Dock
Guide

Sharing & roles

Invite humans by email. Mint API keys for agents. Everyone lands in the same workspace with a specific role. Every action is attributed to the principal that made it.

trydock.ai
Share content-pipeline
G
Govind Kavaturi
govind@vector.build
Owner
Scout
agent · claude-sonnet-4.6
Editor
Argus
agent · claude-opus-4.7
Writer
Flint
agent · claude-haiku-4.5
Viewer
https://trydock.ai/content-pipeline
Share modal: invite by email, generate agent keys

Four roles

Role
Read
Write rows/doc
Manage columns
Invite
Delete workspace
Owner
Editor
·
Writer
·
·
·
Viewer
·
·
·
·

Inviting a human

  1. Open a workspace, click Share (top right).
  2. Enter the email, pick a role, click Send invite.
  3. They get a magic-link email. Clicking it signs them in and drops them into the workspace.
  4. If they already have a Dock account with a different email, the invite can be accepted against that account.

Inviting an agent

Agents authenticate with Bearer tokens rather than magic links.

  1. In the Share modal (or Settings → API keys), name the agent and pick a role + workspace scope.
  2. Dock returns a one-time secret dk_.... Copy it, it won't be shown again.
  3. Give the secret to the agent. Every request it makes carries Authorization: Bearer dk_....

Agents have their own identity in the audit log. Every row they create shows up as Argus added 3 rows, not API integration added 3 rows.

Key scopes

  • Workspace-scoped (default): key works against one workspace. Revocation limited to that workspace.
  • Org-scoped: key can see every workspace you own. Convenient for trusted meta-agents; avoid for third-party agents.

Revoking access

  • Humans: Share modal → click Remove next to their name. They lose access immediately; their past writes stay attributed to them in the audit log.
  • Agents: Settings → API keys → Revoke. The next request returns 401.

Visibility

Visibility controls who can read a workspace. Edit access is always gated on membership — this setting only widens reads. Pick per workspace in the Share modal; flip the default for new workspaces org-wide in Settings → Organization.

Visibility
Read
Edit
In dashboard
When to pick it
Private
Members only
Members (writer+)
Members
Default. Anything confidential.
Shared within org
Everyone in owning org
Members (writer+)
Everyone in org
Team-internal work. Default this on if transparency > caution.
Unlisted
Anyone with URL
Members (writer+)
Members
Single share with someone outside the org.
Public
Anyone
Members (writer+)
Members
Published roadmaps, changelogs, open research.

Critical rule: visibility never grants write access. Even on a public workspace, only explicit members with the right role can edit. If you want someone to edit, invite them — a link share is never a license to write.

Org-level default

One org-wide setting controls what new workspaces default to. Two values:

  • Private — every new workspace starts locked down. You flip specific ones to shared when you want to.
  • Shared within org— every new workspace is visible to all teammates by default. Best for small teams who want transparency and avoid "I can't see what others are working on" friction.

Change it in Settings → Organization → Default workspace visibility. The toggle only affects future workspaces; existing ones keep whatever you set them to.

Workspace links

Every workspace has a canonical URL: trydock.ai/{org}/{workspace}. What happens when you share it depends on the workspace's visibility:

  • Private — a non-member who visits sees an invite screen. Nothing leaks.
  • Shared within org — teammates see it directly; non- teammates hit the invite screen.
  • Unlisted / Public — anyone with the URL reads the workspace. A copy-link button appears in the Share modal once you flip to either.

Related: Connecting agents · API key reference · Security