Team / Enterprise Admin Walkthrough

You're setting up SkillMeat for a team or enterprise deployment. You need to provision users, define roles and permissions, configure artifact sources and governance policies, and ensure your team can securely share and manage a standardized artifact library.

This walkthrough guides you from enterprise edition setup through publishing team-approved artifacts to the internal marketplace — in approximately 30 minutes.

Prerequisites

What you need

• Enterprise Edition Active — SkillMeat enterprise edition installed and running (not the local/community edition). See your deployment engineer or DevOps team.
• Admin Role — You have admin or super-admin permissions in the enterprise instance
• Team Provisioned — At least one team exists in your enterprise (may have been created during initial setup)
• Baseline Knowledge — Familiarity with user management, authentication, and role-based access control (RBAC) concepts
• Ready to Configure — Plan your org's authentication provider (local accounts, OAuth via Clerk, or SAML if supported), team structure, and governance policies before starting

---

Step 1: Verify Enterprise Edition & Admin Access

First, confirm you're running the enterprise edition and have admin permissions.

Web UIAPI Check (Optional)

1. Open SkillMeat's enterprise dashboard in your browser (ask your deployment engineer for the URL)
2. Click your profile icon in the top-right corner
3. Select Settings or Admin Console
4. Look for Edition — you should see "Enterprise Edition" or similar
5. If you see an Admin Console or Enterprise Settings link, you have admin access
6. If not, request admin permissions from your organization's super-admin

# Query the /api/v1/system/info endpoint to check edition
curl -H "Authorization: Bearer YOUR_TOKEN" \
  https://your-instance.com/api/v1/system/info | jq '.edition'

# Should output:
# "enterprise"

Verification: The dashboard shows "Enterprise Edition" and you can access admin settings. If you see "local" or community mode, contact your deployment team.

---

Step 2: Configure Authentication Provider

Team members need a secure, standardized way to log in. SkillMeat supports multiple auth providers; choose one for your organization.

Web UIConfiguration File (Advanced)

1. In the Admin Console, navigate to Authentication or Auth Providers
2. You'll see available options:
3. Local Accounts — Simple username/password (suitable for testing; not recommended for production)
4. Clerk — Third-party OAuth provider (recommended for small-to-medium teams)
5. SAML / Enterprise SSO — If your org uses Active Directory, Okta, or similar (recommended for large enterprises)
6. Click the provider you want to configure
7. Follow the on-screen setup:
8. Local: Create initial admin account + allow user registration (if desired)
9. Clerk: Connect your Clerk app; copy API keys and webhook URLs
10. SAML: Provide IDP metadata URL; map user attributes (email, name, roles)
11. Save configuration and test login as a new user (use incognito browser window)
12. If login succeeds, the provider is active

Edit your .env or config.yaml (location depends on your deployment):

# Clerk OAuth example
auth:
  provider: "clerk"
  clerk:
    api_key: "your_clerk_api_key"
    frontend_api: "https://your-project.clerk.accounts.com"

# SAML example
auth:
  provider: "saml"
  saml:
    idp_metadata_url: "https://your-idp.com/metadata.xml"
    entity_id: "https://skillmeat.your-org.com"
    assertion_consumer_service_url: "https://skillmeat.your-org.com/acs"

Then restart the SkillMeat service:

systemctl restart skillmeat
# or: docker-compose restart

Verification: Invite a team member to log in. They should see the configured auth provider's login screen and successfully authenticate.

---

Step 3: Set Up Team Structure

Organize users into teams and define their roles. Teams allow you to grant permissions, deploy artifacts, and manage governance at scale.

Web UICLI (Advanced)

1. In the Admin Console, navigate to Teams
2. You should see at least one team (created during initial setup)
3. To create a new team:
4. Click Create Team or + New Team
5. Enter: Team Name (e.g., "Data Science", "Backend Infrastructure")
6. Enter: Description (e.g., "Manages ML skills and analysis tools")
7. (Optional) Icon/Color — choose a visual identifier
8. Click Create
9. To add members to a team:
10. Click the team name to open its details
11. Click Members or + Add Member
12. Search for users by email or name
13. Select a user and assign a role:
    • Viewer — read-only access to team artifacts
    • Contributor — can create and modify team artifacts
    • Admin — full team management, publish to marketplace, manage members
14. Click Add Member
15. Repeat for other teams in your organization

# List teams
skillmeat team list

# Create a team
skillmeat team create "Data Science" \
  --description "Manages ML skills and analysis tools"

# Add a member with a role
skillmeat team member add "Data Science" alice@org.com --role contributor

# List team members
skillmeat team member list "Data Science"

Verification: Navigate to Teams page. You see at least 2 teams with member counts > 0. Click each team to confirm members are listed with correct roles.

