Most discussion of agentic commerce takes the platform's side. This talk takes the merchant's.

I built ucp-probe (a minimal, unaffiliated agent, a few dozen lines, no platform deal) and pointed it at Allbirds' live commerce endpoints (UCP/ACP) in May 2026.

The result is uncomfortable and clarifying.

Reading a store's published capabilities at /.well-known/ucp is anonymous and permissionless.

Querying the live catalog needs only self-identification, a small profile declaring the protocol version the agent speaks; one call returned a real product (Men's Wool Runner, $110, in stock) straight from the merchant's backend.

But moving money is gated: a cryptographically signed agent (HTTP Message Signatures, RFC 9421) plus a retry-safe idempotency key.

Reading is free; spending is not.

I'll run the probe live, then turn to what this means for anyone publishing a catalog: your data is already legible to any competent agent that asks, you can't gate the read, and you won't see most of it in analytics.

The probe is open source; attendees leave able to run it against their own endpoints and reason about the one layer that's actually gated — the transaction.