AI Safety Gate
Automation Safety Layer
Get protected
Documentation
data.export
⬅️ Back to Docs Home

data.export

Category: Data
Risk Level: High
Allowed action_type: export

What this action is

Export data out of the system.

When to use it

Use this action when you are about to export data out of the system.

Real-world example

Example: your AI agent proposes an operation that would result in data.export. Before you apply the side effect, validate the exact payload with ASG.

When not to use it

Do not use data.export for planning, drafting, or simulation. Only call ASG when your system is prepared to execute on PASS or stop on WARN/BLOCK.

Allowed action_type values

This field is enforced. If it is not listed, do not send it.
export

Canonical payload (This will PASS)

json
19 lines
{
  "action_kind": "data.export",
  "action_type": "export",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "compliance_context": "example",
    "idempotency_key": "example",
    "purpose": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example"
  }

Required context

FieldRequiredTypeConsequence
account_idRequiredstringBLOCK: Missing required context (account_id).
actor_user_idRequiredstringBLOCK: Missing required context (actor_user_id).
compliance_contextRequiredstringBLOCK: Missing required context (compliance_context).
idempotency_keyRequiredstringBLOCK: Missing required context (idempotency_key).
purposeRequiredstringWARN: Missing required context (purpose).
request_idRequiredstringBLOCK: Missing required context (request_id).
resource_tenant_idRequiredstringBLOCK: Missing required context (resource_tenant_id).
system_instructionsRequiredstringBLOCK: Missing required context (system_instructions).
tenant_idRequiredstringBLOCK: Missing required context (tenant_id).
user_inputRequiredstringBLOCK: Missing required context (user_input).
workflowRequiredstringBLOCK: Missing required context (workflow).
workflowNameRequiredstringBLOCK: Missing required context (workflowName).
blast_radius_estimateOptionalnumberNo direct consequence (not required).
maxRecordsOptionalnumberNo direct consequence (not required).
records_countOptionalnumberNo direct consequence (not required).

Decision behavior (PASS / WARN / BLOCK)

AI Safety Gate is fail-closed by design. If validation or approval polling cannot be safely completed (missing required context, invalid responses, timeouts, or unexpected errors), execution must stop.
StatusWhat ASG returnsWhat you must do
PASSAllowed by safety policy.Execute the action.
WARNReview required by safety policy.Do not execute. Persist decision_id and wait for human approval. Approval does not modify policies and does not change the original decision — it authorizes execution for this specific decision_id.
BLOCKBlocked by safety policy.Do not execute. Fix payload/context and re-validate.

Policy behavior

This ActionKind is evaluated against managed policies derived from the managed policy catalog.
Example threshold shapes used by applicable policies: {"maxRecords":1000}
Related policies: Identity policies, Data policies
Policy summarySeverityRequired contextThresholdsApprovalRemediation
Block cross-tenant access or mutations.BLOCKaccount_id, tenant_id, resource_tenant_idVerify tenant scoping. Ensure all queries/actions are constrained to the requesting tenant.
Block exfiltration of secrets, API keys, tokens, private certificates, passwords.BLOCKai_outputRedact secrets. Rotate compromised keys immediately. Add secret scanning to outputs.
Block handling or disclosure of payment card data (PCI) and full bank credentials.BLOCKai_outputDo not transmit payment credentials. Use provider-hosted payment pages or tokenized references only.
Block high-risk actions if missing correlation IDs and actor attribution.BLOCKrequest_id, actor_user_id, account_idAttach request_id, actor_user_id, and account_id to all enforcement calls and logs.
Block prompt injection and instruction override attempts.BLOCKai_output, system_instructions, user_inputRemove/neutralize attacker instructions. Use structured tool arguments. Re-run with sanitized user input.
Block sharing of PHI/medical records without explicit compliant handling.BLOCKai_output, compliance_contextRequire compliant workflows (HIPAA/Baa etc.) and explicit authorization before any PHI handling.
Block when required integration context is missing.BLOCKworkflow, workflowName, system_instructions, user_input, actor_user_id, account_id, request_id, idempotency_keyInclude the required context fields so the gate can make a deterministic decision and record an auditable event.
Warn when output contains PII and requires redaction/minimization before sharing/exporting.WARNai_output, purpose{"maxRecords":1000}WARN requires approvalRedact/minimize. Ensure recipient/destination is approved. Log data-handling purpose for audit.

Approval behavior

If validation returns WARN, you must pause execution and wait for approval.
WARN requires human approval. Approval authorizes execution for the same decision_id and does not modify policies or change the original decision record.
WARN responses include a decision_id and an approval_token.
Applicable WARN policies for this ActionKind require explicit approval.

Common errors

MistakeWhat happensFix
Using an unknown action_kindBLOCK: Unknown action_kind. Supported action_kind values: money.move, money.refund, money.credit, money.payout, billing.change, billing.cancel, identity.role_change, identity.auth_change, identity.user_create, identity.user_delete, admin.access, data.export, data.import, data.read, data.write, data.delete, data.purge, data.share, messaging.send, messaging.broadcast, messaging.webhook, integrations.connect, integrations.disconnect, integrations.scope_change, workflow.execute, workflow.modify, support.case_update.Fix: Unknown action kind
Using an unsupported action_typeBLOCK: Unknown action_type for action_kind data.export. Supported action_type values: export.Use one of the allowed values listed above.
Omitting required contextBLOCK: Missing required context (workflow, workflowName, system_instructions).Fix: Missing context
Sending the wrong JSON typesWARN: Schema mismatch. Proceeding with enforcement using normalized input.Fix: Schema mismatch
Approval token generation failsApproval token generation failed. Blocking by default.Treat as BLOCK (fail closed). Retry validation later.

Copy-paste examples

Minimal

json
19 lines
{
  "action_kind": "data.export",
  "action_type": "export",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "compliance_context": "example",
    "idempotency_key": "example",
    "purpose": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example"
  }

Full

json
22 lines
{
  "action_kind": "data.export",
  "action_type": "export",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "compliance_context": "example",
    "idempotency_key": "example",
    "purpose": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example",
    "blast_radius_estimate": 0,
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.