RFC 0037: UCP Commerce Adapter
Status: Draft Author(s): T. Fengler (Editor) Working Group: Commercial Layer Created: 2026-05-26 Targets: 1.2 Extends: RFC 0013, RFC 0014, RFC 0032 Affects: RFC 0001 (Sessions), RFC 0004 (Delegation), RFC 0006 (Scope Policy), RFC 0007 (CCC), RFC 0009 (Reputation), RFC 0013 (Commerce Models), RFC 0014 (Commerce Primitives), RFC 0032 (Payment Instrument Adapter Protocol).
1. Summary
This RFC defines a normative adapter specification that bridges the Universal Commerce Protocol (UCP, Google, January 2026, co-developed with Shopify, Etsy, Walmart, and Target) into the Open Agent Protocol's governance, trust, and accountability layer. UCP provides modular capabilities for catalog discovery, cart management, checkout, and order lifecycle across a growing ecosystem of major retailers and marketplaces. OAP provides policy enforcement, procurement intent flows, hash-chained receipts, confidentiality contexts, and payment instrument governance. The adapter maps UCP Capability Profiles to OAP Tool Manifests, UCP catalog items to OAP Actions, UCP cart operations to OAP procurement flows, UCP checkout to the OAP Procurement Intent / Offer / Acceptance lifecycle of RFC 0013, UCP order events to OAP Receipts, and applies OAP's four-layer Policy Engine and Confidentiality and Compliance Context (CCC) to every UCP operation. The result is that OAP agents can transact across the UCP merchant ecosystem with full spend governance, jurisdiction enforcement, audit trails, and privacy controls, while UCP merchants can accept orders from OAP agents without modification to their UCP implementation.
2. Motivation
2.1 The Merchant Integration Problem
Before UCP, an autonomous agent that needed to purchase a physical product from Shopify, Walmart, Target, or Etsy had two options: invoke a proprietary API unique to each retailer, or scrape the retailer's human-facing web interface. Both approaches are fragile, non-standardized, and invisible to the OAP accountability layer. Proprietary APIs require per-merchant integration work. Scraping violates terms of service, produces unreliable structured data, and cannot generate the signed receipts that OAP requires for every commercial transaction.
UCP eliminates the merchant-side fragmentation by defining a single protocol surface for catalog discovery, cart operations, checkout, and order lifecycle across all participating merchants. As of January 2026, UCP is supported by Shopify, Etsy, Walmart, and Target, representing a material share of English-language e-commerce transaction volume. UCP is transport-agnostic: merchants may expose their UCP capabilities through REST (OpenAPI), MCP, or A2A.
2.2 The Governance Gap
UCP defines a commerce lifecycle but does not define a governance layer. A UCP cart can be created, items added, and checkout initiated without any policy evaluation, spending limit enforcement, jurisdiction check, or audit trail. For an OAP agent operating under a principal's Mandate (RFC 0032), Scope Policy (RFC 0006), and CCC (RFC 0007), this governance gap is unacceptable. Every item added to a cart is a potential spending commitment. Every checkout is a financial transaction that must satisfy the principal's spending limits, the agent's jurisdiction constraints, and the organization's information barrier policies.
This RFC bridges that gap by defining the normative mapping between UCP lifecycle events and OAP governance primitives, ensuring that no UCP transaction executes without passing through the OAP Policy Engine.
2.3 The B2B Commerce Opportunity
UCP was designed primarily for consumer commerce, but UCP merchants increasingly serve B2B procurement channels. An OAP agent acting on behalf of an organization that is subject to Chinese Wall obligations (RFC 0007 section 4), NDA enforcement, or procurement approval workflows must apply the CCC to every UCP transaction. This RFC defines the CCC integration for B2B UCP commerce, ensuring that product selection, pricing information, and supplier identity are compartmentalized according to the organization's information barrier policies.
2.4 The Multi-Merchant Cart Problem
A single user intent — "buy school supplies for the semester" — may resolve to items from multiple UCP merchants. Each merchant has a different UCP Capability Profile, different shipping policies, different return windows, and different jurisdictions. The OAP Policy Engine must evaluate each merchant independently while presenting a unified procurement experience to the principal. This RFC defines the multi-merchant cart governance model.
3. Specification
3.1 Terminology
The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in RFC 2119 and RFC 8174.
A UCP Capability Profile is the structured document published by a UCP merchant that declares the UCP capabilities the merchant supports, the transport mechanisms available, and the merchant's identity and policy metadata. The Capability Profile is the UCP analog of the OAP Manifest.
A UCP Cart is a lightweight, mutable data structure representing a collection of items from one or more UCP merchants that a consumer or agent is considering for purchase. A Cart is not a commitment; it is a workspace for exploration. Cart operations include add, update, remove, and clear.
