Discovery Scope · Working Draft

Agentic Commerce Discovery — scope, gaps, and shared vocabulary

Discovering how AI agents can become trusted commercial actors — without every merchant, wallet, payment provider, and identity system inventing its own incompatible approach.

Why this discovery exists

Agentic commerce is being shipped faster than the surrounding standards can absorb it. This page maps where the gaps are, which existing protocols already cover parts of the stack, and what a discovery effort should actually take on.

Key idea

Agentic commerce is not one protocol — it is a stack. Identity, mandates, payment rails, merchant locks, receipts, and dispute evidence each need to interoperate. The point of discovery is to name the layers, find the gaps, and avoid each vendor inventing its own incompatible answer.

See the stackDiscovery areasWAUTH lensGlossary
MandatesCapabilitiesReceiptsIdentity & walletsPayment railsMerchant locksDisputesInteroperability
$3–5T
Projected global agentic commerce orchestration by 2030 (McKinsey)
4,700%
Growth in AI-driven traffic to U.S. retail sites in the past year
6+
Competing agentic payment protocols launched since September 2025

§02 · Visual overview

Three views of the agentic commerce stack

Before the detail, three diagrams: the layered stack and its gaps, the cross-cutting concerns that apply everywhere, and how the ten discovery areas map onto both.

Diagram 1

The stack and its gaps

The agentic commerce ecosystem has six functional layers. Most have at least one live standard. Several have competing standards. Post-purchase has almost none.

Agentic commerce reference stack with gap markersSix-layer reference architecture for agentic commerce showing existing protocols (teal), payment and identity primitives (purple), and gaps where standards are missing, fragmented, or immature (red dashed).Agentic commerce stackExisting standards vs. gaps for agentic commerce discoveryLive standardPrimitive in useGap1. Discovery and contextMCPTools and contextUCP manifests.well-known/ucpACP product feedStructured catalogGap: AEO normsNo ranking standard2. Agent-to-agent coordinationA2AGoogle, agent cardsANP / W3C AIAPIETF, W3C CGGap: negotiation semanticsNo shared negotiation or escalation rules3. Commerce interactionACPOpenAI and StripeUCPGoogle and ShopifyCapability negotiationMerchant profilesGap: ACP vs. UCPTwo competing shapes4. Identity, consent, and agent authorizationAP2 mandatesIntent, cart, paymentVisa TAPAgent signaturesVerifiable intentMastercard, GoogleFIDO, OIDC, W3C VCIdentity primitivesGap: Know Your Agent (KYA) registry and revocationGap: portable consent across protocols5. Payment execution and settlementShared tokensSPT, network tokensAgent PayMastercardx402 / MPPStablecoin railsEMV 3DS, SRCCard rails underneathGap: payment handler interoperability across ACP, UCP, AP2, x402, Agent Pay6. Post-purchase: returns, disputes, chargebacksGap: agent-accessible OMS APIsReturns, refunds, exchangesGap: dispute evidence and liabilityMandates as chargeback evidenceCross-cutting gaps: fraud signal interface, auditability across agent chains, KYA revocation, post-purchase recourse.Cross-cutting layers (traceability, observability, PCI DSS scope) apply at every level — not shown as separate rows.

How to readTeal = live standard to align with. Purple = primitive owned by an adjacent body (FIDO, EMVCo, card networks). Red dashed = gap — where discovery work has the most leverage.

Diagram 2

Cross-cutting concerns across the stack

Four concerns apply at every layer: fraud signaling, identity and trust, auditability, and PCI/data protection. Viewing the stack as a matrix shows where coverage exists and where it's missing.

Agentic commerce cross-cutting concerns mapped across stack layersMatrix showing how fraud signaling, identity and trust, auditability and traceability, and PCI and data protection apply at each of the six stack layers.Cross-cutting concerns across the stackWhich concerns have coverage at each layer, and where the gaps sitCoveredGapPartialFraud signalingIdentity and trustAuditabilityPCI and data1. DiscoveryManifests, feedsNo bot vs.agent signalAgent cards,TAP partialNo discoverylogging standardSchema.org,GDPR applies2. A2AcoordinationMulti-agentcollusion riskAgent cards,signed manifestsNo delegationchain logData leakagebetween agents3. CommerceinteractionStripe Radar,TAP signalsTAP signatures,session bindingCheckoutstate machineTokens replacecard data4. Identityand consentAgent modalityon mandatesFIDO, OIDC,W3C VCSigned mandateaudit trailNo minimizationrules for mandates5. PaymentexecutionNetworkfraud modelsTokens boundto agentProcessorlogsPCI DSS 4.0.1applies in full6. Post-purchaseReturn abuse,refund fraudNo user recallof agent intentNo disputepacket standardOMS APIsnot agent-readyWhere discovery work has the most leverageFraud signaling — define the interface payload (agent ID, mandate ref, modality) that fraud teamsneed across bot detection, TAP, network tokens, and post-purchase scoring.Auditability — specify a delegation chain log that survives A2A hops and satisfies EU AI Act,GDPR Article 22, and PCI DSS 10 without forcing merchants to log card data.Post-purchase — the full row is a gap. Agent-accessible OMS APIs, dispute packets built onmandates, and a liability framework are the highest-value outputs of this discovery work.

