Part 2 of a three-part series.
We have published close to 200 articles on agentic commerce. Protocols. Trust frameworks. Dispute layers. Authentication schemes. Settlement rails. Every single one, at some point, runs into the same question. When should a processable transaction actually become binding?
Nobody had a good answer. We kept circling the problem from different angles, naming pieces of it, pointing at the gap. Then Lu Zhang answered it.
Her Commitment Decision Framework is the most complete governance proposal we have seen for the space between upstream authorization and downstream reliance. It is not a protocol. It is not a product. It is a governance primitive, a structured way to decide whether a given action by an AI agent should lock in obligations, produce evidence, and trigger downstream fulfillment. The kind of thing that should have existed before any of the protocols shipped.
Authentication, authorization, settlement. Each protocol solves a different control question. The commitment decision is a distinct problem that sits between them. Lu Zhang built the complementary governance layer.
The Problem We Keep Hitting
Start with the coverage trail. Each of these articles named a symptom. The underlying condition was the same every time.
In Who Authorized the Agent?, we asked who proves the agent can spend. Good question. Necessary question. But Lu asks the harder one: even if the agent is authorized, should this specific action bind right now? Authorization confirms identity and permission. It says nothing about readiness, scope compliance, or whether downstream parties can rely on the result.
The trust gap we measured, 53 percent of businesses ready but only 36 percent of consumers willing, is partly a commitment governance gap. Consumers do not trust agents to buy things because there is no visible framework for when the purchase becomes real. The confirmation moment vanished. Nothing replaced it.
The dispute crisis follows directly. Merchants are fulfilling orders that should never have been binding. The agent authorized. The payment processed. But between those two events, nobody checked whether the commitment itself was valid. That missing check is what Lu's framework provides.
Then there is the delegation problem. We wrote about scope boundaries, about agents exceeding what their principals intended. Lu formalizes those boundaries as carry-forward constraints. Rules that travel with the transaction, not rules that sit in a static policy file the agent may or may not consult.
The AI fraud paradox makes this urgent. AI on both sides of the transaction. Defensive AI catching fraud. Offensive AI generating it. Lu's first principle cuts through: "AI confidence is not authority." A model's high-probability output does not constitute grounds for binding commitment. That single sentence reframes half the fraud surface.
Illustrative emerging patterns reinforce why this matters. Anthropic's research on Claude's emotional reasoning, which we covered in our agentic AI security reckoning, suggests models can optimize for outcomes in ways their operators did not intend. These are early findings, not settled conclusions, but they are supporting evidence that the commitment question becomes more urgent as automation scales. Lu's framework catches this at the commitment point. Before the transaction binds. Before downstream parties rely on it. Before the dispute.
We reviewed Fiserv, Visa, and Mastercard agentic commerce protocols side by side. Strong authentication. Tokenized credentials. Delegated authority. Each solving a different control question. The commitment question, when should downstream reliance validly begin, was a distinct problem none of them were designed to address. We noted the gap at the time. We did not have a name for the complementary layer that should fill it.
The death of the checkout page removed the last human confirmation moment in the transaction flow. For decades, clicking "confirm purchase" was the commitment governance layer. Crude, but functional. Now the agent clicks nothing. Lu's framework replaces the confirmation moment with a structured decision process. Not a button. A governance primitive.
We have been building to this for a year. Every protocol review, every trust gap analysis, every dispute layer critique was circling the same missing piece.
Progressive Binding: Why Commitment Is Not Binary
Here is Lu's most important contribution. Current payment systems treat commitment as binary. Authorize or decline. Yes or no. The money moves or it does not.
That worked when humans clicked buttons. It does not work when agents act.
Lu's model introduces five commitment states. Immediate binding, for actions that lock in obligations on execution. Conditional binding, where the commitment holds only if specified conditions remain true. Provisional progression, where the transaction advances but binding awaits further validation. Staged binding, where different elements of a complex transaction bind at different moments. And non-binding handling, for exploratory actions that should never create obligations.
Walk through a grocery order. Your AI agent selects items and submits. Payment authorizes. In current systems, that authorization is the commitment point. Merchant relies on it. Picks the items. Packs the bag. But what if three items are out of stock? What if substitutions change the price by 40 percent? What if the delivery window shifted?
Under Lu's framework, the initial authorization is provisional. The agent can proceed. The merchant can begin preparation. But binding, the moment when obligations lock in and downstream parties can rely on the outcome, requires that carry-forward constraints are satisfied. Inventory confirmed. Price within tolerance. Delivery window unchanged. Only then does the commitment become binding.
This is not theoretical. Think about ride-hailing. You confirm a ride on Uber. The app shows a price estimate. A driver accepts. But the price is not binding until the ride completes. Surge changes, route deviations, wait-time fees: these all adjust before final commitment. Uber figured this out operationally. Lu formalized it as a governance primitive that any agentic transaction can use.
