The Trust Dial
Set autonomy per action and dial it back anytime, and every run is still audited.
Suggestdrafts only; nothing runs without a person.Copilotshows a one-click Approve card.Autopilotruns only within rate, value & scope guardrails.
Action contracts let your AI run approved backend operations (refund an invoice, suspend a license, route a ticket) without ever touching your raw database. The AI proposes a typed action, OpsIQ checks the role, validates the params, a human confirms the write, the call goes out HMAC-signed, and every step is audited and reversible.
An action is a typed contract you register once: a name like saas.refund_invoice, its parameters, the surface it lives on, the roles allowed to run it, a confirmation policy and a signed endpoint. No raw SQL, no arbitrary calls. Follow a single request (“refund Adam’s last invoice”) and you’ll see exactly what happens every time: the AI proposes, a human confirms, the call goes out signed, and the receipt is written.
The AI cannot invent a call. It can only run yours.
When an admin types “refund Adam’s last invoice,” the AI matches the intent to a contract it already knows and fills the parameters from your live records. It never improvises a call, and it never reaches your raw database. If the intent doesn’t map to a registered action, nothing is proposed. Full stop.
saas.refund_invoice, or to nothing at all.#INV-2291 are pulled from your records, never the model’s guess.Before anything can run, OpsIQ validates the proposal server-side: is this role allowed, is the action in scope for this surface, are the parameters the right types? Mutating actions then wait for an explicit human Approve by default: one click on a confirmation card, or dismiss it. The actor is always the verified signed-in admin or token-verified customer, never whoever the model claims to be.
OpsIQ POSTs an HMAC-signed payload to your own endpoint. The signature covers the raw body plus a timestamp, so a replayed or tampered request is rejected at your door. The moment it returns, OpsIQ writes an append-only audit row capturing who ran it, what ran, the result, how long it took and the signature.
X-OpsIQ-Signature over the body before acting.200, duration 188ms and signature, append-only.These are the controls you wrap around the trip you just watched: the dial that decided whether beat two waited for you, the gate that decides whether the action is even offered, and the undo that makes a write safe to make.
Set autonomy per action and dial it back anytime, and every run is still audited.
Suggest drafts only; nothing runs without a person.Copilot shows a one-click Approve card.Autopilot runs only within rate, value & scope guardrails.Surface scoping plus role gating that fails closed: a mismatch hides the action entirely.
owner / admin / support / custom.A mutating action can declare its inverse, so a wrong call rolls back from the same audit row.
suspend ↔ reactivate and refund ↔ re-charge.When you remove the human click, three fences take its place, all enforced server-side, before the signed POST ever goes out. An action that hits any one of them isn’t quietly skipped; it’s parked back into the human approval queue, exactly where beat two lived.
Cap how often an action fires per hour, per day or per week so a runaway loop can’t drain anything.
Bound the money any single call or a whole day can move: a maximum per transaction and per day.
Confine Autopilot to a department, region or segment, per action.
Hit a limit and the action returns to the human queue for an explicit Approve, never silently dropped.
This is the contract that made the whole journey possible. You declare an action once and the AI can propose it immediately; every field on the contract is governance made real and self-documenting. And actions aren’t only born from a typed prompt; workflows and rules can propose them too, through the exact same gate.
Register once
Triggered, not just typed
send_email, webhook, set_status…) advances on the cron tick and hands off to an action.Because every field is part of the contract, the action describes itself. Parameters carry types and validation, so invalid params are rejected rather than improvised around; aliases map what people actually type to the canonical key; a destructive flag and source tracking are part of the record. Export the whole registry to an OpenAPI reference and your actions are documented the moment they exist.
INV-* is enforced, not guessed.saas.refund_invoice./actions/refund_invoice and the full registry, generated automatically.Autonomous agents that wire an LLM straight to your tools are fast, and unbounded. The difference isn't intelligence; it's the contract, the gate and the trail around it. Here's the fair version.
| Capability | Ungoverned AI agent | OpsIQ Actions |
|---|---|---|
| What the AI can call | Whatever the tool layer exposes | Only registered typed contracts |
| Approval before a write | Runs immediately | Human gate by default (Copilot) |
| Permission & role scoping | Usually one blanket credential | Per action · surface + role · fails closed |
| Parameter validation | Trusts the model output | Typed schema · invalid input rejected |
| Tamper protection on calls | Rarely signed | HMAC-SHA256 over raw body + timestamp |
| Autonomy control | All-or-nothing | Trust Dial · Suggest → Copilot → Autopilot |
| Audit of every operation | Partial logs, if any | Immutable: actor, params, result, duration |
| Reversibility | Manual cleanup | Declared inverse · one-click rollback |
| Reaches raw database | Often direct DB / shell | Never, only your endpoints |
| Triggered by rules safely | Separate, ungated paths | Same gate for workflows & proactive rules |
| Bring your own model | Usually yes | Anthropic / OpenAI / Gemini / Grok / self-host |
Every capability, grouped. ★ marks a stand-out.
