Risk class
READ_ONLY risk class
The risk class for analysis or retrieval tool calls that do not change external state.
READ_ONLY applies to tool calls that inspect, retrieve, calculate, summarize, or analyze without writing to external systems or committing business actions.
Why it matters
Separating read-only analysis from consequential actions lets teams move quickly without giving agents uncontrolled execution rights.
How HARNEXA uses it
PHANTOM uses read-only tools for account context, SKU velocity, planogram checks, and proposal preparation before the approval boundary.
FAQ
Questions this definition answers.
Do READ_ONLY actions require approval?
Usually no. They still pass through identity, permission, budget, sensors, and audit logging.
Can a proposed order be READ_ONLY?
Yes, if it is only a recommendation and no order is submitted or external system is changed.
Need these definitions mapped to a live commerce workflow, agent estate, or protocol-readiness path?
Book diagnostic sprint