Lede

The web was written for browsers. Agents arrived later, and nothing was waiting for them. Agora is an open protocol that lets any AI agent discover, search and buy across any participating store — the missing transaction layer for the agent-led internet.

Context

The Model Context Protocol shipped in late 2024 and within a year became the default surface for AI agents to call out to tools. By May 2026, MCP servers exist for filesystems, calendars, GitHub, Stripe payments, Slack, Linear, Figma — almost every developer surface on the web has one. Commerce did not.

That gap is not academic. Anthropic’s Claude, OpenAI’s ChatGPT, Cursor and a long tail of agentic apps now field millions of daily intents that end in a purchase. “Find me waterproof hiking boots under £100.” “Reorder the coffee I bought last month.” “Stock the kitchen for a dinner party for six.” The model can answer the question. It cannot complete the transaction without a brittle scrape, a hand-written affiliate hack, or a one-off integration the store owner did not consent to. The web has no equivalent of HTTP for storefronts.

There are partial fixes. Stripe shipped an MCP server for payment primitives. Shopify ships its own commerce API. Search engines ship structured-data schemas like schema.org/Product that were designed for crawlers, not agents. None of these is a protocol. None of them lets an agent walk into an unfamiliar store, read a manifest, build a cart, ask the human for consent, and complete the purchase — which is the actual job.

A standard was overdue. Not a marketplace, not an aggregator — a protocol, the way HTTP is a protocol.

The problem

Every storefront on the web is a small bespoke universe. Different HTML markup. Different cart endpoints. Different checkout flows. Different rate limits. Different anti-bot infrastructure. A human picks up the patterns by eye — they see the cart icon, they understand the checkout, they read the total before clicking pay. An agent has none of that pattern recognition. It scrapes, it guesses, it hallucinates a SKU that does not exist, and the cardholder on the other end ends up with a charge they did not approve for a product that was not what they asked for.

The safety story is worse than the discovery story. If an agent can autonomously charge a card, the failure mode is not a bad recommendation — it is real money moved against a confused consumer. The MCP spec is permissive about side effects; nothing in the protocol forces a human approval step before a payment goes out. Every commerce-adjacent MCP server in the wild today hand-rolls its own confirmation pattern, and most of them are not safe enough to deploy at scale.

For store owners the math is also bad. The biggest single source of intent on the open web — agentic shopping — has no clean opt-in. Shopify and WooCommerce stores either expose themselves to scrapers and accept the support burden, or stay invisible to a buying population that will quadruple in size before 2027. There is no protocol they can adopt that signals “agents welcome, here is what I support, here is how to ask for consent.”

The cost is borne by everyone. Consumers get unsafe transactions. Stores get fragmented integrations. Agent developers re-implement the same flow per platform. And the open web loses commerce share to the closed platforms that can afford bespoke deals.

What we built

Agora is a three-layer open protocol: discovery, search, and transaction.

Discovery. Stores serve a manifest at /.well-known/agora.json declaring what they can do — product feed, search endpoint, cart, checkout, supported currencies, supported payment methods, contact for compliance. The manifest is JSON, small, cacheable, and signed. A public registry indexes every manifest, so an agent that does not know a specific store can ask Agora “find me stores selling outdoor gear in GBP” and get a ranked list back.

Search. A unified search vocabulary speaks across stores. An agent sends one structured query — category=footwear&max_price=100&attributes=waterproof — and the protocol federates it across the registry, returning normalised results with price, stock, store, and product detail URL. Search is server-side at the protocol layer for low latency; planned semantic search via pgvector embeddings will rank by intent rather than keyword.

Transaction. This is the section the safety story lives in. An agent builds a cart on behalf of a user. When it is time to check out, the agent does not receive payment credentials. Instead, the protocol mints a single-use approval token, valid for fifteen minutes, and returns an approval URL. The human visits the URL — on their phone, on the same machine, however — and approves the purchase against their stored payment method on the store side. Only then does Stripe charge the card. The agent can propose, the human disposes. There is no path by which an agent autonomously moves money.

Stores onboard with a single POST against the registry. A Shopify shop with the Agora adapter installed serves a compliant manifest, exposes the standard search and cart endpoints, and is live within five minutes. As of May 2026 the public registry indexes 22,562 products across 52 stores — most of them crawler-indexed today, with the conversion to opt-in partnership in the next milestone.

A reference TypeScript SDK ships on npm as agora-sdk. A reference MCP server ships as agora-mcp-server with twelve tools covering the full flow — search, cart create, cart add, cart get, checkout create, checkout status, approval and cancellation. Both are zero-dependency, MIT-licensed for protocol implementation and BSL-licensed for the reference server to protect commercial use. The full commerce flow — Claude Desktop calls agora_search, then agora_cart_create, then agora_checkout_create, returns an approval URL, the human approves on their phone, Claude calls agora_checkout_status and sees completed — runs end-to-end in production today.

The protocol does for stores what HTTP did for documents.

