Zero-Knowledge Mandates: Privacy-Preserving Delegation & Spend Controls for AP2 Across Heterogeneous Rails

Current agent payment standards enable transactions across varied infrastructure, including card systems, banking channels, and blockchain platforms, through cryptographic mandates binding user intentions to agent actions. These mandates create authorization structures while revealing critical vulnerabilities in transaction privacy protection, fine-grained delegation management, and cohesive governance implementation across multiple payment infrastructures. Zero-Knowledge Mandates introduce cryptographic techniques allowing agents to demonstrate compliance with spending restrictions while concealing constraint details from verifiers. Agents demonstrate compliance with spending caps, approved vendors, and time restrictions while keeping financial details and payment channel choices hidden. The system uses compact cryptographic proofs that allow verification without exposing mandate terms, user account information, or transaction routing.

Core security guarantees include execution unlinkability, preventing transaction correlation, and verifiable compliance, ensuring constraint adherence. Technical implementation utilizes efficient proof systems, maintaining real-time transaction processing requirements. Evaluation addresses computational performance, information leakage boundaries, and practical deployment considerations across heterogeneous payment networks. The resulting architecture provides the first comprehensive privacy-preserving authorization primitive for autonomous commercial agents operating across multiple financial infrastructures simultaneously.