Tools: team
27 tool(s) in this category.
notifications.email_member
Email Workspace Member
Send an email to one or more teammates in the current workspace. Use when an automation or agent needs to notify specific workspace members - a digest, an alert, a hand-off, a heads-up after a long-running job. Recipients must already be members; external or free-text addresses are rejected. Sends are capped per workspace and idempotent on an optional key.
- HTTP:
POST /notifications/email-member - Required scopes:
notifications:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
notifications,email,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
recipient_emails | array<string> | yes | Recipient email addresses. Each MUST belong to a current member of this workspace; a non-member address fails the whole call. |
subject | string | yes | Email subject line. |
body | string | yes | Plain-text email body. Rendered into a branded HTML email plus a plain-text fallback; line breaks are preserved. |
cc_emails | array<string> | no | Optional additional recipients. Also member-validated and merged with recipient_emails. |
idempotency_key | string | no | Optional dedupe key. A repeat call with the same key returns the prior result without resending. When omitted on a blueprint run, a key is derived from the run + subject + recipients. |
notifications.list_recipients
List Notification Recipients
Read the current workspace members you are allowed to email, as a recipient picker for sending a member notification (email + display name + user id per member). Read when you need to choose who to email before calling notifications.email_member, which only accepts current members. This is a narrow addressable-recipient list, not a full team roster. Optional limit caps the result.
- HTTP:
GET /notifications/recipients - Required scopes:
notifications:read - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
notifications,email,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
limit | integer | no | Max recipients to return (default 200, capped at 500). |
notifications.list_sends
List Member Email Sends
Read the history of emails sent to workspace members (newest first), plus a cap-aware summary of how many sends went out in the trailing hour against the per-workspace hourly and per-run caps. Read when reviewing what notifications already fired, or before an automated email step to confirm there is room left under the rate limit. Optional recipient / run / since filters narrow the list.
- HTTP:
GET /notifications/sends - Required scopes:
notifications:read - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
notifications,email,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
limit | integer | no | Max rows to return (default 50, capped at 200). |
recipient_email | string | no | Narrow to one recipient email address (exact match). |
blueprint_run_id | string | no | Narrow to one blueprint run's sends. |
since | string | no | ISO-8601 lower bound; only sends recorded at or after this instant. |
team.add_domain
Add Business Domain
Register a new unverified domain for the caller's business so verified-domain users can self-join. Use when an admin wants to onboard a whole company by domain instead of one-by-one. Row starts with verified_at=null; DNS verification happens out-of-band. Refuses public mailbox providers (400 public_domain) and a domain already on this workspace (409 already_claimed).
- HTTP: (not exposed as REST)
- Required scopes:
team:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
domain | string | yes | FQDN, e.g. "acme.com". Case-insensitive; normalized to lowercase. |
team.get_settings
Get Team Settings
Read every allowlisted team setting for the caller's business (e.g. require_invite). Use when rendering the team settings page or deciding whether domain auto-provisioning should run for a new signup. Response is always a fully-populated typed map — missing rows fall back to each key's declared default so callers don't need to null-check.
- HTTP: (not exposed as REST)
- Required scopes:
team:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
team.invite
Invite Team Member
Create a pending magic-link invitation for a new teammate. Use when inviting someone by email to join the workspace. Persists a business_invitations row with a single-use token and 7-day expiry; does NOT create the auth.users row eagerly (that happens on accept). Returns 409 codes when the email already belongs to a member or already has a pending invitation.
- HTTP: (not exposed as REST)
- Required scopes:
team:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
email | string | yes | |
role | `enum("admin" | "member")` | no |
team.list_domains
List Business Domains
List every verified and pending domain for the caller's business, newest first. Use when rendering the domains panel in team settings, deciding whether "Ask Amdahl to add one" should appear on an empty state, or auditing which email domains auto-join this workspace. Each row carries verified_at; null means the domain is pending DNS verification.
