Action Runtime Context Specification
The action context represents the runtime payload for the operation currently being evaluated.
This is the primary routing domain for policy execution because the engine prioritizes action-scoped rule sets.
Purpose
The action context contains operation-specific fields such as:
type- amount
- environment
- resource_id
- operation_mode
- destination_region
Typical usage:
subject:
domain: action
field: amount
Runtime Shape
action:
type: transfer_funds
amount: 100000
currency: USD
Type: Mapping of action field names to scalar values
The special field type is strategically important.
It determines whether action-scoped compiled rules are selected first.
Evaluation Priority
Evaluation order:
- action-scoped rules using
action.type - global rules
- default allow
This makes action the highest-priority runtime context.
type Field Contract
action:
type: delete_user
type must be a string scalar.
If missing or non-string:
- action-scoped rules are skipped
- evaluation falls through to global rules
This behavior is deterministic and fail-safe.
Comparison Semantics
Supports all validated scalar comparisons based on field type.
Action is typically used for:
- monetary thresholds
- environment checks
- workflow stage
- destructive operations
- production deployment routing
Best Practices
- always include
action.type - keep action payload business-specific
- use explicit names for routing fields
- avoid overloading action with actor identity