skip to main content
Browse documentation

Step-up & action safety

How Syncanix classifies every action as read, write, or destructive — and the confirmation, re-verification, and undo controls that protect each one.

Not every action carries the same risk. Reading a record is harmless; deleting one is not. Syncanix gives each action a safety level and matches the friction to the risk — quiet for reads, a clear confirm for writes, and a deliberate, reversible flow for anything destructive.

The three action levels

Syncanix infers the level from each capability automatically when it builds your catalog, and you can review or adjust it in the dashboard.

Read — runs inline
No side effects, so the assistant just does it and shows the result. No confirmation needed.
Write — one-tap confirm
A reversible change asks for a single confirmation before it runs, then offers a 30-second window to undo it.
Destructive — step-up required
An irreversible action (delete, purge, revoke) requires re-verification, a typed confirmation phrase, and a 60-second undo window. It’s also off by default — you opt each destructive capability in.

Destructive actions are opt-in

A capability classed as destructive is disabled until you explicitly turn it on for the workspace. So the assistant can never delete or revoke anything until you’ve decided it should be able to — there’s no surprising default.

What step-up looks like

When the assistant proposes a destructive action, the chat pauses and walks the user through a short, clear sequence:

  1. The chat pausesThe assistant explains exactly what it’s about to do, and waits — nothing runs yet.
  2. The user re-verifiesThe user confirms their identity again — typically a quick multi-factor prompt from your identity provider.
  3. The user types to confirmFor irreversible actions, the user types a short confirmation phrase, so it can’t happen by a stray click.
  4. A window to undoAfter it runs, an undo window stays open — 30 seconds for writes, 60 for destructive — so a mistake is recoverable.

Acting on the user’s behalf

When a tool needs to act for the user beyond the live chat — for example through the MCP server — the widget asks for explicit consent first, in plain language, and the same confirmation and undo rules still apply.

Next steps

Confirmation & undoThe concept behind how Syncanix confirms and reverses actions.Connecting an identity providerStep-up uses your identity provider — connect one to enable it.