Team Management
Kod uses token-based identity — there are no user accounts or passwords. Each person gets a token with a username and permissions, and is then added as a collaborator to the repositories they need access to.
Adding a Team Member
Section titled “Adding a Team Member”1. Create a token for the new user
Section titled “1. Create a token for the new user”As the admin, create a named token with the appropriate permissions:
kod token create alice --username alice --permissions repo:read,repo:writeThis outputs a token (e.g. kod_abc123...). This is the only time the token value is shown — copy it now.
Choose permissions based on the user’s role:
| Role | Suggested permissions |
|---|---|
| Developer | repo:read,repo:write |
| Read-only / reviewer | repo:read |
| CI / deploy pipeline | repo:read,workflow:trigger |
| Team lead | repo:read,repo:write,collaborator:read,collaborator:write |
| Admin | admin |
See the CLI reference for the full list of available permissions.
2. Add them as a collaborator
Section titled “2. Add them as a collaborator”Grant the user access to one or more repositories:
kod repo my-project collaborator add alicekod repo another-repo collaborator add alice3. Share credentials
Section titled “3. Share credentials”Send the new user two things (through a secure channel):
- Server URL — e.g.
https://git.example.com - API token — the
kod_abc123...value from step 1
4. User configures their CLI
Section titled “4. User configures their CLI”The new user runs:
kod initThis prompts for the server URL and token, saves them to ~/.kod/config.json, and configures the Git credential helper so that git clone, git push, and git pull authenticate automatically.
They can now start working:
kod repo listkod clone my-projectcd my-project# make changes...git add . && git commit -m "My first commit"git push origin mainManaging Existing Team Members
Section titled “Managing Existing Team Members”List collaborators on a repository
Section titled “List collaborators on a repository”kod repo my-project collaborator listRemove a collaborator
Section titled “Remove a collaborator”kod repo my-project collaborator remove aliceThis revokes access to the repository. The user’s token still exists — to fully revoke all access, delete their token as well.
Revoke a user entirely
Section titled “Revoke a user entirely”# Find the token IDkod token list
# Delete itkod token delete <id>Once the token is deleted, all CLI and Git operations using it will fail immediately.
Rotate a user’s token
Section titled “Rotate a user’s token”There is no token update operation. To rotate credentials:
- Create a new token with the same username and permissions
- Share the new token with the user
- Delete the old token
- The user updates their config by running
kod initagain
How Access Control Works
Section titled “How Access Control Works”Access is determined by two things:
- Token permissions — what operations the token allows (e.g.
repo:read,repo:write) - Collaborator membership — which repositories the user’s username has been added to
Both must be satisfied. A token with repo:write permission can only push to repositories where the associated username is listed as a collaborator.
Tokens with the admin permission bypass collaborator checks and have full access to everything.