How to readTeal cells have coverage. Gray cells are partial. Red dashed cells are gaps. The post-purchase row is almost entirely red — that's the single largest opportunity.

Diagram 3

Discovery areas mapped to stack layers

The ten discovery areas divide into two groups: bullets that live on a single layer, and bullets that cross-cut the whole stack. The cross-cutting bullets are where the discovery output will be most original.

Discovery areas mapped to reference architecture layersThe ten discovery bullets on the left connected with lines to stack layers on the right.Discovery areas mapped to stack layersEach bullet's primary layer; cross-cutting bullets span severalDiscovery areasStack layers1. Common languageActors, roles, states, authority2. Gap analysisWhere systems aren't ready3. Agent-to-merchant interactionDiscovery, cart, checkout4. Consent and human oversightMandates, delegation, approval5. Fraud and risk signalsInterface payloads between parties6. Wallets, payments, railsAgent-facing payment exposure7. Post-purchaseReturns, refunds, disputes8. Reference architectureEnd-to-end composition9. Best practicesAccess, consent, auditability10. Adjacent-standard boundariesFIDO, OIDC, EMVCo, PCI, networksL1 Discovery and contextL2 A2A coordinationL3 Commerce interactionL4 Identity and consentL5 Payment executionL6 Post-purchaseCross-cuttingHow to read thisGreen lines = bullet maps to one primary layer (bullets 3, 4, 5, 6, 7).Purple lines = bullet is cross-cutting and applies across the whole stack (1, 2, 8, 9, 10).The five cross-cutting bullets are where the unique value lies — taxonomy, gap analysis,reference architecture, best practices, and scope boundaries are the glue between protocols.Single-layer bullets can mostly be discharged by aligning with existing protocol work (ACP, UCP,AP2, TAP, FIDO). Cross-cutting bullets are original discovery output.

How to readGreen lines connect bullets to their single primary layer. Purple lines are cross-cutting. The five cross-cutting bullets (1, 2, 8, 9, 10) are the anchor deliverables — taxonomy, gap analysis, reference architecture, best practices, and boundary statements.

§03 · Detail

The ten discovery areas

Below is each of the ten discovery areas in detail, with the existing standards to align with and the specific gaps to aim to close.

Actors converging across protocols
  • User / Buyer
  • Shopping Agent
  • Merchant
  • Merchant Agent
  • Payment Processor
  • Credentials Provider
  • Network / Issuer
Transaction modes
  • Human-Present (HP) and Human-Not-Present (HNP), from AP2.
Delegated authority encoded as “mandates”
  • Intent, Cart, and Payment Mandates as W3C Verifiable Credentials.
Autonomy ladder (borrowed from AWS)
  • human-approved → supervised → fully delegated under an Intent Mandate.

§04 · Adjacent authority layer

Where WAUTH fits into agentic commerce

The discovery work on this page paints the commerce landscape. WAUTH is not a replacement for that work; it is a candidate lock-and-receipt layer for the moments where an agent wants to transact and a relying party must decide whether the proof is sufficient.

Positioning

WAUTH defines the lock. HAPP defines the human return-point. Compatibility profiles let agentic commerce systems treat Verifiable Intent, AP2, ACP, UCP, network tokens, identity credentials, and future proofs as possible keys — while the merchant or doorkeeper still verifies a deterministic policy before execution.

Merchant locks

A commerce agent can discover products and build carts, but the merchant still needs a deterministic point where insufficient proof is refused and bounded authority is verified.

Human return-points

When intent, amount, merchant, recurrence, or risk exceeds a mandate, HAPP-style step-up can bring the human back without making every transaction manual.

Receipts and disputes

Agentic commerce needs evidence that distinguishes what the agent claimed from what the merchant, issuer, or network actually accepted and committed.

Preliminary investigations

The WAUTH work has explored merchant-led sandbox pilots where Verifiable Intent is treated as upstream commerce evidence, WAUTH remains the merchant lock, and HAPP is invoked only when policy or risk requires a human to return. That makes the intersection testable without requiring the broader commerce ecosystem to adopt a single protocol stack on day one.

