Shopify Agentic Storefronts Enabled? Your UCP Profile Still Has Gaps.

You enabled Shopify's Agentic Storefronts. You verified your .well-known/ucp returns JSON. Google AI Mode should be able to find your store now, right?

Maybe. Probably not.

In our April 1 scan of 28 e-commerce domains, every single store that had a UCP manifest was still failing at least 3 validation checks. Not one scored healthy. The most common pattern: Shopify generates the manifest structure correctly, but leaves critical fields empty or misconfigured - and most merchants never notice because their JSON looks valid.

Here is what is actually missing, why it matters for AI agent discovery, and what to check.

What Shopify's Agentic Storefronts Actually Set Up

When you enable the Agentic plan in Shopify, the platform auto-generates a .well-known/ucp manifest. It includes:

• Store metadata (name, origin, namespace)
• Capabilities block (Cart, Catalog, Identity Linking, Checkout)
• Transport bindings pointing to Shopify's endpoint infrastructure

This gets you past Level 1 validation (structural). The JSON parses. Required fields exist. If you run a basic JSON schema validator, it passes.

But AI agents do not stop at Level 1. They need the manifest to be callable - endpoints that respond, keys that verify, handlers that process payments.

The 4 Gaps Shopify Leaves Open

1. Missing Signing Keys

What you see: JSON validates fine. No errors in your Shopify admin.

What AI agents see: No signing_keys array in the manifest. Agents that verify manifest authenticity (and Google's agents do) cannot confirm the profile was published by the domain owner. This is a trust signal, not just a formality.

Fix: Generate a key pair, add the public key to your UCP manifest's signing_keys field, and sign your manifest responses. Shopify does not handle this automatically.

Severity: Build-breaking. Missing signing keys means agents skip your store or treat it as unverified.

2. No Payment Handlers

What you see: Checkout works in the browser. Customers buy things.

What AI agents see: The payment_handlers array is empty or missing. Agents that want to complete a purchase on behalf of a user cannot determine which payment methods your store accepts through the UCP manifest alone.

Fix: Add each active payment method to payment_handlers in your manifest. This includes credit cards, Shop Pay, Apple Pay, Google Pay - whatever your store accepts.

Severity: Build-breaking for checkout-capable agents. Discovery and browsing still work, but the purchase flow is blocked.

3. Missing Return Policy Schema

What you see: Your return policy is on a web page. Humans can read it.

What AI agents see: No structured return policy data in your manifest or linked schema. Agents cannot communicate return terms to users before purchase. For regulated categories (cosmetics, electronics), this is a hard blocker.

Fix: Add a returnPolicy field to your product schema or UCP manifest. Use Schema.org's MerchantReturnPolicy type.

Severity: Warning for most stores. Build-breaking for regulated product categories.

4. Organization Schema Gaps

What you see: Your About page exists. Your brand looks legitimate.

What AI agents see: No Organization schema linked from your manifest. Agents that verify merchant identity (especially for first-time interactions) cannot confirm the business behind the store.

Fix: Add Schema.org Organization markup to your store's homepage. Include @id, name, url, and contactPoint at minimum.

Severity: Warning. Does not block discovery, but reduces trust scoring for agents that cross-reference identity.

How to Actually Validate This

Running curl https://your-store.com/.well-known/ucp tells you the JSON exists. It does not tell you whether an AI agent can use it.

Here is what to check instead:

Level 1 - Structural: Does the JSON parse? Are required fields present? (Shopify handles this.)

Level 2 - Rules: Are capabilities consistent? Does your namespace match your origin? Are declared capabilities actually wired to endpoints? (Shopify partially handles this, but custom theme modifications can break it.)

Level 3 - Network: Do the endpoints in your manifest actually respond? Over HTTPS? With correct content types? With no trailing slashes? (Shopify handles the endpoints, but CDN misconfigurations, custom domains, and redirect chains can break reachability.)

Level 4 - SDK: Can a real AI agent complete a discovery-to-checkout flow? Can it browse, add to cart, and initiate payment? (This is where most "valid" manifests fail - the structure is right but the interaction flow breaks at runtime.)

The 5-Minute Checklist

Run through this after enabling Agentic Storefronts:

1. curl -I https://your-store.com/.well-known/ucp - verify 200 status, application/json content type, HTTPS
2. Check the response for signing_keys - if empty or missing, generate and add keys
3. Check the response for payment_handlers - if empty, list your active payment methods
4. Check your homepage for Organization schema - add if missing
5. Check your product pages for returnPolicy schema - add if missing

Or run a free 4-level validation at ucptools.dev that checks all of this in one scan, including a simulated AI agent interaction.

The Bigger Picture

Shopify's Agentic Storefronts are the on-ramp, not the destination. They handle the hardest part (generating a spec-compliant manifest and wiring commerce endpoints). But the trust and completeness layer - signing keys, payment handlers, identity and return policy schema - is still on you.

Most merchants will enable the feature, see the green checkmark in Shopify admin, and assume they are done. The ones who validate beyond Level 1 are the ones AI agents actually find and use.

The gap between "enabled" and "discoverable" is where your competitors will also get stuck. Close it first.

---

Scan data from UCPtools' April 1, 2026 scan of 28 e-commerce domains. 0 healthy profiles found. 92% broken or missing. Full results at ucptools.dev/directory.