Flow Diagrams

Three maps. Each one answers a question. Each answer feeds the next question. By the end, the Commerce Authorization Chain is visible as a dependency graph with coverage states at every node.

1 of 3

What does 80% coverage look like?

OUTCOME MAP
═══════════════════════════════════════════════════════════════════════

  Every protocol interface is provably correct.
  Coverage is computed from test results, not hand-counted.
  Commerce Authorization Chain verified end-to-end.

       │
       ├── Domain 1: Agent Communication (A2A + MCP)
       │   ├── Current: 5/8 tested (63%)
       │   ├── Target:  8/8 tested (100%)
       │   └── Gap:     Multi-agent chain, MCP tool access, capability search
       │
       ├── Domain 2: Verifiable Intent
       │   ├── Current: 0/6 tested (0%)
       │   ├── Target:  4/6 tested (67%)
       │   └── Gap:     Intent capture, instruction fidelity, audit trail, HITL
       │
       ├── Domain 3: Payment Execution (x402 + AP2)
       │   ├── Current: 1/6 tested (17%)
       │   ├── Target:  5/6 tested (83%)
       │   └── Gap:     Payment intent, spending authority, execution, x402
       │
       ├── Domain 4: Identity & Verification
       │   ├── Current: 2/5 tested (40%)
       │   ├── Target:  3/5 tested (60%)
       │   └── Gap:     FIDO identity binding
       │
       ├── Domain 5: On-Chain Trust
       │   ├── Current: 0/4 tested (0%)
       │   ├── Target:  3/4 tested (75%)
       │   └── Gap:     Sui escrow, settlement, attestation
       │
       └── Success measures (binary)
           ├── Coverage >= 80% (39/49) ────────── YES / NO
           ├── Commerce Auth Chain complete ────── YES / NO
           ├── Zero regressions in existing ────── YES / NO
           └── Coverage computed, not counted ──── YES / NO

═══════════════════════════════════════════════════════════════════════

Targets defined. Where does value flow from spec to trust? ↓

2 of 3

How does a protocol become trusted?

VALUE STREAM MAP
═══════════════════════════════════════════════════════════════════════

  [Protocol Specification — A2A, MCP, AP2, UCP, VI, x402]
      │
      ▼
  1. DOCUMENT           1-3 hrs    wait: 0         docs/software/protocols/
  Write protocol doc    ──────────────────────────────────────────────────
      │                 8 docs written, 7 have depth, 1 stub (MCP)
      ▼
  2. CONTRACT           1-2 hrs    wait: 0-1 DAY   contracts/<domain>/
  Zod schema            ──────────░░░░░────────────────────────────────
      │                 20 contracts exist, 10 missing
      ▼
  3. TEST SPEC          2-8 hrs    wait: 1-3 DAYS  intents/<domain>/
  Write test            ──────────░░░░░░░░░░░░░────────────────────────
      │                 external deps (FIDO, Sui) add wait time
      ▼
  4. TROPHY LAYER       0 hrs      wait: 0         PROTOCOL-COVERAGE.md
  Assign L1-L3          ──────────────────────────────────────────────────
      │                 Automated — test passes = trophy assigned
      ▼
  5. COVERAGE %         never      wait: ∞         NO SCRIPT EXISTS
  Compute + surface     ──────────────────────── STEP 5 NEVER HAPPENS ──
      │
      ▼
  [Trust claimed in docs. Not computed from evidence.]

  ┌─────────────────────────────────────────────────────────────────┐
  │  Protocols documented:  8/8 (100%)                              │
  │  Contracts written:     ~39/49 (80%)                            │
  │  Tests passing:         20/49 (41%)                             │
  │  Coverage computed:     0% (no script)                          │
  │  THE WASTE ISN'T DOCUMENTATION. IT'S THE GAP BETWEEN           │
  │  DOCUMENTATION AND VERIFICATION.                                │
  └─────────────────────────────────────────────────────────────────┘

═══════════════════════════════════════════════════════════════════════

41% verified. Step 5 never happens. The gap between docs and proof is where trust dies.

The value stream is clear. What depends on what? ↓

3 of 3

What gates what?

COMMERCE AUTHORIZATION CHAIN — DEPENDENCY MAP
═══════════════════════════════════════════════════════════════════════

  Every agent-to-agent transaction requires this chain to be correct:

  USER AUTH (FIDO)          Domain 4: Identity
  "Who authorized"          2/5 tested ──── PARTIAL
       │
       ▼
  INTENT CAPTURE            Domain 2: Verifiable Intent
  "What they said"          0/6 tested ──── MISSING ◄── CRITICAL GAP
       │
       ▼
  AGENT ACTION              Domain 1: Agent Communication
  "What agent did"          5/8 tested ──── PARTIAL
       │
       ▼
  SETTLEMENT                Domain 3: Payment + Domain 5: On-Chain
  "Value moved"             1/10 tested ─── MISSING ◄── CRITICAL GAP
       │
       ▼
  AUDIT                     Domain 2: Verifiable Intent (audit trail)
  "Proof exists"            0/6 tested ──── MISSING ◄── CRITICAL GAP


  Dependencies:
  ┌──────────────────────────────────────────────────────────────┐
  │  Identity (D4) ──gates──► Intent (D2)                        │
  │  Intent (D2)   ──gates──► Communication (D1)                 │
  │  Communication (D1) ──gates──► Payment (D3) + On-Chain (D5)  │
  │  Payment (D3) + On-Chain (D5) ──gates──► Audit (D2)          │
  │                                                              │
  │  The chain is only as strong as its weakest link.            │
  │  Three MISSING domains = three broken links.                  │
  │  Priority: D2 (Intent) first — it gates everything below.   │
  └──────────────────────────────────────────────────────────────┘

═══════════════════════════════════════════════════════════════════════

Domain 2 (Verifiable Intent) gates the entire commerce chain. Start there.

The outcome defines success. The value stream reveals the bottleneck. The dependency map names the priority.

Overview VV Stories