SDX AI Readiness Toolkit for WooCommerce

开发者	suhanduman
更新时间	2026年6月18日 00:49
PHP版本:	7.4 及以上
WordPress版本:	7.0
版权:	GPLv2 or later
版权网址:	版权信息

下载

0.3.0

详情介绍:

SDX AI Readiness Toolkit makes any WooCommerce store auto-discoverable, readable, and purchasable by AI shopping agents — ChatGPT plugins, Perplexity Shopping, Google's commerce AI, custom Claude tools, and any agent that speaks the open protocols of the agentic commerce ecosystem. Why this matters In 2026 Google launched the Universal Commerce Protocol (UCP) with Shopify, Walmart, Target, Wayfair, and Etsy. WooCommerce was absent. This plugin closes that gap. What this plugin does

UCP discovery at /.well-known/ucp — agents auto-find your store
MCP server at /wp-json/agtc/v1/mcp — JWT-authenticated tools for product listing, search, and order lookup
ACP checkout at /wp-json/agtc/v1/acp/checkouts — agentic checkout sessions with Stripe payment_intent support
OAuth 2.0 server — dynamic client registration + client_credentials grant
WC native ACP coexistence — auto-detects WooCommerce 10.7+ native ACP and defers when active
Web discovery — HTML <link> tags, HTTP Link headers, robots.txt advisory, /llms.txt
Google Merchant Center feed at /merchant-feed/google.xml — a self-hosted, Google-spec product feed you register as a scheduled fetch
AI readiness dashboard — scores your store, shows what's missing, offers one-click fixes
Production-grade engineering — 260+ unit tests, integration-tested on live WordPress 7.0 + WooCommerce, WordPress Coding Standards compliant, PHP 7.4+ compatible

How agents use your store

Agent fetches /.well-known/ucp
Agent registers via /oauth/register → receives client ID + secret
Agent exchanges credentials for JWT at /oauth/token
Agent calls MCP tools under /mcp (search, list)
Agent creates an ACP checkout session at /acp/checkouts
Agent completes the session → real WooCommerce order in your admin

All standard payment gateways work. UCP creates standard WC orders. How this actually helps your store AI shopping assistants — ChatGPT, Perplexity, Gemini, Claude — now help millions of people find products every day. When a shopper asks "find me a waterproof backpack under $80", the assistant doesn't open Google and click around. It queries machine-readable storefronts directly. The way it finds those storefronts is by fetching /.well-known/ucp on each domain it knows about. If that file doesn't exist, your store is invisible to the agent — not low-ranked, invisible. This plugin publishes that file automatically, along with the MCP tools the agent uses to actually browse your catalog. You don't have to write a single line of integration code; activating the plugin is enough to put your store on the map for every agent that speaks UCP, MCP, or ACP. A few complementary moves we recommend alongside this plugin: register your products in Google Merchant Center so the Google Shopping feed picks them up, keep product titles and descriptions clear and well-structured (the same SEO discipline that helps humans also helps AI parsing), and make sure your site runs on HTTPS end-to-end so agents trust the responses. Once your store is published, agents can do three things that previously required a human: discover that you exist, browse your catalog in real time, and — with ACP enabled — create a real WooCommerce order on behalf of their user, with the same checkout, tax, shipping, and fulfillment plumbing your human customers go through today. Google Merchant Center The plugin publishes a Google-spec product feed at https://yourstore.com/merchant-feed/google.xml. It is fully self-hosted — the plugin contacts no external service. Instead, you register that URL in Google Merchant Center → Products → Feeds as a scheduled fetch, and Google pulls the feed on its own schedule. Once Google has the feed, your products become eligible for Google Shopping and Google's shopping AI. The feed is built from your published, catalog-visible WooCommerce products and includes each product's title, description, price, availability, image, and — when set — brand and GTIN. Filling in brand and GTIN (Products → product → Inventory → Global Unique ID, on WooCommerce 9.2+) materially improves listing quality and how often Google can match your products. Variable products are expanded to their purchasable variations. The generated XML is cached for one hour to keep the endpoint fast. Privacy & Data Handling This plugin is built to be conservative about data:

The plugin only exposes publicly available product data — name, price, image, description — through its UCP and MCP discovery endpoints. Anything you already display on a public product page is fair game; nothing else is.
Order data is gated behind a valid OAuth 2.0 access token AND is scoped to the agent's own orders. An agent (OAuth client) can only read orders it created itself through the ACP checkout flow; it can never read other agents' orders or orders placed by human customers through normal checkout. An agent without the read:orders scope cannot read any orders at all, and read:orders is never granted by open client registration unless it is explicitly requested.
No customer personally identifiable information (PII) is collected, transmitted to third parties, or stored beyond standard WooCommerce order records that WooCommerce itself already manages.
All admin actions — including the audit dashboard and one-click auto-fix buttons — require the manage_woocommerce capability and a verified WordPress CSRF nonce.
No outbound telemetry. No analytics calls. No external "phone home" requests. The plugin does not contact the author, an analytics vendor, or any third party at install time, on activation, or during normal operation.

External Services WordPress.org guideline #6 requires that we disclose any external services this plugin contacts. The list is short:

Stripe (optional, opt-in): Stripe is only contacted when the ACP module's payment_intent flow is explicitly enabled by defining the AGTC_STRIPE_SECRET_KEY constant in wp-config.php. When an agent completes a checkout session under that flow, the plugin makes a server-to-server POST to https://api.stripe.com/v1/payment_intents to authorize the payment. No data is sent to Stripe unless this flow is activated. Stripe service terms: https://stripe.com/legal — Stripe privacy policy: https://stripe.com/privacy.
No other external services are contacted by default. UCP, MCP, and ACP discovery endpoints are served from your own WordPress installation. The agent pulls data from you; you do not push data to the agent or to any intermediary.

