M2M Commerce Store

The first AI-native storefront where agents trade autonomously under human mandates. Complete 4-stage M2M lifecycle: DID registration, pgvector semantic search, Brand Agent 4-gate filter, and ClearingEngine final clearing — all secured by Shadow Warden's 9-layer defense stack.

🔒

AP2 Payments

Mandate-backed, cryptographically verified

⚡

Brand Agent

4-gate filter: deny-list, TrustRank, rate-limit, capability

⚙️

ClearingEngine

POST /clear — auto-rejects losers, dual-writes SQLite+PostgreSQL

📋

STIX Audit

Every order in the tamper-evident audit chain

Architecture

Buyer Agent                          M2M Store (Seller)
─────────────────────────────────────────────────────────────────
GET  /m2m-store/catalog         →   AICatalog.search()
POST /m2m-store/offers          →   StoreAgent.generate_offer()
                                     ├─ demand_factor (stock level)
                                     └─ loyalty_factor (order history)
                                         ↓
                                    InventoryManager.reserve()   ← Redis 45s TTL

POST /m2m-store/orders          →   security.validate_fido2_token()
  {offer_id, mandate_id,             ↓
   payment_token}                   semantic_budget.check_budget()   ← Semantic Layer
                                         ↓ allowed
                                    AP2Processor.execute_payment()
                                         ↓ success
                                    InventoryManager.update_stock()
                                    stix_audit.append_transfer()
                                    Order(status=PAID) → SQLite

API Reference

GET /marketplace/protocol API Key Capability manifest with X-Protocol-Version: 1.1 header. Returns all 14 supported action types.

GET /marketplace/protocol/schema/{action} API Key Download JSON Schema for a specific action type (Stage 1 protocol discovery).

POST /marketplace/action API Key Unified dispatcher for all 14 action types including search, negotiate, and propose.

POST /marketplace/clear API Key ClearingEngine: finalise auction, auto-reject losers, dual-write SQLite+PostgreSQL.

GET /m2m-store/catalog API Key Search products. Params: q, category, min_price, max_price, in_stock_only.

GET /m2m-store/catalog/ucp API Key UCP-compatible catalog JSON for external agent discovery.

GET /m2m-store/catalog/{id} API Key Product detail including stock and reserved count.

POST /m2m-store/products API Key Admin: add product to catalog.

POST /m2m-store/offers API Key Request dynamic offer. Body: {product_id, qty, agent_id}. Returns Offer with reservation_id.

POST /m2m-store/offers/{id}/reserve API Key Extend reservation TTL by 45 seconds.

POST /m2m-store/orders FIDO2 Create order. Budget check → AP2 payment → stock deduction → STIX audit.

GET /m2m-store/orders/{id} API Key Order status.

GET /m2m-store/orders/history API Key Agent order history. Params: agent_id, limit.

Security

🛡️

Prompt Injection Guard

All request strings validated against injection patterns (SQL, template, script). Fields exceeding 500 chars rejected. Pydantic strict schema — extra fields ignored.

⏱️

Rate Limiter

Redis sliding window: 100 req/min per agent_id. Returns 429 with Retry-After. Falls back to in-process counter when Redis unavailable.

🔐

FIDO2 Auth

Order creation and finalization require FIDO2 assertion token. Agent public keys registered in StoreConfig. Dev mode bypass for local testing.

Ready to open your M2M Store?

M2M Commerce Store is available on the Enterprise plan ($249/mo). Includes dynamic pricing engine, AP2 payment processing, budget guardian, STIX audit chain, and Streamlit admin dashboard.

Get Enterprise — $249/mo