Candid Protocol

Table of Contents

Executive Summary

As artificial intelligence transforms commerce through platforms like Google's Universal Commerce Protocol (UCP) and OpenAI's Agentic Commerce, a critical gap has emerged: the absence of a standardized, universal infrastructure for trust signals. The Candid Protocol addresses this fundamental need by establishing an extensible framework for trust objects that can seamlessly integrate with any AI commerce system.

Unlike platform-specific trust signals that create data silos and limit merchant reach, Candid Protocol provides a vendor-neutral, future-proof foundation that evolves with commerce technology. Today's trust objects—star ratings, NPS scores, and social reviews—represent only the beginning. Tomorrow's ecosystem will demand sophisticated signals like product return rates, average sale discounts, fulfillment reliability, and sustainability metrics.

This protocol specification defines how trust objects should be structured, transmitted, verified, and integrated across diverse AI commerce platforms, ensuring that merchants maintain consistent trust signals regardless of how consumers discover and purchase their products.

1. Introduction

1.1 The Emergence of AI Commerce

The commerce landscape is undergoing a fundamental transformation. In 2025, Google introduced the Universal Commerce Protocol (UCP), enabling AI agents to seamlessly interact with merchant systems for product discovery, ordering, and fulfillment. Shortly thereafter, OpenAI launched Agentic Commerce, empowering ChatGPT and other AI systems to act as autonomous shopping assistants.

These platforms represent a paradigm shift from human-driven search and browsing to AI-mediated commerce, where algorithms evaluate, compare, and recommend products on behalf of consumers. However, this shift introduces a critical challenge: how do AI systems evaluate trustworthiness and quality when making recommendations?

1.2 The Trust Signal Problem

Traditional e-commerce relies on trust signals that evolved for human decision-making: star ratings, customer reviews, seller badges, and social proof. While these remain valuable, AI commerce demands more:

• Standardization: Trust signals must be machine-readable and consistently interpreted across platforms
• Verifiability: AI systems need cryptographically verifiable trust data to prevent manipulation
• Extensibility: The framework must accommodate emerging trust metrics without breaking existing implementations
• Interoperability: Trust signals should transfer seamlessly between UCP, Agentic Commerce, and future AI commerce platforms

1.3 Introducing Candid Protocol

Candid Protocol is an open, extensible framework for structuring, transmitting, and verifying trust objects in AI commerce ecosystems. It serves as a universal infrastructure layer that sits between merchants and AI platforms, ensuring trust signals remain consistent, verifiable, and future-proof regardless of how consumers access products.

• Platform Agnostic: Works seamlessly with UCP, Agentic Commerce, and future AI platforms
• Progressive Enhancement: Supports both legacy trust signals and advanced future metrics
• Cryptographic Verification: Built-in signing and validation to ensure data integrity
• Merchant Control: Merchants maintain sovereignty over their trust data
• Open Standard: Non-proprietary specification that any platform can implement

2. Core Architecture

2.1 Trust Object Definition

A trust object is a structured data entity that represents a verifiable signal about a merchant, product, or transaction. Each trust object contains:

• Type: Classification of the trust signal (e.g., review_rating, return_rate, fulfillment_speed)
• Value: The actual metric or measurement
• Context: Metadata that provides meaning (time period, sample size, calculation method)
• Provenance: Source and verification information
• Signature: Cryptographic proof of authenticity

2.2 Trust Object Schema

The base schema provides a flexible, extensible structure:

{
  "candid_version": "1.0",
  "object_id": "uuid-v4",
  "entity": {
    "type": "merchant|product|transaction",
    "id": "unique-identifier",
    "namespace": "merchant-domain.com"
  },
  "trust_signal": {
    "type": "signal-type-identifier",
    "category": "rating|performance|behavior|verification",
    "value": {},
    "unit": "dimensional-unit",
    "timestamp": "ISO-8601"
  },
  "signature": {
    "algorithm": "RS256|ES256|EdDSA",
    "value": "base64-encoded-signature"
  }
}

2.3 Trust Signal Categories

Candid Protocol defines four primary categories of trust signals:

2.3.1 Rating Signals (Current)

• review_rating: Aggregate customer review scores (1-5 stars, NPS, etc.)
• seller_rating: Overall merchant reputation score
• verified_purchases: Percentage of reviews from verified buyers
• review_authenticity: Score indicating review legitimacy

