data.read

Category: Data

Risk Level: High

Allowed action_type: read

What this action is

Read data from the system.

When to use it

Use this action when you are about to read data from the system.

Real-world example

Example: your AI agent proposes an operation that would result in data.read. Before you apply the side effect, validate the exact payload with ASG.

When not to use it

Do not use data.read for planning, drafting, or simulation. Only call ASG when your system is prepared to execute on PASS or stop on WARN/BLOCK.

Allowed action_type values

This field is enforced. If it is not listed, do not send it.

read

Canonical payload (This will PASS)

json

{
  "action_kind": "data.read",
  "action_type": "read",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "idempotency_key": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example"
  }
}

Required context

Field	Required	Type	Consequence
`account_id`	Required	`string`	`BLOCK: Missing required context (account_id).`
`actor_user_id`	Required	`string`	`BLOCK: Missing required context (actor_user_id).`
`idempotency_key`	Required	`string`	`BLOCK: Missing required context (idempotency_key).`
`request_id`	Required	`string`	`BLOCK: Missing required context (request_id).`
`resource_tenant_id`	Required	`string`	`BLOCK: Missing required context (resource_tenant_id).`
`system_instructions`	Required	`string`	`BLOCK: Missing required context (system_instructions).`
`tenant_id`	Required	`string`	`BLOCK: Missing required context (tenant_id).`
`user_input`	Required	`string`	`BLOCK: Missing required context (user_input).`
`workflow`	Required	`string`	`BLOCK: Missing required context (workflow).`
`workflowName`	Required	`string`	`BLOCK: Missing required context (workflowName).`
`purpose`	Optional	`string`	No direct consequence (not required).

Decision behavior (PASS / WARN / BLOCK)

AI Safety Gate is fail-closed by design. If validation or approval polling cannot be safely completed (missing required context, invalid responses, timeouts, or unexpected errors), execution must stop.

Status	What ASG returns	What you must do
PASS	Allowed by safety policy.	Execute the action.
WARN	Review required by safety policy.	Do not execute. Persist decision_id and wait for human approval. Approval does not modify policies and does not change the original decision — it authorizes execution for this specific decision_id.
BLOCK	Blocked by safety policy.	Do not execute. Fix payload/context and re-validate.

Policy behavior

This ActionKind is evaluated against managed policies derived from the managed policy catalog.

Related policies: Identity policies, Data policies

Policy summary	Severity	Required context	Thresholds	Approval	Remediation
Block cross-tenant access or mutations.	BLOCK	account_id, tenant_id, resource_tenant_id	—	—	Verify tenant scoping. Ensure all queries/actions are constrained to the requesting tenant.
Block when required integration context is missing.	BLOCK	workflow, workflowName, system_instructions, user_input, actor_user_id, account_id, request_id, idempotency_key	—	—	Include the required context fields so the gate can make a deterministic decision and record an auditable event.

Approval behavior

This ActionKind has no managed WARN policies in the managed catalog, but WARN can still occur (for example, schema mismatch normalization).

WARN requires human approval. Approval authorizes execution for the same decision_id and does not modify policies or change the original decision record.

WARN responses include a decision_id and an approval_token.

See When approval is required.
See WARN → approval lifecycle.
See Polling behavior.
If approval cannot be completed, see Approval failures.

Common errors

Mistake	What happens	Fix
Using an unknown action_kind	BLOCK: Unknown action_kind. Supported action_kind values: money.move, money.refund, money.credit, money.payout, billing.change, billing.cancel, identity.role_change, identity.auth_change, identity.user_create, identity.user_delete, admin.access, data.export, data.import, data.read, data.write, data.delete, data.purge, data.share, messaging.send, messaging.broadcast, messaging.webhook, integrations.connect, integrations.disconnect, integrations.scope_change, workflow.execute, workflow.modify, support.case_update.	Fix: Unknown action kind
Using an unsupported action_type	`BLOCK: Unknown action_type for action_kind data.read. Supported action_type values: read.`	Use one of the allowed values listed above.
Omitting required context	`BLOCK: Missing required context (workflow, workflowName, system_instructions).`	Fix: Missing context
Sending the wrong JSON types	`WARN: Schema mismatch. Proceeding with enforcement using normalized input.`	Fix: Schema mismatch
Approval token generation fails	`Approval token generation failed. Blocking by default.`	Treat as BLOCK (fail closed). Retry validation later.

Copy-paste examples

Minimal

json

{
  "action_kind": "data.read",
  "action_type": "read",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "idempotency_key": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example"
  }
}

Full

json

{
  "action_kind": "data.read",
  "action_type": "read",
  "ai_output": {},
  "context": {
    "account_id": "example",
    "actor_user_id": "example",
    "idempotency_key": "example",
    "request_id": "example",
    "resource_tenant_id": "example",
    "system_instructions": "example",
    "tenant_id": "example",
    "user_input": "example",
    "workflow": "example",
    "workflowName": "example",
    "purpose": "example"
  }
}

Legal & Responsibility Notice

Summary

Informational only

Provided for general guidance. Not legal, compliance, security, or professional advice.

You control implementation

You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.

Liability limitation

To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.