Agentic Commerce PRD
This is the canonical consolidated PRD for Grantex Commerce and AgenticOrg agentic commerce. It brings the seller journey, buyer journey, existing merchant systems, buyer-agent channels, standards fit, safety gates, implementation gaps, and fast-track roadmap into one place. This document is planning and documentation only. It does not deploy, create cloud resources, change production configuration, touch secrets, approve a real merchant, enable public discovery, enable production Commerce V1, enable checkout/payment creation, enable live payments, enable live Plural, or set a production allowlist.Current OACP Runtime Closure Boundary
For the runtime launch-closure branch, the implemented path is deliberately non-executing: AgenticOrg owns seller onboarding, merchant connector initiation, artifact cache consumption, buyer sessions, and bridge adapters; Grantex owns authority validation and canonical OACP artifact issuance. Merchant systems remain source of record, and provider/fintech rails own mandate and payment execution. Sections that discuss consent, Commerce Passport, checkout, order, fulfillment, refunds, or payment-control belong to the broader Grantex Commerce pilot or future execution-controller work. They must not be read as OACP artifact runtime approval for public discovery, payment, mandate, order, or merchant-private API mutation.1. Product Thesis
Agentic commerce should let a buyer ask an AI agent to discover, compare, and buy from a real merchant without the merchant rebuilding their business and without the agent inventing commerce facts. The corrected product boundary is:AgenticOrg is the buyer and seller AI-agent runtime. Grantex is the trust, protocol, policy, and canonical-artifact authority. Merchant systems remain the operational source of record. Provider and fintech rails own mandate and payment execution. Grantex must not become a toll booth for every buyer and seller agent interaction.The finished product should allow:
- Sellers to self-serve from an AgenticOrg Seller Commerce Agent.
- Sellers to connect systems they already use through AgenticOrg seller-agent connector workflows, merchant-owned connector platforms, or approved external integration providers.
- Grantex to validate, govern, and sign canonical public-safe commerce artifacts derived from merchant-approved sources.
- Buyers to start from familiar chat or agent surfaces.
- AgenticOrg to run buyer-agent and seller-agent sessions from cached signed artifacts whenever TTL, revocation, and risk rules allow.
- Grantex to define and enforce policy, source/freshness, public-safe fact, and protocol-adapter rules without routing every non-binding interaction.
- Provider-owned mandate and payment systems to execute mandates and payments; Grantex stores only non-sensitive evidence references when artifact lineage or policy requires them.
- Standards-facing views to be generated from canonical OACP artifacts, not hand-maintained per platform.
2. Non-Negotiable Safety Boundary
An AI agent can initiate a commerce checkout through a payment provider only when Grantex can verify:- buyer consent;
- scope;
- merchant policy;
- revocation status;
- tenant boundary;
- agent identity;
- channel capability;
- amount cap;
- product/cart hash or equivalent cart evidence;
- idempotency;
- provider readiness;
- audit evidence;
- rollback readiness.
- hold provider credentials;
- call Plural, Stripe, Pine, Razorpay, Cashfree, Adyen, PhonePe, or another payment provider directly for payment execution;
- call Shopify, WooCommerce, Magento, ERP, OMS, WMS, logistics, CRM/support, or merchant private APIs outside merchant-approved seller-agent connector sync jobs, approved external connector systems, or explicit human-authorized integration workflows;
- become the catalog, inventory, order, refund, settlement, or payout source of truth;
- store raw Commerce Passport values, JWTs, tokens, idempotency key values, webhook secrets, DB/Redis URLs, private keys, raw payloads, private merchant artifacts, pricing terms, contracts, or customer data;
- invent sellers, products, prices, discounts, stock, delivery promises, return eligibility, order status, payment status, settlement state, payout state, or refund outcomes.
3. Ownership Model
4. Current Implementation Snapshot
Status as of 2026-06-18:- Grantex and AgenticOrg have merged the internal OACP foundation through C6Z. The implementation is internal, non-publication, non-certifying, non-executing, and fail-closed.
- C6W3 defines the OACP artifact family and public-safe fixture corpus.
- C6W4 defines internal adapter previews for schema.org, UCP-style, ACP-style, AP2-style, A2A-style, and MCP-style targets without publication.
- C6W5 classifies non-binding preview, commitment-adjacent, commitment-bound, and always-blocked actions over cached signed artifacts.
- C6W6 prepares non-executing commitment request envelopes for human/source confirmation handoff.
- C6W7 reconciles local/cached response evidence with prepared envelopes.
- C6W8 prepares eligibility and audit-readiness packets over reconciliations.
- C6W9 performs dry-run verification that a future execution controller could read the packet contract. It still does not execute, approve, publish, create orders, create checkout/payment, call providers, call merchant private APIs, or enable public discovery.