2.3.2 Performance Signals (Emerging)

• return_rate: Percentage of products returned within policy period
• fulfillment_speed: Average time from order to delivery
• inventory_accuracy: Percentage of orders fulfilled without backorder
• price_stability: Variance in pricing over time
• discount_frequency: Average sale discount percentage

2.3.3 Behavior Signals (Future)

• response_time: Average time to respond to customer inquiries
• dispute_resolution: Percentage of disputes resolved favorably
• sustainability_score: Environmental impact metrics
• ethical_sourcing: Supply chain transparency indicators

2.3.4 Verification Signals (Foundation)

• business_verification: Legal entity and registration status
• payment_compliance: PCI-DSS and payment security certifications
• data_privacy: GDPR, CCPA, and privacy regulation compliance

3. Integration with AI Commerce Platforms

3.1 Universal Commerce Protocol (UCP) Integration

Google's UCP focuses on standardizing product data, ordering processes, and fulfillment operations. Candid Protocol complements UCP by providing the trust layer that UCP lacks.

3.1.1 Integration Approach

Candid trust objects are referenced within UCP product feeds via a standardized extension:

{
  "product": {
    "id": "product-123",
    "title": "Example Product",
    "price": { ... },
    "ucp_extensions": {
      "candid": {
        "trust_signals_url": "https://merchant.com/.well-known/candid/product-123",
        "inline_signals": [
          {
            "type": "review_rating",
            "value": { "average": 4.7, "count": 1523 }
          }
        ]
      }
    }
  }
}

3.1.2 UCP-Specific Considerations

• Real-time Updates: Trust signals can be updated independently of UCP product feeds, reducing synchronization overhead
• Caching Strategy: UCP platforms can cache trust objects based on their expiration timestamps
• Fallback Behavior: If Candid endpoints are unavailable, UCP continues functioning with degraded trust information

3.2 Agentic Commerce Integration

OpenAI's Agentic Commerce enables conversational AI systems to act as shopping assistants. Candid Protocol provides the trust data that agents use to evaluate and recommend products.

3.2.1 Integration Approach

Agentic Commerce systems retrieve trust objects through two mechanisms:

GET https://merchant.com/.well-known/candid/product-123
Accept: application/json

Response:
{
  "candid_version": "1.0",
  "trust_signals": [ ... ],
  "aggregate_score": {
    "overall": 0.87,
    "category_scores": {
      "rating": 0.94,
      "performance": 0.82
    }
  }
}

3.2.2 Agent Decision Framework

AI agents use Candid trust signals to:

• Filter Options: Eliminate merchants or products below minimum trust thresholds
• Rank Results: Weight trust signals alongside price, features, and availability
• Explain Recommendations: Provide transparent reasoning based on verifiable trust metrics

3.3 Future Platform Integration

Candid Protocol's architecture anticipates future AI commerce platforms by providing:

• Multiple Delivery Mechanisms: REST APIs, GraphQL, webhooks, and structured data markup
• Content Negotiation: Support for JSON, XML, Protocol Buffers, and other serialization formats
• Version Evolution: Built-in versioning supports backward compatibility as the protocol evolves

4. Technical Implementation

4.1 Discovery Mechanisms

AI platforms discover Candid trust objects through standardized endpoints:

4.1.1 Well-Known URI

# Merchant-level trust signals
GET https://merchant.com/.well-known/candid/

# Product-level trust signals
GET https://merchant.com/.well-known/candid/products/{product-id}

4.1.2 HTTP Link Headers

Merchants can advertise Candid endpoints via HTTP headers on product pages:

Link: <https://merchant.com/.well-known/candid/product-123>;
      rel="candid-trust-signals"; type="application/json"

4.2 Cryptographic Verification

Trust objects are signed using asymmetric cryptography to ensure authenticity and prevent tampering.

