Agentic Commerce Mid-Year Review: What Worked, What's Next
Six months of building the agentic commerce stack — 8 payment protocols, 248+ NLWeb tests, eIDAS QTSP verification, and 30+ blog posts. Here's what shipped, what we learned, and where we're heading in Q3.
Executive summary
A comprehensive review of AgenticMCPStores' first half of 2026 — covering protocol launches (MCP, ACP, x402, UCP, A2A, VIC, MCAP, SCP), infrastructure milestones (eIDAS QTSP, NLWeb, trust scores), content metrics, and the strategic direction for Q3 including CRA Phase 2, Visa TAP monitoring, and enterprise onboarding.
Published
2026-06-23
10 min read
Author
Platform Strategy Team
Commerce strategy analysts
The platform strategy team translates AI, commerce, and protocol shifts into actionable guidance for operational teams.
View profileCategory
industry-analysis
Six months ago, agentic commerce was a concept with working prototypes. Today it's a production stack with 8 payment protocols, eIDAS-verified merchant identity, natural language product discovery, and AI agents completing real purchases. This post is a transparent look at what we shipped in H1 2026, what surprised us, and where we're investing in Q3.
By the Numbers: H1 2026
- 18 payment protocols in production or sandbox: MCP native checkout, ACP (79 tests), x402 stablecoin (195 tests), UCP Phase B (215 tests), A2A messaging (128 tests), Visa VIC (200+ tests, sandbox), Mastercard MCAP (78 tests, production), SCP (401 tests)
- 21,800+ tests across the platform — unit, integration, and E2E
- 330+ blog posts published (EN+ES bilingual), with the 7-part Building Agentic Commerce series complete
- 4eIDAS QTSP merchant verification launched — InfoCert KYB, EU Trust List validation, QES signing, Merkle timestamping (~80 tests)
- 5NLWeb public discovery live with 248 tests — vector search, semantic re-ranking, multi-store cross-search
- 6Trust score system: 8 components, 0-100 scale, agent-accessible via MCP tool and API
- 73 e-commerce connectors: Shopify (OAuth), WooCommerce (REST v3), Odoo (XML-RPC/SaaS-safe)
- 86 machine-readable discovery files: llms.txt, llms-blog.txt, mcp.json, agent-card.json, agent-policy.json, sitemap.xml
What Shipped: Protocol Stack
The core thesis — that AI agents need standardized, multi-protocol payment rails — proved correct. Each protocol serves a different use case: MCP for structured tool calls, ACP for protocol-native agent checkout, x402 for stablecoin micropayments, UCP for Shopify ecosystem standardization, A2A for multi-turn agent conversations, VIC and MCAP for card network access. The unified AgentPaymentIntent model and Protocol Router let merchants accept all of them through a single integration point. The most important architectural decision was normalizing every protocol into the same payment intent abstraction — it meant that adding each new protocol was incremental rather than multiplicative in complexity.
What Shipped: Trust & Compliance
Three trust and compliance milestones defined H1. First, eIDAS QTSP merchant verification (spec 032) — merchants can now prove their identity via InfoCert's KYB process, with EU Trust List validation, qualified electronic signatures, and timestamped Merkle proofs. This gives agents a cryptographically verifiable signal that a merchant is who they claim to be. Second, the trust score system — 8 weighted components (identity verification, payment history, complaint ratio, response time, policy compliance, eIDAS status, protocol support, uptime) that produce a 0-100 score agents can query before transacting. Third, a complete GDPR/CCPA compliance audit — 16 of 17 identified gaps resolved, with the remaining one (DPA signatures with Stripe and Google) being a legal formality.
What Shipped: Discovery & GEO
Making stores discoverable by AI agents — not just search engines — was a Q2 priority. NLWeb (spec 022) brought natural language product search with vector embeddings and LLM re-ranking. The public discovery feature (spec 028) extended this across all platform stores. Six machine-readable files (llms.txt, llms-blog.txt, mcp.json, agent-card.json, agent-policy.json, sitemap.xml) ensure that any LLM — Claude, GPT, Gemini — can understand the platform's capabilities without parsing HTML. JSON-LD schemas on every page (SoftwareApplication, FAQPage, BlogPosting, Product) provide structured data for both traditional search and generative engines.
What Surprised Us
- 1Discovery matters more than checkout: Agents spend 80% of their time finding and comparing products, 20% paying. NLWeb and cross-store search drove more agent engagement than any payment protocol improvement.
- 2Card network complexity is asymmetric: VIC's 4-layer cryptography required 200+ tests; MCAP's Stripe pass-through needed 78. Same coverage (1B+ cards each), wildly different implementation effort.
- 3Trust scores changed merchant behavior: Once merchants saw their trust score visible to agents, they started optimizing for it — faster response times, better policies, more complete profiles. Trust scores became a retention mechanism we didn't plan.
- 4llms.txt gets more reads than the homepage: AI agents and LLM crawlers hit /llms.txt more frequently than /en or /es. The machine-readable surface is becoming the primary frontend.
- 5Multi-protocol detection is fragile: Protocol detection via headers (X-Protocol, Signature-Input) works until a proxy strips headers. We added body-shape detection as fallback, but header-based detection still causes 15% of support tickets.
