAgentInitiated: true,
+        isNonCustodial: true,
+        ...overrides,
+    };
+}
+function makeCartMandate(overrides = {}) {
+    return {
+        type: 'cart',
+        agentId: 'agent-123',
+        lineItems: [
+            { name: 'Widget', price: 5.0, qty: 2 },
+        ],
+        total: 10.0,
+        currency: 'USDC',
+        ...overrides,
+    };
+}
+describe('AP2PaymentHandler', () => {
+    let handler;
+    beforeEach(() => {
+        handler = new handler_1.AP2PaymentHandler({ supportedMethods: ['usdc_base', 'x402'] });
+    });
+    // 1. IntentMandate creation with correct flags
+    test('createIntentMandate sets isAgentInitiated and isNonCustodial', () => {
+        const mandate = handler.createIntentMandate({
+            agentId: 'a1',
+            merchantId: 'm1',
+            maxAmount: 5,
+            currency: 'USDC',
+            ttl: futureTime,
+        });
+        expect(mandate.isAgentInitiated).toBe(true);
+        expect(mandate.isNonCustodial).toBe(true);
+        expect(mandate.type).toBe('intent');
+    });
+    // 2. CartMandate total validation (correct sum)
+    test('validateMandate accepts CartMandate with correct total', () => {
+        const cart = makeCartMandate();
+        expect(() => (0, validation_1.validateMandate)(cart)).not.toThrow();
+    });
+    // 3. CartMandate total validation (wrong sum — should throw)
+    test('validateMandate rejects CartMandate with wrong total', () => {
+        const cart = makeCartMandate({ total: 99.0 });
+        expect(() => (0, validation_1.validateMandate)(cart)).toThrow(validation_1.AP2ValidationError);
+        expect(() => (0, validation_1.validateMandate)(cart)).toThrow(/mismatch/);
+    });
+    // 4. IntentMandate TTL validation (future TTL — valid)
+    test('validateMandate accepts IntentMandate with future TTL', () => {
+        const intent = makeIntentMandate({ ttl: futureTime });
+        expect(() => (0, validation_1.validateMandate)(intent)).not.toThrow();
+    });
+    // 5. IntentMandate TTL validation (past TTL — invalid)
+    test('validateMandate rejects IntentMandate with expired TTL', () => {
+        const intent = makeIntentMandate({ ttl: pastTime });
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(validation_1.AP2ValidationError);
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(/expired/);
+    });
+    // 6. Handler with usdc_base method
+    test('handle succeeds with usdc_base method', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'usdc_base',
+        });
+        expect(response.success).toBe(true);
+        expect(response.paymentMandate?.method).toBe('usdc_base');
+    });
+    // 7. Handler with x402 method
+    test('handle succeeds with x402 method', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'x402',
+        });
+        expect(response.success).toBe(true);
+        expect(response.paymentMandate?.method).toBe('x402');
+    });
+    // 8. Handler with unsupported method falls back
+    test('handle falls back to first supported method when preferred is unsupported', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'usdc_arbitrum',
+        });
+        expect(response.success).toBe(true);
+        expect(response.paymentMandate?.method).toBe('usdc_base');
+    });
+    // 9. Handler returns success with transactionId
+    test('handle returns transactionId on success', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'usdc_base',
+        });
+        expect(response.success).toBe(true);
+        expect(response.transactionId).toBeDefined();
+        expect(typeof response.transactionId).toBe('string');
+    });
+    // 10. Handler audit trail includes entries
+    test('handle returns paymentMandate with non-empty auditTrail', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'usdc_base',
+        });
+        expect(response.paymentMandate?.auditTrail.length).toBeGreaterThan(0);
+    });
+    // 11. PaymentMandate has isNonCustodial flag
+    test('paymentMandate has isNonCustodial set to true', async () => {
+        const response = await handler.handle({
+            mandate: makeIntentMandate(),
+            preferredMethod: 'usdc_base',
+        });
+        expect(response.paymentMandate?.isNonCustodial).toBe(true);
+    });
+    // 16. Validation rejects missing agentId
+    test('validateMandate rejects missing agentId', () => {
+        const intent = makeIntentMandate({ agentId: '' });
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(validation_1.AP2ValidationError);
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(/agentId/);
+    });
+    // 17. Validation rejects negative amount
+    test('validateMandate rejects negative maxAmount on IntentMandate', () => {
