Documentation
BLOCK reasons & fixes
BLOCK reasons & fixes
ASG BLOCK responses are deterministic. The reason field in the response is the authoritative explanation.
Common BLOCK reasons (and how to fix them)
| Error | Cause | Fix | Related ActionKind |
|---|---|---|---|
| Invalid JSON. | The request body is not valid JSON. | Send a valid JSON object body. | — |
| BLOCK: Unknown action_kind. Supported action_kind values: money.move, money.refund, money.credit, money.payout, billing.change, billing.cancel, identity.role_change, identity.auth_change, identity.user_create, identity.user_delete, admin.access, data.export, data.import, data.read, data.write, data.delete, data.purge, data.share, messaging.send, messaging.broadcast, messaging.webhook, integrations.connect, integrations.disconnect, integrations.scope_change, workflow.execute, workflow.modify, support.case_update. | The ActionKind is not supported (or is internal-only and not exposed in the public catalog). | Choose a supported ActionKind from Action Reference. | — |
| BLOCK: Unknown action_type for action_kind <action_kind>. Supported action_type values: <allowed>. | The provided action_type is not allowed for the given action_kind. | Use one of the allowed action_type values shown on the ActionKind page. | — |
| BLOCK: action_kind is not available for customer integrations. | The ActionKind exists but is internal-only and not exposed for customer integrations. | Choose a supported public ActionKind from Action Reference. | — |
| Rate limit exceeded. | Too many validation requests in a short period. | Add backoff/retry and reduce validation frequency. | — |
| API key paused for audit. | Your API key is temporarily paused. | Wait until the pause is lifted or rotate credentials. | — |
| Account suspended. | The account associated with this API key is suspended. | Resolve the account issue and retry. | — |
| Blocked (write actions disabled). | The platform has disabled write actions (fail-closed) for safety. | Do not execute. Retry after writes are re-enabled. | — |
| BLOCK: Missing required context (resource_id, requested_acl, current_acl). | Block actions that expose resources publicly or weaken access controls. | Use least-privilege ACLs. Require security review for any public exposure. | |
| BLOCK: Missing required context (session_user_id, account_id, actor_user_id). | Block actions when session identity/account mismatch is detected. | Re-authenticate and validate server-side identity. Investigate potential replay or token confusion. | |
| BLOCK: Missing required context (ai_output). | Block any attempt to bypass the Safety Gate or disable enforcement. | Treat as hostile. Do not execute. Investigate the source prompt and upstream inputs. | |
| BLOCK: Missing required context (account_id, tenant_id, resource_tenant_id). | Block cross-tenant access or mutations. | Verify tenant scoping. Ensure all queries/actions are constrained to the requesting tenant. | |
| BLOCK: Missing required context (ai_output). | Block exfiltration of secrets, API keys, tokens, private certificates, passwords. | Redact secrets. Rotate compromised keys immediately. Add secret scanning to outputs. | |
| BLOCK: Missing required context (ai_output). | Block handling or disclosure of payment card data (PCI) and full bank credentials. | Do not transmit payment credentials. Use provider-hosted payment pages or tokenized references only. | |
| BLOCK: Missing required context (request_id, actor_user_id, account_id). | Block high-risk actions if missing correlation IDs and actor attribution. | Attach request_id, actor_user_id, and account_id to all enforcement calls and logs. | |
| BLOCK: Missing required context (message_body). | Block outbound messages that contain secrets/credentials or sensitive internal data. | Redact sensitive tokens. Replace with references. Ensure destinations are allowlisted. | |
| BLOCK: Missing required context (destination_id, destination_verified, amount_usd). | Block payouts to unverified or new destinations. | Verify destination ownership and risk checks. Use allowlisted payout destinations per account. | |
| BLOCK: Missing required context (actor_user_id, requested_change, current_roles, authz_decision). | Block privilege escalation and unauthorized role changes. | Require admin approval and audited change ticket. Validate actor permissions server-side. | |
| BLOCK: Missing required context (ai_output, system_instructions, user_input). | Block prompt injection and instruction override attempts. | Remove/neutralize attacker instructions. Use structured tool arguments. Re-run with sanitized user input. | |
| BLOCK: Missing required context (blast_radius_estimate). | Block purges with large blast radius or irreversible impact. | Reduce scope, stage in smaller batches, and require human approval with rollback proof. |
Legal & Responsibility Notice
Summary
Informational only
Provided for general guidance. Not legal, compliance, security, or professional advice.
You control implementation
You are responsible for policies, prompts, integrations, workflows, and regulatory requirements.
Liability limitation
To the maximum extent permitted by law, the company disclaims liability for losses arising from use of this documentation or implementations based on it.