Skip to main content

End-To-End Agentic Commerce Flow

This guide explains how agentic commerce should work from the perspective of both sellers and buyers. It is documentation only. It does not enable production Commerce V1, public discovery, checkout/payment creation, live payments, live provider rails, merchant approval, or a production allowlist.

Current OACP Runtime Closure Boundary

The launch-closure runtime path is narrower than the full future commerce journey below. The current OACP runtime proof is: AgenticOrg creates a Seller Commerce Agent onboarding packet, performs read-only Shopify Admin GraphQL sync when merchant credentials are valid, sends a Grantex authority request, receives internal signed OACP artifacts, caches them, and answers non-binding buyer questions with source and freshness labels. Checkout, payment, order, mandate, refund, return, shipment, inventory hold, public discovery publication, and live provider execution remain outside this runtime proof. Any cart, checkout, consent, Commerce Passport, order, return, refund, fulfillment, or payment-control wording in this guide describes separate future or Grantex Commerce payment-control pilot scope. It is not evidence that OACP runtime artifacts enable transaction execution. For the consolidated PRD that governs this flow, read docs/guides/commerce-v1-agentic-commerce-prd.md.

One-Sentence Architecture

Sellers start in AgenticOrg Seller Commerce Agent and connect existing merchant systems through approved connector custody. Grantex validates public-safe facts into signed OACP artifacts and policy decisions. Buyers start from their preferred agent or chat surface. Provider and fintech rails own mandate and payment execution. For the C6Z live-runtime path, AgenticOrg calls Grantex through POST /v1/commerce/oacp/c6z/authority-requests. Production should use the dedicated AgenticOrg C6Z authority service token, limited to that route and to tenant ids configured in COMMERCE_C6Z_AUTHORITY_SERVICE_TENANTS. Grantex issues the full C6Z artifact set: merchant profile, seller agent card, connector evidence, catalog snapshot, offer/price snapshot, inventory snapshot, policy scope, public-discovery state, mandate capability, protocol adapter, and authority-request status.

What Sellers Do One Time

The OACP runtime seller journey starts in AgenticOrg Seller Commerce Agent. The seller can prepare an onboarding packet and connector evidence; Grantex controls artifact authority and policy decisions. Merchant approval, public launch, and transaction execution require separate approvals outside this runtime proof.

What Buyers Do One Time

The buyer should not need to know how merchant systems work. Their setup should look like normal account linking and permission control. Buyer setup is not a standing payment approval. Commitment-bound actions must still pass fresh consent, merchant policy, amount cap, idempotency, source/freshness, provider-owned mandate/payment capability, and audit evidence.

Regular Transaction Flow

Happy Path In Plain English

  1. Buyer asks an agent to help find, compare, or prepare.
  2. AgenticOrg starts the buyer-agent session in the buyer’s chosen channel.
  3. AgenticOrg reads valid cached OACP artifacts when TTL, revocation, and risk rules allow.
  4. AgenticOrg asks Grantex to refresh or verify artifacts when facts are stale, missing, revoked, ambiguous, or high risk.
  5. AgenticOrg explains grounded facts and warns about unknown or stale information.
  6. If the buyer requests a commitment-bound action, AgenticOrg uses C6W5-C6W9 style boundary, envelope, reconciliation, eligibility, and dry-run checks.
  7. Merchant-system confirmation happens through approved connector handoff or merchant-owned systems.
  8. Provider-owned mandate/payment capability verification stays with the provider/fintech rail and may be verified directly by AgenticOrg where approved.
  9. Current OACP work stops at prepared handoff/dry-run. It does not create orders, holds, checkout/payment, mandates, refunds, returns, shipments, settlement, or payout actions.

Exception Flows

Source Of Truth Rules

Production Gates

Do not go live unless all required gates pass:
  • Merchant identity and category are approved.
  • Existing-system connectors or manual maintenance process are healthy.
  • Catalog, price, tax, warranty, return, inventory, and delivery fields meet category requirements.
  • Agent channel capability is approved for that merchant.
  • Buyer consent and Commerce Passport flow is verified.
  • Checkout/payment path is approved for sandbox or live as appropriate.
  • Order, fulfillment, support, return, and refund handoff exist for paid flows.
  • Legal, product, security, ops, rollback, smoke, and evidence owners are set.
  • Rollback is rehearsed and can disable the channel or merchant capability.
  • No private merchant artifacts, secrets, raw payloads, provider credentials, or production config values are committed to Git.

Fast-Track Build Order

  1. Seller self-serve sandbox workspace and checklist.
  2. CSV/manual catalog plus one priority storefront connector.
  3. Public-safe preview and read-only agent discovery.
  4. Buyer web/mobile launch surface.
  5. ChatGPT/Claude remote MCP channel.
  6. WhatsApp/Telegram bot adapters.
  7. Gemini function-calling or hosted wrapper path.
  8. Inventory freshness, stale refusal, and safe cart draft.
  9. Sandbox consent, Commerce Passport, and checkout rehearsal.
  10. Order and fulfillment backbone.
  11. Return/refund request workflow.
  12. Settlement/payout reporting.
  13. UCP/ACP/schema.org/AP2-compatible adapter hardening.
  14. One real merchant, one category, one provider, one geography, one rollback owner pilot proposal.
Last modified on June 19, 2026