Analysis updated 2026-05-18
Verify offline that an AI agent's purchase matched the budget and merchant restrictions a user pre-approved.
Add a Commerce Conformance Seal to your AI agent so merchants and banks can check authorization without calling your server.
Audit AI agent purchase receipts using only a pinned public key, with no network dependency.
| axiorank/agent-commerce-conformance | abidoo22/pixelorama-mcp | aditya-pandey/slate | |
|---|---|---|---|
| Stars | 1 | 1 | 1 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | easy | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | developer | vibe coder | general |
Figures from each repo's GitHub metadata at analysis time.
Requires Node.js 18+, you must pin the issuer's public key out of band for genuine independent verification.
Agent Commerce Conformance is an open standard and reference implementation for proving that an AI agent's purchase stayed within limits a user agreed to in advance. When an AI agent shops on someone's behalf, this project defines how to create and verify proof that the agent only bought things within the budget, merchants, and categories the user pre-approved. The core piece is a receipt: a cryptographically signed record that proves three things. First, that an action is recorded in an append-only audit log. Second, that the record was not altered after it was written. Third, that the action was authorized by the correct chain of people and systems, for example: user approved the budget, then the AI agent executed within it. The verification uses Ed25519 digital signatures and a Merkle tree structure, both standard cryptographic techniques. All the verification code is about 200 lines with no external dependencies. The commerce-specific piece is called a Commerce Conformance Seal. When an AI agent makes a purchase, it attaches a signed seal stating that the purchase was within the user's mandate. A mandate is a document signed by the user or their bank that defines the spend cap, allowed merchants, allowed currency, and the time window. A merchant, a bank, or the buyer can all verify the seal offline without calling any server. The project is available as an npm package called @axiorank/audit-verify. It requires Node 18 or later. Both a JavaScript/TypeScript API and a command-line verifier are included. For genuine independent verification, the README instructs users to pin the issuer's public key from a separate source rather than fetching it from the same party that issued the receipt. The license is MIT.
An open-source npm package and spec for proving offline that an AI agent's purchase stayed within a user's pre-signed budget and merchant mandate.
Mainly TypeScript. The stack also includes TypeScript, Node.js, npm.
MIT license: use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.