| Feature | What it does |
|---|---|
| Core governance & confirmation | |
| Typed action contract ★ | Every action is a declared JSON schema: name, params, scope, roles, policy, endpoint. AI fills the slots you defined. |
| Human approval gate ★ | Nothing mutating runs until a person clicks Approve. |
| Per-action confirmation policy | never / once-per-session / always; risky actions always require confirmation. |
| Requires-confirmation flag NEW | Force confirmation on sensitive actions, independent of the policy default. |
| Confirmation card UI | Exact action, params and roles preview before approval. |
| Security & trust | |
| HMAC-SHA256 signing ★ | Signed POST over the raw body so endpoints verify with cryptographic proof. |
| Verified actor identity ★ | The actor comes from the session, never the AI's claim. |
| Timestamp & replay protection NEW | Old timestamps are rejected, so a captured call can't be replayed. |
| Permission & access | |
| Surface & role scoping ★ | One registry, audience-scoped by surface and role, fails closed, never overlapping. |
| Admin AI surfaces ★ | Privileged actions exist only on the admin surface; admin and customer AI never overlap. |
| Customer-facing read-only surface | Customer AI can read but cannot write, so it fails closed. |
| Write-only surface scope NEW | Surfaces that execute without reading any context. |
| Autonomy control | |
| Trust Dial autonomy levels ★ | Dial each action from Suggest to Copilot to Autopilot. |
| Autopilot guardrails ★ | Autopilot only runs inside server-side rate limits, value caps and scope fences. |
| Rate limiting per action NEW | Cap how often an action can fire per hour, day or week. |
| Value cap enforcement NEW | Bound the value any transaction (or a whole day) can move. |
| Scope fencing in Autopilot NEW | Limit Autopilot to a department, region or segment. |
| Per-action autonomy toggle NEW | Dial each action independently and turn it back down anytime. |
| Suggestion mode (draft only) NEW | AI drafts; a person approves before anything runs. |
| Copilot mode (one-click) NEW | A confirmation card waits for one explicit Approve click. |
| Rollback & undo | |
| Reversible actions by design ★ | Declare an inverse and roll back a wrong call in one click. |
| Action linked reversals NEW | The audit links original and reversal so the chain stays traceable. |
| Compliance & audit | |
| Immutable audit log ★ | Actor, action, params, result, status, duration and signature, never lost. |
| Endpoint response logging NEW | Status, body and latency from your backend captured in the audit. |
| Automation integration | |
| Triggered actions ★ | Workflows, lifecycle rules and proactive rules propose through the same gate. |
| Workflow action integration | Workflow steps can hand off to an action contract. |
| Lifecycle rule action integration | Stage promotions (lead → trial → paying) can propose a follow-on action. |
| Proactive rule action integration | Visitor-behaviour rules (views, time on page, scroll) can trigger an action. |
| AI alignment & workflow | |
| Intent matching (not improvisation) ★ | Plain English resolves to a registered contract, or nothing at all. |
| Propose → approve → execute → audit ★ | Four explicit, traceable steps; every one of them yours. |
| Flexibility & integration | |
| Model-neutral platform | The same action layer works for any provider or self-hosted model. |
| JSON backend compatibility | WHMCS, custom SaaS, WordPress, ERP: anything that speaks HTTP + JSON. |
| Action registry & discovery | actions.json plus connector auto-discovery: declare once, AI learns it instantly. |
| Connector-shipped actions | Enable a connector and its actions appear automatically. |
| Sandbox endpoint per action NEW | Point an action at a test endpoint before it touches production. |
| API discovery of actions NEW | An endpoint returns the full contracts so actions are discoverable via API. |
| Configuration & organisation | |
| Action parameters schema NEW | Declare types and validation; invalid input is rejected, not improvised. |
| Contract as living documentation NEW | The contract documents itself: name, params and intent in one place. |
| Per-action description & label NEW | A readable UI label and a prose description for each action. |
| Action category tagging NEW | Organise the registry by sales / support / billing / admin. |
| Source connector tracking NEW | Know which connector shipped each action. |
| AI hint text NEW | A prose hint guides the model on when to use each action. |
| Destructive action flag NEW | Mark high-risk actions for stricter guardrails. |
| Action lookup aliasing NEW | Map the common names people type to the canonical action key. |
Everything teams ask before they let AI touch the backend: confirmation, autonomy, rollback, scope and models.