Flow Diagrams
Three maps. Each one answers a question. Each answer feeds the next question. By the end, the Commerce Authorization Chain is visible as a dependency graph with coverage states at every node.
1 of 3
What does 80% coverage look like?
OUTCOME MAP
═══════════════════════════════════════════════════════════════════════
Every protocol interface is provably correct.
Coverage is computed from test results, not hand-counted.
Commerce Authorization Chain verified end-to-end.
│
├── Domain 1: Agent Communication (A2A + MCP)
│ ├── Current: 5/8 tested (63%)
│ ├── Target: 8/8 tested (100%)
│ └── Gap: Multi-agent chain, MCP tool access, capability search
│
├── Domain 2: Verifiable Intent
│ ├── Current: 0/6 tested (0%)
│ ├── Target: 4/6 tested (67%)
│ └── Gap: Intent capture, instruction fidelity, audit trail, HITL
│
├── Domain 3: Payment Execution (x402 + AP2)
│ ├── Current: 1/6 tested (17%)
│ ├── Target: 5/6 tested (83%)
│ └── Gap: Payment intent, spending authority, execution, x402
│
├── Domain 4: Identity & Verification
│ ├── Current: 2/5 tested (40%)
│ ├── Target: 3/5 tested (60%)
│ └── Gap: FIDO identity binding
│
├── Domain 5: On-Chain Trust
│ ├── Current: 0/4 tested (0%)
│ ├── Target: 3/4 tested (75%)
│ └── Gap: Sui escrow, settlement, attestation
│
└── Success measures (binary)
├── Coverage >= 80% (39/49) ────────── YES / NO
├── Commerce Auth Chain complete ────── YES / NO
├── Zero regressions in existing ────── YES / NO
└── Coverage computed, not counted ──── YES / NO
═══════════════════════════════════════════════════════════════════════Targets defined. Where does value flow from spec to trust? ↓
2 of 3
How does a protocol become trusted?
VALUE STREAM MAP
═══════════════════════════════════════════════════════════════════════
[Protocol Specification — A2A, MCP, AP2, UCP, VI, x402]
│
▼
1. DOCUMENT 1-3 hrs wait: 0 docs/software/protocols/
Write protocol doc ──────────────────────────────────────────────────
│ 8 docs written, 7 have depth, 1 stub (MCP)
▼
2. CONTRACT 1-2 hrs wait: 0-1 DAY contracts/<domain>/
Zod schema ──────────░░░░░────────────────────────────────
│ 20 contracts exist, 10 missing
▼
3. TEST SPEC 2-8 hrs wait: 1-3 DAYS intents/<domain>/
Write test ──────────░░░░░░░░░░░░░────────────────────────
│ external deps (FIDO, Sui) add wait time
▼
4. TROPHY LAYER 0 hrs wait: 0 PROTOCOL-COVERAGE.md
Assign L1-L3 ──────────────────────────────────────────────────
│ Automated — test passes = trophy assigned
▼
5. COVERAGE % never wait: ∞ NO SCRIPT EXISTS
Compute + surface ──────────────────────── STEP 5 NEVER HAPPENS ──
│
▼
[Trust claimed in docs. Not computed from evidence.]
┌─────────────────────────────────────────────────────────────────┐
│ Protocols documented: 8/8 (100%) │
│ Contracts written: ~39/49 (80%) │
│ Tests passing: 20/49 (41%) │
│ Coverage computed: 0% (no script) │
│ THE WASTE ISN'T DOCUMENTATION. IT'S THE GAP BETWEEN │
│ DOCUMENTATION AND VERIFICATION. │
└─────────────────────────────────────────────────────────────────┘
═══════════════════════════════════════════════════════════════════════41% verified. Step 5 never happens. The gap between docs and proof is where trust dies.
The value stream is clear. What depends on what? ↓
3 of 3
What gates what?
COMMERCE AUTHORIZATION CHAIN — DEPENDENCY MAP
═══════════════════════════════════════════════════════════════════════
Every agent-to-agent transaction requires this chain to be correct:
USER AUTH (FIDO) Domain 4: Identity
"Who authorized" 2/5 tested ──── PARTIAL
│
▼
INTENT CAPTURE Domain 2: Verifiable Intent
"What they said" 0/6 tested ──── MISSING ◄── CRITICAL GAP
│
▼
AGENT ACTION Domain 1: Agent Communication
"What agent did" 5/8 tested ──── PARTIAL
│
▼
SETTLEMENT Domain 3: Payment + Domain 5: On-Chain
"Value moved" 1/10 tested ─── MISSING ◄── CRITICAL GAP
│
▼
AUDIT Domain 2: Verifiable Intent (audit trail)
"Proof exists" 0/6 tested ──── MISSING ◄── CRITICAL GAP
Dependencies:
┌──────────────────────────────────────────────────────────────┐
│ Identity (D4) ──gates──► Intent (D2) │
│ Intent (D2) ──gates──► Communication (D1) │
│ Communication (D1) ──gates──► Payment (D3) + On-Chain (D5) │
│ Payment (D3) + On-Chain (D5) ──gates──► Audit (D2) │
│ │
│ The chain is only as strong as its weakest link. │
│ Three MISSING domains = three broken links. │
│ Priority: D2 (Intent) first — it gates everything below. │
└──────────────────────────────────────────────────────────────┘
═══════════════════════════════════════════════════════════════════════Domain 2 (Verifiable Intent) gates the entire commerce chain. Start there.
The outcome defines success. The value stream reveals the bottleneck. The dependency map names the priority.
Questions
Which protocol coverage flow has the most external dependencies — and are those dependencies owned by parties who can commit to SLAs?
- At what point in the protocol coverage flow does the system stop being able to verify its own output — and how is that boundary signalled?
- Which flow step assumes a version of the protocol that may change — and is there a migration path built in?
- If two protocol flows needed to run simultaneously, which combination would create the most contention for shared resources?