QWED-UCP
Verify AI-driven commerce transactions before they reach payment.
What is QWED-UCP?β
QWED-UCP provides deterministic verification guards for the Universal Commerce Protocol (UCP) - Google's open standard for AI-driven commerce.
The Problemβ
When AI agents shop on behalf of users, they can make calculation errors that result in:
- πΈ Wrong totals - Customers overcharged or undercharged
- π Bad discounts - Percentage calculations off
- π§Ύ Incorrect tax - Legal compliance issues
- π± Currency errors - International payment failures
The Solutionβ
QWED-UCP intercepts checkout requests and mathematically verifies every calculation before payment:
AI Agent β UCP Checkout β QWED-UCP Guard β Payment Gateway
β
β
Pass β Continue
β Fail β Block + Error
How It Worksβ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β AI Shopping Agent β
β (Claude, GPT, etc.) β
ββββββββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββ
β
β UCP Checkout Request
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β QWED-UCP Middleware β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββββ β
β β Money Guard β β State Guard β β Line Items Guard β β
β β βΉ+$+Β₯ β β β β β β β β qty Γ price = total β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββββ β
β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββββ β
β βDiscount Guardβ βCurrency Guardβ β Schema Guard β β
β β 10% = 10 β β USD/EUR/JPY β β JSON Validation β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββββββββββββ β
β β
β All Guards Pass? β
β YES ββββββ¬βββββ NO β
β β β
βββββββββββββββββββββββββββββββΌβββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββ΄βββββββββββββββββ
βΌ βΌ
ββββββββββββ ββββββββββββββββ
β Payment β β 422 Error β
β Gateway β β + Details β
ββββββββββββ ββββββββββββββββ
The 6 Guardsβ
| Guard | What It Verifies | Error When Wrong |
|---|---|---|
| Money Guard | total = subtotal - discount + tax | "Calculated 98.25, Agent claimed 100.00" (Checked via SymPy) |
| State Guard | Valid checkout state transitions | "Invalid transition: completed β incomplete" (Checked via Z3 Solver) |
| Schema Guard | UCP JSON schema compliance | "Missing required field: currency" |
| Line Items Guard | price Γ quantity = line_total | "Line item mismatch: 2 Γ $35 β $65" |
| Discount Guard | Percentage and fixed discount math | "10% of $100 should be $10, not $15" |
| Currency Guard | ISO 4217 codes, JPY no-decimals | "JPY cannot have decimal amounts" |
Installationβ
Python (PyPI)β
pip install qwed-ucp
Node.js (npm)β
npm install qwed-ucp-middleware
Quick Startβ
Basic Verificationβ
from qwed_ucp import UCPVerifier
verifier = UCPVerifier()
# Verify a checkout
result = verifier.verify_checkout({
"currency": "USD",
"status": "ready_for_complete",
"line_items": [
{"id": "roses", "quantity": 2, "item": {"price": 35.00}},
{"id": "vase", "quantity": 1, "item": {"price": 15.00}}
],
"totals": [
{"type": "subtotal", "amount": 85.00}, # 2Γ35 + 1Γ15 = 85 β
{"type": "discount", "amount": 8.50}, # 10% off
{"type": "tax", "amount": 6.29}, # 8.2% tax on $76.50
{"type": "total", "amount": 82.79} # 85 - 8.50 + 6.29 = 82.79 β
]
})
if result.verified:
print("β
Checkout verified! Safe to proceed to payment.")
else:
print(f"β Verification failed: {result.error}")
print(f" Guard: {result.failed_guard}")
Middleware Integration (FastAPI)β
from fastapi import FastAPI
from qwed_ucp.middleware.fastapi import QWEDUCPMiddleware
app = FastAPI()
# Add QWED-UCP middleware - automatically verifies all /checkout endpoints
app.add_middleware(QWEDUCPMiddleware)
@app.post("/checkout")
async def checkout(request: CheckoutRequest):
# If we get here, QWED-UCP already verified the math!
return {"status": "completed", "order_id": "ORD-123"}
Middleware Integration (Express.js)β
const express = require('express');
const { createQWEDUCPMiddleware } = require('qwed-ucp-middleware');
const app = express();
// Add QWED-UCP middleware
app.use('/checkout', createQWEDUCPMiddleware());
app.post('/checkout', (req, res) => {
// If we get here, QWED-UCP already verified the math!
res.json({ status: 'completed', orderId: 'ORD-123' });
});
GitHub Action (CI/CD)β
Use QWED-UCP as a GitHub Action to audit transaction logs in your CI/CD pipeline.
Installationβ
Add to your workflow (.github/workflows/commerce-audit.yml):
name: Commerce Audit
on:
push:
paths:
- 'logs/transactions/**'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Audit Commerce Transactions
uses: QWED-AI/qwed-ucp@v0.2.0
with:
log_path: logs/transactions/
strict_mode: true
Parametersβ
| Input | Description | Default |
|---|---|---|
log_path | Path to transaction JSON logs | ./logs/ |
strict_mode | Fail on any violation | true |
tolerance | Rounding tolerance (cents) | 0.01 |
What Gets Auditedβ
The Action scans all .json files in the specified path and verifies:
- β
Line item math:
price Γ quantity = total - β Discount calculations
- β Tax amounts
- β Currency format (ISO 4217)
- β No "Penny Slicing" (rounding theft)
Example Outputβ
π‘οΈ QWED-UCP Audit: 3 vulnerabilities blocked
1. β Penny Slicing: tx_001.json - Tax $7.99 should be $8.00
2. β Zombie Return: tx_045.json - Return without original order
3. β Phantom Discount: tx_089.json - 15% discount on non-sale item
Action: BLOCKED (Exit Code 1)
Why QWED-UCP?β
Business Impactβ
| Scenario | Without QWED-UCP | With QWED-UCP |
|---|---|---|
| AI miscalculates 10% discount as 15% | Customer overcharged $5 | β Blocked, 422 returned |
| Tax calculation rounds wrong | Legal audit issues | β Caught before payment |
| Currency format invalid | Payment gateway rejects | β Caught at middleware |
| State transition invalid | Order stuck in limbo | β Proper error message |
ROI Calculationβ
For a platform processing 100M transactions/year:
- Error rate without verification: ~0.1%
- Errors per year: 100,000 transactions
- Average error cost: $6.39 (dispute handling + refunds)
- Potential loss: $638,700/year
QWED-UCP catches these errors before they become expensive problems.
Configurationβ
Environment Variablesβ
| Variable | Description | Default |
|---|---|---|
QWED_UCP_STRICT | Fail on any schema mismatch | true |
QWED_UCP_LOG_LEVEL | Logging level | INFO |
QWED_UCP_TOLERANCE | Tolerance for rounding (cents) | 0.01 |
Custom Guard Configurationβ
from qwed_ucp import UCPVerifier, MoneyGuard
# Custom tolerance for floating-point errors
verifier = UCPVerifier(
money_guard=MoneyGuard(tolerance=0.02), # $0.02 tolerance
strict_mode=False # Allow minor schema violations
)
Next Stepsβ
- Guards Reference - Deep dive into each guard
- Examples - Real-world use cases
- FastAPI Middleware - Python integration
- Express.js Middleware - Node.js integration
- Troubleshooting - Common issues
Linksβ
- GitHub: QWED-AI/qwed-ucp
- PyPI: qwed-ucp
- npm: qwed-ucp-middleware
- UCP Protocol: developers.google.com/commerce/ucp