4.2.1 Signature Algorithm

Candid Protocol supports multiple signature algorithms:

• RS256: RSA with SHA-256 (widely supported, larger key size)
• ES256: ECDSA with P-256 curve (smaller signatures, faster verification)
• EdDSA: Ed25519 (modern, recommended for new implementations)

4.2.2 Key Management

Merchants publish public keys at a well-known endpoint:

GET https://merchant.com/.well-known/candid/keys.json

Response:
{
  "keys": [
    {
      "kid": "2025-01-primary",
      "kty": "RSA",
      "alg": "RS256",
      "use": "sig",
      "n": "base64-modulus",
      "e": "AQAB"
    }
  ]
}

5. Trust Signal Evolution

5.1 Current Trust Landscape

Today's e-commerce trust signals evolved organically over decades, optimized for human decision-making. Candid Protocol formalizes these signals while establishing a foundation for future evolution.

5.2 Emerging Trust Signals

As AI commerce matures, new trust signals will emerge that are particularly relevant to algorithmic decision-making:

5.2.1 Behavioral Metrics

• Product Return Rate: Indicates quality and customer satisfaction beyond reviews
• Average Sale Discount: Reveals pricing strategy and perceived value
• Reorder Rate: Percentage of customers who make repeat purchases

5.2.2 Operational Excellence

• Fulfillment Accuracy: Percentage of orders shipped correctly without errors
• Delivery Time Variance: Reliability of delivery estimates (actual vs. promised)
• Customer Service Response: Average time to first response and resolution

5.2.3 Sustainability and Ethics

• Carbon Footprint: Product lifecycle emissions from manufacturing to delivery
• Supply Chain Transparency: Verifiable information about sourcing and labor practices
• Packaging Waste: Recyclability and sustainability of product packaging

5.3 Future-Proofing Mechanism

Candid Protocol accommodates new trust signal types through a namespace system:

{
  "trust_signal": {
    "type": "org.candid.sustainability.carbon_footprint",
    "category": "behavior",
    "value": {
      "total_kg_co2e": 12.5,
      "breakdown": {
        "manufacturing": 8.2,
        "transportation": 3.1,
        "packaging": 1.2
      }
    }
  }
}

6. Governance and Standards

6.1 Open Standard Philosophy

Candid Protocol is designed as an open standard, free from proprietary control or licensing restrictions.

• Universal Adoption: No barriers prevent any platform from implementing Candid support
• Community Evolution: Improvements and extensions emerge from broad stakeholder input
• Competitive Neutrality: No single vendor controls the protocol's direction

6.2 Versioning and Deprecation

Candid Protocol follows semantic versioning (MAJOR.MINOR.PATCH):

• MAJOR: Breaking changes that require migration (e.g., 1.0 ? 2.0)
• MINOR: Backward-compatible additions like new signal types (e.g., 1.0 ? 1.1)
• PATCH: Bug fixes and clarifications (e.g., 1.0.0 ? 1.0.1)

7. Implementation Roadmap

7.1 Phase 1: Foundation (Months 1-3)

Objectives:

• Finalize core schema and specification documents
• Develop reference implementations for common platforms
• Create validator tools and test suites

7.2 Phase 2: Early Adoption (Months 4-9)

Objectives:

• Onboard pilot merchants across diverse verticals
• Integrate with UCP and Agentic Commerce platforms
• Gather feedback and iterate on specification

7.3 Phase 3: Ecosystem Growth (Months 10-18)

Objectives:

• Scale to thousands of merchants
• Introduce advanced trust signal types
• Launch certification program

8. Conclusion

8.1 The Imperative for Universal Trust Standards

AI commerce represents a fundamental transformation in how consumers discover and purchase products. As platforms like Google's UCP and OpenAI's Agentic Commerce proliferate, the absence of standardized trust infrastructure creates significant risks for merchants, AI systems, and consumers alike.

8.2 Key Differentiators

Candid Protocol distinguishes itself through:

• Future-Proof Architecture: Extensible schema accommodates emerging trust signals without breaking changes
• Platform Neutrality: Works seamlessly with UCP, Agentic Commerce, and future platforms
• Cryptographic Verification: Built-in security prevents manipulation and ensures data integrity
• Open Governance: Community-driven evolution free from proprietary control

8.3 Call to Action

We invite stakeholders across the commerce ecosystem to participate in shaping the future of trust infrastructure:

• Review the Specification: Provide feedback on the core schema and integration approaches
• Join the Pilot Program: Become an early implementer and shape protocol evolution
• Contribute Code: Develop libraries, tools, and integrations for the ecosystem
• Participate in Governance: Help establish standards, certification, and best practices

Together, we can build a trust infrastructure worthy of AI commerce's transformative potential.