A UCP Checkout is the process by which a Cart transitions into a binding purchase. Checkout separates payment instruments from payment handlers: the consumer selects how to pay (instrument) and the merchant routes the payment through the appropriate handler. In the OAP adapter, checkout maps to the Procurement Intent / Offer / Acceptance flow of RFC 0013.
A UCP Order is the post-purchase entity representing a confirmed transaction. Orders carry lifecycle events including confirmation, shipment, delivery, return initiation, return completion, refund, and support interaction.
A Merchant of Record is the legal entity responsible for the sale, including tax collection, consumer protection compliance, and dispute resolution. In multi-merchant carts, each item has a distinct Merchant of Record.
A UCP Catalog Item is a structured product or service record published through the UCP catalog capability (dev.ucp.shopping.catalog), containing real-time inventory, pricing, variant data, and merchant identity.
A Cart Policy Evaluation is the process by which the OAP Policy Engine evaluates all four policy layers (Principal Policy, Organization Policy, Regulatory Policy, and Platform Policy) against a UCP cart before permitting checkout.
3.2 UCP Capability Profile to OAP Tool Manifest Mapping
A conforming adapter MUST translate a UCP Capability Profile into an OAP Tool Manifest. The mapping is defined as follows.
The UCP Capability Profile's merchant.name field maps to the OAP Manifest tool.name field. The UCP merchant.did or merchant.id maps to tool.did. The UCP merchant.legal_entity maps to tool.publisher.legal_name. The UCP capabilities array maps to the OAP actions array, with each UCP capability generating one or more OAP Actions as specified in Section 3.3.
The UCP transport array maps to endpoints.invoke: the adapter selects the highest priority transport (REST preferred, then MCP, then A2A) and constructs the invoke URL accordingly. The UCP policies.return_window_days maps to trust.return_window_days. The UCP policies.jurisdictions maps to jurisdictions.
The OAP Manifest MUST include the following fields that have no UCP equivalent and MUST be populated with conservative defaults:
risk_class:"limited"for standard retail merchants,"high"for merchants selling regulated goods.data_policy.stores_principal_data:true(UCP merchants store order data).data_policy.retention_days:730(two years, the minimum for tax record retention in most jurisdictions).data_policy.shares_with_third_parties:true(merchants share with payment processors and logistics providers).
The reverse mapping, from OAP Manifest to UCP Capability Profile, MUST produce a valid UCP Capability Profile that declares dev.ucp.shopping.catalog for any OAP Action that returns product data, dev.ucp.shopping.cart for any Action with side_effects: "external" and a commerce-related category, dev.ucp.shopping.checkout for any Action that involves a Procurement Intent, and dev.ucp.shopping.order for any Action that returns order status or tracking data.
3.3 UCP Catalog to OAP Discovery Plane Integration
A UCP merchant that declares the dev.ucp.shopping.catalog capability MUST be mapped to an OAP Action with the following structure:
- Action
id:ucp_catalog_search - Action
summary: Derived from the merchant's catalog description. - Action
input_schema: A JSON Schema acceptingquery(string),category(string),price_min(number),price_max(number),currency(ISO 4217 string), andpage_token(string). - Action
output_schema: A JSON Schema returning an array of catalog items withitem_id,title,description,price,currency,availability,merchant_id,variants, andimages. - Action
side_effects:"none"(catalog search is read-only). - Action
idempotent:true.
Each individual UCP catalog item MAY additionally be mapped to a standalone OAP Action with id derived from the item's GTIN, SKU, or merchant-specific identifier, enabling agents to invoke product-level queries directly.
3.4 UCP Cart CRUD to OAP Actions Mapping
The UCP cart capability (dev.ucp.shopping.cart) exposes four operations: add item, update item quantity, remove item, and clear cart. Each operation MUST be mapped to an OAP Action.
Add Item Action:
id:ucp_cart_add_itemside_effects:"external"idempotent:falseinput_schema: Acceptscart_id(string, optional for new carts),item_id(string),quantity(integer),variant_id(string, optional), andmerchant_id(string).output_schema: Returns the updated cart state.
Update Item Action:
id:ucp_cart_update_itemside_effects:"external"idempotent:trueinput_schema: Acceptscart_id,line_item_id, andquantity.
Remove Item Action:
id:ucp_cart_remove_itemside_effects:"external"idempotent:true
Clear Cart Action:
id:ucp_cart_clearside_effects:"external"idempotent:true
Every cart mutation MUST trigger a Cart Policy Evaluation (Section 3.8) before the mutation is forwarded to the UCP merchant. If the policy evaluation fails, the adapter MUST reject the operation and return an OAP error envelope with the violated policy rule.
3.5 UCP Checkout to OAP Procurement Intent / Offer / Acceptance Flow
The UCP checkout capability (dev.ucp.shopping.checkout) transitions a cart into a purchase. In the OAP adapter, this transition is mediated by the RFC 0013 Procurement Intent / Offer / Acceptance flow.
