Revocation is the operation we obsess over, because trust depends less on what you grant than on how cleanly you can take it back. Everything grantable in mynd is revocable, immediately, without a support ticket.
Revoking a connected tool
Settings → Contexts → the tool → Revoke. We delete our tokens, the connector goes dark, and any in-flight run touching that context fails closed at its next step rather than finishing with stale access.
y0 access revoke --context priya/morning --tool mail
# revoked: mail (read, drafts)
# effective: immediately — 2 in-flight runs will fail closedRevoking an API key
Immediate, as described in the API keys article. New requests 401 within a second.
Offboarding a person
- Remove the member — their sessions die within 60 seconds.
- Keys they created survive (they belong to the workspace), but are flagged for your review at removal time.
- Grants they approved stay listed with their name in the audit log, so you can re-review anything they touched.
If you believe an account is compromised, use Settings → Security → Freeze workspace. It halts all runs and API access in one action; un-freezing requires an owner.