惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
IT之家
IT之家
V
V2EX
Jina AI
Jina AI
V
Visual Studio Blog
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园 - 叶小钗
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
腾讯CDC
Google Online Security Blog
Google Online Security Blog
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News and Events Feed by Topic
N
News and Events Feed by Topic
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
月光博客
月光博客
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
SecWiki News
SecWiki News
博客园_首页
罗磊的独立博客
量子位
Latest news
Latest news
I
Intezer
V
Vulnerabilities – Threatpost
A
Arctic Wolf
Last Week in AI
Last Week in AI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
S
Security Affairs
阮一峰的网络日志
阮一峰的网络日志
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
N
News | PayPal Newsroom

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Amazon AI Cancelling Webcomics Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests.
2026-04-11 · via Hacker News - Newest: "AI"

refund-guard

CI PyPI npm License: MIT

If your AI agent can trigger refunds, do not hand it a raw Stripe/PayPal/Shopify refund function.

An AI refund agent needs a safety map, not just a refund function. refund-guard fully handles a deterministic series of security responsibilities after trusted order data is loaded: the agent input boundary, refund-policy enforcement, and the no-provider-call-on-denial gate. This repo also names the remaining responsibilities your app, provider, database, and process must own before agents can move money.

Design rule: 100% is Pass. 99% is Fail. refund-guard only claims the security responsibilities it can enforce completely.

Why use this

  • Agent input boundary: once your app creates the scoped refund tool, the model can request only amount and reason.
  • Refund-policy enforcement: amount validity, paid/remaining caps, refund windows, final-sale SKUs, allowed reasons, and manual-review thresholds.
  • Provider invocation gate: your provider function is not called unless policy passes.
  • Security map: the repo shows the other responsibilities you must own instead of pretending this package handles them.

Where it fits

AI agent -> tool handler -> resolve trusted order -> refund-guard -> refund provider -> update DB

Agentic refund security map

MECE here means every security category has one clear owner. refund-guard either owns a category at 100%, or it does not own that category.

Green nodes are the categories or gates refund-guard enforces. Gray nodes are responsibilities your app, provider, database, or process must own.

flowchart LR
  A["1. Tool access control<br/>App owns"] --> B["2. Order scope and ownership<br/>App owns"]
  B --> C["3. Authoritative refund facts<br/>App/database/provider owns"]
  C --> D["4. Agent input boundary<br/>refund-guard owns 100%"]
  D --> E["5. Refund-policy enforcement<br/>refund-guard owns 100%"]
  E --> F["6. Provider invocation gate<br/>refund-guard owns denial gate"]
  F --> G["7. Provider execution safety<br/>App/provider owns"]
  G --> H["8. State consistency and persistence<br/>App/database owns"]
  H --> I["9. Evidence, exceptions, and human review<br/>App/process owns"]
  I --> J["10. Auditability and accountability<br/>App/process owns"]
  J --> K["11. Fraud, abuse, and compliance risk<br/>App/process owns"]

  class D,E,F refundGuard
  class A,B,C,G,H,I,J,K appOwned
  classDef refundGuard fill:#dcfce7,stroke:#16a34a,stroke-width:2px,color:#14532d;
  classDef appOwned fill:#f8fafc,stroke:#cbd5e1,color:#0f172a;
Loading

Good fit

  • You are prototyping or shipping an AI support agent that can trigger refunds.
  • Your refund rules live in prompts, scattered if statements, or provider-call code.
  • Your server can load trusted order data through user, ticket, tenant, admin, or backend scope.
  • You need a package-enforced policy gate plus a full security map before building a custom refund-policy service.
  • Your app has refund windows, partial refunds, final-sale SKUs, allowed reasons, or manual-review thresholds.

Payment providers protect against technically invalid refunds. They do not know your business rules. refund-guard is the thin layer where those rules live.

Not a fit

  • Humans approve every refund before money moves.
  • Your agent is read-only and never triggers refunds.
  • Refund code runs client-side. Provider secrets and refund calls belong on your server.
  • Your app cannot verify order scope before refunding, or plans to trust agent-supplied order metadata.
  • Your backend already has equivalent tested refund-policy enforcement.
  • You need this package to own auth, order ownership, provider idempotency, persistence, audit, review, fraud, compliance, chargeback, or risk infrastructure.

How to use this in 10 minutes

  1. Pick Python or TypeScript.
  2. Define SKU refund rules.
  3. Resolve the real order through your app's user/ticket/tenant/admin scope.
  4. Create a scoped refund tool with paid/refunded/date/status fields.
  5. Give the agent only amount and reason, or treat orderId as a scoped lookup hint.
  6. Run the minimal example or policy doctor before real money.

Copy/paste prompts for vibe builders

These are self-contained templates to evaluate and adapt for your app. Prompt 1 includes the discovery and prerequisite checks because many builders will paste only the prompt. Prompt 2 helps you start covering the full agentic refund security map by identifying the non-package responsibilities and blockers before real money moves.

Security categories to understand

Any unauthorized refund or refund fraud is a real problem from day one. Before agents can move money, every category needs a 100% owner.

