ap2·conformance
reference verifier: conformant

Does your agent-payment verifier
actually agree with AP2?

AP2 mandates are the signed permission slips that prove an AI agent was allowed to spend — who authorized it, how much, to whom. Every facilitator, wallet and merchant writes software to check those slips. If they don't check identically, payments break and forgeries slip through.

This is the standardized exam. 67 checks — genuine slips and deliberately forged ones — each with the right answer taken straight from AP2's own reference implementation. Run your verifier against it and find out exactly where you diverge.

See the checks Run it on your verifier

Independent & open source · Apache-2.0 · Not an official AP2 or FIDO certification — "conformant" means it reproduces the reference implementation's behaviour.

Why a conformance suite, at all

A spec is just prose until something pins the exact behaviour. That's how TLS, JWT and WebAuthn became trustworthy — someone built the test battery. AP2 didn't have one. Now it does.

⛓️‍💥

Interop or chaos

Two verifiers that don't agree means one facilitator authorizes a payment another rejects. A shared exam makes "valid" mean one thing.

🪤

Catch the forgeries

Most checks are the negative ones — tampered signatures, replays, truncated chains. Every forged vector here is confirmed rejected by AP2 itself.

🎯

The answer key is the reference

Vectors are minted from AP2's own SDK at a pinned commit — not our reading of the spec. Passing means you match AP2's actual behaviour.

Anatomy of a mandate

Authority flows down a chain of signed slips — by key, never by name. Click a guard to see what it protects and which checks enforce it.

ROOTissuer authorizes a budget
cnf →
AGENTdelegated to act
cnf →
TERMINALthe actual spend
Select a guard above to see what it protects ↑

Watch a forged slip get caught

A chain that's perfectly signed but replayed at the wrong merchant. The first checks pass — the binding to this merchant doesn't.

verify · replayed mandate

Conformance, live

Point it at any AP2 verifier that speaks the HTTP contract and run the chain vectors against it for real — server-side, so the target's CORS doesn't matter. Prefilled with the Good Meta reference verifier.

Full suite — reference verifier, in-process

All 67 checks against @goodmeta/agent-verifier. Core = AP2's SDK agrees (must pass). Hardening = stricter than AP2 (informational — a spec-faithful verifier won't match these, and that's fine).

0/ 62 core
0/ 5 hardening
checking…

Minted from AP2 e1ea56d · canonical clock 1780000000 · vector schema

Run it

Against the reference

# clone, then
npm install
npm run conformance

Exits non-zero on any core failure. Drop it in CI.

Against your verifier

import { runConformance } from "@goodmeta/ap2-conformance";

const report = await runConformance(myAdapter);
process.exit(report.conformant ? 0 : 1);

Implement six small methods (Ap2VerifierAdapter). Other language? The vectors are plain JSON — see the schema.

Decoder ring

The dSD-JWT chain in a dozen terms.