Agentic commerce protocol atlas

Sequence protocols before agents touch checkout.

HARNEXA maps GEO, AVO, MCP, WebMCP, A2A, UCP, ACP, AP2, x402, AgentOps, and the HARNEXA Harness into one buyer question: what can an agent read, propose, approve, execute, log, and never do alone?

Buyer decision system

The market is racing to expose tools. HARNEXA sequences proof.

Prepare now

GEO, AVO, product evidence, support policies, feed ownership.

Pilot privately

Read-only private tools under HARNEXA Harness controls.

Defer safely

UCP checkout, ACP/AP2 payments, refunds, discounts, and writes.

Protocol sequencing map

Prepare evidence before protocol ambition turns into public execution.

The map separates what a buyer can prepare now, what belongs in a private pilot, and what stays deferred until approval, support, liability, and legal-review gates are real.

Prepare nowPublic evidence and product facts
  • GEO
  • AVO
  • Product evidence
  • Schema quality
Private pilotScoped tools under HARNEXA HarnessHarnessHARNEXA control layer for identity, permissions, budget, risk class, approval, and audit.
  • MCP
  • WebMCP
  • Tool boundary
  • READ_ONLY pilots
Defer until gates passCommercial execution and payment rails
  • UCP
  • ACP / AP2
  • x402
  • Public checkout execution

Protocol Workbench

Pick the protocol pressure. See the boundary before scope expands.

Buyers arrive asking about WebMCP, MCP, UCP, A2A, ACP, AP2, and x402. The workbench translates that pressure into allowed readiness work, human approval gates, blocked public actions, and the evidence packet HARNEXA needs before founder review.

No public rail

Each profile produces a readiness memo, passport context, and founder-reviewed intake path only.

WebMCP

Design review

A commerce team wants website actions to become legible to browser agents without exposing authenticated-session risk.

High risk when browser actions can see sessions, carts, accounts, support records, or authenticated checkout state.
Allowed readiness work
  • Read-only page-action inventory
  • Session-risk map
  • Consent and denial copy
  • Prompt-injection handling plan
Human approval required
  • Cart mutation
  • Account changes
  • Support-ticket updates
  • Any browser action that affects price, availability, or customer records
Blocked publicly
  • Public WebMCP action hooks
  • Authenticated checkout actions
  • Discount, refund, order, CRM, or stock-promise actions
Required gates
  1. Merchant record

    Can agents discover the business, policies, support path, product feed, and availability without guessing?

  2. Tool boundary

    Which systems can an agent read, which actions are blocked, and who owns every permission?

  3. Human boundary

    Where does a recommendation stop and a commercial action begin?

Evidence packet
  • Page-action inventory
  • Consent boundary
  • Denied-action examples
  • Support escalation path
Boundary assertion

No public WebMCP action hooks for orders, discounts, refunds, customer records, prices, or stock promises.

Protocol Atlas

Every protocol enters through a different evidence gate.

The SOTA direction is clear: agent-readable websites, tool manifests, commerce profiles, delegated payment requests, and multi-agent handoffs. HARNEXA turns that into a governed sequencing model for European retail and CPG buyers.

GEO / AVOShip now

Discovery evidence

AI answer engines and shopping agents need structured product facts, policy evidence, availability, and comparison context before they can recommend a product safely.

HARNEXA move
Audit product evidence, schema, feeds, prompt panels, substitute logic, compatibility data, and freshness ownership before any commerce tool is exposed.
Buyer proof
Prompt-panel citations, AVO delta, catalogue gap map, feed-owner matrix, policy evidence, and recommendation-risk notes.
Evidence preparation only. No public commerce tool execution is required for GEO or AVO work.
MCPPrivate pilot only

Private tool contract

Model Context Protocol standardizes how AI apps connect to tools, data, and workflows, which makes uncontrolled tool exposure easier to create at scale.

HARNEXA move
Design READ_ONLY tool contracts with persistent agent identity, scoped permissions, budgets, risk classes, audit events, and revocation before a pilot.
Buyer proof
Tool allowlist, data-owner list, risk-class map, budget guardrails, token policy, audit row sample, and AgentOps report.
No public MCP JSON-RPC execution server. Public routes expose discovery context only.
WebMCPDesign review

Browser action boundary

Browser-exposed structured tools can help agents act on websites, but authenticated sessions create consent, prompt-injection, support, and fraud risk.

HARNEXA move
Inventory browser actions, separate read and actuation paths, document session risk, and block consequential actions until human approval and audit are proven.
Buyer proof
Page-action inventory, session-risk map, consent copy, prompt-injection handling, rate limits, and denied-action examples.
No public WebMCP action hooks for orders, discounts, refunds, customer records, prices, or stock promises.
A2A + AgentOpsUse when needed

Multi-agent accountability

Agent-to-agent coordination is useful when independent agents need capability discovery and handoff, but it can blur who acted and why.