Commitment is not a moment. It is a progression. Lu Zhang built the state machine.
The power of this is in what it prevents. No more merchants fulfilling orders an agent provisionally placed. No more consumers disputing charges for transactions they did not understand were binding. No more agents spending at the limit of their authorization when conditions have changed since the initial request.
The Decision Outcomes
Current systems produce two outcomes. Approved. Declined. That binary served card payments for 50 years. It cannot serve agentic commerce for five.
Lu defines eight decision outcomes. Each one maps to a real situation we have covered.
Allow to bind. The straightforward case. All constraints satisfied, all authority confirmed, all conditions met. Proceed and lock obligations.
Proceed but not yet bind. This is the one that changes everything. The transaction moves forward. The agent continues its workflow. But no party can rely on the outcome yet. Momentum without premature obligation. Think of an agent comparing hotel prices across six providers. It needs to hold a room provisionally while it checks alternatives. Proceed but not yet bind lets it do that without creating a cancellation problem.
Allow with step-up confirmation. The agent has authority for routine purchases under $50. This one is $200. Framework does not reject it. Framework escalates to the human principal for confirmation, then allows binding on approval. This preserves agent autonomy for the common case while catching the exceptions.
Allow within bounded scope. The agent wants to order office supplies and a new laptop. Authorization covers office supplies. Framework allows that portion to bind. The laptop gets flagged as out of scope. No blanket rejection. Surgical precision on what the agent can commit.
Reject as out of scope. Clear boundary violation. The agent tried to do something its delegation does not permit. Hard stop.
Reject as operationally unready. The authorization is valid. The scope is fine. But a downstream dependency is not ready. Inventory system offline. Payment processor unavailable. The framework distinguishes between "you cannot do this" and "you cannot do this yet."
Escalate due to unresolved conflict. Two constraints contradict. The principal set a budget of $500 and a quality threshold that requires a $600 option. The framework does not guess. It escalates.
Re-evaluate after dependency resolution. A softer hold. Something is missing, a price confirmation, an inventory check, a compliance validation. The framework pauses the commitment decision and re-enters once the dependency resolves.
Eight outcomes instead of two. That is not complexity for its own sake. It is resolution. Each outcome corresponds to a situation where "approved" or "declined" would have produced the wrong result.
The Evidence Object
Every commitment decision, all eight outcomes, produces a record. Lu calls it the evidence object. This is, quietly, the most strategically valuable element of the entire framework.
Minimum fields: request ID, action class, transaction type, commitment stage, authority source, constraints checked, rule set applied, decision outcome, downstream action, timestamp, override marker, automated-origin marker.
That last field matters. Every evidence object records whether the request originated from an AI agent. Not buried in metadata. A first-class field. When a regulator asks "was this decision made by a machine?", the evidence object answers.
When disputes happen, and they will, this record reconstructs exactly why commitment was allowed, when, under what constraints, with what authority, at what stage. Compare that to today. A merchant gets a chargeback. The evidence is an authorization code, a timestamp, maybe a device fingerprint. Good luck reconstructing the decision logic.
Connect this to our coverage of MCP as infrastructure. MCP gives AI agents auditable connections to external tools and services. Lu's framework gives those connections auditable commitment decisions. Together they form something regulators can actually work with: a governance stack where every agent action, and every binding decision, leaves a structured trail.
Auditable connections plus auditable commitment decisions. That is a governance stack. Everything else is hope.
AI Agents Are Not Humans. The Framework Knows That.
Lu articulates four principles for handling AI-originated commitment requests. The center of gravity here is the commitment logic itself. The emerging research and industry patterns we reference serve as supporting evidence that these principles become more urgent as automation scales.
AI confidence is not authority. A model outputs a 98 percent confidence score. Under current systems, that might be enough to trigger a transaction. Under Lu's framework, confidence is informational. Authority comes from delegation, scope, and constraint satisfaction. The emerging patterns around AI-driven fraud illustrate why this distinction matters. A fraudulent agent can be just as confident as a legitimate one.
Conversational completion is not transaction completeness. The agent finished the conversation. It confirmed details with the user. It said "your order is placed." None of that constitutes a binding commitment under the framework. Conversational resolution and transactional binding are separate evaluations. The disappearance of the checkout page, where conversational interfaces replaced structured checkout flows, is an illustrative pattern. The explicit commitment moment vanished. This principle restores it.
Successful tool use is not proof of valid commitment. The agent called the payment API. The API returned success. That means the tool worked. It does not mean the commitment was valid. Our protocol map documented dozens of agent tool integrations. In many cases, tool execution and commitment validity are treated as equivalent. Lu separates them.
