The language of AI-powered purchasing is still being written. These are the terms that matter — from protocols to approval flows — defined clearly for builders, buyers, and the AI agents working on their behalf.
Agentic Commerce is the practice of AI agents autonomously researching, selecting, and purchasing products or services on behalf of a human user, subject to predefined rules and real-time approvals.
Why it matters As AI agents become more capable, they need secure, controlled ways to complete transactions without breaking the user's trust or workflow.
PettyBot provides the approval and spend-control layer that makes agentic commerce safe for everyday use.
Agent Commerce Protocol (ACP) is a proposed standard for how AI agents interact with merchant checkout systems, enabling structured purchase requests, payment handoffs, and order confirmations without browser UI navigation.
Why it matters Standardizing checkout APIs allows agents to complete purchases programmatically, eliminating the need for screen scraping or manual intervention.
PettyBot's request_spend tool supports an optional checkout_url parameter for ACP-compatible merchants.
Approval Flow is the sequence of steps between an AI agent's purchase request and the human user's authorization or denial — notification, detail display, and confirmation via biometric or manual input.
Why it matters A well-designed approval flow balances speed with transparency, giving users confidence without slowing down the agent.
PettyBot delivers approval requests via push notification with one-tap FaceID confirmation.
Auto-Approve Rules are user-configured conditions under which an AI agent's purchase request is automatically authorized without explicit approval. Common conditions include amount thresholds, trusted merchants, and recurring patterns.
Why it matters Reduces friction for routine purchases while maintaining oversight — users can approve "coffee under $10" once instead of every morning.
PettyBot supports auto-approve rules based on amount, merchant, and category.
AI Spend Control is the set of policies, limits, and guardrails governing how much and where an AI agent can spend on a user's behalf — spend limits, merchant restrictions, approval requirements, and audit logging.
Why it matters Without spend control, delegating purchasing to AI becomes too risky. Granular controls let users safely expand agent autonomy.
PettyBot's rules engine provides granular AI spend control including per-transaction limits, daily caps, and merchant allowlists.
Biometric Approval is using biological authentication (FaceID, TouchID) to authorize an AI agent's purchase request, confirming the account holder's physical presence and intent.
Why it matters Combines convenience with security — users can approve purchases in under two seconds while preventing unauthorized access.
PettyBot requires FaceID or TouchID for purchase approvals.
Human-in-the-Loop Purchasing is a transaction model where AI handles research, selection, and checkout prep, but a human must explicitly approve before money changes hands.
Why it matters Preserves user agency and prevents costly mistakes while still capturing most of the efficiency gains from AI automation.
Every PettyBot transaction requires user approval unless explicitly auto-approved by user-defined rules.
An MCP Server is a lightweight process exposing tools and resources to AI agents via Model Context Protocol. It runs locally or remotely, bridging AI models and external capabilities.
Why it matters MCP servers enable AI agents to interact with external systems (APIs, databases, tools) in a standardized, discoverable way.
PettyBot ships as an MCP server (@pettybot/mcp) exposing request_spend to any compatible agent.
Merchant Allowlist / Blocklist refers to user-curated lists of approved or prohibited vendors for AI agent purchases. These lists are evaluated against every spend request.
Why it matters Gives users fine-grained control over where their money goes — approve Amazon but block impulse purchases from certain sites.
PettyBot evaluates both allowlists and blocklists against the merchant parameter in every request_spend call.
Model Context Protocol (MCP) is an open standard (originally by Anthropic) defining how AI models connect to external tools and data sources via structured interfaces for tool discovery, invocation, and response handling.
Why it matters Standardizes the agent-to-tool interface, allowing any MCP-compatible agent to use any MCP server without custom integration work.
PettyBot is a native MCP server, compatible with any MCP-compatible AI agent.
Payment Token Delegation is issuing a limited-use, scoped payment credential to an AI agent after purchase approval. The token authorizes a specific amount with a specific merchant and expires after use or timeout.
Why it matters Minimizes risk by ensuring agents can't reuse credentials or exceed approved amounts — each token is single-use and purpose-specific.
PettyBot uses Stripe Shared Payment Tokens. On approval, request_spend returns a payment_token for checkout.
request_spend is PettyBot's MCP tool that AI agents call to request purchase approval. It accepts amount (cents), merchant, and description; returns approval status and payment token.
Why it matters This is the primary interface between AI agents and PettyBot — the function agents invoke to turn "buy this" into a real transaction.
Example: request_spend({ amount_cents: 4799, merchant: 'Amazon', description: 'Grandma\'s birthday gift' })
A Spend Limit is a maximum monetary threshold capping how much an AI agent can spend per transaction, day, week, or month. Transactions exceeding limits are denied or escalated.
Why it matters Prevents catastrophic mistakes — even if an agent misunderstands a request, spend limits ensure losses stay contained.
PettyBot enforces spend limits at per-transaction, daily, and weekly levels.
Join the waitlist for early access.
Be first in line. No spam, ever.