Step 1: Cart to Procurement Intent. When an agent requests checkout for a UCP cart, the adapter MUST construct an OAP Procurement Intent from the cart contents. The Intent MUST include:
intent_id: A unique identifier generated by the adapter.principal_did: The principal on whose behalf the agent is purchasing.agent_did: The agent initiating the checkout.category:"physical_goods","digital_goods", or"mixed"depending on cart contents.constraints: Derived from the principal's policy, includingmax_budget,delivery_deadline,allowed_jurisdictions, andrequired_return_policy.line_items: Each cart line item mapped to a structured item descriptor withitem_id,title,quantity,unit_price,currency,merchant_did, andmerchant_name.total_amount: The sum of all line items.
The Procurement Intent MUST carry the constraints from the principal's active Payment Mandate (RFC 0032). If the total amount exceeds the Mandate's max_single_payment, the adapter MUST split the Intent into per-merchant sub-Intents that each fall within the payment constraint.
Step 2: UCP Checkout Response to OAP Offer. The UCP checkout response, which includes confirmed pricing, shipping options, tax calculation, and estimated delivery date, MUST be mapped to an OAP Offer. The Offer MUST include:
offer_id: Derived from the UCP checkout session identifier.intent_ref: Theintent_idfrom Step 1.provider_did: The Merchant of Record's DID.price: The confirmed total including tax and shipping.currency: ISO 4217 code.delivery_commitment: Mapped from UCP estimated delivery.validity_window: The UCP checkout session expiry, capped at 60 minutes per RFC 0032.return_policy: Mapped from the merchant's UCP policy declarations.
Step 3: Agent Commits OAP Acceptance. The agent evaluates the Offer against the principal's policy (Section 3.8) and, if the Offer satisfies all constraints, issues an OAP Acceptance. The Acceptance triggers the Payment Session flow of RFC 0032 section 3.4. The adapter translates the Acceptance into a UCP checkout confirmation, including the payment instrument details negotiated through the OAP Payment Instrument Adapter.
The adapter MUST generate an OAP Receipt of type procurement_acceptance for the Acceptance and chain it to the agent's Receipt chain.
3.6 UCP Order Events to OAP Receipt Chain Integration
Each UCP order lifecycle event MUST be mapped to an OAP Receipt and chained to the agent's Receipt chain. The mapping is:
| UCP Order Event | OAP Receipt Type | Description |
|---|---|---|
order.confirmed | commerce_order_confirmed | Order placed and confirmed by merchant. |
order.shipped | commerce_order_shipped | Shipment dispatched with tracking reference. |
order.delivered | commerce_order_delivered | Delivery confirmed by carrier or recipient. |
order.return_initiated | commerce_return_initiated | Return request submitted. |
order.return_completed | commerce_return_completed | Return received and processed by merchant. |
order.refunded | commerce_refund_issued | Refund settled through payment instrument. |
order.cancelled | commerce_order_cancelled | Order cancelled before shipment. |
order.support_opened | commerce_support_opened | Support ticket opened for order. |
Each Receipt MUST include:
receipt_id: Generated by the adapter.receipt_type: From the table above.timestamp: ISO 8601 timestamp of the event.principal_did: The purchasing principal.agent_did: The purchasing agent.merchant_did: The Merchant of Record.order_ref: The UCP order identifier.event_data: The full UCP event payload.prev_hash: SHA-256 hash of the previous Receipt in the chain.signature: EdDSA signature by the agent.
The adapter MUST maintain a per-principal Receipt chain. Each new Receipt's prev_hash field MUST reference the SHA-256 hash of the immediately preceding Receipt. This produces a hash-chained, tamper-evident audit trail of the entire commerce lifecycle.
3.7 OAP Policy Engine Enforcement on UCP Operations
The OAP Policy Engine evaluates four layers of policy on every UCP operation. The adapter MUST enforce all four layers before forwarding any UCP request to the merchant.
Layer 1: Principal Policy. The principal's personal policy, typically set through a dashboard or natural language delegation, constrains spending limits, allowed product categories, blocked merchants, preferred shipping methods, and environmental criteria. The adapter MUST evaluate the principal's policy before every cart mutation and before checkout.
Layer 2: Organization Policy. For agents acting on behalf of an organization (B2B procurement), the organization's procurement policy constrains approved suppliers, budget codes, approval workflows, and NDA-governed supplier lists. The adapter MUST evaluate the organization policy and MUST escalate to a human approver if the policy requires approval for the transaction amount or category.
Layer 3: Regulatory Policy. The adapter MUST evaluate jurisdiction-specific regulatory constraints. These include:
- Sanctions screening: The adapter MUST check the merchant's DID and legal entity name against OFAC, EU Consolidated, and UN sanctions lists before permitting checkout.
- Import/export restrictions: The adapter MUST verify that the product category is permitted for cross-border purchase between the agent's jurisdiction and the merchant's jurisdiction.
