Organizations & Teams
Organizations are the top-level container in 2Signal. Every project, API key, evaluator, and dataset belongs to an organization. Team members share access to all projects within the org.
Organization Structure
Organization
├── Members (with roles)
├── Projects
│ ├── API Keys
│ ├── Evaluator Configs
│ ├── Datasets
│ ├── Traces & Spans
│ ├── Scores
│ └── Model Routing Configs
├── Usage Records
└── Billing (Stripe subscription)Creating an Organization
When you sign up, you're prompted to create your first organization. You can create additional organizations from the dashboard:
Dashboard → Organization Switcher → Create Organization
Each organization starts on the Free plan. You can upgrade to Pro or Team from the billing settings.
Roles & Permissions
| Role | View Data | Create/Edit | Manage Members | Billing | Delete Org |
|---|---|---|---|---|---|
| Owner | Yes | Yes | Yes | Yes | Yes |
| Admin | Yes | Yes | Yes | No | No |
| Member | Yes | Yes | No | No | No |
| Viewer | Yes | No | No | No | No |
Owner is the creator of the organization and cannot be removed. There is exactly one owner per org.
What Each Permission Covers
- View Data — Browse traces, scores, evaluator results, usage, and datasets
- Create/Edit — Create projects, API keys, evaluator configs, datasets, model routing configs
- Manage Members — Invite new members, change roles, remove members
- Billing — Access Stripe checkout, billing portal, view subscription details
Inviting Team Members
Admins and Owners can add members:
Dashboard → Settings → Members → Add Member
Provide the user's email and assign a role. The user must have a 2Signal account (Supabase Auth) with that email address.
Via CLI
# Add a member
2signal org add-member --email alice@company.com --role member
# List current members
2signal org list-members
# Remove a member
2signal org remove-member --email alice@company.comManaging Projects
Projects isolate traces and evaluations. A typical setup has one project per agent or environment:
support-agent-prodsupport-agent-stagingresearch-assistant
API keys are project-scoped — each key authenticates to a single project. Create separate keys for different environments.
Creating a Project
# Dashboard
Dashboard → Project Selector → Create Project
# CLI
2signal project create --name "support-agent-prod" --description "Production support agent"
# TUI
Projects screen → 'n' to create new projectAPI Key Management
API keys authenticate SDK and REST API requests to a specific project.
Key Lifecycle
| Action | Description |
|---|---|
| Create | Generate a new key. The full key is shown only once — copy it immediately. |
| Rotate | Creates a new key and revokes the old one atomically. Use when a key may be compromised. |
| Revoke | Permanently disables the key. Revoked keys cannot be reactivated. |
Key Format
2s_live_a1b2c3d4e5f6g7h8...
Prefix: 2s_live_a1b2c3d4 (visible in dashboard for identification)
Full key: only shown at creation time
Storage: bcrypt hash stored in databaseBest Practices
- Use environment variables to store keys — never commit them to source control
- Create separate keys per environment (dev, staging, prod)
- Rotate keys regularly and immediately if compromised
- Use descriptive names like
prod-deploy-2026-03for easy identification - Track
lastUsedAtto identify unused keys and revoke them
Plan Limits by Organization
Usage limits are tracked at the organization level across all projects. See Alerts & Usage for details on monitoring and alerts, and Rate Limits & Plans for the full plan comparison.