Strands AP2 Payment Agent

Architecture
AP2 Protocol
AP2 Verifiable Credentials/Mandates for Human-present
AP2 Verifiable Credentials/Mandates for Human-not-present
AI Shopping Assistant, Active Monitoring Jobs, and Order History
Complete Mandate Chain

Inspiration

The project was inspired by the groundbreaking Agent Payments Protocol (AP2) v0.1 and the question: Can we prove true interoperability by implementing AP2 with AWS Strands SDK instead of just Google's reference implementation? We wanted to demonstrate that autonomous AI agents could not only shop conversationally but also monitor prices 24/7 and make purchases on behalf of users—all while maintaining complete cryptographic auditability through mandate chains. Our vision was to build the future of e-commerce where users never miss a deal and AI agents handle the tedious work of price watching and purchasing.

What it does

Strands AP2 Payment Agent is a full-stack autonomous shopping platform that implements two revolutionary purchase flows:

Human-Present (HP) Flow: Users have natural conversations with an AI shopping assistant to search products, review results in real-time, and approve purchases with biometric-style cryptographic signatures. Every transaction creates a complete audit trail (Intent → Cart → Payment → Transaction) using HMAC-SHA256 signatures.

Human-Not-Present (HNP) Flow: Users pre-authorize AI agents to monitor products continuously and purchase automatically when conditions are met. Set your constraints once ("buy AirPods if price drops below $180 with 2-day delivery"), sign the Intent mandate, and walk away. The system monitors every [X] seconds, and when conditions match, the agent autonomously creates a Cart mandate, processes payment, and notifies you—all without human intervention. The complete mandate chain provides full transparency into how the autonomous decision was made.

The platform demonstrates AP2 protocol interoperability by building on AWS Bedrock and Strands SDK rather than Google's reference implementation, proving the protocol achieves its goal of vendor-agnostic agent payments.

How we built it

Multi-Agent Architecture with Strands SDK: We constructed a sophisticated four-agent system using the Strands SDK agents-as-tools pattern:

Supervisor Agent: Main orchestrator that uses LLM reasoning to analyze user intent and intelligently route to specialist agents
HP Shopping Agent: Handles immediate conversational purchases with product search and cart creation tools
HNP Delegate Agent: Sets up autonomous monitoring with constraint extraction and job scheduling
Payment Agent: Domain-independent payment processor with complete mandate chain validation (reusable across any commerce project)

Backend: Built with FastAPI and Python 3.11+, leveraging async/await for concurrent operations. We integrated AWS Bedrock (Claude Sonnet 4.5) as the LLM backbone and used SQLAlchemy 2.0 with SQLite for persistent storage of mandates, transactions, and monitoring jobs.

Real-Time Communication: Implemented Server-Sent Events (SSE) to stream every agent action, tool invocation, and decision in real-time. The frontend automatically refreshes orders and monitoring status when purchases complete.

Autonomous Monitoring System: Used APScheduler with SQLAlchemy-backed job storage to create persistent background jobs that survive server restarts. Jobs continuously poll product APIs and trigger autonomous purchases when constraints are satisfied.

Cryptographic Security: Implemented complete AP2 mandate chain with HMAC-SHA256 signatures. The Payment Agent validates the entire chain—verifying signatures, checking expiration, and ensuring constraints aren't violated—before processing any transaction.

Frontend: Built a modern React 18 + Vite application with Tailwind CSS, featuring AWS-inspired design. Created interactive mandate chain visualizations, real-time monitoring countdowns, and biometric-style signature modals for mandate signing.

Cloud Infrastructure: Deployed as a containerized service on AWS ECS Fargate with Application Load Balancer, CloudWatch logging, and CloudFront CDN for HTTPS and global distribution. The frontend is hosted on AWS Amplify.

Challenges we ran into

Stateful Multi-Agent Coordination: Orchestrating context between multiple specialist agents while maintaining conversation flow was complex. We solved this with Strands SessionManager and implemented contextual translation in the Supervisor Agent to reformulate ambiguous user inputs ("yes", "the first one") into concrete instructions for specialists.

Mandate Chain Validation: Implementing robust validation logic that handles both user-signed (HP) and agent-signed (HNP) mandates while checking constraints, expiration, and signature integrity required meticulous error handling and clear AP2 error codes.

