Retail & e-commerceStudied

Order management + returns as tools

Mutations are idempotent and rate-limited so a retrying agent can't double-refund.

Open the live lab · pre-loaded to this scenario

MCP Server Playground

Context

An order-management system is exposed to a service agent. Reads are open; the one mutation — cancel_order — requires an idempotency key and is rate-limited, so a retrying or looping agent can't issue two refunds for one order.

The decision

Which mutations need idempotency keys and human confirmation: any money-moving or irreversible action gets an idempotency key so retries are safe.

What most miss

Everyone tests the happy path. The failure that matters is the agent that retries on a timeout — without idempotency that's a double refund, and it's the server's job to prevent it.

Stakes

A double-refund bug at scale is direct margin loss and a reconciliation nightmare.

Takeaway · Any money-moving mutation gets an idempotency key — retries must be safe by design.

Studied · Agent & Protocol · verified 2026-07-03

Sources: Order-management / payments API idempotency patterns; Agent retry / at-least-once delivery failure modes

← All industries·See it in a full program storyline →