Workspaces
A workspace is the security and collaboration boundary in WWKG. Each workspace has its own encryption key, set of members, and collection of branches. All data in a workspace is end-to-end encrypted — only members with the workspace key can read or write.
Creating a workspace
wwkg workspace create --name "My Project"This generates a new workspace with a unique ID (urn:wwkg:workspace:<uuid>),
creates an encryption key, and sets you as the owner.
Listing workspaces
wwkg workspace listViewing workspace details
wwkg workspace info <workspace-id>Switching workspaces
Set the active workspace for subsequent commands:
wwkg workspace use <workspace-id>Check which workspace is currently active:
wwkg workspace currentMembership roles
Each workspace member has one of four roles:
| Role | Permissions |
|---|---|
| Owner | Full control. Can delete the workspace, revoke access, manage all members. One per workspace. |
| Admin | Can invite and remove members, manage branches. Cannot delete the workspace. |
| Writer | Can load data, run updates, and create branches. |
| Reader | Read-only access to all branches and data. |
Inviting members
Invite a member by their identity:
wwkg workspace invite <workspace-id> --identity <member-identity> --role WriterThe invited member must accept the invitation:
wwkg workspace accept-invite <workspace-id>Or decline it:
wwkg workspace decline-invite <workspace-id>Managing members
List all members:
wwkg workspace members <workspace-id>Suspend a member (temporarily revoke access without removing them):
wwkg workspace suspend <workspace-id> --identity <member-identity>Reactivate a suspended member:
wwkg workspace reactivate <workspace-id> --identity <member-identity>Revoke a member permanently (the workspace encryption key is automatically regenerated so the revoked member cannot read future data):
wwkg workspace revoke <workspace-id> --identity <member-identity>Access revocation
When a member is revoked, WWKG automatically generates a new encryption key for the workspace so that the removed person cannot read future data. Historical data that was written before the revocation remains accessible to anyone who was a member at the time.
You can also trigger this manually as the owner:
wwkg workspace rotate-key <workspace-id>The root workspace
When you initialize a node with wwkg install --node-only, a default workspace is created
automatically. This is the root workspace — it holds the node’s identity
information and serves as the default target for commands when no workspace is
specified.
Deleting a workspace
Only the owner can delete a workspace:
wwkg workspace delete <workspace-id>This removes the workspace and all its local data.