Skip to content

Feature Request: Team Collaboration & Multi-Developer Access #6

Open
Open
Feature Request: Team Collaboration & Multi-Developer Access#6
@DevOlabode

Description

@DevOlabode
DevOlabode
opened on Apr 12, 2026

Problem Statement

Currently, Voult apps have a single owner (owner field in App model). This creates several limitations:

  • No collaboration: Teams cannot work together on the same authentication configuration
  • Single point of access: Only one developer has access to OAuth credentials and settings
  • No delegation: Cannot delegate access or share responsibilities
  • Not enterprise-ready: Not suitable for agencies, startups, or enterprise teams

💡 Proposed Solution

Implement a team-based access system that allows multiple developers to collaborate on apps with role-based permissions.

Key Features

  1. Team Creation & Management

    • Create teams with multiple members
    • Team settings and configuration
    • Team member roles (Owner, Admin, Developer, Viewer)

  2. Invitation System

    • Invite developers via email
    • Token-based invitation acceptance
    • Automatic expiration (7 days)

  3. Role-Based Access Control

    • Owner: Full control over team and apps
    • Admin: Can manage apps and OAuth,但不能 manage team members
    • Developer: Can create and edit apps, but cannot access OAuth credentials
    • Viewer: Read-only access to apps

  4. App Access Integration

    • Apps can be assigned to teams
    • Team members can collaborate on app configuration
    • Backward compatibility with existing solo apps

📋 Implementation Checklist

Phase 1: Core Infrastructure (MVP)

  • Create Team model (models/team.js)
  • Add team invitation system
  • Implement Team CRUD API endpoints
  • Create team management web interface
  • Add email invitation service

Phase 2: App Integration

  • Modify App model to support team ownership
  • Create permission middleware (middleware/requireTeamRole.js)
  • Update app controllers with team permission checks
  • Add team filtering to app listing
  • Create migration script for existing apps

Phase 3: Advanced Features

  • Implement audit logging
  • Add granular permission system
  • Create team analytics dashboard
  • Add team billing integration

🗂️ Files to Create/Modify

New Files

models/team.js
models/auditLog.js
controllers/api/team.js
controllers/web/team.js
routes/api/team.js
routes/web/team.js
middleware/requireTeamRole.js
services/teamInvitation.js
views/team/

Modified Files

models/app.js - Add team field
controllers/web/app.js - Add team permission checks
routes/web/app.js - Add team routes
routes/api/app.js - Add team permission checks

Security Considerations

  • Use cryptographically secure invitation tokens
  • Always verify team membership server-side
  • Implement proper authorization on all endpoints
  • Log all team membership and permission changes
  • Rate limit invitation sending

Success Metrics

  • Teams can be created and managed
  • Developers can be invited and accept invitations
  • Team members can collaborate on apps based on roles
  • Permissions are enforced correctly
  • No security vulnerabilities in access control
  • Backward compatibility maintained for existing apps

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions