Grantex keeps consent, Commerce Passports, merchant policy, amount caps, audit, and provider boundaries in one control layer while agents use approved catalog, cart, consent, and payment-intent tools.
Agents search catalog, retrieve items, and check inventory through Grantex.
Grantex creates a consent request and only approved scope proceeds.
The Commerce Passport carries policy and amount limits as sensitive runtime material.
Payment intents and checkout handoff stay provider-neutral and audit-visible.
Agents can prepare a purchase, but Grantex controls whether the requested action matches user consent and merchant policy.
Amount caps, merchant status, trusted agent checks, and passport state are enforced before payment-affecting work proceeds.
AgenticOrg commerce does not call Stripe, Plural, Pine, or provider credentials directly. Grantex owns the provider abstraction.
| Layer | Status | Meaning |
|---|---|---|
| Internal sandbox | Ready | Synthetic data and mock-provider paths exist for controlled validation. |
| Temporary smoke | Verified | Option A and hosted AgenticOrg smoke evidence used temporary resources and scrubbed reports. |
| Production discovery | Disabled/fail-closed | Read-only discovery requires a later approved proposal. |
| Live checkout/payments | Blocked | Legal, compliance, security, operations, and provider gates remain required. |
| Live Plural | Blocked | No current evidence enables live Plural or live provider credentials. |
Use the Commerce V1 developer guide and OpenAPI contract. Treat all auth, passport, idempotency, and provider material as runtime-sensitive.
Use the operator guide for catalog, policy, audit, webhook, emergency disable, and no-go checks.
Use Grantex Commerce REST/MCP only. AgenticOrg uses `grantex_commerce:*` tools and no direct provider credential path.
The agent may help prepare a cart, but consent and policy checks determine whether checkout can proceed.
Production Commerce V1 discovery, live checkout, live payments, live Plural, external pilot readiness, and provider certification remain blocked until explicit human gates approve them.