Good Practice
The Nexudus MCP server is powerful — your AI assistant can read, create, update, and delete data in your Nexudus account on your behalf. That power comes with responsibility. When you sign in to the MCP server, you tick a disclaimer confirming that AI behaviour is not deterministic, that you are responsible for reviewing what the assistant does, and that Nexudus cannot be held liable for actions taken by third-party AI assistants. This page turns that disclaimer into practical guidance.Use this page as a starting point, not a substitute for your own judgement. Every coworking operator handles different data, different customers, and
different regulatory environments — adapt the advice below to your context.
Before you connect
Use a scoped administrator account
The MCP server currently requires you to sign in with an administrator account — member-only or other non-admin logins cannot drive the server. That does not mean you have to use a full, unrestricted administrator, though. Nexudus admin roles can be scoped down to specific locations, modules, or permissions. For day-to-day AI work, consider creating a dedicated administrator account with only the locations and permissions you actually need rather than reusing your own full-access login. For example, an admin scoped to one location and with delete permissions removed is a much safer surface for AI activity than a global administrator.A generic read-only mode for Nexudus administrator accounts is on the roadmap. Once it ships, you will be able to sign in with a read-only admin
and the MCP server will simply inherit that — every create, update, delete, and run-command call will fail at the API level. Until then, scope the
administrator account as tightly as you can.
Leave PII redaction on by default
The PII redaction checkbox on the sign-in page is unchecked by default for a reason. Most operator questions — counts, summaries, occupancy trends — work perfectly well against tokenised data. Only switch redaction off when you genuinely need to see or send real personal details. See PII redaction for the full guidance.While you work
Be specific in your prompts
Vague instructions are the single biggest source of AI mishaps. “Clean up old bookings” can mean three different things to three different assistants on three different days.| Avoid | Prefer |
|---|---|
| ”Clean up old bookings." | "List tentative bookings created before 1 March 2026 — I want to review before deletion." |
| "Fix the membership." | "Update member 12345’s plan to ‘Hot Desk Monthly’ starting tomorrow." |
| "Send a welcome message to new members." | "List members whose contract started this week so I can draft a welcome email.” |
Read every tool call before approving it
Most MCP clients show the proposed tool call — the entity, the operation, the arguments — and wait for you to approve it. Take the second to actually read it.- For
nexudus_delete,nexudus_run_command, and bulk updates, expand the arguments and check the IDs and field values. - If anything looks wrong — wrong location ID, wrong member, wrong date range — deny it and tell the assistant what to fix.
Keep destructive actions human-in-the-loop
Even with “Always allow” configured, leave destructive tool calls (delete, archive, cancel, run-command) gated on manual approval. The few extra seconds of friction is what gives you the chance to catch a wrong ID before it goes to production data.Check the response, not just the assistant’s summary
The assistant will paraphrase the Nexudus API response into prose. The prose can be wrong even when the API call succeeded — for example, the assistant may have misread a status code, or skipped a field, or filtered the response in a way that hides relevant records. For decisions that matter, ask to see the raw tool response or check the result directly in the Nexudus admin panel.What not to do
Do not paste secrets into the chat
Anything you type into the chat is sent to the AI provider (Anthropic, OpenAI, etc.) under that provider’s terms — the Nexudus PII setting does not apply to your messages. Do not paste API keys, customer passwords, or other secrets into the prompt.Do not assume PII redaction covers everything
PII redaction covers fields that Nexudus knows are personal — names, emails, phones, addresses, dates of birth, social handles, financial IDs, free-text bios. It does not sanitise:- Your own messages to the AI.
- Names that the assistant infers from context (e.g. you mention “Sarah’s booking” yourself).
- Arbitrary text fields the assistant types into the chat itself.
Do not run unattended workflows on production data without review
The MCP server is designed for interactive use. Scheduling an assistant to “run every hour and update memberships” without a human reviewing each batch is asking for trouble — small prompt drift or a misread record can multiply across hundreds of writes before anyone notices.Do not screen-share PII without redaction
If you are demoing, training, or recording the session, make sure PII redaction is on so customer names and emails do not leak into screenshots or videos. Reconnect with the PII checkbox unchecked first if needed — see Switching mid-conversation.Reviewing what the assistant did
The MCP server records anonymous telemetry for its own observability, but it does not give you an audit log of what the assistant did. To review actions after the fact:- Check the Nexudus admin panel — every create, update, and delete shows in the usual audit trail under the user account you signed in with.
- Save or export the chat transcript from your MCP client (Claude, ChatGPT, etc.) — the transcript records the assistant’s tool calls and your approvals.
Quick checklist
Before kicking off an AI session that will change Nexudus data:- Signed in with an administrator account scoped to the minimum locations and permissions needed (not a global administrator).
- PII redaction left on unless I explicitly need real personal data.
- Prompt is specific about the entity, the filter, and the action.
- Destructive tool calls require my approval.
- I have a way to verify the result (raw response, admin panel, chat transcript).
Related
Authentication
Sign-in, sessions, and the responsibility disclaimer.
PII redaction
What gets redacted and how to switch the setting.
Available tools
The operations the assistant can call on your behalf.