Logical Architecture
This reference architecture is designed for autonomous economic execution across the lifecycle of physical goods.
The blueprint is organised into four horizontal layers and three vertical concerns. The purpose is not abstraction for its own sake — it is to create durable contracts between systems so agents can execute safely across enterprises, partners, and physical networks.
Horizontal Layers
| Layer | Purpose | What it owns (contracts) |
|---|---|---|
| Experience | Human + agent entry points | Consent, mandate UX, agent APIs, real-time state and exception handling |
| Orchestration | Execution under policy | Workflows, tool use, approvals, retries, dispute triggers, partner coordination |
| Domain | Economic primitives for physical goods | Product identity/state, value & routing, lifecycle actions, payment intents and settlement semantics |
| Foundation | Runtime for scale and trust | Eventing, storage, security, observability, tenancy, key management |
Vertical Concerns (apply to every layer)
- Trust & Identity — verifiable principals (users/orgs/agents), delegation chains, revocation, credential hygiene
- Governance & Policy — deterministic constraints, approvals, dispute handling, compliance evidence
- Observability & Provenance — auditable linkage between decisions, mandates, state transitions, and settlement events
Non-Negotiable Invariants
Agents may propose actions, but they cannot execute without (1) identity, (2) a mandate, (3) policy evaluation, and (4) provenance. These invariants turn autonomy into trustworthy execution.
Payments Domain
Agentic Payments is Execution Semantics
Agentic commerce requires payments designed for delegated authority, multi-step execution, and lifecycle-linked settlement. This is not a checkout optimisation. It is the economic layer of autonomy.
The Payments domain provides the primitives that allow agents to transact on behalf of a principal across both sides of the checkout "beep" — including refunds, credits, split payouts, and outcome-based settlement.
Domain Responsibilities (canonical primitives)
- Payment Intents — structured execution instructions (purchase, subscription, refund, credit, payout, split settlement)
- Mandates & Policy — delegated authority with constraints (limits, categories, approvals, time windows, merchant allowlists)
- Tokenisation & Credentials — policy-bound credentials suitable for machine-initiated execution
- Progressive Authorisation — hold, adjust, capture, reverse across multi-step flows
- Settlement Semantics — partial refunds, credits, charge adjustments, split payouts, escrow/holdbacks tied to verified outcomes
- Ledger & Provenance — immutable linkage between product state transitions and money movement for audit and dispute handling
What Changes in an Agentic World
- Authorisation becomes a process, not a moment
- Settlement follows outcomes, not clicks
- Refunds and credits become programmable, triggered by inspection/verification events
- Payouts become multi-party, supporting marketplaces, service networks, and recovery partners
- Mandates become the control plane for economic autonomy
Integration Points
Card Networks & Token Services
Tokenised credentials, delegated authority patterns, consumer-grade acceptance and dispute flows.
Account-to-Account (Open Banking)
Direct settlement and programmable mandates for certain geographies and B2B execution scenarios.
Merchant / PSP Platforms
Integration into acquiring stacks for partial capture, refunds, reconciliation, and settlement reporting.
Financing & Protection
Optional financing, warranty, and insurance primitives triggered by product state and risk signals.
Physical Deployment
Autonomous economic execution is an edge ↔ regional ↔ data centre system. Physical commerce is real time, distributed, and operationally unforgiving.
The blueprint is designed for hybrid deployment. Placement is driven by latency, resiliency, data sovereignty, and the physics of interaction.
Deployment Tiers
| Tier | Typical Placement | Primary Workloads | Resiliency Goal |
|---|---|---|---|
| Edge | Store, kiosk, warehouse | Identification, authentication, local gating, offline-safe execution | Continue critical flows during connectivity loss |
| Regional | Geo cluster / region | Routing, risk scoring, inventory sync, partner orchestration | Predictable latency and controlled blast radius |
| Cloud / AI Factory | Global control plane | Continuous optimisation, training, simulation, governance, policy distribution | Multi-tenant scale and coordination |
Why NVIDIA is Structural Here
This industry requires:
- edge inference (vision, identity, classification) at points of interaction
- predictable regional execution for routing and risk controls
- AI factory workloads for continuous optimisation, simulation, and governance at scale
Compute is not "supporting" commerce here — it becomes the substrate of economic execution across the physical world.
Edge Requirements
For in-venue deployments, edge nodes should support:
- Intermittent Connectivity — core flows degrade gracefully and reconcile asynchronously
- Local Decisioning — cached models/policies for low-latency classification and gating
- Identity Interfaces — support for biometric and device-based authentication where required
- Hardware Flexibility — deployment on standard Linux edge stacks through to enterprise edge servers
Observability & Governance
Agentic systems require observability that can answer "what happened" with precision — including the coupling of decision → mandate → policy → action → outcome.
When an agent acts on behalf of a principal, the system must be able to prove:
- What was decided — the action selected and the alternatives considered
- Why it was allowed — policy evaluation, constraints, and approvals
- Who authorised it — mandate and delegation chain back to the principal
- What it caused — downstream operational and economic effects (including settlement)
Observability Stack
Traces
Distributed tracing extended for agent workflows, tool calls, and policy evaluation spans.
Metrics
Service and workflow SLOs: latency, success rate, exception patterns, routing outcomes, and settlement integrity.
Logs
Structured logs with correlation IDs linking intent, product state, payment intent, mandates, and execution outcomes.
Governance Controls
- Policy Engine — declarative constraints for agent behaviour (spend limits, allowed actions, allowed partners)
- Approval Workflows — human-in-the-loop for high-value, novel, or regulated actions
- Evidence & Audit Export — compliance-ready exports linking mandates, state transitions, and settlement events
- Kill Switch & Revocation — immediate authority revocation at user, org, agent, or system level
Regulatory Considerations
Agentic commerce operates in an evolving regulatory environment. The architecture is conservative by default: explicit authorisation, deterministic policy gates, and full auditability are required for machine-initiated execution.
Sequence: Agent-Initiated Purchase
The following sequence illustrates a typical agent-initiated purchase flow — showing how intent becomes an offer, how an agent obtains authority, and how settlement links to outcomes.
Explore the Technical Deep-Dive
The full specification expands on contracts, data models, and deployment patterns for partners and integrators.