Why a Valid Payment Token Is Not Enough for AI-Delegated Commerce

·1 views

A technical article in the Agent-Ready Commerce series argues that delegated payment in AI-driven platforms must be treated as a bounded authority decision, not simply a token validation check. The author contends that even a cryptographically valid, unexpired payment artifact cannot alone authorize a transaction — the platform must verify the specific actor, buyer, merchant, amount, currency, and time window against a live checkout snapshot. The piece outlines a multi-step chain from payment artifact to order commitment, warning that collapsing these steps into a single 'token valid, proceed' logic creates unsafe payment behavior. This seventh installment builds on prior articles covering catalog facts, action eligibility, policy structure, protocol adapters, and checkout state machines. The overarching goal of the series is to define an architecture where commercial decisions are scoped, auditable, and safe for automated or agent-initiated execution.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

AI Crawler Restrictions Could Quietly Fragment the Shared Web of Knowledge

Website owners are increasingly using robots.txt files to selectively block or allow specific AI crawlers, such as GPTBot or ClaudeBot, based on commercial deals or personal preferences. While each decision appears reasonable in isolation, experts warn that thousands of similar choices made simultaneously could erode the long-held assumption of a shared internet information environment. The fragmentation is not driven by malicious intent but by intellectual property protection and survival-level licensing negotiations in an ecosystem that no longer reliably sends traffic to publishers. Critically, the divergence is most visible at the retrieval layer: when AI systems access live web content, different bots may be permitted to cite entirely different sources in response to the same query. This means two AI systems could give different answers to identical questions not because of differences in reasoning, but purely due to differences in permitted access.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why AI Prompts Are Not a System — and How to Build Skills That Last

A senior software engineer and tech lead argues that copying and reusing AI prompts is not a reliable system, because the same words can produce inconsistent outputs across different sessions and contexts. Drawing on frameworks from Glowforge CEO Dan Shapiro and AI strategist Nate B. Jones, the author distinguishes between disposable prompts and durable 'skills' — structured instructions with versioning, output contracts, and routing signals. Unlike prompts, skills specify what to produce rather than what to consider, and their improvements persist over time for both human and AI agents. The author reviewed their own order management API project to identify the best candidate for converting a prompt into a reusable skill, settling on a Gherkin scenario quality evaluation methodology that agents had repeatedly re-derived from scratch. The piece frames this shift as foundational infrastructure work, marking the start of a new phase in the author's public learning journey toward advanced AI-assisted engineering.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Packages Reusable Claude Code Skills to Eliminate Repetitive React Setup

A developer frustrated with AI coding assistants generating generic boilerplate has created a set of reusable instruction files, called SKILL.md, for Claude Code and Cursor. These skill files encode production conventions — such as auth flows, form validation, and GDPR compliance — so the AI generates project-ready code instead of bare-bones templates. The system works by automatically activating the relevant skill when a developer describes what they are building, requiring no extra prompting. A bundle of eight skills, extracted from real SaaS codebases and covering common React features, has been packaged and made available for a one-time purchase. Each skill targets React and TypeScript but includes adaptation notes for Vue, Angular, and Svelte.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Memory Plugin for Voice-Powered Conference Agent Using Weaviate

A developer known as Astrodevil published a technical guide on June 17 detailing how to build a memory plugin for a voice-powered conference agent. The project integrates Hermes and Openclaw agents with Weaviate's Engram memory system. The tutorial, aimed at Python developers, walks through creating persistent agent memory to enhance AI-driven conference assistants. The open-source project covers key AI and programming concepts, making it relevant for developers exploring agent memory architectures.

0 comments Read more at DEV Community