adk-payments 0.5.0

Protocol-neutral agentic commerce and payment orchestration for ADK-Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209

//! Pluggable verification for AP2 merchant authorization and user authorization
//! artifacts.
//!
//! AP2 artifacts are sensitive and still evolving. This module provides
//! pluggable verification traits rather than baking in one cryptographic
//! assumption, keeping alpha support honest while giving integrators a strong
//! abstraction boundary.
//!
//! Verified results carry [`EvidenceReference`] so callers can persist them as
//! durable evidence records (Requirement 6.7, 9.4).

use adk_core::Result;
use async_trait::async_trait;
use serde::{Deserialize, Serialize};

use crate::domain::{EvidenceReference, ProtocolDescriptor};

use super::mandates::{CartMandate, PaymentMandate};

// ---------------------------------------------------------------------------
// Mandate envelopes
// ---------------------------------------------------------------------------

/// Wrapper around a [`CartMandate`] plus its raw bytes for verification.
///
/// The raw bytes allow verifiers to check signatures or digests against the
/// original wire representation without re-serializing the parsed mandate.
#[derive(Debug, Clone)]
pub struct CartMandateEnvelope {
    /// The parsed cart mandate.
    pub mandate: CartMandate,
    /// Raw bytes of the mandate as received on the wire.
    pub raw_bytes: Vec<u8>,
}

/// Wrapper around a [`PaymentMandate`] plus its raw bytes for verification.
///
/// The raw bytes allow verifiers to check signatures or digests against the
/// original wire representation without re-serializing the parsed mandate.
#[derive(Debug, Clone)]
pub struct PaymentMandateEnvelope {
    /// The parsed payment mandate.
    pub mandate: PaymentMandate,
    /// Raw bytes of the mandate as received on the wire.
    pub raw_bytes: Vec<u8>,
}

// ---------------------------------------------------------------------------
// Verified mandate results
// ---------------------------------------------------------------------------

/// Result of successful cart mandate verification.
///
/// Contains the verified mandate and an [`EvidenceReference`] that callers
/// should persist as a durable evidence record.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct VerifiedCartMandate {
    /// The verified cart mandate.
    pub mandate: CartMandate,
    /// Evidence reference for the verification artifact.
    pub evidence_ref: EvidenceReference,
}

/// Result of successful payment mandate verification.
///
/// Contains the verified mandate and an [`EvidenceReference`] that callers
/// should persist as a durable evidence record.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct VerifiedPaymentMandate {
    /// The verified payment mandate.
    pub mandate: PaymentMandate,
    /// Evidence reference for the verification artifact.
    pub evidence_ref: EvidenceReference,
}

// ---------------------------------------------------------------------------
// Mandate verifier trait
// ---------------------------------------------------------------------------

/// Pluggable verifier for AP2 merchant authorization mandates.
///
/// Implementations may verify cryptographic signatures, check certificate
/// chains, validate timestamps, or apply any domain-specific policy before
/// accepting a mandate as verified.
#[async_trait]
pub trait MandateVerifier: Send + Sync {
    /// Verifies a cart mandate envelope and returns a verified result with an
    /// evidence reference on success.
    async fn verify_cart_mandate(
        &self,
        envelope: &CartMandateEnvelope,
    ) -> Result<VerifiedCartMandate>;

    /// Verifies a payment mandate envelope and returns a verified result with
    /// an evidence reference on success.
    async fn verify_payment_mandate(
        &self,
        envelope: &PaymentMandateEnvelope,
    ) -> Result<VerifiedPaymentMandate>;
}

// ---------------------------------------------------------------------------
// User authorization envelope and verified result
// ---------------------------------------------------------------------------

/// Wrapper for a user authorization presentation (e.g. JWT, signed payload).
///
/// The `kind` field describes the authorization mechanism so verifiers can
/// dispatch appropriately.
#[derive(Debug, Clone, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct UserAuthorizationEnvelope {
    /// The kind of authorization presentation (e.g. `"jwt"`, `"signed_payload"`).
    pub kind: String,
    /// Raw bytes of the authorization artifact.
    pub raw_bytes: Vec<u8>,
    /// Optional metadata about the authorization source.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub source: Option<String>,
}

/// Result of successful user authorization verification.
///
/// Contains the verified subject identity, granted scopes, and an
/// [`EvidenceReference`] for durable evidence storage.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
#[serde(rename_all = "camelCase")]
pub struct VerifiedUserAuthorization {
    /// The verified subject identity (e.g. user ID, email).
    pub subject: String,
    /// Scopes or permissions granted by the authorization.
    #[serde(default, skip_serializing_if = "Vec::is_empty")]
    pub scopes: Vec<String>,
    /// Evidence reference for the verification artifact.
    pub evidence_ref: EvidenceReference,
}

// ---------------------------------------------------------------------------
// User authorization verifier trait
// ---------------------------------------------------------------------------

/// Pluggable verifier for AP2 user authorization artifacts.
///
/// Implementations may validate JWTs, verify signed payloads, check
/// certificate chains, or apply any domain-specific policy.
#[async_trait]
pub trait UserAuthorizationVerifier: Send + Sync {
    /// Verifies a user authorization envelope and returns a verified result
    /// with an evidence reference on success.
    async fn verify_user_authorization(
        &self,
        envelope: &UserAuthorizationEnvelope,
    ) -> Result<VerifiedUserAuthorization>;
}

// ---------------------------------------------------------------------------
// NoOp mandate verifier (development / testing)
// ---------------------------------------------------------------------------

/// A default [`MandateVerifier`] that accepts all mandates without
/// cryptographic verification.
///
/// Generates placeholder [`EvidenceReference`] values using
/// [`ProtocolDescriptor::ap2("v0.1-alpha")`]. Intended for development and
/// testing only.
#[derive(Debug, Clone, Default)]
pub struct NoOpMandateVerifier;

impl NoOpMandateVerifier {
    /// Creates a new no-op mandate verifier.
    #[must_use]
    pub fn new() -> Self {
        Self
    }

    fn make_evidence_ref(mandate_id: &str, artifact_kind: &str) -> EvidenceReference {
        EvidenceReference {
            evidence_id: format!("noop-{mandate_id}"),
            protocol: ProtocolDescriptor::ap2("v0.1-alpha"),
            artifact_kind: artifact_kind.to_string(),
            digest: None,
        }
    }
}

#[async_trait]
impl MandateVerifier for NoOpMandateVerifier {
    async fn verify_cart_mandate(
        &self,
        envelope: &CartMandateEnvelope,
    ) -> Result<VerifiedCartMandate> {
        Ok(VerifiedCartMandate {
            mandate: envelope.mandate.clone(),
            evidence_ref: Self::make_evidence_ref(&envelope.mandate.id, "cart_mandate"),
        })
    }

    async fn verify_payment_mandate(
        &self,
        envelope: &PaymentMandateEnvelope,
    ) -> Result<VerifiedPaymentMandate> {
        Ok(VerifiedPaymentMandate {
            mandate: envelope.mandate.clone(),
            evidence_ref: Self::make_evidence_ref(&envelope.mandate.id, "payment_mandate"),
        })
    }
}