- C6Z adds the AgenticOrg Seller Commerce Agent runtime path, Shopify read-only
sync initiation, Grantex internal authority request route, AgenticOrg artifact
cache, buyer answer path, MCP seller facts bridge, and Plural/Pine capability
verifier. The 2026-06-18 production closure run is blocked because the
mounted AgenticOrg Shopify token returns
401 Unauthorizedand the AgenticOrg-configured Grantex token returns422 tenant_not_provisioned. - Public discovery, production Commerce V1, checkout/payment enablement, live payments, live Plural, production allowlists, certification claims, provider execution, and merchant private API execution remain blocked.
4.1 Grantex Foundation
4.2 AgenticOrg Foundation
4.3 OACP Pending Work Register
The current C6Z state proves the internal runtime shape locally and proves the Grantex authority issuer route in isolation, but it does not complete the AgenticOrg-to-Grantex production vertical. It is not a public protocol, not a transaction engine, and not a live commerce launch. Pending work before any public or production OACP claim:5. End-To-End Architecture
Existing merchant systems may include:- Shopify;
- WooCommerce;
- Magento;
- custom storefront;
- marketplace backend;
- ERP;
- PIM;
- inventory system;
- WMS;
- OMS;
- logistics provider;
- payment provider;
- CRM;
- support desk;
- finance/reconciliation system;
- CSV/API/manual maintenance process.
- AgenticOrg Seller Commerce Agent starts onboarding and connector setup.
- Connector credentials live where merchants are most comfortable: merchant system native app authorization, merchant-owned connector platform, external integration provider, or AgenticOrg vault only when explicitly selected and approved.
- AgenticOrg seller agents may initiate connector sync jobs when merchant policy allows it.
- Grantex receives public-safe normalized facts, hashes, source timestamps, and non-sensitive evidence references for artifact validation.
- Grantex does not store raw connector credentials by default and must not be required in every non-binding buyer/seller agent interaction.
6. One-Time Seller Setup
The seller setup must be self-serve for preparation, but not self-approval for live commerce.7. One-Time Buyer Setup
The buyer setup should feel like normal chat/app account linking.
Buyer setup is not a standing payment approval. Every payment-affecting action
still needs valid consent, policy, revocation, source/freshness, provider-owned
mandate/payment capability, idempotency, and audit evidence. Grantex owns the
policy/artifact evidence rules, not the provider-owned mandate setup itself.
8. Regular Agentic Commerce Transaction
Plain-English rules:- Buyer asks an agent to discover, compare, or prepare.
- AgenticOrg starts or resumes the buyer session.
- AgenticOrg reads valid cached OACP artifacts when TTL, revocation, and risk rules allow; otherwise it asks Grantex to refresh or verify artifacts.
- AgenticOrg explains product, price, inventory, policy, and source/freshness caveats without inventing facts.
- Non-binding discovery does not require routing every message through Grantex.
- Commitment-bound actions require C6W5-C6W9 boundary, envelope, reconciliation, eligibility, and dry-run checks before any future handoff.
- Merchant-system confirmation happens through approved seller-agent connector handoff or merchant-owned integration systems, not by raw private API calls.
- Provider-owned mandate and payment capability verification stays with the provider/fintech rail; AgenticOrg may verify capability directly where approved.
- Grantex stores only non-sensitive evidence references when needed for policy, artifact lineage, or later audit.
- Current OACP implementation stops before execution. It does not create orders, holds, checkout/payment intents, mandates, refunds, returns, shipments, settlement, or payout actions.
9. Exception And Recovery Flows
10. Existing Merchant APIs And Systems
Merchants should not rebuild for agents. They should connect the systems they already run.
Connector rule:
A connector imports or syncs data. It does not make a merchant live for agents. Live agent access requires readiness checks, policy activation, consent, human approval, audit, and rollback ownership.
11. Buyer Channel Requirements
Buyers should be able to launch from familiar surfaces, but no channel is launch-ready until its platform-specific constraints and approval gates pass.
Launch-ready acceptance:
- real user starts without developer setup;
- account/channel identity is bound safely;
- merchant discovery comes from Grantex;
- actions are labeled read-only, consent-required, checkout-capable, or blocked;
- OACP artifacts and authority-checked tools preserve refusal semantics;
- consent and checkout copy is clear;
- platform write-action limitations are respected;
- redacted telemetry and audit evidence exist;
- smoke tests and refusal tests pass;
- fallback exists for unsupported actions.
12. Standards And Protocol Fit
The strategy is one internal OACP artifact model with protocol views generated from it. Grantex is the artifact and policy authority; AgenticOrg is the runtime consumer and channel bridge.