- Consumer protection: The adapter MUST verify that the merchant's return policy meets the minimum requirements of the principal's jurisdiction (14 days for EU consumers per the Consumer Rights Directive).
Layer 4: Platform Policy. The OAP platform operator's baseline policy, which sets minimum requirements for merchant verification, payment instrument requirements, and dispute resolution capabilities.
A policy violation at any layer MUST halt the UCP operation and return a structured error to the agent. The error MUST include the violated policy layer, the specific rule that was violated, and a human-readable explanation.
3.8 Cart Policy Evaluation for Multi-Merchant Carts
When a UCP cart contains items from multiple merchants, the adapter MUST perform a per-merchant policy evaluation. Each merchant is evaluated independently against all four policy layers. The adapter MUST:
- Group cart line items by Merchant of Record.
- For each merchant group, evaluate the merchant's identity against the principal's allowed/blocked merchant lists.
- For each merchant group, evaluate the subtotal against the principal's per-merchant spending limits if declared.
- For each merchant group, evaluate the merchant's jurisdiction against the principal's allowed jurisdictions.
- Aggregate the results. If any merchant group fails policy evaluation, the adapter MUST reject the entire checkout or, if the principal's policy permits partial checkout, remove the failing merchant's items and proceed with the remaining items.
The Cart Policy Evaluation MUST produce a structured policy report that lists each merchant, the evaluation result (pass or fail), and the specific policy rules that were evaluated.
3.9 OAP CCC Integration for B2B Commerce
When an OAP agent operates under a Confidentiality and Compliance Context (CCC, RFC 0007), the adapter MUST enforce information barriers on UCP commerce operations.
Chinese Wall Enforcement. If the CCC declares that the agent MUST NOT access pricing or product information from a specific supplier (for example, because the agent's organization is involved in a competitive bidding process with that supplier), the adapter MUST filter the supplier's products from catalog search results and MUST reject any attempt to add the supplier's products to a cart.
NDA Enforcement for B2B Procurement. If the CCC declares that product selection and pricing information for a specific procurement are subject to a non-disclosure agreement, the adapter MUST NOT include product names, prices, or supplier identities in any Receipt or log entry that is visible outside the CCC boundary. The Receipt MUST instead carry a redacted reference with a CCC-controlled decryption key that only authorized parties can use to reveal the details.
Information Barrier Compartmentalization. For organizations with multiple procurement teams operating under different CCC contexts, the adapter MUST maintain separate cart namespaces per CCC context. Items added to a cart under CCC context A MUST NOT be visible to agents operating under CCC context B, even if both agents act on behalf of the same organization.
3.10 Receipt Generation for UCP Lifecycle Events
Every UCP lifecycle event that passes through the adapter MUST produce an OAP Receipt. The Receipt generation rules are:
- Cart creation: Receipt type
commerce_cart_created, no financial commitment. - Cart item addition: Receipt type
commerce_cart_item_added, includes item details and running cart total. - Cart item removal: Receipt type
commerce_cart_item_removed. - Checkout initiation: Receipt type
commerce_checkout_initiated, includes Procurement Intent reference. - Offer received: Receipt type
commerce_offer_received, includes Offer details and validity window. - Acceptance committed: Receipt type
procurement_acceptance, includes Settlement Reference from RFC 0032. - Order events: As defined in Section 3.6.
All Receipts MUST be hash-chained. The adapter MUST maintain the chain tip and MUST include the prev_hash in every new Receipt. The chain tip MUST be persisted durably.
