explaingit

axiorank/agent-commerce-conformance

Analysis updated 2026-05-18

1TypeScriptAudience · developerComplexity · 3/5LicenseSetup · easy

TLDR

An open-source npm package and spec for proving offline that an AI agent's purchase stayed within a user's pre-signed budget and merchant mandate.

Mindmap

mindmap
  root((Agent Commerce Conformance))
    What it proves
      Audit log membership
      Record integrity
      Authorization chain
    Commerce Seal
      Spend cap
      Allowed merchants
      Time window
    How to verify
      verifyReceipt
      verifyCommerceSeal
      CLI command
    Trust model
      Pin public key
      Ed25519 signatures
      Merkle tree
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Verify offline that an AI agent's purchase matched the budget and merchant restrictions a user pre-approved.

USE CASE 2

Add a Commerce Conformance Seal to your AI agent so merchants and banks can check authorization without calling your server.

USE CASE 3

Audit AI agent purchase receipts using only a pinned public key, with no network dependency.

What is it built with?

TypeScriptNode.jsnpm

How does it compare?

axiorank/agent-commerce-conformanceabidoo22/pixelorama-mcpaditya-pandey/slate
Stars111
LanguageTypeScriptTypeScriptTypeScript
Setup difficultyeasymoderateeasy
Complexity3/53/52/5
Audiencedevelopervibe codergeneral

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Requires Node.js 18+, you must pin the issuer's public key out of band for genuine independent verification.

MIT license: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

In plain English

Agent Commerce Conformance is an open standard and reference implementation for proving that an AI agent's purchase stayed within limits a user agreed to in advance. When an AI agent shops on someone's behalf, this project defines how to create and verify proof that the agent only bought things within the budget, merchants, and categories the user pre-approved. The core piece is a receipt: a cryptographically signed record that proves three things. First, that an action is recorded in an append-only audit log. Second, that the record was not altered after it was written. Third, that the action was authorized by the correct chain of people and systems, for example: user approved the budget, then the AI agent executed within it. The verification uses Ed25519 digital signatures and a Merkle tree structure, both standard cryptographic techniques. All the verification code is about 200 lines with no external dependencies. The commerce-specific piece is called a Commerce Conformance Seal. When an AI agent makes a purchase, it attaches a signed seal stating that the purchase was within the user's mandate. A mandate is a document signed by the user or their bank that defines the spend cap, allowed merchants, allowed currency, and the time window. A merchant, a bank, or the buyer can all verify the seal offline without calling any server. The project is available as an npm package called @axiorank/audit-verify. It requires Node 18 or later. Both a JavaScript/TypeScript API and a command-line verifier are included. For genuine independent verification, the README instructs users to pin the issuer's public key from a separate source rather than fetching it from the same party that issued the receipt. The license is MIT.

Copy-paste prompts

Prompt 1
How do I verify an AxioRank audit receipt offline using @axiorank/audit-verify and a pinned public key?
Prompt 2
How do I check a Commerce Conformance Seal to confirm an AI agent's purchase stayed within the user's signed mandate?
Prompt 3
How do I use evaluateMandate to re-run the conformance check myself and confirm the seal's inScope verdict?
Prompt 4
What is the difference between verifyReceipt and verifyPassport in @axiorank/audit-verify?

Frequently asked questions

What is agent-commerce-conformance?

An open-source npm package and spec for proving offline that an AI agent's purchase stayed within a user's pre-signed budget and merchant mandate.

What language is agent-commerce-conformance written in?

Mainly TypeScript. The stack also includes TypeScript, Node.js, npm.

What license does agent-commerce-conformance use?

MIT license: use freely for any purpose, including commercial use, as long as you keep the copyright notice.

How hard is agent-commerce-conformance to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is agent-commerce-conformance for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Scan in gitsafehub Deploy in gitdeployhub axiorank on gitmyhub

Verify against the repo before relying on details.