Agentic Commerce Implementation PRD
This document explains what still needs to be built before merchants can self-serve into agentic commerce using Grantex and AgenticOrg. For the consolidated source of truth, readdocs/guides/commerce-v1-agentic-commerce-prd.md. This implementation PRD is a
supporting summary and must not diverge from that canonical document.
It is written for founders, merchants, operators, product teams, and engineers.
The short version is simple:
Merchants should connect the systems they already run today. Grantex turns approved public-safe facts from those systems into signed OACP artifacts and policy decisions. AgenticOrg runs the buyer and seller agents, connector workflows, local artifact cache, and channel UX. Provider and fintech rails own mandate and payment execution. Grantex must not become a toll booth for every non-binding agent interaction.This document is not a rollout approval. It does not enable production Commerce V1, public discovery, checkout/payment creation, live payments, live Plural, or any production allowlist.
Current OACP Runtime Closure Boundary
The launch-closure implementation proves a non-executing OACP runtime vertical: AgenticOrg seller onboarding and read-only connector sync, Grantex internal artifact authority issuance, AgenticOrg durable cache consumption, buyer-safe answers, bridge adapters, and provider-owned capability metadata checks. It does not enable checkout, payment, order, mandate, refund, return, shipment, inventory hold, public discovery publication, live provider execution, or merchant-private API mutation.1. Architecture In Plain English
Grantex is the trust, protocol, policy, and canonical-artifact authority. It owns artifact rules, public-safe fact validation, source/freshness policy, merchant approval state, consent/passport posture, protocol adapter mappings, and evidence requirements. AgenticOrg is the agent runtime. It owns seller-agent onboarding, connector sync initiation, buyer-agent sessions, local artifact cache across buyer agent, seller agent, tenant, and merchant, channel bridges, refusal UX, and seller/buyer education. It must not become the source of truth for merchants, products, inventory, price, policy, settlement, or refunds. Providers and fintech rails own mandate setup, mandate verification, payment execution, and payment/refund settlement. Grantex stores only non-sensitive evidence references when policy or artifact lineage requires them.End-To-End Operating Flow
The detailed buyer and seller walkthrough is documented indocs/guides/commerce-v1-end-to-end-agentic-commerce-flow.mdx.
Seller one-time setup:
- Start in AgenticOrg Seller Commerce Agent and create a merchant onboarding packet for Grantex authority review.
- Verify merchant identity and keep private artifacts outside repos.
- Connect existing systems through AgenticOrg seller-agent connector workflows, merchant-owned connector platforms, approved external integration providers, or CSV/API.
- Declare source-of-truth precedence for catalog, price, inventory, order, fulfillment, support, and payment data.
- Configure category preset, required public fields, return/warranty policy, tax, shipping, payment, support, and rollback ownership.
- Select allowed agent capabilities and buyer channels.
- Run scans, readiness scoring, human review gates, sandbox rehearsal, and rollback checks.
- Request the smallest approved rollout, usually read-only discovery first.
- Choose an approved chat or agent surface, such as ChatGPT, Claude, Gemini, WhatsApp, Telegram, web/mobile, or a future channel.
- Link or sign in to create a buyer-agent session.
- Set safe preferences such as locale, currency, delivery region, notification path, and accessibility needs.
- See what actions the channel can support and what remains blocked.
- Approve or deny each payment-affecting action through Grantex consent.
- Buyer asks the agent to discover, compare, or prepare.
- AgenticOrg uses cached signed OACP artifacts when TTL, revocation, and risk rules allow; otherwise it asks Grantex to refresh or verify authority artifacts.
- AgenticOrg reads product, price, inventory, delivery, return, policy, and capability facts from artifacts and approved source evidence, not model guesses.
- Non-binding discovery can continue locally without routing every message through Grantex.
- Commitment-bound actions require boundary, prepared envelope, reconciliation, eligibility, and dry-run checks before future handoff.
- Merchant-system confirmation uses approved connector handoff or merchant-owned systems.
- Provider-owned mandate/payment capability verification stays with the provider/fintech rail and may be verified directly by AgenticOrg when approved.
- Grantex keeps policy, artifact lineage, and non-sensitive evidence references only where required.
- AgenticOrg shows buyer-safe status and refuses unsupported claims.
2. Current Implementation Snapshot
The repo already has important foundations:2.1 Current OACP Status Through C6Z
The current OACP implementation is a non-executing runtime vertical, not a live checkout product. The 2026-06-18 production closure run was blocked because the then-mounted AgenticOrg Shopify token returned401 Unauthorized
and the AgenticOrg-configured Grantex token returned 422 tenant_not_provisioned.
AgenticOrg now has merchant-scoped Shopify credential storage, adapter payload
generation, bridge routes, and purchase-preparation blockers; a real merchant
launch still requires valid external credentials and tenant allowlisting.
- implemented: internal artifact schemas, public-safe fixtures, adapter previews, commitment boundary resolver, prepared envelopes, response reconciliation, eligibility packets, execution-controller dry-run verifier, internal C6Z authority request route, artifact verifier, and non-enablement flags;
- implemented in both repos: Grantex authority helpers/tests/docs and AgenticOrg local consumer/runtime helpers/tests/docs, including seller-agent packet creation, Shopify sync initiation, artifact cache, buyer answer, MCP bridge, and Plural/Pine capability verifier paths;
- blocked in production: successful Shopify read-only sync with the mounted token and successful AgenticOrg-to-Grantex tenant provisioning for the configured internal token;
- not implemented or not enabled: public OACP spec site, public endpoint, public discovery, execution controller, order/fulfillment/refund runtime, or live checkout/payment;
- still blocked: publication, certification, conformance, standards submission, production readiness claims, and any real merchant approval.
