Teams can now collaborate under shared organizations with four access tiers — from read-only audit members to full administrators.
Intellixer is now a multi-tenant platform. Any user can create a named organization, invite colleagues by email, and control what each member can see and do — all without leaving the portal.
| Role | Capabilities |
|---|---|
| User | Call APIs using org keys; view own usage |
| Admin | Create/revoke org keys; invite and remove members; manage budgets |
| Audit | Read-only access to all audit logs and usage data; no key management |
| Finance | Access billing data, invoices, and spend reports; no key or member management |
Admins enter a colleague's email address; the system sends a time-limited signed invite link. On acceptance, the invitee is added to the organization with the assigned role — no manual provisioning required. Pending invites are listed and can be revoked before acceptance.
Three new tables — organizations, org_members, org_invites — with org_id propagated as a foreign key to litellm_key_map, usage_rollup, invoices, audit_log, and inference_payloads. RBAC is enforced at the FastAPI dependency layer via a require_org_role() guard that short-circuits unauthorized requests before any business logic executes.
The first organization is free. Additional organizations carry a per-org fee — keeping the free tier accessible to individuals while making team usage sustainable.