Critical-risk tools in Crow

Remove a site block from the Caddyfile (matched by address) and reload Caddy. Destructive — the change is persisted to disk.

Delete a page or chapter from BookStack (irreversible)

Delete a campaign and all its posts. Requires confirmation.

Cancel a queued cross-post before its scheduled_at fires. Idempotent — cancelling an already-published entry returns the published target_post_id. Cancelling an already-cancelle...

Delete a custom crow.md section. Protected sections cannot be deleted — only disabled. Scoped overrides (device/project) of protected sections CAN be deleted (restores the globa...

Permanently delete a file from storage. This cannot be undone. Returns a preview and confirmation token on first call; pass the token back to execute.

Permanently delete a memory. This cannot be undone. Returns a preview and confirmation token on first call; pass the token back to execute.

Permanently delete a blog post. This cannot be undone — use crow_unpublish_post to revert to draft instead. Returns a preview and confirmation token on first call; pass the toke...

Permanently delete a setlist. Returns a preview and confirmation token on first call; pass the token back to execute.

Remove the most recently appended line from an active glasses note session. Use when the user says

Sign a revocation for a previously-published attestation. The revocation is added to /.well-known/crow-identity-revocations.json and the original attestation is marked revoked (...

Delete an article. Uses two-step confirmation.

Delete a bookmark from Linkding. This is permanent.

Manage playlists: create, list, rename, or delete.

Remove a news source subscription. Returns a preview and confirmation token on first call; pass the token back to execute.

Unsubscribe from a feed. This removes the feed and all its entries permanently.

Remove a data backend registration. This cannot be undone. Returns a preview and confirmation token on first call; pass the token back to execute.

Remove a song from a setlist

Operator kill switch: clear all lifecycle refcounts and reconcile against live provider health. Use when refcount state drifts from reality.

Revoke a previously shared item or project from a contact. Stops ongoing sync for shared projects. Returns a preview and confirmation token on first call; pass the token back to...

Revoke a registered instance — sets status to

Delete a bookmark from Shiori. This is permanent and removes any cached content.

Securely delete tax return data after filing. This is irreversible.

Delete a note from TriliumNext. Requires explicit confirmation.

Delete a task from Vikunja (irreversible)

Permanently delete a saved article from Wallabag

Lift a specific ban by its decision ID. Destructive — the target IP/range will no longer be blocked by any bouncer. Use this to undo a false-positive ban.

Full defederation: block domain + purge cached content. QUEUED — requires operator confirmation in the Nest panel.

Permanently delete an entire playlist. Requires confirm:true and is irreversible — get explicit user confirmation in the conversation before calling.

Remove a single track from a playlist by its 0-based position (use fw_get_playlist_tracks to find the right index first). Funkwhale uses POST /remove/ with body {index} — not DE...

Remove a library follow or channel subscription. Rate-limited: 30/hour.

Defederate from a remote instance (block + purge cached content). Admin-only; QUEUED.

Trigger a pict-rs prune of remote media. Exposes the admin purge endpoint; deletes cached media for federated posts older than N days. Rate-limited: 2/hour.

Permanently delete a learner and cascade to sessions, transcripts, memories, and storage references. Tier-1 destructive action — admin confirms in panel before calling.

Hard kill a session. Skips the 5s flush; any in-flight artifact save may be lost. Requires a reason (logged).

Revoke every session in a batch (use when a printed QR sheet is lost). Admin-only. Requires a reason (logged).

Defederate from a remote domain (block + purge cached content + sever follows). QUEUED — requires operator confirmation.

Full defederation: block + unfollow + purge cached videos from a remote instance. QUEUED — requires operator confirmation.

Permanently delete a post. Destructive — the post is gone from the local instance; federated copies on remote servers may persist.

Manually trigger pruning of remote media older than N days. The scheduled cron (scripts/media-prune.sh) runs daily; this lets operators force an aggressive prune.

Manually trigger pruning of cached remote media older than N days. The sidekiq scheduler handles this on a recurring cadence (MEDIA_CACHE_RETENTION_PERIOD env); this lets operat...

Manually trigger a prune of remote media older than N days. The scheduled horizon job handles this on a recurring cadence; this lets operators force an aggressive pass. Rate-lim...

Trigger pruning of remote-cached video files older than N days. PeerTube runs this on a scheduled job; this forces an immediate pass. Admin-only. Rate-limited: 2/hour.

Execute a write SQL statement (INSERT, CREATE TABLE, UPDATE, DELETE) on a user-owned database. Separate from read-only queries for safety.

Deactivate a server

Dismiss all notifications, optionally filtered by type or date.

One-step tax return preparation: creates a return from ALL confirmed documents uploaded through the Tax Filing panel. Automatically adds W-2s, 1099s, 1098s, and calculates. SSNs...

Block an entire remote domain (no federation, no media fetch). QUEUED — requires operator confirmation in the Nest panel before firing.

Defederate from a remote domain (stop all ActivityPub interaction). Stronger than block_domain — existing follow relationships are severed. QUEUED — requires operator confirmation.

Instance-wide defederation — admin-only. Uses the admin/domain_blocks endpoint with severity=suspend. QUEUED — requires operator confirmation in the Nest panel before firing.

Leave a room. Destructive — your messages stay but you lose access. Rate-limited: 30/hour.

Block an entire remote domain (no federation, no media fetch). QUEUED — requires operator confirmation in the Nest panel.

Block an entire remote instance (admin, instance-scope blocklist — hides all accounts + videos from that domain for every user on this server). QUEUED — requires operator confir...

Create a new transaction. Amount in cents (negative = expense, positive = income).

Enable/disable motion detection for a camera. DESTRUCTIVE: disabling detect also stops motion-triggered recording on that camera. Use sparingly.

Add Schedule D capital gain/loss transactions.