3. Target Merchant Journey
The full self-serve journey should feel like this:- Merchant creates a Grantex Commerce account.
- Merchant chooses a business category such as electronics, fashion, home, grocery, pharmacy, services, or B2B.
- Merchant connects an existing system or uploads a catalog.
- Grantex shows a preview of the merchant profile, catalog, prices, inventory, warranty, return policy, and public discovery text.
- Merchant selects what AI agents may do:
- browse only;
- create cart drafts;
- request checkout consent;
- read order status;
- request support or return handling.
- Grantex runs automated checks for secrets, private data, stale inventory, missing policies, overclaims, and unsupported live paths.
- Legal, product, security, ops, rollback, smoke, and evidence owners approve the launch packet.
- Merchant rehearses the sandbox flow with synthetic or sandbox data.
- Merchant requests production rollout.
- Grantex enables the smallest approved surface first, usually read-only discovery, then expands only after smoke evidence and rollback readiness.
4. Existing Merchant Systems
Merchants should not be asked to rebuild their businesses for agents. The merchant-facing connection experience should start in AgenticOrg Seller Commerce Agent. Grantex should validate canonical public-safe facts and evidence refs, not demand custody of every operational credential.
Connector rule:
A connector imports data. It does not make a merchant live. Live agent access requires readiness checks, merchant approval, policy activation, consent, audit, and rollback ownership.
5. Standards And Protocol Fit
Grantex should maintain one canonical OACP artifact model and produce protocol views from it. The system must not create one separate database per protocol and must not turn protocol adapters into transaction authority.
Do not claim certified UCP, ACP, AP2, MPP, A2A, live-provider, or schema.org
production readiness until implementation, tests, approvals, and release
evidence exist.
6. Comprehensive Gap Register
7. Fast-Track Plan
8. Implementation Requirements By Surface
9. Release Acceptance Criteria
Before any real merchant pilot, all of these must be true:- The merchant completed self-serve sandbox onboarding and selected a category preset.
- Legal/compliance, product wording, security, ops/support, rollback, smoke, and evidence retention owners are recorded as non-secret references.
- Existing-system connectors are either connected and healthy or explicitly replaced by approved manual/CSV maintenance.
- Catalog, price, tax, warranty, return policy, and inventory freshness checks pass for the selected category.
- schema.org output is generated only from approved public-safe fields.
- AgenticOrg sees only OACP-authorized capabilities with source/freshness labels and refusal semantics.
- Checkout/payment creation remains blocked until Commerce Passport consent, policy, audit, idempotency, provider readiness, and rollback checks pass.
- Orders, fulfillment, support, and refund handoff are available for any paid flow in the pilot category.
- UCP/ACP/AP2 compatibility language is backed by implementation and tests, or clearly described as planned/future compatibility.
- GitHub checks pass or skip by documented policy, and docs-only changes do not trigger cloud auth, image build, image push, deploy, or indexing jobs.
10. Public Landing Page And Blog Plan
Use this as the safe public positioning once product/web owners approve landing page updates. This older PRD section is historical; it did not publish the pages.Grantex Commerce helps merchants prepare for agentic commerce by connecting approved merchant facts, policies, and source evidence into signed OACP artifacts. AgenticOrg runs the seller and buyer agents. Merchant systems stay the operational source of record. Provider rails own mandates and payments. Agents can use cached artifacts for non-binding discovery and must refresh or refuse when facts are stale, risky, or unsupported.Grantex landing page planning blocks:
- Hero: “Trust layer for agentic commerce”, with a simple four-party workflow.
- Section 1: “What Grantex owns” - artifacts, policy, protocol adapters, refusal semantics, source/freshness, revocation, audit evidence.
- Section 2: “What Grantex does not own” - seller agents, buyer chat runtime, merchant operational systems, provider mandate/payment execution.
- Section 3: “OACP status” - internal C6Z foundation, blocked production vertical, no public standard claim.
- Section 4: “Protocol adapters” - schema.org, UCP-style, ACP-style, AP2-style, A2A-style, MCP-style previews generated from artifacts.
- Section 5: “Pending before live” - persistent cache, real connectors, provider-owned mandate verification, execution controller, public governance.
Avoid claims that imply:
- live payment capability already exists;
- UCP, ACP, or AP2 certification already exists;
- public discovery is already active;
- automatic refunds are available;
- human or source review is unnecessary;
- every merchant system is already supported.
docs/internal/commerce-v1/commerce-v1-oacp-landing-blog-plan.md.
11. Documentation And Workflow Coverage
The implementation should update these surfaces as slices land:12. Stop Conditions
Stop implementation or rollout if any of these occur:- A real merchant identity is missing or unapproved.
- Private contracts, contacts, pricing terms, customer data, credentials, raw payloads, tokens, JWTs, DB/Redis URLs, private keys, or provider secrets enter Git or public docs.
- AgenticOrg gains a direct provider, Plural, Stripe, merchant private API, or payment credential path for payment execution or unapproved merchant execution. Approved provider capability verification and approved connector sync must stay separate from execution.
- Checkout can happen without user consent, Commerce Passport verification, policy approval, idempotency, and audit.
- Catalog, price, tax, inventory, delivery, warranty, or return data is stale or unverifiable but presented as guaranteed.
- Paid checkout is enabled before order, fulfillment, support, and refund handoff paths exist for the selected pilot category.
- Production flags, allowlists, public discovery, live provider paths, or live Plural are changed without a separate approved rollout.
- UCP, ACP, AP2, schema.org, A2A, MPP, or provider certification is claimed before implementation and conformance evidence exists.