Skip to main content
Revocation in Civic is instant. No delay, no grace period. The moment you revoke, the agent loses access. Revocation is available at four levels of granularity — from surgical to nuclear. Use the most targeted option that matches the situation.

Four Levels of Revocation

Level 1 — Block a Single Tool

Add a guardrail that blocks one specific tool. The server connection and all other tools remain active. When to use: You want to prevent a specific dangerous action without disrupting the agent’s other capabilities. Example: Block delete_event on Google Calendar but keep read access and create_event available. 
"Block the delete_event tool on my Calendar server"

"Add a guardrail to prevent send_gmail_message on Gmail"

Level 2 — Restrict Specific Operations on a Server

Add multiple guardrails to block a subset of tools on a server, or modify existing guardrails to restrict parameters. When to use: You need to reduce the scope of what an agent can do on a server without revoking the entire connection. 
"Block all write operations on Google Calendar — keep reads only"

"Restrict Gmail to read-only — block send and delete operations"

Level 3 — Revoke a Server Connection

Revoke the OAuth or API key credential for one MCP server. The agent loses all access to that server immediately. When to use: You no longer trust the agent’s access to a specific service, or the credential was compromised. Example: Revoke Gmail access entirely while keeping Google Calendar connected. 
"Revoke my Gmail connection"
You can also revoke via the UI: nexus.civic.com → Authorizations → find the server → Revoke.

Level 4 — Delete the Toolkit (Nuclear Option)

Delete the entire toolkit. All server connections within it are severed simultaneously. When to use: You need to stop the agent from accessing everything immediately. Use in incident response when the threat is broad. 
"Delete my production-agent toolkit"
Via the UI: nexus.civic.com → Toolkits → select toolkit → Delete.

Why Revocation is Chat-Only (Not API)

The Civic Chat endpoint is separated from the AI agent layer by design. If revocation were available through the same API that your agent calls, a compromised agent could:
  • Revoke its own guardrails to gain broader access
  • Delete another agent’s access as part of a prompt injection attack
  • Prevent the human operator from being able to revoke it
By requiring revocation to go through Civic Chat (which your agent cannot call), Civic ensures that the human is always in the loop for access decisions. This is architectural, not a limitation.

Incident Response Pattern

1

Revoke immediately

Don’t investigate first — stop the bleeding. Delete the toolkit or revoke the relevant server connection.
"Delete my production-agent toolkit"
2

Check the audit log

Review what the agent actually did before you revoked it.
"Export my audit log as CSV for the last 24 hours"
See Audit and Observability for detailed queries.
3

Review guardrails

Determine what guardrail would have prevented the problematic action. Add it before re-authorizing.
4

Re-authorize with minimum scope

Create a new toolkit with only the tools required for the agent’s purpose. Apply guardrails proactively.

Scope of Revocation

Revocation applies at the Hub layer. It stops the agent from making further tool calls through Civic. It does not:
  • Undo tool calls already executed (e.g., emails already sent, events already deleted)
  • Revoke the OAuth grant at the provider level (do this separately if needed)
  • Stop any local agent actions outside the Civic Hub (file system, terminal, etc.)
  • Guarantee that cached responses in the agent’s context are cleared

Guardrails

Proactive restrictions — prevent problematic calls before they happen

Audit Trail

Understand what the agent did before and after revocation

Civic Chat

The Revocation Agent — example prompts and workflow

Secret Management

How credentials are stored and what revocation does to them