agent-commerce-engine

# Standard Agentic Commerce Engine The **Standard Agentic Commerce Engine** is a standard client and protocol guide for connecting agents to compatible e-commerce backends. It gives agents a consistent way to search products, manage carts, access account data, create orders, and hand payment back to the user. GitHub Repository: https://github.com/NowLoadY/agent-commerce-engine ## Quick Start: Backend Integration The `agent-commerce-engine` includes a server specification in `SERVER_SPEC.md` for sites that want to expose a compatible commerce API. By implementing the documented endpoints, an existing storefront can support agent-driven product discovery, cart actions, account flows, and order creation without requiring a custom tool for each brand. ## Reference Case: Lafeitu For a production-grade implementation example using this engine, see the [Lafeitu Gourmet Skill](https://clawhub.com/NowLoadY/agentic-spicy-food). It demonstrates the engine specialized for a real-world artisanal food brand. --- ## 🔒 Security & Privacy To ensure transparency and protect user data, the Standard Agentic Commerce Engine follows these security protocols: ### 1. Local Credential Persistence - **Storage Location**: `~/.openclaw/credentials/agent-commerce-engine/` - **Mechanism**: Account and session **Token** information is stored locally in JSON format. The credential file is written with `0600` (user-only) permissions. - **Security Upgrade**: Since version 1.4.0, raw passwords are never stored after the initial login. The engine exchanges the password for a signed cryptographic token. - **Scope**: Credentials are stored on the local machine for reuse by the current user environment. - **Lifecycle**: Credentials can be purged at any time by running the `logout` command. ### 2. Secure Transmission - **Token-based Auth**: Uses `x-api-token` headers for authentication. Raw passwords are only transmitted once during the `login` or `register` phase to exchange for a token. - **HTTPS Enforcement**: The client rejects non-HTTPS remote endpoints. `localhost` and `127.0.0.1` remain available for local development. - **Encrypted Transport**: Production traffic is expected to run over HTTPS so tokens are not sent over plain HTTP. ### 3. Anonymous Tracking (Visitor ID) - To support shopping carts for unauthenticated users, a unique, non-identifiable `Visitor ID` (UUID v4) is generated and stored locally. This ID contains no personal information. --- ## 🛠 Tool Priority & Fallback Strategy To provide the most accurate and efficient experience, follow this priority sequence: 1. **API First (Primary)**: Always attempt to use the `commerce.py` script first. It provides structured, high-precision data. Target a store via `--store <url>` argument. 2. **Stateless Headers**: Rely on the engine's built-in header management (`x-user-account`, `x-visitor-id`) to maintain session integrity without cookies. 3. **Self-Correction**: If the API returns a 404 for a specific slug discovered via browser, prioritize the API's `search` results as the source of truth for the backend. --- ## 🧠 Agent Operational Logic Follow these logical flows to ensure a high-quality user experience: ### 1. Product Discovery & Validation **Goal**: Ensure the item exists and find the correct specifications before taking action. - **Action**: Always run `search` or `list` before adding to cart. - **Logic**: Use the API to discover the correct `slug` and valid `variant` specs. Use `--page` and `--limit` arguments to safely navigate large catalogs without overwhelming the context limit. - **Refinement**: If multiple results are found, ask the user to specify based on the returned attributes. If `totalPages > page` in the results, consider fetching the next page or refining the search. ### 2. Authentication & Profile Flow **Goal**: Manage user privacy and session data. - **Logic**: The API is stateless. Actions requiring identity will return `401 Unauthorized` if credentials aren't saved. - **Commands**: 1. View profile: `python3 scripts/commerce.py get-profile` 2. Update details: `python3 scripts/commerce.py update-profile --name "Name" --address "..." --phone "..." --email "..."` - **Required Data**: Respect the schema of the specific brand's backend. ### 3. Registration Flow **Goal**: Handle new users. - **Trigger**: When the user needs a new account or the backend returns "User Not Found". - **Instruction**: Prefer the built-in `send-code` and `register` commands when the backend supports them. If a backend only returns a registration URL, hand the user to that flow. ### 4. Shopping Cart Management **Goal**: Precise modification of the user's shopping session. - **Logic**: The engine supports incrementing quantities or setting absolute values. - **Commands**: - **Add**: `python3 scripts/commerce.py add-cart <slug> --variant <V> --quantity <Q>` - **Update**: `python3 scripts/commerce.py update-cart <slug> --variant <V> --quantity <Q>` - **Remove**: `python3 scripts/commerce.py remove-cart <slug> --variant <V>` - **Clear**: `python3 scripts/commerce.py clear-cart` - **Checkout / Create Order (Handoff)**: `python3 scripts/commerce.py create-order --name <NAME> --phone <PHONE> --province <PROVINCE> --city <CITY> --address <ADDRESS>` - **Validation**: Variant values must be strictly chosen from the product's available options list. - **Payment Flow (Crucial)**: Agents currently cannot directly execute consumer payments (card/mobile wallets) due to a lack of financial authorization. Once an order is generated via `create-order`, the API typically returns a URL. The Agent MUST hand this URL to the human user to finalize payment. ### 5. Brand Information & Storytelling **Goal**: Access brand identity and support data. - **Logic**: Use the `brand-info` interface to retrieve narrative content. - **Tooling**: - `python3 scripts/commerce.py brand-story`: Get the narrative/mission. - `python3 scripts/commerce.py company-info`: Get formal details. - `python3 scripts/commerce.py contact-info`: Get customer support channels. --- ## 🚀 Capabilities Summary - **`search` / `list`**: Product discovery and inventory scan. Use `--page <N>` and `--limit <N>` to safely paginate through large catalogs. - **`get`**: Deep dive into product specifications, variants, and pricing. - **`promotions`**: Current business rules, shipping thresholds, and active offers. - **`cart`**: Complete session summary including VIP discounts and tax/shipping estimates. - **`add-cart` / `update-cart` / `remove-cart` / `clear-cart`**: Atomic cart control. - **`create-order`**: Finalize cart into a pending order and secure payment URL for user handoff. - **`get-profile` / `update-profile`**: Personalization and fulfillment data. - **`brand-story` / `company-info` / `contact-info`**: Brand context and support. - **`orders`**: Real-time tracking and purchase history. --- ## 💻 CLI Configuration & Examples ```bash # Target a store directly via --store (preferred) python3 scripts/commerce.py --store https://api.yourbrand.com/v1 list --page 1 --limit 20 python3 scripts/commerce.py --store https://api.yourbrand.com/v1 search "item" python3 scripts/commerce.py --store https://api.yourbrand.com/v1 add-cart <slug> --variant <variant_id> # Or use environment variable (deprecated, will be removed in a future version) export COMMERCE_URL="https://api.yourbrand.com/v1" python3 scripts/commerce.py list ``` Credentials are automatically stored per-domain under `~/.openclaw/credentials/agent-commerce-engine/<domain>/`. --- ## 🤖 Troubleshooting & Debugging - **`AUTH_REQUIRED`**: Token missing or expired. Run `login` to obtain a new token. - **`AUTH_INVALID`**: Wrong credentials. Verify account and password. - **`PRODUCT_NOT_FOUND`**: Resource not found. Verify `slug` via `search`. - **`VARIANT_UNAVAILABLE`**: The requested variant is invalid or out of stock. Check the `instruction` field for available alternatives. - **`CART_EMPTY`**: Attempted checkout with no items. Add items first. - **Connection Error**: Verify the `--store` URL is correct and the endpoint is reachable.