Teams & security
Use this section before rolling Coldtea out beyond your own machine.
Coldtea runs close to local development. That is useful because agents can use the same repo, scripts, and shell setup you use. It also means permissions deserve plain language, not hand-waving.
Team structure
- TeaHouses — the team boundary for members, tasks, and integrations.
- Team workflows — how shared tasks, reviews, and connected systems fit together.
Permissions and privacy
- Permissions — what local agent sessions can do on your machine.
- Security and privacy — practical rollout defaults for teams.
The short version
Local agents run with local user permissions. Worktrees split Git working directories; they do not sandbox your machine. Team integrations may also depend on upstream provider permissions, so check both Coldtea membership and the connected service when access looks wrong.
If you remember only one rule: keep human review in the loop before merging agent-authored changes.