HARNEXA move
Keep v0 orchestration in HARNEXA Harness state unless a workflow genuinely needs A2A cards, then preserve identity, handoff reason, and audit continuity.
Buyer proof
Agent inventory, handoff policy, approval ownership, audit chain, CLEAR scorecard, run replay, and escalation path.
No direct agent-to-agent execution without signed identity, purpose, permissions, and an audit chain.
UCPPrepare, do not rush

Merchant readiness

Universal Commerce Protocol moves merchants toward agentic discovery and checkout through product feeds, merchant records, support, returns, inventory, and checkout capability negotiation.

HARNEXA move
Prepare merchant-center evidence, feed quality, support ownership, returns data, inventory freshness, checkout liability, and exception handling before go-live review.
Buyer proof
Merchant-readiness checklist, product-feed coverage, return policy evidence, support contact map, inventory freshness SLA, and escalation rules.
No UCP checkout from public HARNEXA pages. Checkout and order rails stay deferred until client-side governance is proven.
ACP / AP2 / x402Deferred by default

Payment mandate boundary

Agentic checkout and payment mandates reduce purchase friction, but they concentrate consent, fraud, support, payment, GDPR, and liability questions.

HARNEXA move
Treat payment protocols as a later-stage review after the agent has evidence quality, approval gates, AgentOps reporting, legal review, and support ownership.
Buyer proof
Mandate scope, max-charge rule, payment provider boundary, refund path, support owner, fraud controls, audit event, and legal-review record.
No public payment flow, delegated payment mandate, refund, credit, discount, or order submission.

HARNEXA Harness gate

Agent = Model + HARNEXA Harness + evidence gate.

No model gets commerce tool access by itself. The harness creates the proof a buyer committee needs before a protocol discussion becomes a production decision.

  1. Merchant record

    Can agents discover the business, policies, support path, product feed, and availability without guessing?

    • Product-feed coverage
    • Support and return-policy evidence
    • Inventory and price freshness owner
    Unlocks: GEO, AVO, and UCP preparation
  2. Tool boundary

    Which systems can an agent read, which actions are blocked, and who owns every permission?

    • Tool allowlist
    • READ_ONLY / FINANCIAL / DESTRUCTIVE risk map
    • Revocation and token policy
    Unlocks: Private MCP-style pilot
  3. Human boundary

    Where does a recommendation stop and a commercial action begin?

    • Approval owner
    • Approve, reject, and timeout states
    • Denied-action examples
    Unlocks: PHANTOM-style governed proposals
  4. AgentOps proof

    Can a buyer committee inspect identity, permissions, cost, latency, accuracy, audit rows, and drift?

    • Append-only audit sample
    • CLEAR scorecard
    • Run replay and exception log
    Unlocks: Deployment sprint or CAIO retainer
  5. Protocol expansion

    Is there enough demand, support, legal review, and liability design to expose a protocol surface?

    • Demand case
    • Support and fraud model
    • Legal-review record
    Unlocks: UCP, ACP, AP2, or WebMCP review

Protocol Atlas Journey

Move a buyer from curiosity to a usable evidence packet.

The experience is deliberately not a public execution flow. It lets a serious buyer assemble enough evidence for commerce, data, risk, and operations stakeholders before HARNEXA founder review.

  1. Score

    Run PRISM for the workflow

    Quantify governance maturity, commerce data readiness, human-agent boundary, measurement, and organizational readiness.

    Open score step
  2. Memo

    Build the Protocol + AVO memo

    Turn protocol curiosity into a buyer-readable memo with product evidence, tool boundary, transaction boundary, and protocol scope.

    Open memo step
  3. Passport

    Package the evidence

    Combine PRISM, trust evidence, and protocol readiness into one browser-local artifact before founder review.

    Open passport step
  4. Dossier

    Open the buyer committee room

    Give risk, data, commerce, and operations stakeholders the audit, retention, Article 28, and AgentOps evidence they expect.

    Open dossier step
  5. Review

    Request founder-reviewed intake

    Route serious protocol demand into an Agentic Commerce Diagnostic, AVO sprint, deployment sprint, or AgentOps retainer.

    Open review step

Primary sources

Track the standards. Ship the boundary.

HARNEXA monitors primary protocol sources, then adapts only the parts that help governed commerce workflows become safer, clearer, and more measurable.

Turn protocol demand into an evidence packet.

Start with PRISM, add the Protocol + AVO memo, package it in the Commerce Readiness Passport, then send one founder-reviewed ATLAS intake. The first paid step should prove the boundary before public execution.