Disclaimer This plugin is an independent, community-driven implementation of open commerce protocols. It is not affiliated with, endorsed by, or sponsored by Stripe, Inc., OpenAI, Google, Anthropic, Automattic, or the WooCommerce trademark holders. "WooCommerce" is a trademark of Automattic Inc. and is referenced solely for descriptive interoperability purposes.

安装:

Upload to /wp-content/plugins/agtc-commerce (or install via WP admin → Plugins → Add New)
Activate via Plugins menu
Visit SDX AI Readiness in the admin sidebar to see the AI Readiness dashboard
(Optional) Define AGTC_STRIPE_SECRET_KEY in wp-config.php to enable ACP payment intents

Requirements

WordPress 7.0 or higher
WooCommerce 8.0 or higher
PHP 7.4 or higher (PHP 8.x recommended)
OpenSSL and libsodium PHP extensions
Pretty Permalinks enabled

升级注意事项:

0.3.0 WordPress 7.0 is now required. Security hardening, native WP 7.0 MCP integration, and selectable MCP/ACP exposure modes. 0.2.0 Major new ACP checkout module. Backwards compatible.

常见问题:

Will this conflict with WooCommerce's built-in ACP support?

No. WooCommerce 10.7+ ships internal ACP infrastructure with the agentic_checkout feature flag (default off). Our Coexistence detector activates our endpoints only when the WC native flag is off, and defers (410 + Location header) when on.

Do I need Stripe?

Only for ACP payment_intent flow. Without Stripe, agents can still discover, browse, and create checkout sessions — they just can't authorize payment through ACP directly. There are two flow models to choose from, and most stores can start without Stripe entirely:

Model A — Agent pays directly (ACP payment_intent): Requires Stripe. The ACP protocol uses Stripe's PaymentIntent under the hood, so you must define AGTC_STRIPE_SECRET_KEY in wp-config.php. The agent never sees the customer's card; payment is captured server-side at session completion. This is the fully autonomous flow.
Model B — Agent creates order, customer pays later: Works with any WooCommerce payment gateway — PayPal, Square, Stripe via WooCommerce Payments, bank transfer, cash on delivery, anything you already have configured. The agent creates an ACP session, which the plugin converts into a standard pending WooCommerce order. The customer receives an order link and completes payment using whatever gateway your store already uses.
Recommendation: Most stores should start with Model B (no Stripe required) and add Model A later if and when they want fully autonomous agent purchases without a human checkout step.

What data does this expose to agents?

By default, public product data only (name, price, description, images). An agent can additionally read its own orders if it holds the read:orders scope — but only orders it created itself through the ACP checkout flow. Agents never see other agents' orders or orders placed by human customers through normal checkout.

How do I let agents read orders?

Order access is scoped to ownership and safe by default: an agent (OAuth client) can only ever read orders it created itself via the ACP checkout flow. It can never read another agent's orders or orders placed by human customers through normal checkout. To read its own orders, an agent must request the read:orders scope at registration; dynamic client registration only ever grants read:products by default, so read:orders must always be requested explicitly. No server-side opt-in or wp-config.php constant is required.

Is the OAuth flow secure?

Yes. Client secrets are hashed with password_hash(). Access tokens are RS256-signed JWTs with iat, exp (max 2h), aud, iss, and jti claims. Admin endpoints require WP nonce + manage_woocommerce.

How do I rotate the JWKS keypair?

Open the AI Readiness dashboard. If JWKS rotation is needed, click the "Rotate JWKS keypair now" button. Old key remains valid for a 24h grace period.

WordPress 7.0 native MCP

On WordPress 7.0 this plugin registers its tools as WordPress Abilities, making them available through the core MCP Adapter to clients such as Claude Desktop, Claude Code, Cursor, and VS Code. Those clients authenticate with standard WordPress application passwords — no OAuth setup is required on their side. The plugin's own OAuth MCP server remains active alongside the core adapter and continues to serve headless or autonomous agents that manage their own credentials. The AI Readiness dashboard shows a "Protocol exposure" card with two settings: MCP exposure controls which MCP path is active: "both" (default — core adapter and plugin server run side by side), "core" (plugin's own MCP server is disabled, traffic goes to the WP core adapter only), or "plugin" (core adapter integration is disabled, plugin MCP server only). ACP exposure controls ACP checkout availability: "auto" (default — plugin ACP is active when WooCommerce native ACP is off, deferred when on), "plugin" (plugin ACP is always active regardless of WC native state), or "off" (ACP checkout is fully disabled). Both settings can be overridden programmatically with the filters agtc_mcp_exposure_mode and agtc_acp_exposure_mode, which receive the stored option value and should return one of the accepted mode strings.

How do I get my products into Google Shopping?

The plugin publishes a Google-spec product feed at https://yourstore.com/merchant-feed/google.xml. In Google Merchant Center, go to Products → Feeds, add a new feed, and choose the scheduled fetch option pointing at that URL. Google then fetches the feed on its own schedule — the plugin never contacts Google. The feed carries title, description, price, availability, image, and brand/GTIN when set; adding a brand and GTIN to each product improves listing quality and match rate. The dashboard's FEED-001 check flags products missing those attributes.

更新日志: