Skip to main content
Subscriber-safe tools return only the current subscriber’s own data.

Naming

Use names that clearly communicate scope: 
bookings.list_for_verified_contact
customers.get_for_verified_contact
orders.list_for_phone
memberships.get_own_status
The policy recognizes subscriber-scoped language such as:
  • subscriber
  • verified
  • contact
  • own
  • me
  • for_contact
  • by_contact
  • for_phone
  • by_phone

Parameters

Expose one or more verified contact fields: 
{
  "type": "object",
  "properties": {
    "subscriberPhoneE164": {
      "type": "string"
    },
    "subscriberEmail": {
      "type": "string"
    }
  }
}
For SMS and iMessage runs, prefer phone-scoped tools.

Do not require arbitrary ids

Avoid requiring inputs like:
  • customerId
  • userId
  • companyId
  • bookingReference
  • email
  • name
Those can let a subscriber ask for another person’s records if the tool trusts the input.

Read-only only

Subscriber-safe tools must be read-only. Tools that create, update, delete, charge, refund, cancel, send, or mutate records are blocked from subscriber conversations.

Result shape

Return enough information to answer the subscriber, but avoid broad or sensitive fields:
  • Do return relevant booking, order, or membership status.
  • Do not return internal notes.
  • Do not return other customers.
  • Do not return financial summaries unless the use case requires it and it is scoped to the subscriber.