Organizations
Organizations are the collaboration boundary in Hippocortex Enterprise. They group users, agents, teams, and memories into a shared workspace with unified access control and billing.
A single Hippocortex tenant (your account) can contain multiple organizations. Each organization has its own members, teams, namespaces, and policies. Data does not flow between organizations unless explicitly configured.
Structure
Organization
|
+-- Members (users with org roles)
+-- Teams (functional groups)
| +-- Team Members (with team roles)
| +-- Agent Identities (machine actors)
|
+-- Namespaces (memory isolation)
+-- Access Policies
+-- Audit Logs
Teams
Teams subdivide an organization into functional groups. A research team, a customer support team, and an operations team might each have their own agents and memory namespaces.
Each team has members with team-specific roles (manager, contributor, reader, agent). Team roles scope access within that team's boundaries. See Permissions for the role hierarchy.
Agent Identities
AI agents in an enterprise deployment have registered identities. Each agent identity includes:
| Field | Description |
|---|---|
name | Human-readable agent name |
agent_class | Classification: general, research, support, operations |
team_id | Team assignment (scopes access) |
allowed_scopes | Namespace access restrictions |
api_key_id | Associated API key for authentication |
Agent classes are informational labels. Actual access control is enforced through scopes and namespace policies, not classes.
Memory Namespaces
Namespaces partition memory into isolated collections. Each namespace has a sensitivity level and a default access mode:
| Access Mode | Behavior |
|---|---|
public | All org members can read |
team | Only the owning team can access |
private | Only explicitly authorized users/agents |
Namespaces are the primary mechanism for data isolation. A customer support namespace might be readable by support agents but invisible to research agents. A shared-knowledge namespace might be readable by everyone but writable only by operators.
Lifecycle Policies
Lifecycle policies automate memory management within namespaces. You can configure:
- Retention periods. Automatically delete events older than a specified duration.
- Archival rules. Move old events to cold storage after a period.
- Deletion rules. Permanently remove data based on age, type, or sensitivity.
These policies help with compliance requirements (data retention laws) and storage management.
Memory Lineage
Lineage tracking records the full provenance chain from raw event to compiled artifact. For any piece of knowledge, you can trace:
- Which events contributed to it
- When it was compiled
- Which compiler version processed it
- Whether it superseded previous knowledge
This is critical for compliance and debugging. When an agent makes a decision based on compiled knowledge, lineage lets you trace that decision back to its source data.
Migration from Single Tenant
If you are upgrading from a single-tenant deployment, see Migration Guide for step-by-step instructions. Enterprise features are additive; existing single-tenant data continues to work without changes.