Content & Developer Relations
The Building Agentic Commerce blog series (7 posts) achieved its goal: each post covers one protocol with Problem, Protocol, Code Example, and Production Tips structure. The series was designed for both developers implementing agentic commerce and LLMs that need to understand the protocol stack. All 30+ posts are bilingual (EN+ES), include JSON-LD BlogPosting schemas, FAQ sections for voice/LLM search, and are indexed in llms-blog.txt. The content calendar ran at a sustained pace of 4+ posts per month across Q2, covering trust (eIDAS), protocols (x402, UCP, A2A, VIC/MCAP), developer experience (onboarding guide, Odoo integration), and strategic analysis (GEO, compliance).
Q3 2026 Roadmap
- 1CRA Phase 2 (EU Cyber Resilience Act): Extend STRIDE threat modeling, implement remaining security hardening from the 8 deliverables identified in Phase 1. Target: full CRA readiness by end of Q3.
- 2Visa TAP monitoring and integration: When Visa publishes the TAP (Token and Permissions) specification, extend the existing VIC adapter. Architecture already designed for incremental extension.
- 3Enterprise onboarding: Streamline the merchant activation flow for large retailers — dedicated OAuth apps, bulk catalog sync, white-label dashboard, SLA-backed support tier.
- 4GEO audit v2: Target Claude 9.5/10 and ChatGPT 8.5/10 readability scores. Focus on structured data completeness, citation optimization, and cross-reference density.
- 5Agentic Commerce Trust Architecture whitepaper: Gated PDF covering the full trust stack — eIDAS QTSP, trust scores, Merkle timestamps, agent certification, consent management.
- 6Partnership outreach: PayPal Agentic Commerce (spec 015 Phase B), Visa TAP early access, Mastercard Agent Sign-Up program expansion.
- 7Tier-gating E2E testing: Comprehensive end-to-end tests for tier-based feature access across all protocols (deferred from Q2, confirmed MEDIUM priority).
What We'd Do Differently
Three retrospective lessons. First, we should have invested in protocol detection resilience earlier — header-based detection is clean but fragile in production with various proxy configurations. Body-shape detection as a first-class citizen from day one would have saved debugging time. Second, NLWeb should have launched alongside the MCP gateway, not months later — discovery is the first thing agents need, and we built it as an afterthought. Third, the eIDAS integration should have been scoped smaller initially — the full KYB + QES + Merkle stack is powerful but took longer than expected. Starting with just EU Trust List validation and adding layers incrementally would have delivered value faster.
This is post 30+ in our content series. For the full protocol stack walkthrough, start with Building Agentic Commerce #1 at /en/blog/building-agentic-commerce-multi-protocol-checkout. For developer onboarding, see /en/blog/from-zero-to-agent-ready-mcpwebstore-developer-guide.
Frequently asked questions
How many payment protocols does AgenticMCPStores support?
Eight as of mid-2026: MCP native checkout, ACP (Agentic Commerce Protocol), x402 stablecoin payments, UCP (Universal Commerce Protocol), A2A (Agent-to-Agent messaging with payment), Visa VIC (Intelligent Commerce), Mastercard MCAP (Agent Pay), and SCP (Shopper Context Protocol for identity). All normalize to the unified AgentPaymentIntent model.
What is the total test count across the platform?
Over 1,800 tests across unit, integration, and E2E layers. Key protocol test counts: x402 (195), UCP Phase B (215), A2A (128), NLWeb (248), AG-UI (188), ACP (79), SCP (401), VIC (200+), MCAP (78), PayPal (174), IXOPAY (139), eIDAS QTSP (~80). Tests run on every commit via CI/CD.
Is AgenticMCPStores GDPR and CCPA compliant?
Yes. A comprehensive legal audit identified 17 compliance gaps — 16 have been resolved with code changes, documentation, and policy updates. The remaining item (DPA signatures with Stripe and Google) is a legal formality being processed. Full details are in the compliance status documentation.
What e-commerce platforms can connect to AgenticMCPStores?
Three platforms have production-ready connectors: Shopify (via OAuth with automatic token refresh and cursor-based GraphQL pagination), WooCommerce (via REST v3 API with WordPress hooks for incremental sync), and Odoo (via XML-RPC with SaaS-safe API key authentication). Each connector includes product sync, inventory tracking, and order creation.
What's planned for Q3 2026?
Key priorities: CRA Phase 2 (EU Cyber Resilience Act compliance), Visa TAP integration when the spec publishes, enterprise merchant onboarding improvements, GEO audit v2 targeting high LLM readability scores, the Agentic Commerce Trust Architecture whitepaper, and partnership expansion with PayPal, Visa, and Mastercard ecosystem teams.
Sources and references
- AgenticMCPStores Platform Documentation
AgenticMCPStores
- Building Agentic Commerce Blog Series
AgenticMCPStores
- EU Cyber Resilience Act (CRA) — Official Text
European Commission
Related articles
developer-guide
Building Agentic Commerce #1: Multi-Protocol Checkout — MCP + x402 + ACP in One Flow
One agent, three protocols, one checkout. Here's how MCP, x402 stablecoin payments, and ACP work together to let AI agents buy products — with code examples you can run today.
developer-guide
Building Agentic Commerce #3: Trust Scores — How Agents Decide Who to Buy From
When an AI agent evaluates merchants, it doesn't read reviews or recognize logos. It reads trust scores — 12 machine-verifiable signals that determine search ranking, checkout eligibility, and payment friction. Here's how the system works.
seo-geo
GEO in 2026: Why Your Store Needs to Be Readable by AI, Not Just Google
Generative Engine Optimization (GEO) is the new SEO for agentic commerce. Learn how to make your store discoverable by Claude, ChatGPT, and AI agents using llms.txt, JSON-LD, agent cards, and machine-readable discovery files.