Legal Context ProtocolTransaction-Time Verification
The key innovation: two moments matter, and the correct moment to verify is at transaction time.
This section is advisory.
Transaction-time verification is the key innovation of the LCP standard beyond discoverability. The insight is simple: the correct moment to fetch, verify, and save terms is not when the agent first discovers a service — it is at transaction time, right before the agent pays.
Two Moments
Discovery time — The agent visits /.well-known/legal-context.json to understand how a service handles legal terms. This is informational. The agent may browse terms, evaluate the service, and decide whether to engage.
Transaction time — The correct moment to fetch, verify, and save the terms. This is when the atrHash matters (Level 2+).
The Proposal-Phase Pattern
Every major agentic commerce protocol has a two-phase flow — propose, then execute:
| Protocol | Proposal Phase | Execution Phase |
|---|---|---|
| MPP | 402 challenge | Payment credential + 200 receipt |
| ACP | Checkout session creation | Complete checkout |
| x402 | 402 response | Payment + resource delivery |
| UCP | Checkout session creation | Payment confirmation + order |
| AP2 | Checkout Mandate creation | Payment Mandate + authorization |
At Level 2+, the atrHash SHOULD be included in the proposal phase. Including it in the proposal allows the agent to verify before paying. Including it only in the receipt is valid but weaker — the agent cannot verify before committing.
Agent Verification Flow (Level 2+)
- Receive the proposed
atrHashfrom the server (in the proposal) - Fetch the terms document from the URL provided
- Compute SHA-256 of the downloaded document
- Compare to the proposed
atrHash— if mismatch, halt - Save the document locally
- Proceed with payment
- Receive receipt containing the same
atrHash— confirmation of what was agreed
This eliminates both race conditions (terms changed between discovery and transaction) and malice (server claiming different terms after the fact). The agent verifies at the moment that matters — right before it pays.
Level 1 Behavior
At Level 1 (no hash), there is no atrHash in the proposal. The terms URL from legal-context.json is the reference. The agent should still fetch and save the terms at transaction time as evidence of what it saw, even without a hash to verify against.
At Level 1, the discovery-time terms and the transaction-time terms are assumed to be the same; the agent has no mechanism to detect a change between discovery and transaction.
Document Preservation
Agents SHOULD save a copy of the terms at transaction time regardless of level. At Level 2+, agents SHOULD verify the atrHash against the downloaded document before proceeding.
The service does not need to guarantee long-term availability of the document at the URL. The document only needs to be downloadable when the agent transacts. After that, the proof lives with the parties — the document in their possession and the hash in the receipt.
A hash without a document is a proof without evidence.
Buyer Policy
The buyer-side counterpart to the seller-published levels of trust. A declarative description of the constraints under which an agent may transact, accept terms, or sign.
Private and Custom Terms
How LCP handles confidential, per-transaction, and dynamically generated terms using ephemeral links and encrypted storage.