Building AI Commerce: Lessons from the First 12 Sprints
Key lessons learned from building an AI-native commerce platform across 12 development sprints with a $1,800 budget.
After 12 sprints of building soft.house, we’ve learned some hard-won lessons about building AI-native commerce infrastructure.
Lesson 1: AI-First Beats Web-First
We estimated that 80% of our users would interact through AI assistants, not through a website. So we built the MCP server and protocol endpoints before any web UI.
The result: we were 70 days ahead of our original schedule because protocol endpoints are cleaner to test than full web interfaces.
Lesson 2: Free Tiers Are Powerful
Our entire infrastructure runs on free tiers:
- Cloudflare Workers: 100k requests/day
- Supabase: 500MB database
- Google Cloud: $300 credit
Through 12 sprints, we’ve spent $0 on infrastructure. This forced discipline in our architecture decisions.
Lesson 3: Security Can’t Be Retrofitted
We implemented ECDSA signature verification, nonce validation, and rate limiting from Sprint 1. In Sprint 11, our security audit found that 17 of 21 attack vectors were already protected — because security was built into the foundation.
Lesson 4: Protocol Abstraction Pays Off
Building the unified mandate service took extra time upfront, but saved 1,180 lines of code and ensured consistent behavior across AP2 and ACP.
What’s Next
We’re preparing for our beta launch. If you’re interested in building with AI commerce protocols, check out our documentation and API explorer.