- HTTP: (not exposed as REST)
- Required scopes:
team:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
team.list_invitations
List Team Invitations
List pending, accepted, expired, or revoked invitations for the caller's business. Use when rendering the team settings invitations panel or auditing who has been invited but not yet joined. Flips stale pending rows to expired before returning so the catalog is never stale. Paginated via limit + offset query params.
- HTTP: (not exposed as REST)
- Required scopes:
team:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
| Field | Type | Required | Description |
|---|---|---|---|
status | `enum("pending" | "accepted" | "expired" |
limit | integer | no | |
offset | integer | no |
team.list_members
List Team Members
List every member of the caller's business with display name, email, and role. Use when rendering the team settings page, deciding whether the caller is the last admin, or looking up a member UUID before a role change or removal. Returns an array of rows from the business_members table joined to auth.users.
- HTTP: (not exposed as REST)
- Required scopes:
team:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
team.remove_domain
Remove Business Domain
Delete a domain row from the caller's business so future signups with that email domain stop auto-joining. Use when an admin is rotating their primary domain or removing a subsidiary. Unverified rows delete without ceremony; removing the LAST verified domain requires force=true because existing members would lose auto-join on re-signup.
- HTTP: (not exposed as REST)
- Required scopes:
team:delete - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
domain_id | string | yes | |
force | boolean | no | Required when removing the last verified domain. Acknowledges the lockout risk. |
team.remove_member
Remove Team Member
Remove a member from the caller's business. Use when revoking access for someone who left the team. Refuses self-removal (a dedicated "leave business" flow covers that case) and refuses removing the last remaining admin (promote another member first).
- HTTP: (not exposed as REST)
- Required scopes:
team:delete - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
member_id | string | yes |
team.resend_invitation
Resend Team Invitation
Rotate a pending invitation's token, reset expires_at to seven days out, and return the refreshed row so the REST handler can re-send the magic-link email. Use when an invitee says they never got the first email or the link has expired. Refuses accepted (409 already_accepted) and revoked (409 revoked) invitations — create a fresh one instead.
- HTTP: (not exposed as REST)
- Required scopes:
team:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
invitation_id | string | yes |
team.revoke_invitation
Revoke Team Invitation
Soft-delete a pending invitation so the magic-link stops working. Use when an invited person no longer needs access or the admin sent to the wrong email. Sets status=revoked and stamps revoked_at. Re-revoking is a no-op (idempotent). Refuses revoking an already-accepted invitation — use team.remove_member instead once someone has joined.
- HTTP: (not exposed as REST)
- Required scopes:
team:delete - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
invitation_id | string | yes |
team.update_member_role
Update Team Member Role
Change a business member's role between admin and member. Use when promoting a teammate to admin or demoting an admin. Enforces three server-side rules: the target must belong to the caller's business, self-role-change is refused, and demoting the last remaining admin is refused (promote someone first).
- HTTP: (not exposed as REST)
- Required scopes:
team:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
member_id | string | yes | |
role | `enum("admin" | "member")` | yes |
team.update_settings
Update Team Settings
Patch one or more allowlisted team settings (e.g. require_invite) for the caller's business. Use when an admin changes domain auto-provisioning behavior or other workspace toggles. Unknown keys are rejected at the API boundary so typos cannot silently persist. Returns the full settings object (every allowlisted key, untouched values included) after writes complete.