3.11 Schema
3.11.1 UCP Capability Profile to OAP Manifest Mapping Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://open-agent-protocol.org/schemas/v1.2/oap-ucp-manifest-mapping.schema.json",
"title": "OAP-UCP Manifest Mapping",
"type": "object",
"properties": {
"ucp_profile_id": { "type": "string" },
"oap_manifest_id": { "type": "string" },
"capability_mappings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"ucp_capability": { "type": "string", "pattern": "^dev\\.ucp\\." },
"oap_action_ids": { "type": "array", "items": { "type": "string" } }
},
"required": ["ucp_capability", "oap_action_ids"]
}
},
"transport_selected": { "type": "string", "enum": ["rest", "mcp", "a2a"] }
},
"required": ["ucp_profile_id", "oap_manifest_id", "capability_mappings", "transport_selected"]
}
3.11.2 UCP Cart Policy Evaluation Report Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://open-agent-protocol.org/schemas/v1.2/oap-ucp-cart-policy-report.schema.json",
"title": "Cart Policy Evaluation Report",
"type": "object",
"properties": {
"cart_id": { "type": "string" },
"evaluation_timestamp": { "type": "string", "format": "date-time" },
"overall_result": { "type": "string", "enum": ["pass", "fail", "partial"] },
"merchant_evaluations": {
"type": "array",
"items": {
"type": "object",
"properties": {
"merchant_did": { "type": "string" },
"merchant_name": { "type": "string" },
"result": { "type": "string", "enum": ["pass", "fail"] },
"subtotal": { "type": "string" },
"currency": { "type": "string" },
"policy_results": {
"type": "array",
"items": {
"type": "object",
"properties": {
"layer": { "type": "string", "enum": ["principal", "organization", "regulatory", "platform"] },
"rule_id": { "type": "string" },
"result": { "type": "string", "enum": ["pass", "fail"] },
"detail": { "type": "string" }
},
"required": ["layer", "rule_id", "result"]
}
}
},
"required": ["merchant_did", "result", "subtotal", "currency", "policy_results"]
}
}
},
"required": ["cart_id", "evaluation_timestamp", "overall_result", "merchant_evaluations"]
}
3.12 Wire Format
3.12.1 UCP Capability Profile (Input)
{
"profile_version": "1.0",
"merchant": {
"id": "merchant_shopify_acme_running",
"name": "ACME Running Gear",
"legal_entity": "ACME Sports GmbH",
"did": "did:web:acme-running.example",
"jurisdiction": "DE"
},
"capabilities": [
"dev.ucp.shopping.catalog",
"dev.ucp.shopping.cart",
"dev.ucp.shopping.checkout",
"dev.ucp.shopping.order"
],
"transport": [
{ "type": "rest", "base_url": "https://api.acme-running.example/ucp/v1" },
{ "type": "mcp", "endpoint": "https://api.acme-running.example/mcp" }
],
"policies": {
"return_window_days": 30,
"jurisdictions": ["DE", "AT", "CH"],
"accepted_currencies": ["EUR", "CHF"],
"shipping_regions": ["EU", "CH"]
}
}
3.12.2 Generated OAP Manifest (Output)
{
"oap_version": "1.0",
"tool": {
"id": "ucp-acme-running-gear",
"did": "did:web:acme-running.example",
"name": "ACME Running Gear",
"version": "1.0.0",
"publisher": {
"did": "did:web:acme-running.example",
"legal_name": "ACME Sports GmbH",
"verified": false
},
"categories": ["commerce", "retail", "physical_goods"],
"description_for_humans": "OAP interface for ACME Running Gear via UCP.",
"description_for_agents": "Provides OAP-governed access to the ACME Running Gear UCP merchant. Supports catalog search, cart management, checkout with Procurement Intent flow, and order lifecycle tracking. All operations are subject to OAP Policy Engine enforcement."
},
"endpoints": {
"invoke": "https://api.acme-running.example/ucp/v1",
"audit": "https://api.acme-running.example/oap/audit",
"data_delete": "https://api.acme-running.example/oap/data/delete",
"incident": "https://api.acme-running.example/oap/incident"
},
"auth": [{ "method": "api_key" }],
"actions": [
{
"id": "ucp_catalog_search",
"version": "1.0.0",
"summary": "Search the ACME Running Gear product catalog.",
"description_for_agents": "Searches the ACME Running Gear catalog via UCP. Returns real-time inventory, pricing, and variant data. Read-only, no side effects.",
"input_schema": {
"type": "object",
"properties": {
"query": { "type": "string" },
"category": { "type": "string" },
"price_min": { "type": "number" },
"price_max": { "type": "number" },
"currency": { "type": "string" },
"page_token": { "type": "string" }
}
},
"output_schema": {
"type": "object",
"properties": {
"items": {
"type": "array",
"items": {
"type": "object",
"properties": {
"item_id": { "type": "string" },
"title": { "type": "string" },
"price": { "type": "string" },
"currency": { "type": "string" },
"availability": { "type": "string" },
"merchant_id": { "type": "string" }
}
}
},
"next_page_token": { "type": "string" }
}
},
"side_effects": "none",
"idempotent": true,
"rate_limit": { "rpm": 120, "concurrent": 10 },
"data_classes_in": [],
"data_classes_out": ["product_catalog"],
"examples": [
{
"input": { "query": "running shoes size 43", "currency": "EUR" },
"output": { "items": [{ "item_id": "SKU-RUN-43-BLK", "title": "ACME ProRunner 43 Black", "price": "89.99", "currency": "EUR", "availability": "in_stock", "merchant_id": "merchant_shopify_acme_running" }] },
"description": "Search for running shoes in size 43."
