WordPress 7.0 is now required. Security hardening, native WP 7.0 MCP integration, and selectable MCP\/ACP exposure modes.<\/p>","0.2.0":"
Major new ACP checkout module. Backwards compatible.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3576151,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3576151,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3576151,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3576151,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.3.0"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[267600,2353,242115,254710,286],"plugin_category":[45],"plugin_contributors":[247430],"plugin_business_model":[],"class_list":["post-312719","plugin","type-plugin","status-publish","hentry","plugin_tags-acp","plugin_tags-ai","plugin_tags-mcp","plugin_tags-ucp","plugin_tags-woocommerce","plugin_category-ecommerce","plugin_contributors-suhanduman","plugin_committers-suhanduman"],"banners":{"banner":"https:\/\/ps.w.org\/sdx-ai-readiness-toolkit\/assets\/banner-772x250.png?rev=3576151","banner_2x":"https:\/\/ps.w.org\/sdx-ai-readiness-toolkit\/assets\/banner-1544x500.png?rev=3576151","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/sdx-ai-readiness-toolkit\/assets\/icon-128x128.png?rev=3576151","icon_2x":"https:\/\/ps.w.org\/sdx-ai-readiness-toolkit\/assets\/icon-256x256.png?rev=3576151","generated":false},"screenshots":[],"raw_content":"\n
SDX AI Readiness Toolkit<\/strong> makes any WooCommerce store auto-discoverable, readable, and purchasable by AI shopping agents \u2014 ChatGPT plugins, Perplexity Shopping, Google's commerce AI, custom Claude tools, and any agent that speaks the open protocols of the agentic commerce ecosystem.<\/p>\n\n In 2026 Google launched the Universal Commerce Protocol (UCP)<\/strong> with Shopify, Walmart, Target, Wayfair, and Etsy. WooCommerce was absent. This plugin closes that gap.<\/p>\n\n All standard payment gateways work. UCP creates standard WC orders.<\/p>\n\n AI shopping assistants \u2014 ChatGPT, Perplexity, Gemini, Claude \u2014 now help millions of people find products every day. When a shopper asks \"find me a waterproof backpack under $80\", the assistant doesn't open Google and click around. It queries machine-readable storefronts directly. The way it finds those storefronts is by fetching This plugin publishes that file automatically, along with the MCP tools the agent uses to actually browse your catalog. You don't have to write a single line of integration code; activating the plugin is enough to put your store on the map for every agent that speaks UCP, MCP, or ACP.<\/p>\n\n A few complementary moves we recommend alongside this plugin: register your products in Google Merchant Center<\/strong> so the Google Shopping feed picks them up, keep product titles and descriptions clear and well-structured (the same SEO discipline that helps humans also helps AI parsing), and make sure your site runs on HTTPS end-to-end so agents trust the responses.<\/p>\n\n Once your store is published, agents can do three things that previously required a human: discover that you exist, browse your catalog in real time, and \u2014 with ACP enabled \u2014 create a real WooCommerce order on behalf of their user, with the same checkout, tax, shipping, and fulfillment plumbing your human customers go through today.<\/p>\n\n The plugin publishes a Google-spec product feed at The feed is built from your published, catalog-visible WooCommerce products and includes each product's title, description, price, availability, image, and \u2014 when set \u2014 brand and GTIN. Filling in brand<\/strong> and GTIN<\/strong> (Products \u2192 product \u2192 Inventory \u2192 Global Unique ID, on WooCommerce 9.2+) materially improves listing quality and how often Google can match your products. Variable products are expanded to their purchasable variations. The generated XML is cached for one hour to keep the endpoint fast.