Skip to content

feat(order): Get Order operation w/ platform-auth#276

Open
richmolj wants to merge 11 commits intomainfrom
lr/get-order
Open

feat(order): Get Order operation w/ platform-auth#276
richmolj wants to merge 11 commits intomainfrom
lr/get-order

Conversation

@richmolj
Copy link
Copy Markdown
Contributor

@richmolj richmolj commented Mar 18, 2026

Description

Add synchronous GET endpoint for order retrieval, complementing the
existing webhook push mechanism. Both return the same current-state
snapshot shape - webhooks deliver proactively to avoid polling, GET
provides on-demand access for reconciliation and conversational use.

Authorization model:

  • Who - MUST authenticate (non-negotiable, any UCP mechanism)
  • What - MAY scope access (platform credentials -> own orders, buyer authorization -> buyer's orders, or custom policies). MAY omit or redact fields based on context or business policy.
  • When - MAY enforce data availability (retention, erasure)

Type of change

  • New feature (non-breaking change which adds functionality)

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings

@richmolj richmolj requested review from a team as code owners March 18, 2026 18:45
@igrigorik igrigorik added the TC review Ready for TC review label Mar 31, 2026
@richmolj
feat(order): Get Order operation w/ platform-auth
d266532 
Add synchronous GET endpoint for order retrieval, complementing the
existing webhook push mechanism. Both return the same current-state
snapshot shape - webhooks deliver proactively to avoid polling, GET
provides on-demand access for reconciliation and conversational use.

Authorization model:
  Who - MUST authenticate (non-negotiable, any UCP mechanism)
  What - MAY scope access (platform credentials -> own orders,
         buyer authorization -> buyer's orders, or custom policies)
         MAY omit or redact fields based on context or business policy
  When - MAY enforce data availability (retention, erasure)
@igrigorik igrigorik mentioned this pull request Mar 31, 2026
Merged
3 tasks
@igrigorik igrigorik added this to the Working Draft milestone Mar 31, 2026
jingyli
jingyli reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jingyli jingyli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some general style-related comments to make sure we are consistent with the most up-to-date UCP design patterns.

igrigorik added 6 commits April 2, 2026 21:30
@igrigorik
fix(order): align get order examples with latest schema
609c5e9 
  Add missing required fields to all response examples:
  - `currency` field (required since #283) to order response examples
  - `severity` field to error message examples per message_error.json
@igrigorik
fix(order): align Get Order with latest UCP shape
1335518 
  - Discovery: match service.json array-of-bindings shape with transport
    discriminator; use {{ ucp_version }} templating throughout
  - Errors: use error_response.json envelope (ucp.status: "error") instead
    of partial order shape; add oneOf[order, error_response] to OpenAPI and
    OpenRPC result schemas
  - Capabilities: use consistent array format with name field across all
    examples (success + error, REST + MCP)
  - Add missing required fields: currency in responses, severity in errors
@igrigorik
split Operations and Events into separate sections
9464051 
  Operations (platform→business) and Events (business→platform) have
  fundamentally different interaction models. Separating them clarifies
  directionality and avoids implying webhooks are platform-invoked operations.

  - Operations: narrowed to Get Order with platform-specific guidelines
  - Events: new top-level section for webhook push with business-specific guidelines
  - Guidelines distributed by concern instead of one mixed section
@igrigorik
deduplicate conformance across binding docs
c9a9bd0 
  Behavioral requirements (webhooks-primary, ephemeral data, auth) now
  live in order.md Guidelines only. Binding conformance sections retain
  transport-specific rules (TLS, message signing, messages check,
  permalink delegation) and cross-ref the capability-level guidelines.
@igrigorik
copyedit fixes
0400cf6
@igrigorik
Merge branch 'main' into lr/get-order
6261165
@igrigorik
Copy link
Copy Markdown
Contributor

igrigorik commented Apr 3, 2026

@jingyli ty for thorough scrub! Addressed the feedback, ptal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@igrigorik igrigorik igrigorik left review comments

@jingyli jingyli jingyli left review comments

@westeezy westeezy Awaiting requested review from westeezy westeezy is a code owner automatically assigned from Universal-Commerce-Protocol/maintainers

@DanielFalconGuedes DanielFalconGuedes Awaiting requested review from DanielFalconGuedes DanielFalconGuedes is a code owner automatically assigned from Universal-Commerce-Protocol/maintainers

@MitkoDeyanovMitev MitkoDeyanovMitev Awaiting requested review from MitkoDeyanovMitev MitkoDeyanovMitev is a code owner automatically assigned from Universal-Commerce-Protocol/devops-maintainers

@carol-w-tech carol-w-tech Awaiting requested review from carol-w-tech carol-w-tech is a code owner automatically assigned from Universal-Commerce-Protocol/devops-maintainers

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

TC review Ready for TC review

Projects

None yet

Milestone

Working Draft

Development

Successfully merging this pull request may close these issues.

3 participants

@richmolj @igrigorik @jingyli