}
]
},
{
"id": "ucp_cart_add_item",
"version": "1.0.0",
"summary": "Add an item to the UCP shopping cart.",
"description_for_agents": "Adds a product to the ACME Running Gear cart via UCP. Subject to OAP policy evaluation before execution.",
"input_schema": {
"type": "object",
"properties": {
"cart_id": { "type": "string" },
"item_id": { "type": "string" },
"quantity": { "type": "integer", "minimum": 1 },
"variant_id": { "type": "string" },
"merchant_id": { "type": "string" }
},
"required": ["item_id", "quantity"]
},
"output_schema": { "type": "object" },
"side_effects": "external",
"idempotent": false,
"rate_limit": { "rpm": 60, "concurrent": 5 },
"data_classes_in": ["product_selection"],
"data_classes_out": ["cart_state"],
"examples": [
{
"input": { "item_id": "SKU-RUN-43-BLK", "quantity": 1, "merchant_id": "merchant_shopify_acme_running" },
"output": { "cart_id": "cart_abc123", "items": [{ "line_item_id": "li_001", "item_id": "SKU-RUN-43-BLK", "quantity": 1, "unit_price": "89.99", "currency": "EUR" }], "total": "89.99", "currency": "EUR" },
"description": "Add running shoes to cart."
}
]
},
{
"id": "ucp_checkout",
"version": "1.0.0",
"summary": "Initiate checkout for the UCP cart.",
"description_for_agents": "Converts the UCP cart into an OAP Procurement Intent and initiates the Offer/Acceptance flow. Triggers full policy evaluation and Payment Session creation under RFC 0032.",
"input_schema": {
"type": "object",
"properties": {
"cart_id": { "type": "string" },
"shipping_address": { "type": "object" },
"payment_mandate_id": { "type": "string" }
},
"required": ["cart_id"]
},
"output_schema": { "type": "object" },
"side_effects": "external",
"idempotent": false,
"rate_limit": { "rpm": 10, "concurrent": 2 },
"data_classes_in": ["cart_state", "shipping_address", "payment_mandate"],
"data_classes_out": ["procurement_intent", "offer", "order"],
"examples": [
{
"input": { "cart_id": "cart_abc123", "payment_mandate_id": "urn:oap:mandate:2026-05-26-001" },
"output": { "order_id": "ord_xyz789", "status": "confirmed", "total": "89.99", "currency": "EUR", "estimated_delivery": "2026-05-30" },
"description": "Checkout cart with OAP-governed payment."
}
]
},
{
"id": "ucp_order_status",
"version": "1.0.0",
"summary": "Get the current status of a UCP order.",
"description_for_agents": "Retrieves the lifecycle status and tracking information for a confirmed UCP order.",
"input_schema": {
"type": "object",
"properties": {
"order_id": { "type": "string" }
},
"required": ["order_id"]
},
"output_schema": { "type": "object" },
"side_effects": "none",
"idempotent": true,
"rate_limit": { "rpm": 120, "concurrent": 10 },
"data_classes_in": [],
"data_classes_out": ["order_status"],
"examples": [
{
"input": { "order_id": "ord_xyz789" },
"output": { "order_id": "ord_xyz789", "status": "shipped", "tracking_number": "DHL-123456789", "estimated_delivery": "2026-05-30" },
"description": "Check order tracking status."
}
]
}
],
"sla": {
"uptime_target": 0.99,
"latency_p95_ms": 3000,
"max_call_duration_ms": 30000,
"regions": ["eu-west"],
"incident_disclosure_within_hours": 72
},
"trust": {
"publisher_verified": false,
"data_residency": ["EU"],
"gdpr_compliant": true,
"return_window_days": 30
},
"data_policy": {
"stores_principal_data": true,
"retention_days": 730,
"shares_with_third_parties": true,
"training_on_principal_data": "never",
"deletion_endpoint": "/oap/data/delete",
"lawful_bases": ["contract", "legal_obligation"]
},
"risk_class": "limited",
"jurisdictions": ["DE", "AT", "CH"],
"governance": {
"dispute_resolution_url": "https://acme-running.example/legal/disputes",
"contact_email": "compliance@acme-running.example"
}
}
3.12.3 UCP Cart to OAP Procurement Intent (Checkout Direction)
{
"intent_id": "urn:oap:intent:ucp-cart-abc123-2026-05-26",
"oap_version": "1.0",
"timestamp": "2026-05-26T10:30:00Z",
"principal_did": "did:web:alice.example",
"agent_did": "did:web:alice-agent.example",
"category": "physical_goods",
"constraints": {
"max_budget": { "amount": "200.00", "currency": "EUR" },
"delivery_deadline": "2026-06-01T23:59:59Z",
"allowed_jurisdictions": ["DE", "AT", "CH"],
"required_return_policy": { "min_days": 14 }
},
"line_items": [
{
"item_id": "SKU-RUN-43-BLK",
"title": "ACME ProRunner 43 Black",
"quantity": 1,
"unit_price": "89.99",
"currency": "EUR",
"merchant_did": "did:web:acme-running.example",
"merchant_name": "ACME Running Gear"
}
],
"total_amount": { "value": "89.99", "currency": "EUR" },
"mandate_ref": "urn:oap:mandate:2026-05-26-001",
"signature": {
"alg": "EdDSA",
"kid": "did:web:alice-agent.example#key-1",
"value": ""
}
}
3.12.4 OAP Offer from UCP Checkout Response
{
"offer_id": "urn:oap:offer:acme-running-chk-sess-001",
"intent_ref": "urn:oap:intent:ucp-cart-abc123-2026-05-26",
"provider_did": "did:web:acme-running.example",
"provider_name": "ACME Sports GmbH",
"price": { "value": "94.98", "currency": "EUR" },
"price_breakdown": {
"subtotal": "89.99",
"shipping": "4.99",
"tax": "0.00",
"currency": "EUR"
},
"delivery_commitment": {
"method": "standard_shipping",
"carrier": "DHL",
"estimated_delivery": "2026-05-30T18:00:00Z"
},
"return_policy": {
"window_days": 30,
"free_returns": true,
"conditions": "Original packaging required."
