Agent Factory Recap: Can you do my shopping?

Published: 5 days ago (December 19, 2025 at 02:44 PM EST)

6 min read

Source: Dev.to

Quick‑Start Guide

Use the timestamps below to jump to the sections that interest you. Each segment includes a short summary and links to the relevant parts of the show notes.

Timestamp	Segment	Summary
[01:43]	The Trust Problem	Why an AI ticket‑buying agent needs to be trusted with your money and personal data.
[02:29]	Why the Current Payment Stack Fails Agents	Three core challenges (authorization, agent error, accountability) and how the Agent Payment Protocol (AP2) solves them.
[04:33]	Roles & Separation of Concerns	The four specialized participants in the AP2 ecosystem and why the shopping agent never handles raw card data.
[06:15]	Verifiable Credentials (VCs)	The three mandate types (Cart, Intent, Payment) that act as cryptographic proof of agreement.
[08:03]	Contractual Conversational Model	Walk‑through of a human‑present purchase flow, from delegation to final authorization.
[13:07]	Q&A – Trust & Registries	How allow‑lists, decentralized registries, and web‑standard identity verification fit into the short‑ and long‑term roadmap.
[14:42]	Payments‑Grade Security	AP2’s “payments‑grade” guarantees on top of A2A and MCP.
[16:03]	Chargeback Protection	How a signed Cart Mandate protects merchants and users when the wrong product is approved.
[18:04]	Live Demo	A step‑by‑step demo of the human‑present flow (video link).

1️⃣ The Trust Problem (01:43)

“What if an agent could buy concert tickets for you the moment they go on sale? You want two tickets, a max spend of $200, and a good view. To let an agent act as your ticket buyer, you must hand over the entire request and your credit‑card details. How can you be sure the agent won’t buy 200 tickets or charge you for a lifetime supply of rubber duckies?”

The scenario illustrates a Crisis of Trust that stalls agent‑driven commerce.

Solution preview: Google’s Agent Payment Protocol (AP2) – an open, “trust‑layer” standard that sits atop existing payment infrastructure.

2️⃣ Why Existing Payments Don’t Work for Agents (02:29)

Challenge	Human‑Centric System	Agent‑Centric Gap
Authorization	Browsers & UI give users direct control.	Agents need programmatic, pre‑approved authority.
Agent Error	UI errors are visible; users can cancel.	Silent failures can cause unwanted purchases.
Accountability	Chargebacks trace back to a human.	No clear audit trail for autonomous actions.

AP2 addresses these by providing a secure, verifiable communication channel between agents, merchants, and payment partners. It is delivered today as an extension to the A2A (Agent‑to‑Agent) protocol and relies on agents using the Model Context Protocol (MCP).

👉 Learn more: AP2 technical overview (PDF)

3️⃣ Roles & Separation of Concerns (04:33)

The protocol splits responsibilities into four specialized roles:

Shopping Agent – Your AI that discovers products and orchestrates the purchase.
Merchant Endpoint – The seller’s API that receives cart data and final orders.
Credential Provider – A secure digital wallet (e.g., PayPal, Google Pay) that stores payment credentials.
Merchant Payment Processor – Generates the final authorization token for the payment networks.

Critical: The shopping agent never sees the raw credit‑card number, so it does not need PCI compliance. Payment data stays within the Credential Provider and Processor.

4️⃣ Verifiable Credentials (VCs) (06:15)

VCs are cryptographically signed digital receipts that prove what was agreed upon. AP2 defines three mandate types:

VC Type	Use‑Case	What It Proves
Cart Mandate	Human‑present (user reviews cart)	User has approved the exact cart contents.
Intent Mandate	Human‑not‑present (e.g., ticket‑buying agent)	User authorizes an intent with guardrails (e.g., “spend ≤ $200”).
Payment Mandate	All payments	Payment networks see that an AI agent participated, satisfying compliance requirements.

