Skip to main content
Allow small refunds automatically. Block large refunds until approval is implemented.

Problem

A support agent can issue refunds to customers. You want to:
  • Allow refunds up to a tenant-specific limit automatically
  • Block refunds above that limit until human approval exists
  • Never allow refunds in non-production environments

Complete Example

How It Works

Two policies protect the refund_customer capability, running in priority order:
  1. require_prod_for_refunds runs first and blocks the refund if the environment is not prod.
  2. refund_amount_limit checks the refund amount against the tenant-specific limit.
Both policies must allow for the refund to proceed. Either can deny.

Adding a Third Policy: Scope Check

Future: Approval Instead of Deny

Once approval_required decisions are implemented, the limit policy can pause rather than block:
The runtime will pause the action, send the approval request, and resume when a human approves or deny automatically when they reject or the request expires.

Production Notes

  • The policy runs before the refund API call. If the policy denies, no refund is issued.
  • Store tenant limits in your configuration or database, not hardcoded.
  • Use action_id from CapabilityDeniedError to correlate the denial with your request logs.
  • When audit sinks are available, every allowed and denied refund attempt will produce an audit event.