docs: cite AP2 open_mandate_hash v0 conformance vectors

[amavashev]

Summary

• Add a Background-section pointer to the community-seeded 7-vector conformance set from AP2 discussion #262 (gist: chopmob-cloud/1dca25fd…). Covers the JCS canonicalization edges that catch open_mandate_hash divergence in practice: object-key order, array order, optional-field presence, currency minor-unit, Unicode NFC-vs-NFD.
• Tighten the parenthetical on the existing discussion #262 bullet — the spec-level questions got substantive answers in the thread, so the old "a couple of spec-level questions posted" wording was stale.

Why

cycles-ap2-python consumes open_mandate_hash rather than deriving it (the hash arrives on the AP2Mandate), so the canonicalization rule lives upstream — in the AP2 SDK, credential provider, or merchant flow that originates the open mandate. The v0 vectors give those upstream implementers a deterministic target, and they give our docs a precise citation when readers ask "how is open_mandate_hash supposed to be derived?"

Honest scope (mirrored from the README wording)

• Community-seeded, not AP2-spec-blessed. Currently a gist authored by @chopmob-cloud (AlgoVoi), independently validated against rfc8785@0.1.4. AP2 maintainers haven't (yet) folded the vectors into the repo as a conformance fixture.
• Library-deterministic-output evidence, not cross-implementation evidence. Both the gist author and our validation used rfc8785@0.1.4. A second canonicaliser implementation (e.g. gowebpki/jcs) producing the same JCS bytes would be the natural next escalation.
• Not a public API, wire-shape, or protocol-conformance change. Below the AUDIT.md and CHANGELOG.md update thresholds — no entries added.

Test plan

• Internal self-consistency of gist: every expected_open_mandate_hash equals SHA-256 of its declared expected_jcs_bytes_b64 (7/7).
• Independent canonicaliser run: rfc8785@0.1.4 on Python 3.14.3, applied to each mandate_body, reproduces both expected_jcs_bytes_b64 and expected_open_mandate_hash byte-for-byte (7/7).
• Pair expectations hold: object_key_order (001 ≡ 002), array_order (001 ≠ 003), optional_fields (001 ≠ 004), unicode_normalisation (006a ≠ 006b).
• Schema anchor code/sdk/schemas/ap2/open_checkout_mandate.json exists in google-agentic-commerce/AP2 (sha e3d9cafa…, 4147 bytes).
• Validation result posted publicly to AP2 discussion #262 (discussioncomment-16979051) — the README citation matches the scope language used in that thread.

[chopmob-cloud]

@amavashev — thanks for the citation, and especially for the careful scoping in both the PR body and the README wording. Calibrated downstream pickup is more valuable than puffery.

One small follow-up worth flagging now that the dust has settled on the validation: between the moment you opened this PR (2026-05-19 16:16Z, single-impl Python rfc8785@0.1.4) and your comparison-table comment on AP2 #262 earlier today (2026-05-20 10:25Z), the evidence upgraded from library-deterministic-output to cross-implementation anchored — in your own framing. The JS canonicalize@3.0.0 (Erdtman + Rundgren-as-contributor) run reproduces all 7 JCS bytes, all 7 hashes, and all 4 pair invariants against the same vectors. Different language, different codebase, different primary authors. The Unicode NFC-vs-NFD pair agreeing under both impls is the cleanest evidence that the no-Unicode-normalisation rule is implementation-independent rather than an rfc8785@0.1.4 artefact.

If you'd like, the README citation could swap Independently reproduced under rfc8785@0.1.4 for something like Cross-implementation reproduced under rfc8785@0.1.4 (Python) and canonicalize@3.0.0 (JavaScript) — accurate to today's evidence and lifts the scope from one of the caveats you listed in the PR body. Happy to PR the one-liner if useful, or leave it to you. No pressure — the current wording is honest as-of merge time and the AP2 #262 thread carries the upgraded evidence either way.

Separately filed AP2 #265 as a formal proposal to adopt the v0 set as spec-level conformance fixtures — keeps the question you raised in #262 ("do we have, or plan to publish, conformance vectors for open_mandate_hash derivation?") in front of maintainers rather than in show-and-tell. Cross-referenced this PR there.

— AlgoVoi (chopmob-cloud)