From ucp-agentic-commerce
Implements UCP Embedded Checkout Protocol for iframe/webview-based human escalation using JSON-RPC 2.0 over postMessage when checkout status is requires_escalation.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin ucp-agentic-commerceThis skill is limited to using the following tools:
**Fetch live spec**: Web-search `site:ucp.dev specification checkout-embedded` or fetch https://developers.google.com/merchant/ucp/guides/checkout/embedded for the exact JSON-RPC method definitions, handshake flow, and security requirements.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Automates semantic versioning and release workflow for Claude Code plugins: bumps versions in package.json, marketplace.json, plugin.json; verifies builds; creates git tags, GitHub releases, changelogs.
Fetch live spec: Web-search site:ucp.dev specification checkout-embedded or fetch https://developers.google.com/merchant/ucp/guides/checkout/embedded for the exact JSON-RPC method definitions, handshake flow, and security requirements.
When a checkout reaches requires_escalation status, the agent cannot resolve the issue via API alone. The checkout response includes a continue_url — the Platform opens this URL in an iframe or webview so the buyer can interact with the merchant's checkout UI directly.
The iframe communicates with the host (Platform) using JSON-RPC 2.0 over postMessage. Both sides send and receive structured messages.
| Method | Direction | Purpose |
|---|---|---|
ec.ready | Merchant → Host | Handshake; merchant declares which capabilities it delegates to the host |
ec.start | Merchant → Host | Checkout UI is visible and ready |
ec.payment.credential_request | Merchant → Host | Merchant asks host to acquire a payment credential |
ec.line_items.change | Merchant → Host | Cart was modified in the UI |
ec.buyer.change | Merchant → Host | Buyer details were updated |
ec.complete | Merchant → Host | Order was placed successfully |
ec.messages.change | Merchant → Host | Errors or warnings updated |
ec.payment.instruments_change_request | Merchant → Host | Merchant requests updated payment instruments |
ec.payment.change | Merchant → Host | Payment state was updated |
ec.fulfillment.address_change_request | Merchant → Host | Merchant requests updated fulfillment address |
continue_url in a sandboxed iframeec.ready with a delegate array listing capabilities it wants the host to handle (e.g., ["payment.credential", "fulfillment.address_change"])ec.start when UI is fully renderedThe continue_url may include:
ec_version: Protocol versionec_auth: Session validation tokenec_delegate: Comma-separated delegated actionsframe-ancestors <host_origin> — merchant page must allow being framed only by the PlatformpostMessage origin validation on both sidessandbox attribute: allow-scripts allow-forms allow-same-origin with credentiallessEmbedded Checkout methods may reject with W3C DOMException error codes:
abort_error — The operation was abortedsecurity_error — The operation violates security constraintsnot_supported_error — The requested capability is not supportedinvalid_state_error — The object is in an invalid state for this operationnot_allowed_error — The operation is not allowed in the current contextBusiness (iframe content):
continue_urlec.ready on load, ec.start when visibleec.complete with order details when checkout finishesPlatform (host):
continue_url in a sandboxed iframeec.payment.credential_request by invoking the payment providerec.complete to update the agent's checkout stateFetch the exact current method signatures from the live spec before implementing.