Each client gets a Space. Connections, credentials, documents, notes, tools, audit history, and Magellan context all stay scoped to it. One workspace for the work technicians actually do.
MSP technicians juggle a different toolkit for every client — separate password vaults, scattered RDP files, ad-hoc terminal windows, runbooks in three documentation systems, and AI prompts pasted into shared chat windows. ShellYard collapses that into one workspace where each client's connections, credentials, notes, tools, and AI context stay in their own Space.
Every Space is a self-contained workspace for a client, site, or environment. Connections, credentials, documents, notes, IPAM, audit history, and Magellan context are scoped to the Space. Switching between clients is a single click — no risk of dragging Acme's runbooks into Globex's terminal.
Add technicians as Members on a Shared Space. Define Groups (Engineers, Helpdesk, Auditors), grant read / write / admin on any folder, and let permissions cascade. Bulk command runner and Batch SSH let one technician roll a fix across the whole client fleet.
Credentials live in the Space's vault and resolve on connect — no copy-paste between tools, no spreadsheet of passwords, no client password reused across other engagements. Pro and Team store credentials in KMS-wrapped DynamoDB; Enterprise mints a customer-managed CMK per Space.
Magellan operates inside the active Space. Reference selected terminal output, command results, or diagnostic context into ChatGPT, Claude, or Ollama — and get explanations, suggested next steps, or draft remediation. Operators always approve before commands run.
Every Shared Space has a per-Space audit log. Team and Enterprise plans can export audit history for client reporting, security reviews, and contractual compliance. Documents and runbooks live in the Space, with 90-day version retention on Team and unlimited on Enterprise.
Enterprise mints a real AWS customer-managed KMS key per Space. When you offboard a client, ShellYard schedules their CMK for deletion via kms:ScheduleKeyDeletion. After the AWS pending window expires, every credential, document, and version under that Space is cryptographically unrecoverable — by anyone, including us.
Team adds Members, Groups, ACLs, audit-log export, and IT Glue + Hudu importers. Enterprise adds per-Space customer-managed KMS keys with one-click cryptographic erasure on offboarding. 14-day Team trial requires a card.