OACP Operator Runbook

Canonical end-to-end flow: OACP authority overview.

Smoke Tests

Checklist

Check	Command or evidence
Authority route exists	`apps/auth-service/src/routes/commerce-oacp-runtime.ts`
Artifact tests pass	`npm --prefix apps/auth-service test -- commerce-c6z-runtime-artifact-authority.test.ts`
Adapter tests pass	`npm --prefix apps/auth-service test -- commerce-c6w4-oacp-adapter-previews.test.ts`
Conformance gate	`node scripts/commerce-c6oe-preview-conformance-gate.mjs --mode pr`
Guardrail scan	Search changed docs for stale or overclaim wording.

Rollback

Remove the AgenticOrg tenant from COMMERCE_C6Z_AUTHORITY_SERVICE_TENANTS.
Rotate the service token if compromise is suspected.
Ask AgenticOrg to stop refreshing artifacts and mark affected cache records stale.
Leave existing historical artifacts reviewable for audit/export.
Publish an operator note with affected tenants, merchant ids, artifact families, and timestamps.

Refusal Copy

Use exact blockers: missing source evidence, stale artifact, unsafe executable request, provider capability missing, tenant not allowlisted, or authority temporarily unavailable.

OACP Integration Guide For AgenticOrg OACP Launch Readiness