Field notes from the protocol.
Design decisions, security write-ups, release notes. Long-form when it deserves it; short when it doesn't.
Why eight verbs is enough.
Every commerce-API standardization effort that came before us added too much surface. Here's the thinking behind keeping it down to discover, search, get, quote, checkout, status, cancel, return.
Read ↗Signed quotes, on the wire.
How HMAC-bound, time-limited quote tokens shut down the entire class of agent-side price tampering attacks — without a centralized escrow.
Read ↗Why we will never be the merchant of record.
Settlement and tax compliance stay with the merchant, by design. We route data, not money. The reasons are commercial, technical, and political.
Read ↗The orchestrator and CLI go public.
Release notes for v0.2 — a typed client, fan-out search, homogeneous carts, signed-quote checkout, order tracking, and a vendor-neutral chat REPL.
Read ↗How daily conformance sweeps work.
A walkthrough of the cron worker, the test runner, the badge signer, and the lifecycle that takes a flapping agent from healthy to stale to delisted.
Read ↗Subscribe at openkarta.org/blog/feed.xml — or watch the GitHub repo to get notified on new posts.