The agent can investigate freely, but it can’t change your infrastructure
without a human saying yes. Approvals and the audit trail are how Nuphos keeps you
in control.
Approvals via plans
Every change the agent wants to make is packaged as a plan —
overview, steps, risk, and cost — that a team member must approve before it runs.
Nothing executes from a proposed plan; it has to move to approved first.
Decide who can approve using:
- Team roles — Administrators (and Editors) can act on
plans; Viewers cannot.
- Member allow-lists — only people allowed on an
account can drive changes against it.
Audit trail
Plan approvals are attributed and timestamped — Nuphos records who approved or
rejected each plan and when. Combined with each command’s captured output, this
gives you a record of what was proposed, who authorized it, and what actually
happened.
Temporary access
Because credentials are short-lived and per-session, access
is naturally time-boxed: a session’s credentials expire in about an hour rather
than lingering. Grant access for a task, and it lapses on its own.
For the tightest control on a sensitive account: keep its role read-only, add
only the people who need it to the allow-list, and review plan decisions before
approving.