+        const intent = makeIntentMandate({ maxAmount: -5 });
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(validation_1.AP2ValidationError);
+        expect(() => (0, validation_1.validateMandate)(intent)).toThrow(/positive/);
+    });
+    // 18. createIntentMandate sets correct defaults
+    test('createIntentMandate preserves all provided params', () => {
+        const mandate = handler.createIntentMandate({
+            agentId: 'myAgent',
+            merchantId: 'myMerchant',
+            maxAmount: 25,
+            currency: 'USDC',
+            ttl: futureTime,
+        });
+        expect(mandate.agentId).toBe('myAgent');
+        expect(mandate.merchantId).toBe('myMerchant');
+        expect(mandate.maxAmount).toBe(25);
+        expect(mandate.currency).toBe('USDC');
+    });
+    // 19. createCartMandate with multiple items
+    test('createCartMandate with multiple line items', () => {
+        const mandate = handler.createCartMandate({
+            agentId: 'agent-1',
+            lineItems: [
+                { name: 'Item A', price: 3, qty: 2 },
+                { name: 'Item B', price: 4, qty: 1 },
+            ],
+            total: 10,
+            currency: 'USDC',
+        });
+        expect(mandate.type).toBe('cart');
+        expect(mandate.lineItems.length).toBe(2);
+        expect(mandate.total).toBe(10);
+    });
+    // 20. getSupportedMethods returns config
+    test('getSupportedMethods returns configured methods', () => {
+        const methods = handler.getSupportedMethods();
+        expect(methods).toContain('usdc_base');
+        expect(methods).toContain('x402');
+        expect(methods.length).toBe(2);
+    });
+});
+describe('X402Bridge', () => {
+    let bridge;
+    beforeEach(() => {
+        bridge = new x402_1.X402Bridge();
+    });
+    // 12. X402Bridge parsePaymentRequired
+    test('parsePaymentRequired extracts payment details from headers', async () => {
+        const headers = {
+            'x-payment-amount': '5.00',
+            'x-payment-currency': 'USDC',
+            'x-payment-address': '0xabc123',
+        };
+        const result = await bridge.parsePaymentRequired(headers);
+        expect(result.amount).toBe('5.00');
+        expect(result.currency).toBe('USDC');
+        expect(result.address).toBe('0xabc123');
+    });
+    // 13. X402Bridge buildPaymentProof
+    test('buildPaymentProof returns a proof and timestamp', async () => {
+        const result = await bridge.buildPaymentProof({
+            amount: '5.00',
+            currency: 'USDC',
+            address: '0xabc123',
+            agentId: 'agent-1',
+        });
+        expect(result.proof).toBeTruthy();
+        expect(typeof result.proof).toBe('string');
+        expect(result.timestamp).toBeGreaterThan(0);
+    });
+    // 14. X402Bridge handleResponse for 402 status
+    test('handleResponse returns AP2PaymentResponse for 402 status', async () => {
+        const response = await bridge.handleResponse({
+            status: 402,
+            headers: {
+                'x-payment-amount': '10.00',
+                'x-payment-currency': 'USDC',
+                'x-payment-address': '0xdef456',
+            },
+        });
+        expect(response).not.toBeNull();
+        expect(response?.success).toBe(false);
+        expect(response?.error).toContain('Payment required');
+    });
+    // 15. X402Bridge handleResponse for 200 status (null)
+    test('handleResponse returns null for non-402 status', async () => {
+        const response = await bridge.handleResponse({
+            status: 200,
+            headers: {},
+        });
+        expect(response).toBeNull();
+    });
+    // Additional: parsePaymentRequired with JSON header
+    test('parsePaymentRequired parses JSON x-payment-required header', async () => {
+        const headers = {
+            'x-payment-required': JSON.stringify({
+                amount: '7.50',
+                currency: 'USDC',
+                address: '0xfeed',
+            }),
+        };
+        const result = await bridge.parsePaymentRequired(headers);
+        expect(result.amount).toBe('7.50');
+        expect(result.address).toBe('0xfeed');
+    });
+    // Additional: buildPaymentProof encodes agentId
+    test('buildPaymentProof encodes agentId in proof', async () => {
+        const result = await bridge.buildPaymentProof({
+            amount: '1.00',
+            currency: 'USDC',
+            address: '0xabc',
+            agentId: 'agent-special',
+        });
+        const decoded = JSON.parse(Buffer.from(result.proof, 'base64').toString());
+        expect(decoded.agentId).toBe('agent-special');
+    });
+});
+//# sourceMappingURL=handler.test.js.map

