Team collaboration — inviting members and managing permissions

For: all
Tier: starter+
Time: ~6 min

Why you'd do this

Compliance is rarely a one-person job: an engineer scans, a compliance lead reviews, a counsel attests. ComplianceLint's invite flow lets the OWNER bring members onto specific repos without sharing API keys. Members inherit the OWNER's tier for that repo (so a Free member of a Pro owner's repo gets Pro features there), which keeps billing simple but means downgrade events have a blast radius across teams.

Before you start

Starter+ tier (free tier has no Team page)
The teammate's email address (a sign-in link is sent automatically)
Awareness that the OWNER's tier covers the whole repo — invited members do not need their own paid plan to access Pro features on your repos

Step 1

Click your avatar (bottom-left of sidebar) → Team. The page lists every account you have a role on: repos you OWN at the top, repos you're a MEMBER of below. Each row shows the other people on that repo and their roles.

01-open-team-page

What you'll see: Two sections: "Repos you own" with member lists, and "Repos you've been invited to" with the owner's name + your role. The Invite button sits on each owned-repo row.

Step 2

Click Invite on the repo you want to share. Enter the teammate's email and pick role:

Member — can view, scan, comment, upload evidence, attest human-gate questionnaires. Cannot delete the repo, change tier, or invite others
Owner — full control. There can be multiple owners per repo; ownership is shared, not exclusive

The invitee gets a sign-in email with a tokenised link. Clicking the link signs them into ComplianceLint (creating the account if new) AND auto-attaches the repo. The token is one-shot — re-use fails with invite_already_redeemed.

Step 3

When the invitee accepts, their dashboard sidebar gains the new repo under REPOS. They can switch to it the same way as any owned repo. The repo's Settings → Danger Zone is hidden for members — they can't delete or unlink the repo, only the OWNER can. Invited-member views of repo settings render a one-line banner explaining the read-only state for those fields.

03-member-perspective

What you'll see: Repo settings as seen by an invited Pro member. Most fields editable; the Danger Zone card replaced with a "Owner only" notice.

Step 4

From the Team page, an OWNER can click Revoke next to a member to remove their access. The repo immediately disappears from the member's sidebar. Their prior contributions (uploaded evidence, attestations) remain in the audit trail with their name preserved.

A member can also LEAVE a repo themselves — same Team page, click Leave on the row under "Repos you've been invited to". Their work stays in the audit trail; only their access is removed.

04-revoke-or-leave

What you'll see: Business-tier invited member's Team view — sees the owner's name + their role (Member) + a Leave button.

Step 5

Tier downgrades have a team-wide blast radius. If a Pro owner downgrades to Free (maxRepos = 1), every repo BEYOND that limit becomes locked: read-only for everyone — owner and members alike. The dashboard shows a red "Locked repo" banner naming each affected repo.

Locked repos can be:

Unlocked by re-upgrading the owner's account
Released by the owner unlinking the repo (Settings → Danger Zone) — releases the lock on remaining repos
Transferred by inviting a Pro+ owner and removing the downgraded owner (planned, not yet shipped)

Downgrades never delete data — every scan, evidence file, and attestation is preserved. The lock just gates new writes.

What can go wrong

Invite email never arrives — Check spam — the sender is noreply@compliancelint.dev. If still missing, the OWNER can re-send from the Team page (Resend button on the pending-invite row). Also verify your account's email allowlist — corporate filters sometimes block first-contact from unknown SaaS senders.
Member can't fill a Human Gate questionnaire even though they have access — Human Gates Fill is gated by the OWNER's tier, not the member's. If the owner is Free or Starter, no one on the repo can fill — the dropzone shows "upgrade required". Owner needs Pro+ for the fill action to unlock for the whole team.
After a downgrade, my repos are locked but I want to keep working on the most important one — The lock applies in repo-creation order: oldest repos stay unlocked first. To pick which repo stays active under the new lower tier, unlink the others from Settings → Danger Zone. Released repos can be re-attached later if you re-upgrade — the scan history and evidence persist on the dashboard side.

Last updated: 2026-04-30

Team collaboration — inviting members and managing permissions

For: all
Tier: starter+
Time: ~6 min

Why you'd do this

Before you start

Starter+ tier (free tier has no Team page)
The teammate's email address (a sign-in link is sent automatically)
Awareness that the OWNER's tier covers the whole repo — invited members do not need their own paid plan to access Pro features on your repos

Step 1

01-open-team-page

What you'll see: Two sections: "Repos you own" with member lists, and "Repos you've been invited to" with the owner's name + your role. The Invite button sits on each owned-repo row.

Step 2

Click Invite on the repo you want to share. Enter the teammate's email and pick role:

Member — can view, scan, comment, upload evidence, attest human-gate questionnaires. Cannot delete the repo, change tier, or invite others
Owner — full control. There can be multiple owners per repo; ownership is shared, not exclusive

Step 3

03-member-perspective

What you'll see: Repo settings as seen by an invited Pro member. Most fields editable; the Danger Zone card replaced with a "Owner only" notice.

Step 4

A member can also LEAVE a repo themselves — same Team page, click Leave on the row under "Repos you've been invited to". Their work stays in the audit trail; only their access is removed.

04-revoke-or-leave

What you'll see: Business-tier invited member's Team view — sees the owner's name + their role (Member) + a Leave button.

Step 5

Locked repos can be:

Unlocked by re-upgrading the owner's account
Released by the owner unlinking the repo (Settings → Danger Zone) — releases the lock on remaining repos
Transferred by inviting a Pro+ owner and removing the downgraded owner (planned, not yet shipped)

Downgrades never delete data — every scan, evidence file, and attestation is preserved. The lock just gates new writes.

What can go wrong

Invite email never arrives — Check spam — the sender is noreply@compliancelint.dev. If still missing, the OWNER can re-send from the Team page (Resend button on the pending-invite row). Also verify your account's email allowlist — corporate filters sometimes block first-contact from unknown SaaS senders.
Member can't fill a Human Gate questionnaire even though they have access — Human Gates Fill is gated by the OWNER's tier, not the member's. If the owner is Free or Starter, no one on the repo can fill — the dropzone shows "upgrade required". Owner needs Pro+ for the fill action to unlock for the whole team.
After a downgrade, my repos are locked but I want to keep working on the most important one — The lock applies in repo-creation order: oldest repos stay unlocked first. To pick which repo stays active under the new lower tier, unlink the others from Settings → Danger Zone. Released repos can be re-attached later if you re-upgrade — the scan history and evidence persist on the dashboard side.

Last updated: 2026-04-30

Team collaboration — inviting members and managing permissions

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

What can go wrong

Related

Team collaboration — inviting members and managing permissions

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

What can go wrong

Related