- HTTP: (not exposed as REST)
- Required scopes:
team:write - Required role:
admin - Stability:
stable - Version:
1.0 - Tags:
write,team
Input
| Field | Type | Required | Description |
|---|---|---|---|
settings | object | yes | Partial map of allowlisted keys to their new values. Today: { require_invite?: boolean }. |
workspaces.add_member
Add Workspace Member
Add someone to a workspace by user id or email. Use when an admin is bringing a teammate onto the tenant directly (no invitation round-trip). By email, a new account is created and a setup link emailed; by user id, an existing account is attached. Requires workspace admin access on the target.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes | |
user_id | string | no | |
email | string | no | |
role | `enum("admin" | "member")` | no |
workspaces.create
Create Workspace
Spin up a brand-new workspace owned by the caller, who becomes both its owner and founding admin in one atomic step. Use when a user is starting a fresh tenant. Validates the name, auto-generates a URL-safe slug from it (or accepts a desired slug, rejecting reserved or taken ones), and caps how many workspaces one user may own.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
name | string | yes | |
slug | string | no | |
domain | string | no | Optional company email domain to claim (e.g. 'acme.com'). Seeded unverified; public mailbox domains are ignored. Never fails creation. |
workspaces.delete
Delete Workspace
Soft-delete a workspace, retiring the whole tenant. Use when the owner is shutting it down for good. Only the workspace owner may call this (an admin who is not the owner cannot); it stamps deleted_at rather than hard-deleting, so the row can be recovered by an operator if needed.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes |
workspaces.get
Get Workspace
Fetch one workspace by id along with the caller's role in it (owner, admin, editor, or viewer). Read when you need a single workspace's name, slug, avatar, and your own membership level. Returns not-found when the caller is not a member or the workspace is missing or deleted, so existence is never leaked to outsiders.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
workspaces.join_by_domain
Join Workspace By Domain
Join a workspace that your verified email domain is allowed to self-join. Use when a signed-in user picks a workspace from their domain-eligible list (post-signup picker or the switcher). Re-checks eligibility server-side, adds you as a member at the least role, and notifies the owner. Idempotent if you already belong.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes |
workspaces.leave
Leave Workspace
Remove the calling user from a workspace they belong to. Use when someone is leaving a tenant of their own accord. Any member may leave, except the owner, who is blocked at the database level and must transfer ownership first so the workspace is never left without an owner.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes |
workspaces.list
List My Workspaces
List every workspace the calling user belongs to, each with the caller's role and an owner flag. Read when rendering a workspace switcher or deciding which tenants the signed-in user can reach. Returns only the caller's own memberships; soft-deleted workspaces are excluded.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
workspaces.list_joinable_by_domain
List Joinable Workspaces
List workspaces the calling user may self-join because their verified email domain is claimed by the workspace and it opted into domain join. Read when rendering a post-signup join picker or the switcher's join-by-domain section. Scoped to the caller's own domain; excludes workspaces they already belong to and public mailbox domains.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:read - Required role:
viewer - Stability:
stable - Version:
1.0
Input
No structured input.
workspaces.remove_member
Remove Workspace Member
Remove a member from a workspace by user id. Use when an admin is removing a teammate from the tenant. The workspace owner is protected and cannot be removed (transfer ownership first). Requires workspace admin access on the target; the owner qualifies as an admin.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes | |
user_id | string | yes |
workspaces.transfer_ownership
Transfer Workspace Ownership
Hand a workspace to another existing member, who is promoted to admin and becomes the new owner. Use when the current owner is stepping down or handing the tenant over. Only the current owner may call this; the recipient must already be a member. The previous owner keeps their admin seat.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces,destructive
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes | |
new_owner_user_id | string | yes |
workspaces.update
Update Workspace
Patch a workspace's display name, avatar image, and avatar background color. Use when an admin renames the workspace, sets its logo, or picks the background color shown behind the avatar. Requires workspace admin access on the target; the owner qualifies as an admin. Slug, ownership, and membership have dedicated operations.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes | |
name | string | no | |
avatar_url | `string | null` | no |
avatar_bg_color | `string | null` | no |
workspaces.update_member_role
Update Workspace Member Role
Set a workspace member to admin or member. Use when promoting a teammate to admin or stepping one back down. The workspace owner is pinned as an admin and cannot be demoted (transfer ownership first). Requires workspace admin access on the target; the owner qualifies as an admin.
- HTTP: (not exposed as REST)
- Required scopes:
workspaces:write - Required role:
viewer - Stability:
stable - Version:
1.0 - Tags:
write,workspaces
Input
| Field | Type | Required | Description |
|---|---|---|---|
business_id | string | yes | |
user_id | string | yes | |
role | `enum("admin" | "member")` | yes |