money.refund

Category: Financial

Risk Level: High

Allowed action_type: refund

What this action is

Issue a monetary refund to a customer.

When to use it

Use this action when you are about to issue a monetary refund to a customer.

Real-world example

Example: your AI agent proposes an operation that would result in money.refund. Before you apply the side effect, validate the exact payload with ASG.

When not to use it

Do not use money.refund for planning, drafting, or simulation. Only call ASG when your system is prepared to execute on PASS or stop on WARN/BLOCK.

Allowed action_type values

This field is enforced. If it is not listed, do not send it.

refund

Canonical payload (This will PASS)

json

26 lines

{
  "action_kind": "money.refund",
  "action_type": "refund",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "amount_usd": 0,
    "authz_decision": "example",
    "case_id": "example",
    "idempotency_key": "example",
    "invoice_id": "example",
    "payload_preview": "example",
    "payload_schema": "example",
    "recent_actions_count": 0,
    "recent_duplicate_count": 1,
    "request_id": "example",
    "session_user_id": "example",

Required context

Field	Required	Type	Consequence
`account_id`	Required	`string`	`BLOCK: Missing required context (account_id).`
`actor_user_id`	Required	`string`	`BLOCK: Missing required context (actor_user_id).`
`amount_usd`	Required	`number`	`WARN: Missing required context (amount_usd).`
`authz_decision`	Required	`string`	`BLOCK: Missing required context (authz_decision).`
`case_id`	Required	`string`	`BLOCK: Missing required context (case_id).`
`idempotency_key`	Required	`string`	`BLOCK: Missing required context (idempotency_key).`
`invoice_id`	Required	`string`	`BLOCK: Missing required context (invoice_id).`
`payload_preview`	Required	`string`	`WARN: Missing required context (payload_preview).`
`payload_schema`	Required	`string`	`WARN: Missing required context (payload_schema).`
`recent_actions_count`	Required	`number`	`WARN: Missing required context (recent_actions_count).`
`recent_duplicate_count`	Required	`number`	`BLOCK: Missing required context (recent_duplicate_count).`
`request_id`	Required	`string`	`BLOCK: Missing required context (request_id).`
`session_user_id`	Required	`string`	`BLOCK: Missing required context (session_user_id).`
`system_instructions`	Required	`string`	`BLOCK: Missing required context (system_instructions).`
`time_window_minutes`	Required	`number`	`WARN: Missing required context (time_window_minutes).`
`transaction_id`	Required	`string`	`BLOCK: Missing required context (transaction_id).`
`user_input`	Required	`string`	`BLOCK: Missing required context (user_input).`
`workflow`	Required	`string`	`BLOCK: Missing required context (workflow).`
`workflowName`	Required	`string`	`BLOCK: Missing required context (workflowName).`

Decision behavior (PASS / WARN / BLOCK)

AI Safety Gate is fail-closed by design. If validation or approval polling cannot be safely completed (missing required context, invalid responses, timeouts, or unexpected errors), execution must stop.

Status	What ASG returns	What you must do
PASS	Allowed by safety policy.	Execute the action.
WARN	Review required by safety policy.	Do not execute. Persist decision_id and wait for human approval. Approval does not modify policies and does not change the original decision — it authorizes execution for this specific decision_id.
BLOCK	Blocked by safety policy.	Do not execute. Fix payload/context and re-validate.

Policy behavior

This ActionKind is evaluated against managed policies derived from the managed policy catalog.

Example threshold shapes used by applicable policies: {"maxActionsPerMinute":5} | {"maxAmountUsd":200} | {"maxActionsPerHour":25,"maxActionsPerMinute":5}