WAUTH landscapeWAUTH commerce pilot

Guardrails

  • WAUTH is presented here as adjacent research, not as a deliverable of this discovery effort.
  • Commerce taxonomy, payment rails, merchant operations, and dispute policy remain the commerce domain.
  • WAUTH's contribution is the authority layer: how an RP asks for proof, verifies it, and records the outcome.

§04 · Reference

Glossary

Acronyms used throughout this document, alphabetized.

A2A
Agent-to-Agent protocol
Google-led protocol for direct agent-to-agent communication, including Agent Cards for capability discovery.
ABAC
Attribute-Based Access Control
Authorization model that grants access based on attributes of the subject, resource, and environment.
ACF
Agentic Commerce Framework
Emerging governance framework describing roles, responsibilities, and trust assumptions for agent-mediated commerce.
ACP
Agentic Checkout Protocol
Stripe/OpenAI-led REST protocol exposing Create, Update, Complete, and Cancel endpoints for agent checkout.
ADK
Agent Development Kit
SDKs and toolkits that ship agent runtimes, identity, and tool-calling primitives to developers.
AEO
Answer Engine Optimization
Practice of structuring product and merchant data so AI answer engines surface and transact against it correctly.
ANP
Agent Network Protocol
IETF-tracked protocol for agent identity, discovery, and routing across networks.
AP2
Agent Payments Protocol
Google-led protocol introducing Intent, Cart, and Payment Mandates as W3C Verifiable Credentials.
CP
Commerce Protocol
Generic term for protocols that mediate discovery, cart, checkout, and post-purchase between parties.
CSA
Cloud Security Alliance
Industry body publishing the Agentic Trust Framework and related agent governance guidance.
DCWG
Delegated Credentials Working Group
FIDO Alliance group (referenced as an external standards body) exploring how passkeys and credentials can be delegated to agents.
EMVCo
EMV Company
Standards body owned by the major card networks; stewards 3-D Secure, payment tokenization, and SRC.
FIDO
Fast Identity Online (Alliance)
Standards body for passwordless authentication, including WebAuthn and passkeys.
GDPR
General Data Protection Regulation
EU regulation on personal data; agents do not bypass its data minimization and consent requirements.
HITL
Human-in-the-Loop
Pattern where a human must approve or review specific agent actions before they execute.
HNP
Human-Not-Present
Transaction mode (from AP2) where the agent acts under a prior mandate, with no live human at execution time.
HP
Human-Present
Transaction mode (from AP2) where a human is live in the loop at the moment of payment.
IMDA
Infocomm Media Development Authority
Singapore regulator publishing early agentic-commerce governance frameworks.
KYA
Know Your Agent
Proposed companion to KYC: cryptographic identity, provenance, and accountability for software agents.
MCP
Model Context Protocol
Anthropic-led protocol for exposing tools, resources, and prompts to LLM-based agents.
MPP
Machine Payments Protocol
Stripe protocol targeting pure agent-to-service payments without a human-facing checkout.
OIDC
OpenID Connect
Identity layer on top of OAuth 2.0; foundation for agent identity federation work at the OpenID Foundation.
PBAC
Policy-Based Access Control
Authorization model in which access decisions are evaluated against declarative policies.
PCI DSS
Payment Card Industry Data Security Standard
Security standard for handling cardholder data; applies in full to agent-mediated flows.
PSP
Payment Service Provider
Entity that processes payments on behalf of merchants, often the integration point for agent checkout.
RBAC
Role-Based Access Control
Authorization model granting permissions based on the role assigned to an agent or user.
SA
Shopping Agent
Agent acting on behalf of a buyer to discover, compare, and purchase goods or services.
SPT
Shared Payment Token
Stripe primitive carrying tokenized payment data plus Radar risk signals across agent flows.
SRC
Secure Remote Commerce
EMVCo specification standardizing the online checkout button experience across networks.
TAP
Trusted Agent Protocol
Visa-led protocol carrying agent identity signatures, consumer recognition, and payment info to merchants and issuers.
UCP
Universal Commerce Protocol
Shopify-led protocol for merchant manifests, capability negotiation, and pluggable payment handlers.
VC
Verifiable Credential
W3C standard for cryptographically verifiable claims; the substrate for AP2 mandates.
W3C
World Wide Web Consortium
Standards body stewarding Verifiable Credentials, WebAuthn, and other web-facing specs.
WebAuthn
Web Authentication
W3C/FIDO specification for public-key authentication in browsers and clients.
x402
x402 payment protocol
Coinbase-led protocol re-using HTTP 402 to expose stablecoin and machine-native payments to agents.