<\/p>\n\n This plugin is built to be conservative about data:<\/p>\n\n WordPress.org guideline #6 requires that we disclose any external services this plugin contacts. The list is short:<\/p>\n\n This plugin is an independent, community-driven implementation of open commerce protocols. It is not affiliated with, endorsed by, or sponsored by Stripe, Inc., OpenAI, Google, Anthropic, Automattic, or the WooCommerce trademark holders. \"WooCommerce\" is a trademark of Automattic Inc. and is referenced solely for descriptive interoperability purposes.<\/p>\n\n\n No. WooCommerce 10.7+ ships internal ACP infrastructure with the Only for ACP payment_intent flow. Without Stripe, agents can still discover, browse, and create checkout sessions \u2014 they just can't authorize payment through ACP directly.<\/p>\n\n There are two flow models to choose from, and most stores can start without Stripe entirely:<\/p>\n\n By default, public product data only (name, price, description, images). An agent can additionally read its own<\/strong> orders if it holds the Order access is scoped to ownership and safe by default: an agent (OAuth client) can only ever read orders it created itself via the ACP checkout flow. It can never read another agent's orders or orders placed by human customers through normal checkout.<\/p>\n\n To read its own orders, an agent must request the Yes. Client secrets are hashed with Open the AI Readiness dashboard. If JWKS rotation is needed, click the \"Rotate JWKS keypair now\" button. Old key remains valid for a 24h grace period.<\/p><\/dd>\n On WordPress 7.0 this plugin registers its tools as WordPress Abilities, making them available through the core MCP Adapter to clients such as Claude Desktop, Claude Code, Cursor, and VS Code. Those clients authenticate with standard WordPress application passwords \u2014 no OAuth setup is required on their side. The plugin's own OAuth MCP server remains active alongside the core adapter and continues to serve headless or autonomous agents that manage their own credentials.<\/p>\n\n The AI Readiness dashboard shows a \"Protocol exposure\" card with two settings:<\/p>\n\n MCP exposure controls which MCP path is active: \"both\" (default \u2014 core adapter and plugin server run side by side), \"core\" (plugin's own MCP server is disabled, traffic goes to the WP core adapter only), or \"plugin\" (core adapter integration is disabled, plugin MCP server only).<\/p>\n\n ACP exposure controls ACP checkout availability: \"auto\" (default \u2014 plugin ACP is active when WooCommerce native ACP is off, deferred when on), \"plugin\" (plugin ACP is always active regardless of WC native state), or \"off\" (ACP checkout is fully disabled).<\/p>\n\n Both settings can be overridden programmatically with the filters agtc_mcp_exposure_mode and agtc_acp_exposure_mode, which receive the stored option value and should return one of the accepted mode strings.<\/p><\/dd>\n The plugin publishes a Google-spec product feed at Why this matters<\/h4>\n\n
What this plugin does<\/h4>\n\n
\n
\/.well-known\/ucp<\/code> \u2014 agents auto-find your store<\/li>\n\/wp-json\/agtc\/v1\/mcp<\/code> \u2014 JWT-authenticated tools for product listing, search, and order lookup<\/li>\n\/wp-json\/agtc\/v1\/acp\/checkouts<\/code> \u2014 agentic checkout sessions with Stripe payment_intent<\/code> support<\/li>\nclient_credentials<\/code> grant<\/li>\n<link><\/code> tags, HTTP Link headers, robots.txt<\/code> advisory, \/llms.txt<\/code><\/li>\n\/merchant-feed\/google.xml<\/code> \u2014 a self-hosted, Google-spec product feed you register as a scheduled fetch<\/li>\nHow agents use your store<\/h4>\n\n
\n
\/.well-known\/ucp<\/code><\/li>\n\/oauth\/register<\/code> \u2192 receives client ID + secret<\/li>\n\/oauth\/token<\/code><\/li>\n\/mcp<\/code> (search, list)<\/li>\n\/acp\/checkouts<\/code><\/li>\nHow this actually helps your store<\/h4>\n\n
\/.well-known\/ucp<\/code> on each domain it knows about. If that file doesn't exist, your store is invisible to the agent \u2014 not low-ranked, invisible<\/em>.<\/p>\n\nGoogle Merchant Center<\/h4>\n\n
