FAQ
Common questions about connecting, executing, and governing actions.
Do I have to write any code to get governance? No. Policy and audit apply on every surface — direct execution, the proxy, and MCP — without extra calls from you.
How do I let an agent only read, never write?
Enable default-deny on writes for the environment. Reads default to allow; writes and
destructive actions are denied unless an allow policy permits them.
Where are my credentials stored? Encrypted at rest with AES-256-GCM. OAuth tokens are refreshed automatically; the audit log stores only a hash of action arguments, never the plaintext.
Can the person who triggers an action approve it?
No — separation of duties blocks self-approval with a 403, and the attempt is
audited.
An action returned 202 — what does that mean?
A policy requires approval. The action is held until a different person approves it;
the response includes an approval_id.
The action I need isn't in the catalog. Use the proxy to call the provider's endpoint directly — still governed and audited.
Which auth method should my agent use?
An API-Key. JWTs are for signed-in dashboard users.
Is there a CLI?
Yes — the nolixan CLI authenticates and manages connections, actions, triggers, and MCP config from
your terminal (see CLI). For in-app use, the SDKs (Node / Python / Go / .NET) are libraries
you call directly — see the Quickstart and SDKs.