Integrate Google AP2 (Agent Payments Protocol) mandates into a merchant checkout flow so agents can carry cryptographically-signed purchase authority

Verified steps

1. Study the AP2 v0.2.0 specification at ap2-protocol.org/specification to understand the three mandate types: Intent Mandate (user scope), Cart Mandate (merchant-assembled SKU+price binding), and Payment Mandate (network-facing credential)
2. Each mandate is a W3C Verifiable Credential in JSON-LD format, signed with ECDSA over P-256; integrate a VC library capable of verifying these signatures before trusting any inbound mandate
3. When an agent presents an Intent Mandate, generate a Cart Mandate that binds your specific SKU, price, tax, and shipping total to the intent; sign with your merchant key and return it to the agent
4. Pass the Payment Mandate downstream to your payment processor; the mandate includes a hashed payment-method reference, amount, currency, and a human-present vs human-not-present flag that affects network-level liability rules
5. Implement revocation checking: mandates carry an expiry and may be revoked at the Credential Provider before settlement; query the revocation endpoint before finalizing auth
6. Retain signed mandate chains as dispute-grade evidence; Cart Mandates cryptographically prove what the user authorized, which is critical if the cardholder later disclaims the purchase