UCP Center
28goods.com logo

28goods.com

verified_user Multi-version UCP compliance, backward compatibility & transport audit

schedule Last scanned 5/4/2026

B 86/100

Conformance

91%
45%

Capability

100%
14%

Coverage

59%
12%

Backward Compat

60%
9%

Negative

100%
8%

Transport

86%
8%

Latency

95%
4%

Audit Details

56% Passing Rate
warning DISC-0012
Cache-Control max-age is within recommended bounds

No Cache-Control header — clients may re-fetch every request

Warn
warning DISC-0006
Profile response advertises cache headers

Discovery response has no Cache-Control header

Warn
check_circle DISC-0003
Profile declares at least the checkout capability

Completed in 102ms

Pass
check_circle DISC-0016
Capability version strings are valid ISO dates

Completed in 91ms

Pass
check_circle DISC-0008
Profile response Content-Type is application/json

Completed in 94ms

Pass
check_circle DISC-0010
Discovery endpoint exposes CORS headers

Completed in 85ms

Pass
check_circle DISC-0007
Profile is served over HTTPS

Completed in 39ms

Pass
check_circle DISC-0011
Two consecutive profile fetches return identical bodies

Completed in 195ms

Pass
warning DISC-0020
Signing JWKs use only allowed kty/crv values

Profile declares no signing_keys array — the field is optional per the UCP spec, but agents cannot verify signed payloads from this merchant

Warn
check_circle DISC-0015
No duplicate capability entries (same name + version)

Completed in 96ms

Pass
warning DISC-0017
OpenAPI servers[] URL is reachable

Profile has no loadable service-level OpenAPI document

Warn
check_circle DISC-0001
Business profile has a valid structure

Completed in 94ms

Pass
help DISC-0022
Merchant responses are signed with the published signing_keys

Profile declares no signing_keys; nothing to verify against. DISC-0002 tracks absence separately.

Skip
check_circle DISC-0021
robots.txt allows AI agents to read the UCP profile

Completed in 149ms

Pass
check_circle DISC-0014
All declared schema URLs use HTTPS

Completed in 136ms

Pass
warning DISC-0019
Signing keys are importable via Web Crypto

Profile declares no signing_keys array — the field is optional per the UCP spec, but agents cannot verify signed payloads from this merchant

Warn
warning DISC-0002
Profile advertises well-formed signing keys

Profile declares no signing_keys array — the field is optional per the UCP spec, but agents cannot verify signed payloads from this merchant

Warn
check_circle DISC-0018
Service binding transports are in the allowed set

Completed in 109ms

Pass
check_circle DISC-0005
Profile declares a ucp.version string

Completed in 93ms

Pass
check_circle DISC-0013
Profile ucp.version is one the grader recognizes

Completed in 94ms

Pass
check_circle DISC-0009
Profile is served at the canonical .well-known/ucp path

Completed in 100ms

Pass
warning SCHEMA-INT-0004
Declared capabilities match operations in the OpenAPI

No OpenAPI operations available to cross-check

Warn
check_circle SCHEMA-INT-0009
Capability JSON Schemas declare a modern $schema draft
Pass
check_circle SCHEMA-INT-0003
Capability-level JSON Schemas are well-formed
Pass
warning SCHEMA-INT-0008
OpenAPI components.schemas has no orphans

Profile has no loadable service-level OpenAPI document

Warn
warning SCHEMA-INT-0002
Service-level OpenAPI document is valid OpenAPI 3.x

No service-level OpenAPI schema was loaded

Warn
warning SCHEMA-INT-0006
Every OpenAPI operation declares a 2xx JSON response schema

Profile has no loadable service-level OpenAPI document

Warn
cancel SCHEMA-INT-0005
Every $ref referenced schema document is reachable

9 of 68 referenced schema document(s) failed to load

Fail
check_circle SCHEMA-INT-0001
All declared schema URLs return 200
Pass
check_circle SCHEMA-0001
Discovery profile matches the published JSON Schema

Completed in 106ms

Pass
cancel CAT-0002
Get a product by id

Expected 200 or 404, got 200

Fail
cancel CAT-0001
Search products returns a products array

Expected 2xx for query "shirt", got 200

Fail
warning CAT-0003
Selected options filter variants in product detail

No product with options/variants found in catalog

Warn
help CHK-0008
Canceling a session twice with the same idempotency key is idempotent

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0007
Cancel a checkout session

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0001
Create checkout session with defaults

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0002
Repeated createSession with same idempotency key returns same session

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0003
Create session then set shipping address

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0004
Retrieve a checkout session by id

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0009
Reusing an Idempotency-Key with a different body must be rejected

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0010
update_checkout is idempotent on replay and rejects conflicting replays

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help CHK-0005
Select a shipping method on a checkout session

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
help FUL-0001
Shipping methods are returned after setting an address

Merchant gates checkout creation behind authentication (HTTP 403); cannot probe further without credentials

Skip
check_circle CAP-CAT-0002
Catalog capability advertised for product lookup
Pass
check_circle CAP-CAT-0001
Catalog capability is declared
Pass
check_circle CAP-CHK-0001
Checkout capability is declared and reachable

Completed in 135ms

Pass
check_circle CAP-FUL-0001
Fulfillment capability is declared
Pass

Business Profile

Services

dev.ucp.shopping
mcpembedded

Capabilities

dev.ucp.shopping.checkout
v2026-04-08
Implemented
Tests: 2/8 passed
dev.ucp.shopping.fulfillment
v2026-04-08
Implemented
Tests: 1/2 passed
dev.ucp.shopping.discount
v2026-04-08
Implemented
Tests: 0/1 passed
dev.ucp.shopping.cart
v2026-04-08
Implemented
dev.ucp.shopping.order
v2026-04-08
Implemented
dev.ucp.shopping.catalog.search
v2026-04-08
Implemented
Tests: 1/2 passed
dev.ucp.shopping.catalog.lookup
v2026-04-08
Implemented
Tests: 1/1 passed
dev.shopify.catalog.storefront
v2026-04-08
Implemented

Payment Handlers

account_balance_wallet
Google Pay
com.google.pay
4 config keys
payments
dev.shopify.card
1 config key