https:\/\/yourstore.com\/merchant-feed\/google.xml<\/code>. It is fully self-hosted \u2014 the plugin contacts no external service. Instead, you register that URL in Google Merchant Center \u2192 Products \u2192 Feeds<\/strong> as a scheduled fetch, and Google pulls the feed on its own schedule. Once Google has the feed, your products become eligible for Google Shopping and Google's shopping AI.<\/p>\n\nPrivacy & Data Handling<\/h4>\n\n
\n
read:orders<\/code> scope cannot read any orders at all, and read:orders<\/code> is never granted by open client registration unless it is explicitly requested.<\/li>\nmanage_woocommerce<\/code> capability and a verified WordPress CSRF nonce.<\/li>\nExternal Services<\/h4>\n\n
\n
payment_intent<\/code> flow is explicitly enabled by defining the AGTC_STRIPE_SECRET_KEY<\/code> constant in wp-config.php<\/code>. When an agent completes a checkout session under that flow, the plugin makes a server-to-server POST to https:\/\/api.stripe.com\/v1\/payment_intents<\/code> to authorize the payment. No data is sent to Stripe unless this flow is activated. Stripe service terms: https:\/\/stripe.com\/legal \u2014 Stripe privacy policy: https:\/\/stripe.com\/privacy.<\/li>\nDisclaimer<\/h4>\n\n
\n
\/wp-content\/plugins\/agtc-commerce<\/code> (or install via WP admin \u2192 Plugins \u2192 Add New)<\/li>\nAGTC_STRIPE_SECRET_KEY<\/code> in wp-config.php<\/code> to enable ACP payment intents<\/li>\n<\/ol>\n\nRequirements<\/h4>\n\n
\n
\n
Will this conflict with WooCommerce's built-in ACP support?<\/h3><\/dt>\n
agentic_checkout<\/code> feature flag (default off). Our Coexistence<\/code> detector activates our endpoints only when the WC native flag is off, and defers (410 + Location header) when on.<\/p><\/dd>\nDo I need Stripe?<\/h3><\/dt>\n
\n
payment_intent<\/code>):<\/strong> Requires Stripe. The ACP protocol uses Stripe's PaymentIntent under the hood, so you must define AGTC_STRIPE_SECRET_KEY<\/code> in wp-config.php<\/code>. The agent never sees the customer's card; payment is captured server-side at session completion. This is the fully autonomous flow.<\/li>\nWhat data does this expose to agents?<\/h3><\/dt>\n
read:orders<\/code> scope \u2014 but only orders it created itself through the ACP checkout flow. Agents never see other agents' orders or orders placed by human customers through normal checkout.<\/p><\/dd>\nHow do I let agents read orders?<\/h3><\/dt>\n
read:orders<\/code> scope at registration; dynamic client registration only ever grants read:products<\/code> by default, so read:orders<\/code> must always be requested explicitly. No server-side opt-in or wp-config.php<\/code> constant is required.<\/p><\/dd>\nIs the OAuth flow secure?<\/h3><\/dt>\n
password_hash()<\/code>. Access tokens are RS256-signed JWTs with iat<\/code>, exp<\/code> (max 2h), aud<\/code>, iss<\/code>, and jti<\/code> claims. Admin endpoints require WP nonce + manage_woocommerce<\/code>.<\/p><\/dd>\nHow do I rotate the JWKS keypair?<\/h3><\/dt>\n
WordPress 7.0 native MCP<\/h3><\/dt>\n
How do I get my products into Google Shopping?<\/h3><\/dt>\n
https:\/\/yourstore.com\/merchant-feed\/google.xml<\/code>. In Google Merchant Center, go to Products \u2192 Feeds<\/strong>, add a new feed, and choose the scheduled fetch<\/strong> option pointing at that URL. Google then fetches the feed on its own schedule \u2014 the plugin never contacts Google. The feed carries title, description, price, availability, image, and brand\/GTIN when set; adding a brand and GTIN to each product improves listing quality and match rate. The dashboard's FEED-001 check flags products missing those attributes.<\/p><\/dd>\n\n<\/dl>\n\n\n0.3.0<\/h4>\n\n
\n
\/merchant-feed\/google.xml<\/code> + dashboard feed-readiness audit<\/li>\n0.2.0<\/h4>\n\n
\n
\/admin\/fix<\/code> REST endpoint with nonce + capability check<\/li>\nsetAccessible<\/code>, curl_close<\/code>)<\/li>\niat<\/code> claim and 2h max token lifetime<\/li>\n<\/ul>\n\n0.1.0<\/h4>\n\n
\n