AGENTFORCE-17.1: Commerce Agent Without Idempotency Key
๐จ Critical ยท Agentforce for Commerce
Detects agent actions targeting Apex classes that make HTTP callouts to Commerce or Order Management APIs without including an Idempotency-Key header. LLM retry behaviour combined with network failures can cause duplicate order creation or double-billing.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-17.1 |
| Severity | Critical |
| Category | Agentforce for Commerce |
| Compliance | PCI_DSS, SOC2_CC6 |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-17.1.