Skip to Content
DocumentationCommonStep-up AuthStep 1: Prerequisites

Step 1: Prerequisites

⚡ 2 min read

Both paths

  1. RBAC configured — resource keys exist in Console; the member’s role has the right level on {resource}:{action} (RBAC).
  2. Level-2 actions — only those cells trigger step-up; level 1 skips MFA entirely.

Web app (SDK)

  • Transcodes SDK loaded and member signed in (redirectToStepUp needs an active session).
  • resource and action strings match Console resource keys and CRUD actions.

AI agent (transcodes-guard)

  • transcodes CLI  installed; MAT saved to {{HOME_DIR}}/.transcodes/config.json.
  • transcodes-guard plugin enabled for your host (Integration).
  • Token member has RBAC permission for the tool’s resource/action (often system + delete / update for admin tools).

Without a saved MAT, hooks still block risky commands but cannot start step-up or write gate audit rows.

Next: Step 2: Web app (SDK)

Last updated on
OverviewStep 2: Web app (SDK)