Critical-risk tools in Businys
25 of the 248 tools in Businys are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
archive_contractDestructiveSoft-delete (archive) a contract. The contract is hidden but not permanently deleted.
-
archive_invoiceDestructiveSoft-delete (archive) an invoice. The invoice is hidden but not permanently deleted.
-
cancel_bookingDestructiveCancel a booking. Sets status to cancelled.
-
cancel_invitationDestructiveCancel a pending invitation. Owner only.
-
cancel_recurring_billingDestructiveCancel a recurring billing arrangement.
-
delete_accountDestructivePermanently delete the account, all data, Stripe subscription, and uploaded files. Irreversible. Requires confirm=true.
-
delete_assetDestructiveDelete an uploaded file. Removes both the database record and the file from storage. This action is irreversible.
-
delete_automationDestructiveDelete an automation rule. Historical run logs are preserved.
-
delete_blackoutDestructiveDelete a blackout date.
-
delete_exerciseDestructiveDelete a custom exercise. Seed exercises cannot be deleted.
-
delete_gear_itemDestructiveArchive a gear item (soft delete).
-
delete_goalDestructiveDelete a goal.
-
delete_measurementDestructiveDelete a measurement entry.
-
delete_personal_recordDestructiveDelete a personal record.
-
delete_programDestructiveDelete a training program.
-
delete_sub_profileDestructiveArchive a sub-profile. Linked bookings and invoices are preserved.
-
delete_workoutDestructiveDelete a workout and all its set logs.
-
delete_workout_setDestructiveDelete a set from a workout.
-
remove_memberDestructiveRemove a member from the organization. Owner only. Cannot remove the owner.
-
revoke_api_keyDestructiveRevoke (soft-delete) an API key by ID.
-
revoke_portal_accessDestructiveRevoke a client
-
create_deposit_invoiceFinancialCreate an invoice with a deposit requirement. The deposit can be marked as non-refundable (forfeited on cancellation/no-show).
-
forfeit_depositFinancialMark a deposit as forfeited due to no-show or late cancellation. Updates the invoice and logs a transaction.
-
process_refundFinancialIssue a Stripe refund for a payment. Can be partial or full amount.
-
sell_credit_packFinancialProcess payment for a credit pack via Stripe Checkout.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.