Emergency-disable a resource
When something is compromised or misbehaving, emergency‑disable cuts it off immediately. Because authority lives in the control plane, the disable propagates through the projection and takes effect on the next request everywhere.
- Preview the blast radius — what sessions, agents, and routes are affected.
- Disable the target. In‑flight authority is withdrawn on the next request.
- Review the audit trail — the action and its fan‑out are recorded.
Preview the blast radius
Section titled “Preview the blast radius”Preview what a disable would affect
- Open Investigate → Emergency disable and choose the target.
- Review the impact preview — affected sessions and dependents — before confirming.
curl -X POST "$GATEWAY/v1/revocations/preview" \
-H "authorization: Bearer $TOKEN" \
-H "content-type: application/json" \
--data '{"target_type": "agent", "target_id": "sales-contract-agent"}'previewRevocation in the API reference →gatewayctl emergency-disable --target agent --id sales-contract-agent --preview --format jsonEvery gatewayctl verb accepts --format text|json.
Disable now
Section titled “Disable now”Emergency-disable the target
- Confirm the disable. The target is cut off and active sessions are torn down.
curl -X POST "$GATEWAY/v1/emergency-disable" \
-H "authorization: Bearer $TOKEN" \
-H "content-type: application/json" \
--data '{"target_type": "agent", "target_id": "sales-contract-agent", "reason_code": "compromised_agent"}'emergencyDisable in the API reference →gatewayctl emergency-disable --target agent --id sales-contract-agent --reason compromised_agentEvery gatewayctl verb accepts --format text|json.
Type set in Geist, Source Serif 4, and Departure Mono.