Do not claim certified UCP, ACP, AP2, A2A, MPP, schema.org production, or live
provider readiness until implementation, conformance tests, approvals, and
release evidence exist.
12.1 IETF And NIST Publication Tracks
The external standards strategy is split into two preparation tracks:
The IETF track should focus on protocol engineering: roles, message envelopes,
capability profiles, consent, policy, evidence, refusal semantics, and
interoperability with existing protocol surfaces.
The NIST track should focus on risk management: threat model, trust boundaries,
AI RMF mapping, cybersecurity controls, payment-provider boundary controls,
connector governance, audit evidence, privacy, incident response, and rollback.
Both tracks must describe Grantex and AgenticOrg as implementation experience
only. They must not make Grantex-specific APIs mandatory, must not claim
external certification, and must not describe sandbox evidence as production
approval.
13. Conceptual Data Model
The implementation should preserve these conceptual records. Some already exist in V1 form; others are future gaps.14. Product Requirements By Surface
15. Comprehensive Gap Register
16. Fast-Track Roadmap
Current sequencing decision:
- C6I-C6N are merged in dependency order across AgenticOrg and Grantex.
- The open-protocol packaging draft is refreshed on the actual merged commits and remains internal, preview-only, non-publication, and non-certifying.
- C6O conformance and C6P-C6Si connector dry-run/remediation foundations are the current runtime-hardening chain.
- C6T starts the standards-publication preparation track for IETF and NIST without external submission, public publication, or certification claims.
17. Release Acceptance Criteria
Before a real merchant pilot:- Merchant workspace, identity, category, and owners are approved.
- Existing-system connector or approved manual maintenance path is healthy.
- Catalog, price, tax, warranty, return, inventory, delivery, and support data pass category requirements.
- AgenticOrg can only expose Grantex-authorized artifact capabilities and explicitly approved provider/connector verification states.
- Buyer channel has auth, account/session linking, capability labels, consent handoff, fallback behavior, telemetry, and smoke evidence.
- Checkout/payment creation remains blocked until Commerce Passport consent, policy, audit, idempotency, provider readiness, and rollback checks pass.
- Paid flow has order, fulfillment, support, and return/refund handoff.
- Live provider approval, webhook signature evidence, outage handling, and rollback are complete for any live checkout scope.
- UCP/ACP/AP2/schema.org/A2A language is backed by implementation and tests, or clearly marked future/planned.
- Docs-only changes do not trigger cloud auth, image build, image push, deploy, e2e, or indexing jobs.
- No private merchant artifacts, secrets, raw payloads, tokens, JWTs, DB/Redis URLs, provider credentials, production config values, or concrete allowlist values are committed.
18. Stop Conditions
Stop implementation or rollout if any of these occur:- real merchant identity is missing or unapproved;
- private artifacts, customer data, secrets, raw payloads, tokens, JWTs, DB/Redis URLs, private keys, provider credentials, or production config values appear in Git or public docs;
- AgenticOrg adds a direct provider payment-execution path or unapproved private merchant-system execution path. Approved provider capability verification and approved connector sync must stay separated from execution;
- checkout can happen without consent, Commerce Passport, policy, idempotency, audit, and amount-cap checks;
- catalog, price, tax, inventory, delivery, return, warranty, order, payment, or refund data is stale or unverifiable but presented as guaranteed;
- paid checkout is enabled before order, fulfillment, support, return/refund handoff, and rollback are ready for the pilot scope;
- synthetic/demo data is treated as production approval;
- public discovery, production Commerce V1, checkout/payment creation, live payments, live Plural, or allowlist values are enabled without separate approval;
- certification or compliance with UCP, ACP, AP2, A2A, MPP, schema.org, or a provider program is claimed before evidence exists;
- docs-only changes trigger cloud build/push/deploy-adjacent work without an explicit policy decision.
19. Documentation And Workflow Updates
20. End-To-End Review Checklist
This PRD has been reviewed against the requested coverage:- seller one-time setup covered;
- buyer one-time setup covered;
- regular transaction flow covered;
- failure and recovery paths covered;
- Grantex and AgenticOrg responsibilities covered;
- existing merchant APIs and systems covered;
- ChatGPT, Claude, Gemini, WhatsApp, Telegram, web/mobile, and future channels covered as launch surfaces;
- MCP, UCP-style, ACP-style, AP2-style, schema.org, and future agent surfaces covered without unsupported certification claims;
- catalog, inventory, pricing, tax, delivery, order, fulfillment, support, return, refund, settlement, payout, audit, analytics, and ops gaps covered;
- self-serve onboarding, scans, review gates, smoke evidence, and rollout gates covered;
- safety boundaries, stop conditions, and production gates covered;
- documentation/navigation/workflow coverage covered;
- next implementation sequencing covered.