Adding team members to your org
Invitations, roles, and how membership gates access in ctx|.
Roles
Each member has exactly one role per organisation:
| Role | Capabilities (summary) |
|---|---|
| owner | Full control including destructive org actions and ownership transfer. |
| admin | Manage members, repositories, and settings. |
| member | Work with repositories and conversations within the org. |
Roles are stored in the members table and enforced by the backend on org-scoped
routes and MCP calls.
Inviting by email
From the dashboard (Settings → Members), send an invitation. That creates a
pending invitation record; the invitee receives an email with an accept link
(/.auth/accept-invitation?invitationId=... on your deployment).
- If the invitee already has an account, accepting attaches them to the org with the invited role.
- If they do not, they can sign up first; the invitation is applied when the email matches.
Switching organisations
Users in multiple orgs switch via the org switcher in the UI (URL slug
changes). The session also stores activeOrganizationId for flows that do not
carry a slug.
To set the active org via API:
POST /.auth/api/v1/auth/organization/set-active
Content-Type: application/json
{ "organizationId": "org_..." }MCP and membership
MCP requests authenticate the user, then verify membership in the org implied
by orgSlug. Without membership, the call does not proceed — there is no
orgId knob inside tool schemas for agents to override.