Agentic SRE Advanced By Samson Tanimawo, PhD Published Jun 22, 2026 5 min read

Reverting Agent Actions: The Undo Strategy You Need

Agents make mistakes. The undo store, the reversibility classifier, and the human escalation path for actions that cannot be undone automatically.

Classify actions by reversibility

Class A: trivially reversible (toggle a flag, restart a pod). Auto-revert is safe; record and undo with one tool call.

Class B: complex reversible (rollback a deploy, restore a config). Auto-revert is risky; manual revert with the agent's recorded delta is preferred.

Class C: irreversible (drop table, send email, charge credit card). No revert; prevention is the only strategy.

The undo store

Each Class A and Class B action is logged with: what was changed, what the previous state was, what the change-id was, who did it, when.

The store is queryable. "Show me everything the agent changed in the last hour" returns a list with revert tools per row.

Retention: 30 days for Class A, 90 days for Class B. After that, the assumption is that the change has settled and should not be undone.

The revert UI

A table of recent actions, each with a revert button. The button shows what the revert would do; the operator confirms.

Bulk revert is gated. "Revert all the agent's actions in the last hour" is dangerous; require approval and a reason.

Audit on every revert. Reverts have to be at least as well-logged as the original actions.

Class C and the escalation path

Class C actions cannot be undone. Detection that an action was wrong has to translate to recovery, not revert.

Recovery for Class C is human-led. The agent's role is to provide the full context: what was done, why, what the consequences look like, what the recovery options are.

Practice Class C recovery. Run a tabletop quarterly: "the agent dropped the wrong table, what is your response?" Surfaces gaps in playbooks.

Limits of revert as a safety strategy

Revert assumes the agent's record matches reality. Drift between record and reality breaks revert silently. Validate periodically.

Revert handles single-actor scenarios. When multiple agents and humans have touched the same resource, revert can produce unexpected merges.

Revert is not a substitute for prevention. Prefer caps, approvals, and sandboxes; revert is the last resort.