Architecture

The protocol is implemented on a stack chosen for cold-start latency. Hono is the HTTP framework, deployed on Vercel Fluid Compute — the new compute runtime that keeps connections warm and dramatically reduces serverless cold-start times. Postgres on Vercel Postgres with pgvector handles the registry, the product catalog and (next) the semantic search index. Drizzle ORM sits over Postgres for type-safe schema and migrations. The whole API tier is TypeScript, deployable in one vercel deploy.

The MCP server is a separate package — agora-mcp-server — written against the MCP TypeScript SDK and published to npm. It is dependency-light by design, because every MCP server that ships into Claude Desktop or Cursor inherits the user’s trust budget, and a bloated dependency tree is a security smell. The twelve tools map 1:1 to the protocol endpoints, so the MCP server is a thin adapter rather than a re-implementation.

The approval flow is the part of the architecture that took the most thinking. Single-use tokens are minted by the protocol server, stored with a fifteen-minute expiry in Postgres, and bound to a checkout ID, a store ID, and a payment intent. The approval URL renders a server-side React page showing the cart contents, the store, the total in the user’s currency, and a single “Approve” button that posts back to the protocol with the token, which in turn confirms the Stripe payment intent. Tokens are scoped — an approval URL minted for a £45 hiking boots checkout cannot be reused to approve any other purchase. If the token is not used within the window, the checkout is automatically cancelled and the payment intent released.

CI is non-trivial. The repository runs fifty automated tests on every push covering the protocol spec, the SDK, the MCP server, and the registry. Conformance tests verify that any store implementing /.well-known/agora.json correctly responds to the standard search and cart endpoints. Stripe is wired through the test runner in test mode so the full checkout-to-approval-to-charge path executes on every commit.

The deliberate decision was to ship the protocol as a versioned spec (v1.0 today) before scaling the implementation. The spec is in the repo, agnostic of the reference implementation, and a Python or Go server written against it should pass the same conformance tests.

How it works (the short version)

• Discover — public registry plus per-store /.well-known/agora.json manifests
• Search — structured queries across stores, compared by price and stock; pgvector semantic search in build
• Transact — agent builds the cart, mints a checkout, returns an approval URL; human approves on a real web page; Stripe charges only after consent
• Tokens — single-use, 15-minute expiry, scoped to checkout ID and store ID, no reuse possible
• MCP — twelve tools covering the full flow; agora-mcp-server on npm
• Stack — Hono on Vercel Fluid Compute, Postgres with pgvector, Drizzle ORM, zero-dependency TypeScript SDK

Live behaviour today

Agora is live in production. The marketing site is at marketing-six-kohl.vercel.app; the API is at agora-ecru-chi.vercel.app; the public source is on GitHub. The registry currently indexes 22,562 products across 52 stores, the full checkout flow runs end-to-end against Stripe in test mode, fifty automated tests pass on CI on every push, and agora-sdk and agora-mcp-server are published to npm.

The pitch surface — code-with-claude-london-notes.md in the deck repo — captures a session at Anthropic’s Code with Claude London on 19 May 2026, where Agora was demoed live to the platform team. The demo path runs from a Claude Desktop chat to a real Stripe payment-intent confirmation in roughly ninety seconds.

Payment goes live in production once the live-mode Stripe rails clear. The Stripe Connect agreement is in flight.

What’s next

• Live Stripe rails (Q3 2026). Cut over from test mode to production. The first cohort of opt-in partner stores process real payments through the approval flow.
• Crawler-to-partner conversion (Q3–Q4 2026). Convert the 52 currently crawler-indexed stores into opt-in partners. A single integration POST from each store turns its inventory from inferred to authoritative, unlocking real stock, real prices, and revenue share.
• Semantic search and protocol v1.1 (Q4 2026). pgvector-backed semantic ranking across the registry. Spec extensions for subscriptions, returns, and shipping options. Official integrations into Claude Desktop and Cursor as first-class commerce tools.

Tech stack

• Protocol — Agora spec v1.0, MIT-licensed; reference server BSL-licensed
• API — Hono framework, TypeScript, Vercel Fluid Compute
• Data — Postgres with pgvector, Drizzle ORM, Vercel Postgres
• SDKs — agora-sdk (zero-dependency TypeScript) and agora-mcp-server (twelve MCP tools) on npm
• Payments — Stripe (test mode live, production rails in flight)
• Auth & approval — single-use 15-minute tokens, server-side approval page, scoped to checkout ID
• CI — fifty automated tests, conformance suite for protocol implementers
• Infra — Vercel, GitHub Actions

Status

Live, in production, fifty automated tests on CI. Marketing site and developer portal shipping; payment goes live once the live-mode Stripe rails clear.

Why this matters for Bento Labs

Agora is the protocol compartment of the bento. Every other Bento Labs product is a single application built for a specific person — a landlord in Holt, a tradesperson in Reckon, a small-business owner in Neatbooks. Agora is the opposite shape: infrastructure that other people build on. It is the lab’s evidence that a small studio can ship not just consumer software but the rails the consumer software runs on. The bento philosophy is that one studio can hold both kinds of work at the same time, and Agora is what holding the protocol side looks like.