5 min readUCP Validation

The 4-Level UCP Validation Stack: Why Surface-Level Checks Fail Your Store

A 'valid' UCP manifest isn't enough. AI shopping agents need your profile to be functionally correct across structural, rules, network, and simulation levels. Here's what breaks at each one.

The 4-Level UCP Validation Stack: Why Surface-Level Checks Fail Your Store

You've published your .well-known/ucp file. A checker tool says "Detected." You're done, right?

Not even close.

A structurally valid UCP manifest is the bare minimum. It's the equivalent of your website returning a 200 OK - necessary, but it tells you nothing about whether the page actually works. AI shopping agents need your manifest to be functionally correct across multiple dimensions, and a surface-level check misses most of them.

Here's what actually happens at each level of UCP validation - and why skipping levels leaves your store invisible to AI agents.

Level 1: Structural Validation - Can AI Agents Parse This?

This is the "JSON is valid" check. Every UCP checker on the market does this, and it's where most of them stop.

Structural validation verifies that your manifest is syntactically correct JSON, that required fields exist, and that the schema roughly matches the UCP specification. It catches things like:

  • Missing required fields (signing_keys, capabilities)
  • Invalid JSON (trailing commas, unquoted strings, wrong types)
  • Missing top-level sections

But here's the catch: a perfectly valid JSON file can still be a completely broken UCP profile.

Consider this manifest:

{
  "namespace": "shop.example.com",
  "origin": "https://store.example.com",
  "signing_keys": [],
  "capabilities": {
    "cart": {
      "endpoint": "https://shop.example.com/cart"
    }
  }
}

Structural validation says: ✅ Pass. JSON is valid. Required fields are present. Schema looks fine.

But an AI agent visiting this store will fail. Why? Let's go deeper.

Level 2: Rules Validation - Does It Make Logical Sense?

Rules validation checks whether your manifest is internally consistent and follows the protocol's business logic. This is where most "valid" manifests start to fall apart.

Real failures we see at this level:

Namespace/Origin Mismatch. Your namespace declares one domain, but your origin points somewhere else entirely. The UCP spec requires these to match - an AI agent uses the namespace to route requests, and the origin to verify identity. If they don't align, the agent can't trust the manifest.

Empty signing_keys array. The spec requires signing keys for verification. An empty array passes structural validation (it's valid JSON), but it means no agent can cryptographically verify your store. Every interaction will be rejected.

Capability conflicts. Your manifest declares a Cart capability that expects a POST endpoint, but lists a GET-only URL. Or declares Payment handlers that reference payment methods not supported by your Checkout capability. The structural check sees valid JSON; the rules check sees a capability that can never execute.

Missing payment handlers. Your manifest has Cart and Checkout capabilities but no payment_handlers. An AI agent can browse and add items to cart, but when it tries to complete the purchase, there's nowhere to send the payment. The transaction silently fails.

Level 3: Network Validation - Is It Actually Reachable?

This is where static file checks fall apart completely. Network validation makes live HTTP requests to every endpoint declared in your manifest.

HTTPS enforcement. The UCP spec mandates HTTPS on all endpoints. A manifest that lists http:// URLs passes structural validation but fails at the network level. AI agents will refuse to send requests over unencrypted connections.

Endpoint reachability. Your manifest declares https://store.example.com/cart, but that endpoint returns a 404. Or a 500. Or a timeout. Structural checks can't detect this - they only read the file, they don't hit the URLs.

Cross-origin issues. Your manifest is served from shop.example.com but declares capabilities at api.another-domain.com. Even if the endpoint is technically reachable, CORS and security policies can block the AI agent. Network validation catches these before agents encounter them.

TLS certificate validity. Expired certificates, self-signed certs, incomplete certificate chains. All of these cause AI agent connection failures that a surface-level checker will never find.

Level 4: AI Agent Simulation - Does It Actually Work End-to-End?

This is the validation level that separates "looks correct" from "actually works." Level 4 simulates what a real AI shopping agent does when it visits your store:

  1. Requests /.well-known/ucp and parses the manifest
  2. Follows the declared capabilities in order (Cart → Checkout → Payment)
  3. Attempts real interactions: add an item to cart, initiate checkout, invoke a payment handler
  4. Verifies responses match what the manifest promised

What this catches that nothing else does:

Response format mismatches. Your Cart endpoint returns data, but in a format the agent can't interpret. Maybe it returns HTML instead of JSON. Maybe the JSON structure doesn't match the capability schema. The agent gets a response but can't use it.

Partial capability implementations. Your Cart capability supports adding items but remove returns "not implemented." The manifest says Cart is supported; the agent discovers only half of it works.

Redirect chains and authentication walls. Your endpoints redirect through login pages or OAuth flows that the AI agent can't navigate. The network check sees a response; the agent simulation discovers it's a login form, not commerce data.

Identity Linking failures. Identity Linking (stable spec as of April 2026) enables cross-domain user recognition. A simulated agent attempts to link identities across domains and discovers the handshake fails - silent and invisible to structural checks.

Why This Matters Now

Google AI Mode, ChatGPT, and a growing fleet of AI shopping agents are actively discovering and interacting with merchant stores through UCP. The agents don't retry or troubleshoot - if your profile fails at any level, you're simply invisible.

A surface-level "Detected" badge creates a false sense of security. The store owner thinks they're AI-ready; the AI agent disagrees.

The real question isn't "Do I have a UCP file?" - it's "Can an AI agent actually shop at my store?"

That takes all four levels.

Try your store against all four validation levels: Run a UCP scan

This is the second in our technical deep-dive series on UCP implementation. Read the first: "Why UCP Is HTTP for Agentic Commerce."

← Back to Blog