Building on an Emerging Protocol: AP2 v0.1 is brand new and not yet adopted by any real merchants or payment processors. We had to build complete mock implementations of merchant APIs and payment processors from scratch, interpreting the specification and making architectural decisions without real-world integration examples or libraries to reference. This required deep understanding of the protocol's intent and careful design to ensure our implementation would be compatible when real integrations become available.

Accomplishments that we're proud of

Proving AP2 Interoperability: We successfully demonstrated that AP2 works beyond Google's reference implementation by building a complete system on AWS Bedrock and Strands SDK—validating the protocol's goal of vendor independence.

Truly Autonomous Purchases: We built a system where AI agents genuinely make purchase decisions autonomously (not just assisted shopping). Users can walk away, and the agent handles monitoring, decision-making, payment processing, and notification—all while maintaining cryptographic auditability.

Domain-Independent Payment Agent: Created a fully reusable Payment Agent with its own validation logic, crypto module, and tools that can be extracted and integrated into any commerce project requiring AP2 compliance.

Complete Mandate Chain Transparency: Every purchase—whether immediate or autonomous—has a full audit trail showing exactly how authorization flowed from user intent to final transaction, with all signatures verifiable.

Seamless Real-Time Experience: Users see every agent decision, tool call, and action streamed in real-time with automatic UI updates when purchases complete—creating transparency and trust in the autonomous system.

Pioneering AP2 Adoption: As one of the earliest implementations of the AP2 v0.1 protocol outside of Google's reference implementation, we're helping validate the specification for real-world use. Our work provides concrete examples of how the protocol can be implemented with different agent frameworks (Strands SDK vs. Google's reference) and demonstrates the protocol's flexibility in handling both synchronous and autonomous payment scenarios. This positions us as early contributors to the AP2 ecosystem and provides valuable feedback for protocol evolution.

What we learned

Building Production Multi-Agent Systems: We gained deep expertise in constructing stateful, context-aware agent orchestration using the Strands SDK, learning how to properly manage sessions, tool registration, and context propagation across specialist agents.

AP2 Protocol Implementation: We learned the intricacies of implementing the Agent Payments Protocol correctly—from mandate chain structure to signature algorithms to constraint validation. This included understanding when user signatures are required (HP Cart, HNP Intent) versus agent signatures (HNP Cart).

Server-Sent Events Architecture: We learned how to build robust real-time communication using SSE for one-way server-to-client streaming, handling connection lifecycle, event typing, and automatic reconnection.

AWS Bedrock for Agents: We gained practical experience using Claude Sonnet 4.5 through AWS Bedrock for agent reasoning, learning how to optimize prompts for tool selection and context management.

Cryptographic Best Practices: We learned about mandate signing patterns, canonical serialization for signature verification, and the importance of including metadata (algorithm, signer, timestamp, nonce) in signature objects.

What's next for Strands AP2 Payment Agent

Production-Grade Cryptography: Replace HMAC-SHA256 with ECDSA (P-256/secp256r1) signatures using hardware-backed key storage (AWS KMS or HSM) for true security.

Advanced Autonomous Behaviors: Enable agents to negotiate with multiple merchants, compare prices across platforms, apply coupons automatically, and optimize for delivery time versus cost based on user preferences.

Collaborative Agent Shopping: Allow multiple users to pool budgets and have their agents collaboratively shop for group purchases (e.g., bulk buying, splitting costs).

Predictive Intent Creation: Use machine learning on purchase history to proactively suggest monitoring jobs ("You usually buy coffee when it's under $15—should I watch for that?").

Real Merchant Integration: Integrate with actual e-commerce APIs (Amazon, Shopify, WooCommerce) to enable real-world autonomous purchases instead of mock products.

Multi-Payment Methods: Support multiple payment providers, cryptocurrency, and wallet integrations while maintaining AP2 compliance across all payment types.

Regulatory Compliance Dashboard: Build administrative tools for viewing all autonomous purchases, mandate chains, and audit logs to meet financial compliance requirements.

Agent-to-Agent Commerce: Enable our agents to negotiate directly with merchant agents, creating a fully automated B2A (Business-to-Agent) commerce ecosystem.