Security 2026-04-18 5 min read
Signed quotes, on the wire.
How HMAC-bound, time-limited quote tokens shut down agent-side price tampering — without a centralized escrow.
The threat model
A consumer agent renders a price to a user, the user assents, and the agent passes a different price to the merchant during checkout. Or a merchant honors a price during quote and inflates it during checkout. Either way, the human at the end of the loop sees one number and pays another.
The mitigation
quote() returns an HMAC-signed token whose payload includes the item id, agent id, total in minor units, currency, issuance timestamp, and TTL. The signature is computed with the merchant's secret. checkout() refuses any token whose signature does not verify against that secret, or whose TTL has elapsed.
What this buys
Tamper-evidence on the wire, with no trusted third party. The merchant can prove what they offered. The agent cannot inflate or deflate after the fact. Replay is bounded by TTL. The buyer's agent can show the user the verifiable quote token alongside the price.
What this does not buy
It does not authenticate the buyer. It does not enforce that the merchant honors the quote on a different verb (cancel, return). For those we rely on closed enums and the conformance sweep, which are independently verifiable.