memory/spaces_architecture.md Spaces
Spaces are the isolation boundary every other feature is scoped to. Personal Spaces stay private; Shared Spaces unlock multi-user collaboration on Team and above.
A Space is the tenant boundary in ShellYard. Every connection, document, vault credential, audit row, and snippet is scoped to exactly one Space.
Personal vs Shared
- Personal Space (id
personal) — synthetic, every user has one, nobody else can read it. - Shared Space — belongs to an Org (Team or Enterprise tier), has role-based membership, and runs a separate audit log.
Switching
The Space switcher in the top bar swaps the active scope. Every list view (Connections, Documents, Tools, Audit) flushes and re-pulls from the new scope’s cloud DDB partition.
Why this matters
For MSPs in particular, the Space boundary is the unit of “this is Acme Corp work” vs. “this is Beta Industries work.” Magellan context, audit trails, vault credentials, and even imported IT Glue documents inherit Space scoping, so client data never leaks across tenants.
Enterprise adds per-Space customer-managed KMS keys so the data inside one Space can be cryptographically erased independently.