Teams & Projects
Team Isolation
In GrooveOS, every piece of data belongs to exactly one team. Team A cannot read, write, or search Team B's data — this isolation is enforced at the infrastructure level, not just the UI. You never need to configure access control lists or worry about data leakage between teams.
The key identifier for this hard boundary is the team_scope field that
every memory item, conversation, and document carries. All queries — from the chat
interfaces, the Chrome extension, the Drive sync, and the API — are automatically
filtered to your team's scope. You cannot accidentally query another team's data.
Creating a Team
When you first sign in to GrooveOS, you are prompted to create a team. Only one team per account is available on the Free plan. The Team plan supports one team with multiple members.
Need multiple teams?
Enterprise plan supports multiple isolated teams under one billing account — useful for agencies, consultancies, or large organizations with separate business units. Contact us to discuss.
Inviting Members
Add members to your team from your team settings page. There are two ways:
- By email address — Enter the member's email. They will receive an invite link. Once they click it and sign in with Google, they join your team automatically.
- By GitHub Organization — Connect your GitHub Org in team settings. Any member of your GitHub Org can then sign in to GrooveOS without being manually invited. See GitHub Organization Auth below.
Admin privileges
When inviting a member (or from the members list), toggle Admin to grant elevated permissions. Admins can:
- Approve truth-level promotions (promoting a fact from VALIDATED to CANONICAL).
- Manage Drive folder mappings for the team.
- Invite and remove members.
Projects
Within your team, organize data into projects. A project is a sub-scope within your
team — it acts as a filter, not a security boundary. All members of your team can
see all projects by default, though individual items can be set to
visibility: private.
| Concept | Example | What it does |
|---|---|---|
team_scope |
excalibur |
Hard wall — other teams cannot cross it. Set once at team creation, cannot be changed. |
project_scope |
fundraising |
Soft scope — filters memory items and conversations within your team. Multiple projects per team. |
visibility |
team / project / private |
Controls who within the team can read this item. Does not affect team_scope isolation. |
When you search in GrooveOS, you can filter by project using the project selector in the search bar. Drive folders are mapped to specific projects when you configure Drive Sync. Chrome clips prompt you to choose a project before saving.
Creating a Project
From your dashboard, go to Projects → New Project:
- Name — The display name shown across the product (e.g., "Series A Fundraising").
- Slug — Short identifier used in API calls as
project_scope(e.g.,fundraising). Lowercase letters and hyphens only. - Drive folder — Optional. Link a Google Drive folder to automatically sync its documents into this project. See Drive Sync for setup.
Member Roles
| Role | Permissions |
|---|---|
| Member | Read all team data, write memory items, use all AI tools (LibreChat, Open WebUI, Chrome extension, API), search across all projects. |
| Admin | All Member permissions, plus: approve truth-level promotions (VALIDATED → CANONICAL), manage Drive folder mappings, invite and remove members, configure GitHub Org auth. |
Role changes take effect immediately. Removing a member revokes their access to all team data — they can no longer query your team's memory or sign in to the team's LibreChat or Open WebUI workspace.
GitHub Organization Auth
Connect your GitHub Org so that any member of your org can sign in to GrooveOS without being manually invited.
Setup
- Go to team settings → Authentication → GitHub.
- Click Connect GitHub Organization.
- Authorize GrooveOS on GitHub and select the organization to link.
- Once connected, any member of that GitHub Org who signs in via Google OAuth will automatically join your GrooveOS team as a Member.
Note
GitHub Org auth requires a GitHub OAuth app. The setup wizard in team settings walks you through creating one — no external configuration is needed outside of GitHub and GrooveOS.
Members who leave your GitHub Org lose access to GrooveOS on their next sign-in. You can also remove members manually from the team members list at any time.