Automation does not remove stage-specific readiness checks. Just because the process is automated does not mean you skip the checkpoints. Each stage in a commitment progression has its own readiness criteria. Speed is not a reason to bypass governance. The identity and payment convergence we mapped supports this. Identity verification, payment authorization, and commitment governance are separate layers. Automating one does not satisfy the others.
The framework treats AI-originated requests as a distinct input class. Not inferior. Not superior. Different. With configurable thresholds, separate evidence requirements, and explicit override markers when a human steps in.
Where It Sits in the Stack
Map Lu's framework against the protocols we have reviewed. Each of these systems solves an adjacent but different control question. The commitment question is a distinct problem that these protocols were not designed to address. Lu's framework provides a complementary answer.
Authentication asks whether the agent is who it claims to be. Authorization asks whether the agent can pay. Settlement asks how money moves. The Commitment Decision Framework asks something different: when may downstream reliance validly begin, under what constraints, and with what surviving evidence?
These are different problems. The framework does not replace or supersede any existing protocol. It governs the commitment decision that sits between them.
Visa's Trusted Agent Protocol handles authentication. It answers "is this agent authorized to act on behalf of this cardholder?" That is a necessary question, and TAP answers it well. Lu's framework addresses what comes next. The agent is authenticated. Should this specific action, at this moment, with these conditions, bind? Authentication and commitment governance are complementary layers solving different problems.
Mastercard's Agent Pay provides tokenized credentials for agent-initiated payments. The credentials are valid. The token resolves. Agent Pay solves the credential and authorization problem. Lu's framework operates alongside it, governing what those credentials can commit to. A valid credential confirms payment capacity. Commitment governance confirms binding readiness. Both are needed.
Stripe's Agent Toolkit handles payment execution. The agent calls the Stripe API. The charge processes. The toolkit solves execution. Lu's framework sits before that call, governing whether execution should proceed based on commitment state, constraint satisfaction, and binding stage. Execution and commitment governance are sequential, not competing.
The x402 protocol we have covered extensively enables HTTP-native micropayments. Fast, lightweight, built for machine-to-machine. x402 solves the settlement problem for programmatic payments. Lu's framework complements it by governing whether downstream consequences have been evaluated before settlement proceeds. Even a micropayment has downstream obligations worth governing.
Google's Universal Checkout Protocol spans discovery through post-purchase. Lu's framework does not compete with it. It sits at every commitment decision point within the checkout flow. Product selection, cart confirmation, payment initiation, fulfillment trigger: each is a potential binding moment where commitment governance can add a complementary layer of protection.
The pattern across all five: each protocol solves its own control question, and solves it well. The commitment question, when should downstream reliance begin, is a distinct problem that sits between these existing layers. Lu's framework provides that complementary governance layer.
What Happens Next
This is pre-regulatory infrastructure. The FCA in the UK, the CFPB in the US, the EBA in Europe: none have issued binding guidance on agentic transaction commitment. They will. The question is whether the industry has something credible to point to when they do.
Lu's framework is open, non-proprietary, and portable. It does not require a specific payment network, a specific agent platform, or a specific settlement layer. It can sit on top of Visa's TAP or Mastercard's Agent Pay or Stripe's toolkit. It can govern commitments across any protocol in the stack.
That portability matters. The last thing this industry needs is commitment governance that only works within one network's ecosystem. The protocols are already fragmenting. Governance needs to be the connective tissue, not another silo.
Part 3 of this series will walk through a live transaction, start to finish, and show exactly how the Commitment Decision Framework operates at each stage. The theory is in this article. The proof is in the next one.
Sources
- Major Matters: Who Authorized the Agent?
- Major Matters: The Trust Gap in Agentic Commerce
- Major Matters: The Agentic Dispute Layer Is Missing
- Major Matters: The Delegation Problem
- Major Matters: The AI Fraud Paradox
- Anthropic: Emotion Concepts and Their Function
- Major Matters: Agentic AI Security Reckoning
- Major Matters: Fiserv, Visa, Mastercard Agentic Commerce
- Major Matters: Death of the Checkout Page
- Major Matters: MCP Protocol as AI Infrastructure
- Major Matters: Identity-Payment Convergence
- Major Matters: Agentic Commerce Protocol Map Q1
- Major Matters: Visa Trusted Agent Protocol Review
- Visa: AI Becomes the Customer
- Lu Zhang: Commitment Decision Framework for Transaction Systems (V2)
If the commitment decision sits between authentication, authorization, and settlement, and no existing protocol was designed to govern it, who bears the liability when an agent's provisional action gets treated as binding?
Charlie Major is a Product Development Manager at Mastercard. The views and opinions expressed in Major Matters are his own and do not represent those of Mastercard.