package/dist/handler.d.ts

@@ -0,0 +1,14 @@
+import { AP2PaymentMethod, AP2PaymentRequest, AP2PaymentResponse, IntentMandate, CartMandate } from './types';
+export declare class AP2PaymentHandler {
+    private supportedMethods;
+    constructor(config: {
+        supportedMethods: AP2PaymentMethod[];
+    });
+    getSupportedMethods(): AP2PaymentMethod[];
+    createIntentMandate(params: Omit<IntentMandate, 'type' | 'isAgentInitiated' | 'isNonCustodial'>): IntentMandate;
+    createCartMandate(params: Omit<CartMandate, 'type'>): CartMandate;
+    private selectMethod;
+    private getAmount;
+    handle(request: AP2PaymentRequest): Promise<AP2PaymentResponse>;
+}
+//# sourceMappingURL=handler.d.ts.map

package/dist/handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"handler.d.ts","sourceRoot":"","sources":["../src/handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,gBAAgB,EAChB,iBAAiB,EACjB,kBAAkB,EAClB,aAAa,EACb,WAAW,EAEZ,MAAM,SAAS,CAAC;AAOjB,qBAAa,iBAAiB;IAC5B,OAAO,CAAC,gBAAgB,CAAqB;gBAEjC,MAAM,EAAE;QAAE,gBAAgB,EAAE,gBAAgB,EAAE,CAAA;KAAE;IAI5D,mBAAmB,IAAI,gBAAgB,EAAE;IAIzC,mBAAmB,CACjB,MAAM,EAAE,IAAI,CAAC,aAAa,EAAE,MAAM,GAAG,kBAAkB,GAAG,gBAAgB,CAAC,GAC1E,aAAa;IAShB,iBAAiB,CAAC,MAAM,EAAE,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,GAAG,WAAW;IAOjE,OAAO,CAAC,YAAY;IAQpB,OAAO,CAAC,SAAS;IAOX,MAAM,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,kBAAkB,CAAC;CAgDtE"}

package/dist/handler.js

@@ -0,0 +1,87 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AP2PaymentHandler = void 0;
+const validation_1 = require("./validation");
+function generateId() {
+    return Math.random().toString(36).substring(2) + Date.now().toString(36);
+}
+class AP2PaymentHandler {
+    constructor(config) {
+        this.supportedMethods = config.supportedMethods;
+    }
+    getSupportedMethods() {
+        return [...this.supportedMethods];
+    }
+    createIntentMandate(params) {
+        return {
+            type: 'intent',
+            isAgentInitiated: true,
+            isNonCustodial: true,
+            ...params,
+        };
+    }
+    createCartMandate(params) {
+        return {
+            type: 'cart',
+            ...params,
+        };
+    }
+    selectMethod(preferred) {
+        if (this.supportedMethods.includes(preferred)) {
+            return preferred;
+        }
+        // Fallback to first supported method
+        return this.supportedMethods.length > 0 ? this.supportedMethods[0] : null;
+    }
+    getAmount(mandate) {
+        if (mandate.type === 'intent') {
+            return mandate.maxAmount;
+        }
+        return mandate.total;
+    }
+    async handle(request) {
+        try {
+            (0, validation_1.validateMandate)(request.mandate);
+        }
+        catch (err) {
+            return {
+                success: false,
+                error: err.message,
+            };
+        }
+        const method = this.selectMethod(request.preferredMethod);
+        if (!method) {
+            return {
+                success: false,
+                error: 'No supported payment methods available',
+            };
+        }
+        const mandateId = generateId();
+        const timestamp = Date.now();
+        const amount = this.getAmount(request.mandate);
+        const auditTrail = [
+            `[${new Date(timestamp).toISOString()}] Mandate received: type=${request.mandate.type}, agentId=${request.mandate.agentId}`,
+            `[${new Date(timestamp).toISOString()}] Payment method selected: ${method}`,
+            `[${new Date(timestamp).toISOString()}] Non-custodial payment initiated: amount=${amount} ${request.mandate.currency}`,
+            `[${new Date(timestamp).toISOString()}] MandateId assigned: ${mandateId}`,
+        ];
+        const paymentMandate = {
+            type: 'payment',
+            mandateId,
+            method,
+            amount,
+            currency: request.mandate.currency,
+            auditTrail,
+            timestamp,
+            isNonCustodial: true,
+        };
+        const transactionId = `tx_${generateId()}`;
+        return {
+            success: true,
+            transactionId,
+            paymentMandate,
+        };
+    }
+}
+exports.AP2PaymentHandler = AP2PaymentHandler;
+//# sourceMappingURL=handler.js.map

