REAPP — Agentic Payment Protocol for Stellar

Testnet FirstTestnet Only

REAPP builds on AP2's mandate model. It's the only agentic payments standard with a cryptographic authorization chain that maps to on-chain settlement. The spec is at v0.1 and not fully web3-compatible yet, but the mandate design is sound and nothing else comes close for blockchain use cases. No Stellar-native agent protocol exists. AP2 is the best available foundation.

Interoperability targets Stellar testnet first, validating conformance before mainnet. x402 and Soroban are protocol-agnostic, so REAPP's value holds even if the authorization standard evolves.

What AP2 Solves

Google built AP2 because existing payment infrastructure has no concept of delegated machine authority. A human can authorize a credit card transaction with a signature or a PIN, but there is no equivalent mechanism for an AI agent acting on a human's behalf. AP2 addresses this directly: how does a payment network know that a human actually authorized an AI agent to make a specific purchase?

AP2's answer is the mandate, a cryptographically signed contract using W3C Verifiable Digital Credentials to carry user intent into payment execution. Every payment gets a paper trail from user intent to on-chain settlement. Disputes, compliance, liability, all answerable from the chain.

The Three Mandate Types

Three mandate types define what agents can do and how authorization flows to settlement.

IntentMandateAutonomous / Human-Not-Present

I trust you to buy this category of thing

→User delegates broad purchasing authority upfront
→Defines merchant list, SKU categories, max spend, expiry
→Signed once with hardware-backed key (biometric)
→Agent operates autonomously within bounds until expiry
→Example: "spend up to $10/day on data APIs for 30 days"

CartMandateHuman-Present / Explicit

I approve this specific purchase

→Human is present and reviewing a specific transaction
→Merchant signs first — guaranteeing delivery at stated price
→User signs second to explicitly approve
→Cryptographic equivalent of traditional checkout confirmation
→Example: "yes, buy this specific $47 report from this vendor"

PaymentMandateDerived / Network-Facing

The network-facing credential

→Derived from either IntentMandate or CartMandate
→Presented to the payment network for settlement
→Includes ai_agent_present: boolean flag for compliance
→Contains mandate_chain_hash linking to original mandate
→Full audit trail from user intent to on-chain settlement

The Full Authorization Chain

AP2 Authorization Flow with REAPP Validator

Biometric auth through mandate validation to Soroban enforcement. The agent never touches the user's private key.

Mandate-to-Receipt Audit Linkage

AP2 mandate hashes need to link to Stellar settlement receipts. REAPP does this atomically:

The Soroban registry maintains persistent state keyed by (mandate_hash → tx_hash) for every settled payment
Upon settlement, the x402 facilitator returns an X-PAYMENT-RESPONSE header containing the Stellar transaction ID, payer address, and network confirmation
The SDK calls validate_and_consume() with both the mandate hash and tx hash, writing the linkage atomically to registry storage
Verifiers reconstruct the full audit chain: mandate_id → mandate_hash → tx_hash → Stellar ledger record

TypeScript Implementation — Built from Scratch

Google's AP2 has no TypeScript implementation, only Python (github.com/google-agentic-commerce/AP2, 2.8k stars). The protocol is at v0.1 with push payments, recurring, and human-not-present flows still on the roadmap. A TypeScript AP2 layer doesn't exist yet, which is where REAPP comes in.

REAPP implements IntentMandate signing and validation with jose, the same approach used by the only other TypeScript AP2 implementation out there (a DoraHacks hackathon project called PayAgent):

IntentMandate Signing and Validation

import { SignJWT, jwtVerify } from 'jose';

interface IntentMandate {
  user_cart_confirmation_required: boolean;
  natural_language_description: string;
  merchants: string[] | null;
  skus: string[] | null;
  required_refundability: boolean;
  intent_expiry: string; // ISO 8601
}

// User signs an IntentMandate
async function signIntentMandate(
  mandate: IntentMandate, privateKey: CryptoKey
): Promise<string> {
  return new SignJWT({ 'ap2.mandates.IntentMandate': mandate })
    .setProtectedHeader({ alg: 'ES256' })
    .setIssuedAt()
    .setExpirationTime(Math.floor(new Date(mandate.intent_expiry).getTime() / 1000))
    .sign(privateKey);
}

// Merchant validates an IntentMandate
async function validateIntentMandate(
  jwt: string, publicKey: CryptoKey
): Promise<IntentMandate> {
  const { payload } = await jwtVerify(jwt, publicKey);
  const mandate = payload['ap2.mandates.IntentMandate'] as IntentMandate;
  if (new Date(mandate.intent_expiry) < new Date()) {
    throw new Error('IntentMandate expired');
  }
  return mandate;
}

TypeScript VC Libraries for AP2

Library	npm Package	Role
jose	jose	JWT/JWS operations — recommended starting point
did-jwt-vc	did-jwt-vc	W3C VCs in JWT format (DIF standard)
@sd-jwt/sd-jwt-vc	@sd-jwt/sd-jwt-vc	SD-JWT VCs with selective disclosure
@veramo/core	@veramo/core	Full verifiable data framework
zod	zod	Schema validation for mandate structures

AP2 + x402 Complementarity

AP2 and x402 are complementary. AP2 handles authorization, x402 handles settlement. Google and Coinbase built google-agentic-commerce/a2a-x402, a Python A2A extension bridging both protocols. A community TypeScript port is on npm: a2a-x402.

Web3-Native Agent Protocols — Landscape Scan

There is no Stellar-native agent communication protocol. Stellar's role in the agent economy is the x402 payment layer, which other ecosystems are picking up. We looked at four web3-native alternatives for authorization and identity:

ERC-8004 — Trustless AgentsLive on Ethereum mainnet (Jan 2026)

On-chain identity, reputation, and validation registries for agents. 22,900+ registrations in the first 3 days. Built as a trustless extension of Google's A2A for on-chain agents. V2 spec in development with MCP and x402 integration.

REAPP relevance:Closest thing to what AP2 is missing: on-chain agent identity. Ethereum-specific today, but a v2 with x402 could bridge to Stellar. Worth watching.

Olas / Open AutonomyActive — Gnosis, Base, Optimism

Full multi-agent service framework with Tendermint-based consensus, Safe multisig execution, and on-chain incentives. Used in production for DeFi automation and prediction markets.

REAPP relevance:Way more infrastructure than REAPP needs for authorization alone. Good reference for multi-agent coordination patterns, but not a mandate standard.

Fetch.ai uAgentsActive — ASI Alliance

Python framework for autonomous agents with HTTP-based messaging, protocol definitions, and A2A adapters for interoperability. ASI Chain planned for 2026.

REAPP relevance:Python-only, so it can't plug into REAPP's TypeScript stack directly. Their A2A adapter approach does validate REAPP's adapter-first design, though.

XMTP Agent MessagingPre-mainnet (~March 2026)

E2E encrypted, decentralized messaging for wallet-addressed identities. Coinbase AgentKit integration lets agents do on-chain actions via natural language in XMTP threads.

REAPP relevance:Messaging transport only, not authorization or task delegation. Could work alongside REAPP as a communication channel, but doesn't solve what AP2 solves.

Bottom line: AP2 is the right call. Nothing else gives you a cryptographic mandate chain that maps to on-chain settlement. ERC-8004 v2 is worth watching for agent identity, and the adapter layer can absorb whatever that space converges on.

AP2 Mandate Model