Related policies: Financial policies, Identity policies, Data policies

Policy summary	Severity	Required context	Thresholds	Approval	Remediation
Block actions when session identity/account mismatch is detected.	BLOCK	session_user_id, account_id, actor_user_id	—	—	Re-authenticate and validate server-side identity. Investigate potential replay or token confusion.
Block high-risk actions if missing correlation IDs and actor attribution.	BLOCK	request_id, actor_user_id, account_id	—	—	Attach request_id, actor_user_id, and account_id to all enforcement calls and logs.
Block prompt injection and instruction override attempts.	BLOCK	ai_output, system_instructions, user_input	—	—	Remove/neutralize attacker instructions. Use structured tool arguments. Re-run with sanitized user input.
Block refunds/credits/payouts without verified evidence and authorization.	BLOCK	invoice_id, transaction_id, case_id, authz_decision	—	—	Require support ticket/case, validated transaction reference, and server-side authz before executing.
Block repeated retries/loops that cause duplicate side effects.	BLOCK	idempotency_key, recent_duplicate_count	{"maxActionsPerMinute":5}	—	Enforce idempotency keys. Add dedupe. Stop runaway retries with backoff + circuit breakers.
Block when required integration context is missing.	BLOCK	workflow, workflowName, system_instructions, user_input, actor_user_id, account_id, request_id, idempotency_key	—	—	Include the required context fields so the gate can make a deterministic decision and record an auditable event.
Warn and require approval for high-value refunds/credits.	WARN	amount_usd, invoice_id, case_id	{"maxAmountUsd":200}	WARN requires approval	Approve only with case evidence. Consider dual approval for unusually large amounts.
Warn when financial actions exceed safe velocity thresholds.	WARN	recent_actions_count, time_window_minutes	{"maxActionsPerHour":25,"maxActionsPerMinute":5}	WARN requires approval	Investigate automation loop or abuse. Rate-limit and require manual review temporarily.
Warn when structured tool args are invalid/missing required fields.	WARN	payload_schema, payload_preview	—	—	Fix payload schema/validation. Require requiredContext fields before allowing execution.

Approval behavior

If validation returns WARN, you must pause execution and wait for approval.

WARN requires human approval. Approval authorizes execution for the same decision_id and does not modify policies or change the original decision record.

WARN responses include a decision_id and an approval_token.

Applicable WARN policies for this ActionKind require explicit approval.

See When approval is required.
See WARN → approval lifecycle.
See Polling behavior.
If approval cannot be completed, see Approval failures.

Common errors

Mistake	What happens	Fix
Using an unknown action_kind	BLOCK: Unknown action_kind. Supported action_kind values: money.move, money.refund, money.credit, money.payout, billing.change, billing.cancel, identity.role_change, identity.auth_change, identity.user_create, identity.user_delete, admin.access, data.export, data.import, data.read, data.write, data.delete, data.purge, data.share, messaging.send, messaging.broadcast, messaging.webhook, integrations.connect, integrations.disconnect, integrations.scope_change, workflow.execute, workflow.modify, support.case_update.	Fix: Unknown action kind
Using an unsupported action_type	`BLOCK: Unknown action_type for action_kind money.refund. Supported action_type values: refund.`	Use one of the allowed values listed above.
Omitting required context	`BLOCK: Missing required context (workflow, workflowName, system_instructions).`	Fix: Missing context
Sending the wrong JSON types	`WARN: Schema mismatch. Proceeding with enforcement using normalized input.`	Fix: Schema mismatch
Approval token generation fails	`Approval token generation failed. Blocking by default.`	Treat as BLOCK (fail closed). Retry validation later.

Copy-paste examples

Minimal

json

26 lines

{
  "action_kind": "money.refund",
  "action_type": "refund",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "amount_usd": 0,
    "authz_decision": "example",
    "case_id": "example",
    "idempotency_key": "example",
    "invoice_id": "example",
    "payload_preview": "example",
    "payload_schema": "example",
    "recent_actions_count": 0,
    "recent_duplicate_count": 1,
    "request_id": "example",
    "session_user_id": "example",

Full

json

26 lines

{
  "action_kind": "money.refund",
  "action_type": "refund",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "amount_usd": 0,
    "authz_decision": "example",
    "case_id": "example",
    "idempotency_key": "example",
    "invoice_id": "example",
    "payload_preview": "example",
    "payload_schema": "example",
    "recent_actions_count": 0,
    "recent_duplicate_count": 1,
    "request_id": "example",
    "session_user_id": "example",

Legal & Responsibility Notice

Summary

Informational only

Provided for general guidance. Not legal, compliance, security, or professional advice.

You control implementation

You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.

Liability limitation

To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.