Teams and Members

Organization Members

Members are users who belong to an organization. Each member has an org-level role that determines their permissions.

Inviting a Member

curl -X POST https://api.hippocortex.dev/v1/organizations/org_abc123/members/invite \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "jane@acme.com",
    "role": "operator"
  }'

Rules:

You cannot invite someone with a higher role than your own
The invitation creates a membership in invited status
The user accepts by logging in with the invited email

Listing Members

curl "https://api.hippocortex.dev/v1/organizations/org_abc123/members?status=active&role=admin" \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123"

Changing a Member's Role

curl -X PATCH https://api.hippocortex.dev/v1/organizations/org_abc123/members/mem_456 \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123" \
  -H "Content-Type: application/json" \
  -d '{ "role": "admin" }'

Constraints:

Cannot assign a role higher than your own
Cannot change your own role

Removing a Member

curl -X DELETE https://api.hippocortex.dev/v1/organizations/org_abc123/members/mem_456 \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123"

Cannot remove yourself
Cannot remove someone with a higher role than yours

Org Roles

Role	Description
`owner`	Full control, can delete org, transfer ownership
`admin`	Manage members, teams, settings. Cannot delete org
`operator`	Manage agents, namespaces, policies. Cannot manage members
`support`	Read access + limited write for support workflows
`viewer`	Read-only access to org resources
`agent`	Machine-to-machine role for automated systems

Teams

Teams group members into functional units (e.g., Engineering, Data Science, Support). Teams can own namespaces and have scoped policies.

Creating a Team

curl -X POST https://api.hippocortex.dev/v1/organizations/org_abc123/teams \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Engineering",
    "slug": "engineering",
    "type": "department",
    "description": "Core engineering team"
  }'

Listing Teams

curl "https://api.hippocortex.dev/v1/organizations/org_abc123/teams?type=department" \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123"

Team Types

Teams have an optional type field for categorization:

department -- organizational unit (Engineering, Sales)
project -- project-based grouping
functional -- cross-cutting function (Security, Compliance)
Custom types are also supported

Adding Members to a Team

curl -X POST https://api.hippocortex.dev/v1/organizations/org_abc123/teams/team_789/members \
  -H "Authorization: Bearer <JWT_TOKEN>" \
  -H "X-Organization-ID: org_abc123" \
  -H "Content-Type: application/json" \
  -d '{
    "userId": "user_456",
    "role": "contributor"
  }'

Team Roles

Role	Description
`manager`	Full team admin, can manage members and team settings
`contributor`	Can read and write within team scope
`reader`	Read-only access to team resources
`agent`	Machine-to-machine role for automated team processes