From d302bcea3aee624850e71157b22eaa5fc78718cc Mon Sep 17 00:00:00 2001
From: Albert Mavashev <amavashev@k2n.io>
Date: Tue, 19 May 2026 12:15:59 -0400
Subject: [PATCH] docs: cite AP2 open_mandate_hash v0 conformance vectors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a pointer in the Background section to the 7-vector set seeded by
@chopmob-cloud at AP2 discussion #262 — covers the JCS canonicalization
edges (object-key order, array order, optional-field presence, currency
minor-unit, Unicode NFC-vs-NFD) that catch open_mandate_hash divergence
in practice. Vectors are independently reproducible under rfc8785@0.1.4;
community-seeded, not AP2-spec-blessed.

Also tightens the parenthetical on the existing discussion #262 bullet
— the spec-level questions got substantive answers in the thread, so
the old "a couple of spec-level questions posted" wording was stale.

No public API, wire-shape, or protocol-conformance change — below the
AUDIT.md and CHANGELOG.md update thresholds.
---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ab71354..25c42f9 100644
--- a/README.md
+++ b/README.md
@@ -303,7 +303,8 @@ CI runs all three checks on Python 3.10 and 3.12 for every push and pull request
 ## Background
 
 - [Preventing AP2 Open-Mandate Overuse with Runtime Idempotency](https://runcycles.io/blog/ap2-open-mandate-consume-once-runtime-idempotency) — engineering write-up of the keying decision (`open_mandate_hash` vs `transaction_id`), post-PSP commit uncertainty, and the AP2 §6 consume-once defense.
-- [AP2 GitHub Discussion #262](https://github.com/google-agentic-commerce/AP2/discussions/262) — context and a couple of spec-level questions (hash canonicalization, adapter shape) posted on the upstream AP2 repo.
+- [AP2 GitHub Discussion #262](https://github.com/google-agentic-commerce/AP2/discussions/262) — spec-level discussion on `open_mandate_hash` canonicalization and adapter shape with the upstream AP2 community.
+- [AP2 `open_mandate_hash` v0 conformance vectors](https://gist.github.com/chopmob-cloud/1dca25fd6107db4b7a30bed5dbf2ded8) — community-seeded 7-vector set covering JCS canonicalization edges (object-key order, array order, optional-field presence, currency minor-unit, Unicode NFC-vs-NFD) for `open_mandate_hash = SHA-256(JCS_RFC8785(unsigned mandate body))`. Hash input is the claims object, not the JWS envelope. Independently reproduced under `rfc8785@0.1.4`. Community-seeded, not AP2-spec-blessed — see discussion #262 for scope.
 
 ## Documentation