Action Engine

The Action Engine turns savings opportunities into controlled remediations with approval, guardrails, rollback support and receipt evidence.

Execution Lifecycle

01
User submits an action request from Today, Savings, or a supporting finding view.
02
Conflict detection validates policy, freeze windows and IaC ownership.
03
Role-based approval confirms execution authority.
04
Provider adapter executes the canonical action type.
05
Result metadata, provider response and evidence are recorded for the receipt trail.
06
Savings verification runs against post-action cost windows.
07
Rollback can run when the action type supports it.

Action Modes

suggest

Dry-run and planning mode with no cloud mutation.

safe

Guarded request mode; execution remains approval-gated while automation safety is frozen.

manual_approval

Default mode; execution requires approval.

auto

Disabled until preflight, approval, audit, idempotency and rollback evidence are verified.

Reliability Controls

Idempotency keys for request deduplication.
Correlation IDs across API, queue and provider calls.
Provider error mapping with retryability signals.
Readiness and validation reports for rollout confidence.
Immutable audit logs for every state transition.

Every state-changing action must leave an audit log entry and feed receipt verification. Rollback is handled as another audited action, not as an invisible undo.

Get started

Find recoverable spend before the next invoice lands.

Connect one AWS, Azure or GCP scope, approve the safest savings actions, and give finance a receipt when the savings verify.

Read-only scan first. Approval gates before remediation.

Connect a cloud scope See pricing