5️⃣ Contractual Conversational Model (08:03)

Human‑Present Flow (Step‑by‑Step)

Delegation – You tell the agent: “Buy two concert tickets.”
Discovery & Negotiation – Agent contacts the merchant endpoint to build a provisional cart.
Finalize Cart – Agent asks your Credential Provider for a payment method. You see only a masked reference (e.g., last 4 digits).
Authorization with Mandates – Agent presents the final cart to you.
Signing – You cryptographically sign the Cart Mandate → non‑repudiable contract.
Purchase – Agent forwards the signed mandate to the merchant.
Payment Processor – Uses the mandate to retrieve a payment token from the Credential Provider and completes the transaction.

Trust Mechanism (short‑term): Manual allow‑lists of approved agents/merchants.
Long‑term vision: Leverage open web standards (HTTPS, DNS ownership) for automated identity verification.

6️⃣ Q&A – Trust & Registries (13:07‑14:42)

Higher‑level trust for payments – AP2 adds “payments‑grade security” on top of baseline A2A/MCP protocols.
Decentralized registries – Short‑term allow‑lists; future reliance on decentralized trust registries and DNS‑based verification.
Industry alignment – All roles (merchant, credential provider, processor) already exist; the Shopping Agent is the only new participant.

7️⃣ Chargeback Protection (16:03)

Scenario: The agent shows you blue shoes, you wanted teal, but you click “Approve.”

Resolution: The signed Cart Mandate records exactly what you approved (blue shoes). The merchant now holds cryptographic evidence, protecting them from fraudulent chargebacks, while you are protected from unauthorized agent actions.

8️⃣ Live Demo – Human‑Present Flow (18:04)

Watch the demo: [YouTube link – Human‑Present AP2 Flow]

The demo walks through each step described in Section 5, showing the UI prompts, credential provider interaction, and final authorization.

📚 Further Reading & Resources

Agent Payment Protocol (AP2) Specification – [GitHub repo]
A2A (Agent‑to‑Agent) Protocol Overview – [Link]
Model Context Protocol (MCP) Docs – [Link]
Verifiable Credentials Data Model 1.0 – [W3C Recommendation]

Summary of the Discussion

Scenario Demonstrated
- The user interacted with an agent that discovered products.
- The Credential Provider (PayPal) then got involved.
- The user selected shipping and payment info via PayPal, while the agent only saw a reference.
- The user signed the Cart Mandate, completing the purchase.
Timestamp: [19:43]

Compatibility with Existing Frameworks

Key Question: Is this compatible with frameworks like LangGraph or CrewAI?
Answer: Yes.
- Prateek confirmed that the Agent Payment Protocol (AP2) is framework‑agnostic.
- As long as your agent can communicate over A2A (Agent‑to‑Agent) or MCP (Merchant‑Credential Provider), you can use AP2.
Timestamp: [21:13]

Getting Started

Visit the GitHub repository (link provided by Prateek).
Choose your role – merchant, credentials provider, etc.
Explore the sample code for the selected role.

Looking Ahead: Dynamic Negotiation

“I want that red dress that’s out of stock. I need it by tomorrow… and I’m willing to pay 30 % more.”

A merchant’s agent could interpret this intent.
If the dress becomes available, the agent can automatically finalize the sale.
Outcome:
- A lost sale turns into a completed order (with a markup).
- The user receives the exact item they wanted.

This vision illustrates how a secure payment infrastructure is a foundational step toward agents that can perform truly useful, real‑world tasks. We are transitioning from a simple, programmatic web to a conversational, contractual web, and AP2 provides the necessary framework.

Call to Action

Check out the Agent Payment Protocol GitHub repo.
Identify the role you could play in this emerging ecosystem.
Start building today!

Contributors

Shir Meir Lador → LinkedIn | X
Ivan Nardini → LinkedIn | X
Prateek Dudeja → LinkedIn