Scrapes Docs
Get startedDeployAgentic OSCommand CentreMemoryTeam OSAdminContribute

Team OS concepts

Team OS lets a hosted server control shared Agentic OS access.

Team OS lets a hosted server control shared Agentic OS access.

The local workspace still runs on the user's machine. The hosted server decides which team, clients, files, skills, and memory that user can access.

Mental model

PartMeaning
Hosted serverThe source of truth for team identity, roles, grants, memory, and file access.
Local clientA local Agentic OS workspace signed in to the hosted server.
UserA person who signs in with a server-managed identity.
TeamA shared group of users, clients, memory, and permissions.
ClientA scoped work area, usually for one customer, brand, or project area.
GrantA server-side permission that allows access to a client or skill.
SessionThe saved login state used by terminal commands and Command Centre.

Source of truth

The hosted server is the source of truth in Team OS.

It stores and checks:

  • users;
  • teams;
  • memberships;
  • clients;
  • client grants;
  • skill grants;
  • shared memory;
  • workspace file access;
  • audit events.

A local client can ask for access. It cannot decide its own team, role, client, or user identity.

Login state

The terminal and Command Centre use the same Team OS login state when they use the same Team OS config directory.

After sign-in, users can check their server-resolved identity with:

npm run team -- whoami

They can list only the clients granted by the server:

npm run team -- clients

They can remove the saved login with:

npm run team -- logout

Server-side identity

Team OS does not trust identity sent by the local client.

For example, a request body can include a team ID or client ID. In hosted mode, the server still resolves the real user, team, role, and grants from the saved session or server-side principal.

This means a local client cannot gain access by sending a different teamId, clientId, or userId.

Memory scopes

Team OS memory is scoped.

ScopeWho it is for
SystemShared baseline memory for the Agentic OS install.
TeamShared memory for one team.
ClientShared memory for one granted client.
PrivateMemory for one signed-in user.

Search and ingest routes must respect the server-resolved identity and grants.

File access

Team OS exposes only granted client files through server-checked sync flows.

Secret files, local runtime state, transcripts, generated stores, build folders, and private local config must not be exposed through team sync.

Next: Roles and permissions

Team OS

Team OS connects local Agentic OS clients to a hosted server.

Roles and permissions

Team OS uses roles and grants together.

On this page

Mental modelSource of truthLogin stateServer-side identityMemory scopesFile access