Category Owner Covered by refund-guard?
Tool access control App/framework No
Order scope and ownership App No
Authoritative refund facts App/database/provider No
Agent input boundary refund-guard Yes, 100%
Refund-policy enforcement refund-guard Yes, 100%
Provider invocation gate refund-guard + app Yes for denial gate; no for provider implementation
Provider execution safety App/provider No
State consistency and persistence App/database No
Evidence, exceptions, and human review App/process No
Auditability and accountability App/process No
Fraud, abuse, and compliance risk App/process No

See the Integration Guide for how vibe builders can solve the responsibilities this package does not cover.

Install

pip install refund-guard            # Python
npm install @mattmessinger/refund-guard  # TypeScript / Node

Quickstart

This is the safe copy-paste shape: resolve the order yourself, create a scoped tool, and let the agent supply only amount and reason.

from refund_guard import Refunds

refunds = Refunds({"skus": {"shampoo": {"refund_window_days": 30}}})

order = load_order_for_current_user(order_id, current_user.id)

refund_tool = refunds.make_refund_tool(
    sku=order.sku,
    transaction_id=order.transaction_id,
    amount_paid_minor_units=order.amount_cents,  # library divides by 100
    amount_refunded_minor_units=order.refunded_cents,
    purchased_at=order.purchased_at,
    refunded_at=order.refunded_at,               # None = not yet refunded
    provider_refund_fn=my_existing_refund_fn,     # your Stripe / PayPal / Shopify call
)

result = refund_tool(reason="provider_cancelled")      # full remaining refund
result = refund_tool(50, reason="duplicate_charge")    # or partial refund
# {"status": "approved", "refunded_amount": 100.0, ...}
# {"status": "denied", "reason": "refund_window_expired", ...}

That's it. Call with no argument for a full refund, or pass an amount for a partial refund. Your provider function is only called if every check passes.

What refund-guard enforces

Given trusted order data, refund-guard enforces these checks before your refund function runs:

  • Already refunded -- if refunded_at is set, denied immediately
  • Refund window -- still within refund_window_days for that SKU
  • Finite positive amount -- must be a real number > 0
  • Amount cap -- cannot exceed what was paid
  • Remaining balance -- handles partial refunds (can't refund $60 twice on a $100 order)
  • Non-refundable SKUs -- final-sale policies deny before the provider call
  • Allowed reasons -- reason must match your policy enum if one is configured
  • Policy caps -- optional max refund amount and manual-review threshold

If any check fails, your provider function is never called -- no money moves.

What refund-guard does not decide

  • Who the user is.
  • Whether an order belongs to that user, session, ticket, tenant, or admin scope.
  • Whether the stated refund reason is factually true.
  • Whether your provider call is idempotent.
  • Whether database state is fresh across services or processes.
  • Whether the refund is fraud, chargeback, compliance, tax/accounting, or marketplace safe.

orderId is a lookup hint, not proof. If your agent supplies it, your app must resolve it through auth/session/ticket/tenant scope before creating the refund tool.

import { Refunds, DENIAL_MESSAGES } from "@mattmessinger/refund-guard";

const refunds = new Refunds({ skus: { shampoo: { refund_window_days: 30 } } });
const currentUser = await requireCurrentUser();
const order = await loadOrderForCurrentUser(orderId, currentUser.id);

const refund = refunds.makeRefundTool({
  sku: order.sku,
  transactionId: order.transactionId,
  amountPaidMinorUnits: order.amountCents,
  amountRefundedMinorUnits: order.refundedCents,
  purchasedAt: order.purchasedAt,
  refundedAt: order.refundedAt,
  providerRefundFn: myExistingRefundFn,
});

const result = await refund(undefined, { reason: "provider_cancelled" });
if (result.status !== "approved") {
  const message = DENIAL_MESSAGES[result.reason] ?? "Refund not allowed.";
  return { success: false, message };
}
return { success: true, amount: result.refunded_amount };

Reason gotcha: If a SKU policy defines allowed_reasons, every approved call must pass a matching reason. Calling refund() without { reason } is denied as refund_reason_not_allowed before your provider function runs.

Both implementations follow the same behavior, enforced by shared parity tests.


API reference

Refunds(policy)

Param Type Notes
policy YAML file path or plain object { skus: { sku_name: { refund_window_days: N } } } Loaded once; reuse the instance

Optional SKU policy fields:

Field Type Meaning
refundable boolean Set false for final-sale SKUs
max_refund_minor_units int Per-refund cap in cents/minor units
manual_approval_required_over_minor_units int Deny automated refunds above this amount
allowed_reasons string[] Allowed reason codes, checked when the tool is called

make_refund_tool(**opts) / makeRefundTool(opts)

Option Type Required Default
sku string yes --
transaction_id / transactionId string yes --
amount_paid / amountPaid number one of these --
amount_paid_minor_units / amountPaidMinorUnits int / number one of these --
amount_refunded / amountRefunded number no 0
amount_refunded_minor_units / amountRefundedMinorUnits int / number no 0
purchased_at / purchasedAt datetime / Date yes --
provider_refund_fn / providerRefundFn (amount, txn_id, currency) -> any yes --
refunded_at / refundedAt datetime / Date or None/null no None
currency string no "usd"
provider string no "unknown"

Provide one of amount_paid (dollars) or amount_paid_minor_units (cents -- divided by 100 internally). Providing both raises an error. If the order has previous partial refunds, also pass amount_refunded_minor_units or amount_refunded from your database so a fresh per-request tool starts from the persisted remaining balance.

