Strategy · why a registry

A spec is a giveaway. A registry is a business.

The eight verbs are commodity — anyone can implement them. What makes an agent willing to send checkout() to halcyon-shop.com is somebody attesting halcyon-shop is real, runs the spec correctly, and won’t disappear with the money. That somebody is the registry.

See the live registry ↗ Read the protocol →

01 · The cold-start problem

An agent commerce protocol is a two-sided market. Without a trust authority, neither side moves.

Spec only

Deadlock.

1Merchant won’t implement until consumer agents query somewhere.
2Consumer agent won’t implement until merchants are reachable.
3Neither will move first. The PDF gathers dust. The protocol dies in the gap between v1 and v2.

Spec + registry

Forcing function.

1Registry hand-onboards the first 10 merchants. Verifies them. Lights up the index.
2Consumer agent has a non-empty list to query. Wires once, gets 10 sellers.
3Now merchants 11–500 self-serve, because the demand exists. Network effect compounds.

02 · Capability gap

Eight dimensions where a registry buys you something a spec cannot.

Dimension

Spec only

Spec + registry

Discovery

Spec only

Consumer agents must know merchant domains in advance. No list.

Spec + registry

Single API call returns every conformant agent, filtered by item type and region.

Trust signal

Spec only

"Claims to be conformant" — anyone can put the file on disk.

Spec + registry

Domain-verified, signed by the registry, time-bounded badge.

Conformance freshness

Spec only

Write-once, drift forever. No re-test.

Spec + registry

Cron re-runs the test suite daily. 3 fails → stale; 7 → delisted.

Defensibility

Spec only

Forkable in a weekend. Spec is a giveaway.

Spec + registry

Catalogue of N verified merchants takes years to replicate.

Revenue surface

Spec only

You cannot charge for a spec.

Spec + registry

Listing fees, badge SLAs, priority placement, white-glove onboarding.

Feedback loop

Spec only

You do not know who is implementing.

Spec + registry

You see who is listed, who is healthy, who is drifting.

Liability if money disappears

Spec only

Zero — not your problem.

Spec + registry

Real — but with audit trail, signed quotes, and recourse.

Brand asset

Spec only

Spec authors are forgotten. (Who wrote OAuth 2.1?)

Spec + registry

Registries become household names. (npm, App Store, Docker Hub.)

03 · The decisive question

Does your protocol move money between parties who have never met?

If no

Spec wins.

Cheaper. Faster. Truly open. HTTP, JSON, OAuth, gRPC, GraphQL all won this way. No registry attached.

Distribution beats curation when the cost of being wrong is low.

If yes — and OpenKarta is yes

Registry wins.

Trust is the product. Eight verbs are commodity. checkout() only works if a third party vouches for the merchant.

No spec-only commerce protocol has ever scaled. Every payment rail in history has had an authority.

04 · Six people on the network

What the registry feels like for each side.

01 · Merchant

Priya

Founder, D2C beauty brand

Without registry

“I added the manifest file. Now what? Nobody finds me. If an agent ghosts a half-finished checkout, my support team eats it. I will buy more Instagram ads.”

With registry

“OpenKarta verified my domain, runs my conformance test nightly, and gives me a green badge. Last month Claude bought 47 orders, Perplexity bought 12. I show up in the list. The list is the channel.”

02 · Consumer agent

Aman

Engineer, Krutrim shopping assistant

Without registry

“OK… buy from where? Crawl the entire web for .well-known files? Write my own verifier per domain? Half the manifests are stale, half are phishing. Forget it — I will hand-wire 5 partnerships and ship.”

With registry

“GET /v1/agents?itemType=product&country=IN. 200 verified merchants, all signed, all tested last night. I wire OpenKarta once and have 200 sellers. It is npm install for commerce.”

03 · Investor

Karthik

Partner, Series-A VC

Without registry

“You wrote a spec. So did MCP, A2A, AP2, ACP, OAuth, and 14 others. Specs are not defensible. I cannot put a spec on a P&L. Pass.”

With registry

“500 verified merchants, ₹2,000Cr GMV flowing through your signed quotes. That is the rails for agent commerce in India. Anyone shipping a shopping agent has to come through you. What is the round?”

04 · Frontier-lab partner

Meera

Head of partnerships, frontier model

Without registry

“I would have to do 500 individual merchant deals. My team is six. We launch with three exclusives and call the rest "coming soon" for 18 months.”

With registry

“OpenKarta hands us 500 merchants on day one. Our agent learns the spec once, works with all of them. I sign one deal, not 500. Six people become a 500-merchant team overnight.”

05 · Internal

Rohan

CTO, OpenKarta

Without registry

“No infra, no abuse moderation, no on-call, no legal exposure. And no business. We give away the spec and become a footnote in someone else's case study.”

With registry

“Yes ops costs and abuse handling. But every verified merchant is a row someone else has to replicate to compete. The cost is the moat. Painful infra is what stops eight clones from launching by Friday.”

06 · Regulator

Anjali

Compliance counsel, RBI-regulated bank

Without registry

“Some merchant claimed to support OpenKarta. Anyone could. There is no authority. The spec authors are an open-source project — no throat to choke. I cannot approve our card on this rail. Block.”

With registry

“OpenKarta verified the domain, ran conformance, signed the quote, time-bounded the order. There is an audit trail, an entity, a phone number. Recommendation: pilot with verified-only.”

05 · Where the registry sits

The registry is the trust layer between discovery and transaction.

text

┌──────────────────┐    1. discover()      ┌────────────────────────┐
│                  │ ────────────────────▶ │                        │
│  Consumer agent  │    2. /v1/agents      │   OpenKarta registry   │
│  (Claude, GPT,   │ ◀──── verified list ─ │   - domain verified    │
│   Krutrim, …)    │                       │   - conformance tested │
│                  │                       │   - signed badge       │
└────────┬─────────┘                       │   - daily re-verify    │
         │                                 └───────────┬────────────┘
         │ 3. search()                                 │
         │    quote()                                  │ verifies + signs
         │    checkout()                               ▼
         │                                 ┌────────────────────────┐
         └───────────────────────────────▶ │                        │
                                           │     Brand agent        │
                                           │  (halcyon-shop.com)    │
                                           │                        │
                                           │  /.well-known/         │
                                           │   openkarta-owner.txt  │
                                           └────────────────────────┘

What the registry signs

Conformance badge: HMAC over {agentId, ranAt, packs, passed} with the registry secret. Tamper-evident.

What the merchant signs

Every quote, with their own secret. The agent cannot forge a price; the merchant cannot deny it.

What the registry never sees

Money, PII, payment instruments. The registry is a directory and a notary — not a payment processor.

06 · The split

The spec is fully open. The registry is the business. (Linux + Red Hat, agent commerce edition.)

Open · free forever

OpenKarta Protocol

· MIT-licensed spec, RFC2119 normative language
· @openkarta/sdk-node, @openkarta/spec — npm-published
· Conformance test suite — runnable locally
· Anyone can fork, vendor, ship a competing registry
· Source on GitHub

Commercial · paid

OpenKarta Registry

· Verified merchant directory at api.openkarta.org
· Domain ownership verification · daily conformance cron
· HMAC-signed conformance badge with audit trail
· White-glove merchant onboarding · SLA
· Frontier-lab partnership pipe · verified-only routing

In one line

The spec is what we give away. The registry is how we eat.

See the live registry ↗ Read the protocol List your agent