},
"validity_window": {
"not_before": "2026-05-26T10:30:00Z",
"not_after": "2026-05-26T11:30:00Z"
},
"ucp_checkout_session_id": "chk_sess_001",
"signature": {
"alg": "EdDSA",
"kid": "did:web:acme-running.example#key-1",
"value": ""
}
}
3.12.5 UCP Order Event to OAP Receipt
{
"receipt_id": "urn:oap:receipt:ucp-ord-xyz789-shipped",
"receipt_type": "commerce_order_shipped",
"oap_version": "1.0",
"timestamp": "2026-05-27T14:00:00Z",
"principal_did": "did:web:alice.example",
"agent_did": "did:web:alice-agent.example",
"merchant_did": "did:web:acme-running.example",
"order_ref": "ord_xyz789",
"event_data": {
"ucp_event_type": "order.shipped",
"tracking_number": "DHL-123456789",
"carrier": "DHL",
"shipped_items": [
{ "item_id": "SKU-RUN-43-BLK", "quantity": 1 }
],
"estimated_delivery": "2026-05-30T18:00:00Z"
},
"prev_hash": "sha256:a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
"signature": {
"alg": "EdDSA",
"kid": "did:web:alice-agent.example#key-1",
"value": ""
}
}
3.12.6 Cart Policy Evaluation Report
{
"cart_id": "cart_multi_001",
"evaluation_timestamp": "2026-05-26T10:25:00Z",
"overall_result": "partial",
"merchant_evaluations": [
{
"merchant_did": "did:web:acme-running.example",
"merchant_name": "ACME Running Gear",
"result": "pass",
"subtotal": "89.99",
"currency": "EUR",
"policy_results": [
{ "layer": "principal", "rule_id": "spending_limit", "result": "pass" },
{ "layer": "principal", "rule_id": "blocked_merchants", "result": "pass" },
{ "layer": "regulatory", "rule_id": "sanctions_screening", "result": "pass" },
{ "layer": "regulatory", "rule_id": "import_restrictions", "result": "pass" },
{ "layer": "platform", "rule_id": "merchant_verified", "result": "pass" }
]
},
{
"merchant_did": "did:web:restricted-supplier.example",
"merchant_name": "Restricted Supplier Inc.",
"result": "fail",
"subtotal": "45.00",
"currency": "EUR",
"policy_results": [
{ "layer": "principal", "rule_id": "spending_limit", "result": "pass" },
{ "layer": "organization", "rule_id": "approved_supplier_list", "result": "fail", "detail": "Merchant not on approved supplier list for procurement category 'office_supplies'." },
{ "layer": "regulatory", "rule_id": "sanctions_screening", "result": "pass" }
]
}
]
}
4. Backward Compatibility
This RFC introduces new adapter behavior and does not modify any existing OAP Core structures. Existing OAP v1.0 implementations that do not interact with UCP merchants remain fully conformant. The UCP adapter is an additive capability: agents that adopt the adapter gain UCP commerce access; agents that do not adopt it are unaffected.
The adapter produces standard OAP Manifests, Actions, Procurement Intents, Offers, Acceptances, and Receipts. No new envelope types are introduced. The receipt_type values defined in Section 3.6 (e.g., commerce_order_shipped) are new string constants but are carried in the existing Receipt schema's receipt_type field, which is typed as a string and does not require schema modification.
UCP merchants require no modification to support OAP agents. The adapter translates between the two protocols at the agent's boundary.
5. Security Considerations
Merchant Identity Verification. A UCP Capability Profile does not inherently prove the merchant's identity. An adversary could publish a UCP profile claiming to be a major retailer and redirect payments to their own account. The adapter MUST resolve the merchant's DID and verify that the DID Document includes a service entry pointing to the UCP profile URL. Agents SHOULD prefer merchants whose DID is verified through the OAP Registry (RFC 0026).
Cart Manipulation. Between the time an agent adds items to a UCP cart and the time of checkout, the merchant could alter prices or substitute items. The adapter mitigates this by capturing a snapshot of the cart at checkout initiation and comparing it to the UCP checkout response. If any item price has increased by more than 1% or any item has been substituted, the adapter MUST reject the checkout and notify the agent.
