TRINZIK.AI

Blog · Agentic commerce

Under UCP's hood: the machine-readable storefront

Google's technical write-up of the Universal Commerce Protocol shows the architecture of an agent-legible business: a JSON manifest at a well-known path, dynamic capability discovery, and cryptographic proof of consent. Published is not the same as trusted, which is why agent identity should be signed.

By Bob Michaels ·

Companion to

Under the Hood: Universal Commerce Protocol (UCP)

Google for Developers Blog · January 11, 2026

Most coverage of the Universal Commerce Protocol stopped at the shopper experience. The engineering write-up is the one worth reading, because it spells out the actual architecture: a machine-readable file at a known address, an agent that discovers what your business can do by reading it, and a cryptographic receipt proving the buyer agreed. That is the blueprint of an agent-legible business, published by Google for developers to copy.

What Google announced

Google's technical post, "Under the Hood: Universal Commerce Protocol (UCP)" (https://developers.googleblog.com/under-the-hood-universal-commerce-protocol-ucp/), explains the problem UCP solves and the mechanics it uses.

The problem is combinatorial. Every consumer surface and every store needs to connect, and building a custom link for each pairing does not scale:

The write-up names it directly: businesses face an "N x N integration bottleneck, forcing them to build bespoke connections for every surface." UCP collapses that into a single integration point.

The mechanics rest on discovery. A business declares what it supports in one standard file at a fixed location:

Businesses publish the services they support and corresponding capabilities in a standard JSON manifest located at /.well-known/ucp. This allows agents to dynamically discover features, endpoints, and payment configurations without hard-coded integrations.

An agent reads that manifest, learns which capabilities exist (product discovery, checkout, and the extensions that hang off them), and calls them over the transport the business prefers, whether that is a plain API, A2A, or MCP. Nothing is hard-coded in advance. The agent figures out what you can do by asking your site.

Then trust. UCP does not take an agent's word that a shopper consented:

Every authorization is backed by cryptographic proof of user consent.

And control stays with the business. Google is explicit that under UCP, "you own your business logic, and you remain the Merchant of Record."

In plain English

Three ideas do the heavy lifting, and none of them are exotic.

First, a well-known file. Put a JSON manifest at a fixed, predictable path so any agent knows exactly where to look to learn what you offer. This is the same trick the web already uses for other machine-readable declarations. You publish once, and every agent reads the same source.

Second, dynamic discovery. Instead of both sides agreeing on a fixed integration ahead of time, the agent reads your manifest live and adapts to whatever capabilities it finds. Add a new capability, publish it, and agents pick it up without a coordinated release.

Third, cryptographic proof. When money moves, the system carries mathematical evidence that the real user actually authorized it. A claim of consent is not enough. The claim has to be verifiable.

Why this matters for your business

Strip away the commerce specifics and you are looking at the general shape of a website that agents can use. It has a machine-readable declaration at a known location, capabilities an agent can discover and call, and verifiable proof attached to the actions that matter. UCP applies that pattern to checkout, but the pattern is not about checkout. It is about being legible and trustworthy to software.

The load-bearing lesson is in the third idea. Publishing a manifest makes you discoverable. It does not make you trusted. Anyone can host a file that says who they are. On an open network where agents connect to strangers and move money, the interesting question is not whether a capability is published but whether its origin can be verified. UCP answers that for payments with proof of consent. The same logic runs the other direction: an agent acting for your brand should be able to prove it is really yours, so the systems it talks to can verify before they trust.

Where Trinzik fits

The architecture in this write-up is the architecture we build. A Trinzik agentic website already publishes machine-readable discovery files at well-known paths, exposes what your business offers so an agent can find and use it, and treats verifiability as a requirement rather than an afterthought. We sign the agent that represents your brand with a cryptographic key, so a counterpart can confirm the agent is genuinely yours before it acts on anything it says. Published is table stakes. Signed is the difference between being findable and being trusted.

Our Apex Domain Agents work stands this up on your own domain, and our built-in site agent is the verifiable representative that lives there. Google standardizing well-known manifests and cryptographic proof for commerce tells you the direction the whole agent web is settling: legible, discoverable, and verified.

If you want to see what your business looks like to an agent reading it today, we will show you.

Questions this raises

Where does a business publish its UCP capabilities?

A business publishes what it supports in a standard JSON manifest located at the fixed path /.well-known/ucp, according to Google's technical write-up of the Universal Commerce Protocol. This lets any agent dynamically discover a business's features, endpoints, and payment configurations without a hard-coded integration built in advance.

What problem does UCP solve for businesses connecting with AI agents?

UCP solves what Google's write-up calls an N x N integration bottleneck, where businesses would otherwise need to build a bespoke connection for every consumer surface and every agent. UCP collapses that into a single, standard integration point that any compliant agent can read.

Does UCP protect against unauthorized agent transactions?

Yes. Google states that every authorization under UCP is backed by cryptographic proof of user consent, meaning a claim that a shopper approved a purchase is not enough on its own; the system carries verifiable evidence the real user authorized it. The business remains the Merchant of Record throughout.

Sources

  1. Under the Hood: Universal Commerce Protocol (UCP) · Google for Developers Blog, January 11, 2026
  2. Universal Commerce Protocol (UCP) site
  3. UCP open-source repository on GitHub

Read your business the way an agent will.

Book a walkthrough and we'll run our measurement live against your own site, so you can see what the AI engines see.