Command builder

Describe a change in plain English · pick which assets it should run on · SafeCadence translates to per-vendor commands, classifies the risk, and stages the job for approval. Nothing executes from this page.

1 What do you want to do?

Click a starter above to fill the box, or type your own. The builder matches against ~30 offline intent packs first; for anything else it asks the configured BYO-AI translator.

2 Where should it run?

Asset group

Resolved devices

Pick a group to see the device list.

Don't see your group? Author it on /groups first — the dropdown reflects the same list. Selecting (All matching assets) targets every device the intent's vendor pack applies to; use it deliberately.

· Invite specific approvers (optional)

No specific invites — defaults to "any qualified approver"

Trust note: invitation ≠ authorization. The role gate still enforces who can actually approve. Inviting someone without the required role is harmless — they get the email and see the queue page; clicking Approve returns 403. Invitees get an email DM (when SMTP is configured on /settings); the channel webhook still fires regardless so backups can see the request too.

View approvals queue →