The refund callable: refund_tool(amount?) / await refund(amount?)

Call Behavior
refund_tool(reason="provider_cancelled") / await refund(undefined, { reason }) Full refund of the remaining balance (amount_paid - amount_refunded)
refund_tool(50, reason="duplicate_charge") / await refund(50, { reason }) Partial refund of $50

Important: The library passes the validated amount to your provider_refund_fn. If your provider function ignores the amount parameter, the amount checks provide no protection. Always forward the amount to your payment API.

DENIAL_MESSAGES

from refund_guard import DENIAL_MESSAGES
# {"refund_window_expired": "The refund window for this order has closed.", ...}

A dict / Record<string, string> mapping every denial reason to a user-facing message.

Result types

TypeScript exports RefundResult, ApprovedRefundResult, DeniedRefundResult, ErrorRefundResult, and DenialReason for autocomplete and status narrowing. Python exports matching TypedDict aliases for type checkers.


Denial reasons

reason Meaning
already_refunded refunded_at was set -- already refunded
refund_window_expired Purchase older than the SKU's window
amount_exceeds_limit Requested more than was paid
amount_exceeds_remaining Not enough balance after partial refunds
amount_exceeds_policy_max Requested more than the SKU policy allows
invalid_amount Zero or negative
not_refundable SKU policy has refundable: false
refund_reason_not_allowed Reason was missing or not in allowed_reasons
manual_approval_required Amount is above the automated refund threshold
provider_error Your provider threw an exception

Troubleshooting

Symptom Fix
Every refund denied as amount_exceeds_limit You're passing cents to amount_paid. Use amount_paid_minor_units instead.
Every refund denied as already_refunded You're passing a non-null refunded_at. This order is already refunded in your DB.
Partial refunds work once but not across requests Pass amount_refunded_minor_units from your database each time you create the tool.
Refund denied as refund_reason_not_allowed Pass a reason allowed by that SKU's allowed_reasons policy.
TypeScript says Expected 0-1 arguments, but got 2 for refund(undefined, { reason }) Refresh the installed package and lockfile with npm install @mattmessinger/refund-guard@latest or npm ci; older local installs did not expose the reason-options call shape.
SKU 'x' not found in policy Add that SKU to your policy object or YAML file.
Forgot await (TypeScript) The callable is async: const r = await refund().
Refunds go through but amount is wrong Your providerRefundFn must forward the amount parameter to your payment API.

FAQ

Why not just trust the agent? Models hallucinate transaction IDs, mix up amounts, and retry incorrectly. This library binds the tool to one real order your server loaded.

Does this replace Stripe / PayPal / Shopify? No. It wraps your existing refund call with policy checks.

Do I need Python and TypeScript? No. Pick whichever your backend uses.

What does my provider function look like? (amount, transaction_id, currency) -> anything. Same for Stripe, PayPal, Shopify, or your own API.

What about double refunds across HTTP requests? Pass refunded_at for fully refunded orders and amount_refunded_minor_units for previous partial refunds. The library denies immediately if refunded_at is set and uses amount_refunded_minor_units to compute the remaining balance for fresh request-scoped tools.

What data does the agent control? In the server-scoped pattern, only the refund amount and reason. If your agent supplies orderId, treat it as a lookup hint and resolve the order through your app's scope first. SKU, transaction ID, amount paid, amount already refunded, and purchase date all come from your database -- never from the agent.

Is this safe? It covers a narrow set of safety responsibilities, not the whole system. Your app owns auth and scoped order lookup. refund-guard owns the agent input boundary, refund-policy checks, and the no-provider-call-on-denial gate. Your provider and persistence layer own money movement, retries, and records.

How do I enable logging? (Python)

import logging
logging.basicConfig()
logging.getLogger("refund_guard").setLevel(logging.INFO)

What do I tell my AI agent about refund policy? The library enforces hard limits (window, amount, balance). Your agent's system prompt should encode when to offer refunds. See the Integration Guide.

I'm wiring this into a real app with a database and Stripe. Where do I start? Read the Integration Guide -- a walkthrough based on actual production usage.

I'm building with OpenAI, Vercel AI SDK, LangChain, or MCP. Where are the agent examples? Start with Agentic refund flow recipes.

Can I test my policy before touching Stripe? Yes. Run the policy doctor with fake provider calls:

refund-guard doctor examples/doctor/policy.yaml examples/doctor/scenarios.json

Contributing

See CONTRIBUTING.md for setup, tests, and PR guidelines.

Both languages run the same 26 test scenarios from contracts/parity/cases.json. If you change behavior in one language, the shared tests catch the drift.


License

MIT