maark
Log inStart for free

Agent access & safety

Scopes, keys, project limits, audit trails, and what an assistant can never do.

AI connections are powerful, so they are built to be safe by default. This page explains exactly what a connected assistant can and cannot do, and how to stay in control.

Scopes: read, propose, operate

Every connection has one scope, chosen when you mint a key or sign in:

| Scope | What it can do | | --- | --- | | Read | View data only — status, opportunities, coverage, evidence. No changes. | | Propose | Suggest changes that land in a Maark approval queue for a person to accept or reject. | | Operate | Make direct changes within the connection's project scope. |

Non-admin members get read by default. Only org admins can grant propose or operate.

Project scoping

A connection only reaches the specific projects you select. An assistant scoped to one project cannot see or touch another. There is no "all projects" backdoor.

Writes preview first

Write-capable actions default to a safe preview: the assistant shows what it would change before anything is committed. To actually write, it must explicitly confirm — so a stray request does not quietly mutate your data.

Keys are yours to control

  • Keys (mk_…) are minted in Org Settings → External agent access and shown once.
  • Revoke a key at any time to instantly cut off that connection.
  • Guided sign-ins (claude.ai, ChatGPT) can likewise be revoked, and expired sessions are pruned automatically.

Everything is audited

Actions taken over a connection are recorded, so you always have a trail of what ran, when, and under which scope.

What an assistant can never do

Some capabilities are deliberately kept off the AI connection entirely:

  • Publishing to your site is never done over a connection — publishing always goes through the human review flow.
  • Owner-only operations (the internal marketing, outreach, and audit tooling) are never exposed to customer connections.
  • Deep diagnostic tools that are not yet part of the connection surface stay out of reach until they are explicitly added.

Turning it on for your org

A project must be enabled for external agent access before any connection can reach it. An org admin enables this per project in Org Settings → External agent access, alongside key management. If a project is not enabled, connections simply cannot see it.

Still stuck? Email support@maark.ai and a human will help.