Payment Redirect. A compromised UCP transport could redirect the checkout payment to a different recipient. The adapter mitigates this by validating that the payment counterparty DID in the OAP Payment Session matches the merchant DID declared in the UCP Capability Profile and verified through the DID Document.
Replay of Order Events. A malicious actor could replay UCP order events to generate spurious Receipts. The adapter MUST deduplicate order events by the combination of order_id and event_type. Duplicate events MUST be rejected.
Multi-Merchant Cross-Contamination. In multi-merchant carts, a malicious merchant could attempt to read another merchant's items or pricing. The adapter MUST ensure that each merchant receives only the line items pertaining to their products during the checkout flow.
6. Privacy Considerations
Product Preferences as Personal Data. The products an agent searches for and adds to a cart constitute personal data under GDPR Article 4(1). The adapter MUST apply the data minimization principle: catalog search queries SHOULD NOT include personally identifying information beyond what is necessary for the search (e.g., shoe size is necessary; the principal's name is not).
Cart Contents as Behavioral Data. The contents of a UCP cart reveal information about the principal's purchasing intentions, financial capacity, and lifestyle preferences. The adapter MUST NOT share cart contents with any party other than the Merchant of Record for the items in the cart. In multi-merchant carts, each merchant MUST receive only its own line items.
Order History as Sensitive Data. The OAP Receipt chain for UCP transactions constitutes a comprehensive purchase history. The adapter MUST classify this data as personal data subject to GDPR and MUST support deletion requests through the OAP data_delete endpoint. Deletion of Receipts that have been anchored in the Transparency Log requires the tombstone mechanism defined in OAP Core 1.0.
B2B Procurement Confidentiality. Under the CCC (Section 3.9), product selection and supplier identity in B2B procurement scenarios are confidential business information. The adapter MUST NOT log product names or supplier identities in plain text when operating under a CCC with information barrier restrictions.
7. Conformance Impact
This RFC introduces a new optional conformance designation: UCP Commerce Adapter Conformance (UCA). An OAP implementation that claims UCA conformance MUST:
- Implement the UCP Capability Profile to OAP Manifest mapping (Section 3.2).
- Implement the UCP Cart to OAP Actions mapping (Section 3.4).
- Implement the UCP Checkout to Procurement Intent / Offer / Acceptance flow (Section 3.5).
- Implement the UCP Order Events to OAP Receipt chain integration (Section 3.6).
- Implement the four-layer Cart Policy Evaluation (Sections 3.7 and 3.8).
- Generate hash-chained Receipts for all UCP lifecycle events (Section 3.10).
An implementation that additionally claims UCA-B2B conformance MUST also implement the CCC integration (Section 3.9).
UCA conformance is additive and does not affect the existing OAP conformance levels (L1 through L3).
8. Implementation Experience
The reference implementation is provided as adapters/ucp/oap-ucp-adapter.js in the OAP specification repository. The adapter implements all functions specified in this RFC and has been validated against mock UCP Capability Profiles modeled on the Shopify and Walmart UCP integrations.
9. Alternatives Considered
Direct UCP-to-OAP Schema Extension. An alternative was to extend UCP's schema to include OAP governance fields natively, requiring UCP merchants to add policy, receipt, and CCC fields to their profiles. This was rejected because it would require changes to the UCP specification and would not be adopted by merchants who do not use OAP.
Per-Merchant Custom Adapters. An alternative was to write individual adapters for each UCP merchant (one for Shopify, one for Walmart, etc.). This was rejected because UCP already standardizes the merchant interface; a single UCP adapter subsumes all conforming UCP merchants.
Embedding OAP in UCP Transport. An alternative was to define OAP as a new UCP transport type alongside REST, MCP, and A2A. This was rejected because OAP is not a transport protocol; it is a governance and accountability layer that sits above transport.
10. References
- RFC 0013, Commerce Models for the Agent Economy.
- RFC 0014, Commerce Primitives, A Generalized Commercial Layer.
- RFC 0032, Payment Instrument Adapter Protocol.
- RFC 0007, Confidentiality and Compliance Context.
- RFC 0006, Scope Policy.
- RFC 0009, Reputation and Performance Records.
- RFC 0016, User Sovereignty Charter.
- RFC 0017, Irreversibility and Cooling Off Protocol.
- RFC 0026, OAP Registry Protocol.
- RFC 2119, Key words for use in RFCs to Indicate Requirement Levels.
- RFC 8174, Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words.
- Google, Shopify, Etsy, Walmart, Target (2026). Universal Commerce Protocol (UCP) v1.0. Technical specification.
- European Union (2011). Consumer Rights Directive 2011/83/EU, Article 11.
- European Union (2016). General Data Protection Regulation (EU) 2016/679.
- W3C (2022). Decentralized Identifiers (DIDs) v1.0. W3C Recommendation.