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from './types';
+export * from './handler';
+export * from './x402';
+export * from './validation';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,SAAS,CAAC;AACxB,cAAc,WAAW,CAAC;AAC1B,cAAc,QAAQ,CAAC;AACvB,cAAc,cAAc,CAAC"}

package/dist/index.js

@@ -0,0 +1,21 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./types"), exports);
+__exportStar(require("./handler"), exports);
+__exportStar(require("./x402"), exports);
+__exportStar(require("./validation"), exports);
+//# sourceMappingURL=index.js.map

package/dist/types.d.ts

@@ -0,0 +1,47 @@
+export type AP2PaymentMethod = 'usdc_base' | 'x402' | 'usdc_arbitrum' | 'usdc_optimism';
+export type MandateType = 'intent' | 'cart' | 'payment';
+export interface IntentMandate {
+    type: 'intent';
+    agentId: string;
+    merchantId: string;
+    maxAmount: number;
+    currency: string;
+    ttl: number;
+    isAgentInitiated: true;
+    isNonCustodial: true;
+    signature?: string;
+}
+export interface LineItem {
+    name: string;
+    price: number;
+    qty: number;
+}
+export interface CartMandate {
+    type: 'cart';
+    agentId: string;
+    lineItems: LineItem[];
+    total: number;
+    currency: string;
+    signature?: string;
+}
+export interface PaymentMandate {
+    type: 'payment';
+    mandateId: string;
+    method: AP2PaymentMethod;
+    amount: number;
+    currency: string;
+    auditTrail: string[];
+    timestamp: number;
+    isNonCustodial: true;
+}
+export interface AP2PaymentRequest {
+    mandate: IntentMandate | CartMandate;
+    preferredMethod: AP2PaymentMethod;
+}
+export interface AP2PaymentResponse {
+    success: boolean;
+    transactionId?: string;
+    error?: string;
+    paymentMandate?: PaymentMandate;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,WAAW,GAAG,MAAM,GAAG,eAAe,GAAG,eAAe,CAAC;AAExF,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,MAAM,GAAG,SAAS,CAAC;AAExD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,QAAQ,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC;IACZ,gBAAgB,EAAE,IAAI,CAAC;IACvB,cAAc,EAAE,IAAI,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,SAAS,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,gBAAgB,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,IAAI,CAAC;CACtB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,aAAa,GAAG,WAAW,CAAC;IACrC,eAAe,EAAE,gBAAgB,CAAC;CACnC;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,OAAO,CAAC;IACjB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC"}

package/dist/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/validation.d.ts

@@ -0,0 +1,6 @@
+import { IntentMandate, CartMandate } from './types';
+export declare class AP2ValidationError extends Error {
+    constructor(message: string);
+}
+export declare function validateMandate(mandate: IntentMandate | CartMandate): void;
+//# sourceMappingURL=validation.d.ts.map

package/dist/validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../src/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAErD,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,aAAa,GAAG,WAAW,GAAG,IAAI,CAmD1E"}

package/dist/validation.js

@@ -0,0 +1,61 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AP2ValidationError = void 0;
+exports.validateMandate = validateMandate;
+class AP2ValidationError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'AP2ValidationError';
+    }
+}
+exports.AP2ValidationError = AP2ValidationError;
+function validateMandate(mandate) {
+    if (!mandate.agentId) {
+        throw new AP2ValidationError('Missing required field: agentId');
+    }
+    if (mandate.type === 'intent') {
+        if (!mandate.merchantId) {
+            throw new AP2ValidationError('Missing required field: merchantId');
+        }
+        if (mandate.maxAmount === undefined || mandate.maxAmount === null) {
+            throw new AP2ValidationError('Missing required field: maxAmount');
+        }
+        if (typeof mandate.maxAmount !== 'number' || mandate.maxAmount <= 0) {
+            throw new AP2ValidationError('maxAmount must be a positive number');
+        }
+        if (!mandate.currency) {
+            throw new AP2ValidationError('Missing required field: currency');
+        }
+        if (!mandate.ttl) {
+            throw new AP2ValidationError('Missing required field: ttl');
+        }
+        if (mandate.ttl < Date.now()) {
+            throw new AP2ValidationError('IntentMandate TTL has expired');
+        }
+    }
+    else if (mandate.type === 'cart') {
+        if (!mandate.lineItems || mandate.lineItems.length === 0) {
+            throw new AP2ValidationError('CartMandate must have at least one line item');
+        }
+        if (!mandate.currency) {
+            throw new AP2ValidationError('Missing required field: currency');
+        }
+        if (mandate.total === undefined || mandate.total === null) {
+            throw new AP2ValidationError('Missing required field: total');
+        }
+        if (typeof mandate.total !== 'number' || mandate.total <= 0) {
+            throw new AP2ValidationError('total must be a positive number');
+        }
+        const computedTotal = mandate.lineItems.reduce((sum, item) => {
+            return sum + item.price * item.qty;
+        }, 0);
+        const diff = Math.abs(computedTotal - mandate.total);
+        if (diff > 0.001) {
+            throw new AP2ValidationError(`CartMandate total mismatch: expected ${computedTotal.toFixed(4)}, got ${mandate.total.toFixed(4)}`);
+        }
+    }
+    else {
+        throw new AP2ValidationError('Unknown mandate type');
+    }
+}
+//# sourceMappingURL=validation.js.map