Teams & Projects
Team Isolation
In GrooveOS, every piece of data belongs to exactly one team. Team A cannot read, write, or search Team B's data — this isolation is enforced at the infrastructure level, not just the UI. You never need to configure access control lists or worry about data leakage between teams.
The key identifier for this hard boundary is the team_scope field that
every memory item, conversation, and document carries. All queries — from the chat
interfaces, the Chrome extension, the Drive sync, and the API — are automatically
filtered to your team's scope. You cannot accidentally query another team's data.
Creating a Team
When you first sign in to GrooveOS, you are prompted to create a team. Only one team per account is available on the Free plan. The Team plan supports one team with multiple members.
Need multiple teams?
Enterprise plan supports multiple isolated teams under one billing account — useful for agencies, consultancies, or large organizations with separate business units. Contact us to discuss.
Inviting Members
Add members to your team from your team settings page. There are two ways:
- By GitHub username — Enter the member's GitHub login. Next time they sign in with GitHub, they join your team automatically. No email or invite link is sent.
- By email address — Enter the member's email. They receive an invite that sends them to "Sign in with GitHub" on GrooveOS. Once signed in, they're auto-attached to your team.
-
By GitHub Organization — Set your team's
github_org. Any member of that GitHub org can then sign in and auto-joins your team — no per-user invite needed. See GitHub Organization Auth below.
Admin privileges
When inviting a member (or from the members list), toggle Admin to grant elevated permissions. Admins can:
- Approve truth-level promotions (promoting a fact from VALIDATED to CANONICAL).
- Manage Drive folder mappings for the team.
- Invite and remove members.
Projects
Within your team, organize data into projects. A project is a sub-scope within your
team — it acts as a filter, not a security boundary. All members of your team can
see all projects by default, though individual items can be set to
visibility: private.
| Concept | Example | What it does |
|---|---|---|
team_scope |
acme |
Hard wall — other teams cannot cross it. Set once at team creation, cannot be changed. |
project_scope |
fundraising |
Soft scope — filters memory items and conversations within your team. Multiple projects per team. |
visibility |
team / project / private |
Controls who within the team can read this item. Does not affect team_scope isolation. |
When you search in GrooveOS, you can filter by project using the project selector in the search bar. Drive folders are mapped to specific projects when you configure Drive Sync. Chrome clips prompt you to choose a project before saving.
Creating a Project
From your dashboard, go to Projects → New Project:
- Name — The display name shown across the product (e.g., "Series A Fundraising").
- Slug — Short identifier used in API calls as
project_scope(e.g.,fundraising). Lowercase letters and hyphens only. - Drive folder — Optional. Link a Google Drive folder to automatically sync its documents into this project. See Drive Sync for setup.
Member Roles
| Role | Permissions |
|---|---|
| Member | Read all team data, write memory items, use all AI tools (LibreChat, Open WebUI, Chrome extension, API), search across all projects. |
| Admin | All Member permissions, plus: approve truth-level promotions (VALIDATED → CANONICAL), manage Drive folder mappings, invite and remove members, configure GitHub Org auth. |
Role changes take effect immediately. Removing a member revokes their access to all team data — they can no longer query your team's memory or sign in to the team's LibreChat or Open WebUI workspace.
GitHub Organization Auth
Set your team's github_org so that any member of your GitHub
organization can sign in to GrooveOS and auto-join the team — no manual
invite per person.
Setup
- Go to team settings → Authentication.
- Enter your GitHub organization slug in the
github_orgfield and save. - Ask an org owner to install the xbrain GitHub App on the org — a one-time consent screen. (Members can request the install; an owner approves.) See Installing on your org.
- Once the App is installed, every member of the org auto-joins as a Member the next time they sign in with GitHub.
Two-sided handshake
Auto-join needs both sides to be set: GrooveOS must know which org the
team is linked to (your github_org setting), and GitHub
must know that xbrain is allowed to read your org's membership list
(the App install). The setup wizard walks you through both.
Members who leave your GitHub Org lose access to GrooveOS on their next sign-in. You can also remove or block members manually from the team members list at any time — see Blocking members.