---

Step 4: Define Permissions & Governance Policies

Control what team members can do: who can publish artifacts, whether deployments require approval, and how versions are enforced.

Web UIGovernance Reference

1. In the Admin Console, navigate to Governance or Policies
2. You'll see sections for:
3. Artifact Publishing — Who can create and publish new artifacts
4. Deployment Policies — Whether team deployments require approval
5. Version Management — Rules for versioning and deprecation
6. Enforcement Modes — Whether updates auto-push or require manual pull
7. For each policy, set scope (enterprise-wide or team-specific) and enforcement level:
8. Permissive: Team members can publish freely; changes apply immediately
9. Review Required: Changes require approval from team admin before publishing
10. Locked: Only enterprise admins can publish; team members cannot change
11. Example configuration:
12. Set Artifact Publishing to "Review Required" for enterprise-critical artifacts (security, compliance)
13. Set Deployment to "Review Required" if you want to audit deployments
14. Set Enforcement to "Silent Override" for non-critical artifacts (auto-update team members)
15. Set Enforcement to "Notify Only" for optional artifacts (team members can opt-in to updates)
16. Save each policy

Policy Types:

Policy	What it controls
Artifact Publishing	Can team members create new artifacts? Does publishing require approval?
Deployment Policy	Do artifact deployments to teams require approval before applying?
Version Enforcement	Are teams forced to use the latest version (locked) or can they pin versions?
Enforcement Mode	Do updates auto-push (Silent Override) or require opt-in (Notify Only)?
Deprecation	Can team members deprecate artifacts? What's the minimum notice period?

Common Configurations:

• Startup (permissive): No approvals; everything auto-updates; easy experimentation
• Growth (balanced): Publishing reviewed; deployments checked; versions lockable per team
• Enterprise (strict): All changes require approval; compliance artifacts locked; audit trail logged

Verification: Open Governance page. You see at least 3 policies with clear scope and enforcement level. Click one to verify you can edit it.

---

Step 5: Configure Artifact Sources

Define where your team sources artifacts from: the public marketplace, custom GitHub organizations, or internal sources.

Web UIEnterprise Marketplace Only

1. In the Admin Console, navigate to Artifact Sources or Sources Configuration
2. You'll see available source types:
3. Public Marketplace — Anthropic's official marketplace (enabled by default)
4. GitHub Organization — Private repos in your organization
5. Custom Registry — Self-hosted artifact server (if configured)
6. For GitHub Organization (if using):
7. Click Add GitHub Source
8. Enter your organization name (e.g., "my-company")
9. Authorize SkillMeat to access your GitHub org (you'll be prompted to grant permissions)
10. Set scan configuration:
    • Auto-scan on push — Automatically index new artifacts from GitHub
    • Require approval — New artifacts require approval before appearing in catalog
11. Click Save
12. For Custom Registry (if configured):
13. Enter the registry URL (ask your DevOps team)
14. Provide authentication credentials (API key or token)
15. Test connection and save
16. Verify all sources appear in the Sources list

Some enterprises restrict the public marketplace and publish only internal artifacts. If that's your case:

1. In Artifact Sources, disable Public Marketplace
2. Enable only GitHub Organization or Custom Registry
3. Teams will see only internal artifacts when browsing

Verification: Open the Artifact Sources page. You see at least 2 sources configured. For GitHub sources, click Test Connection and confirm it succeeds.

---

Step 6: Create a Team Collection & Add Initial Artifacts

Collections are the unit of deployment — groups of curated artifacts that teams use together. Create your first team collection.

Web UICLI

1. Navigate to Collections in the main menu (not Admin Console; this is a regular user action)
2. Click Create Collection or + New Collection
3. Fill in:
4. Name (e.g., "Data Science Toolkit v1")
5. Description (e.g., "Pre-curated ML analysis skills for the Data Science team")
6. Team Assignment (select the team that will use this collection)
7. Visibility (enterprise-wide or team-only)
8. Icon/Color (optional)
9. Click Create
10. The collection is now empty. To add artifacts:
11. Click the collection name to open it
12. Click Add Artifacts or + Add
13. Browse available artifacts (search by name, filter by type, sort by recency)
14. Select artifacts by clicking checkboxes
15. Click Add Selected
16. Verify artifacts appear in the collection

# Create a collection
skillmeat collection create "Data Science Toolkit v1" \
  --description "Pre-curated ML analysis skills" \
  --team "Data Science"

# Add artifacts to the collection
skillmeat collection add "Data Science Toolkit v1" \
  pandas-analysis matplotlib-visualization jupyter-launcher

# View collection contents
skillmeat collection show "Data Science Toolkit v1"

Verification: Open the Collections page. You see your new collection listed. Click it to confirm artifacts are present and team assignment is visible.

---

Step 7: Deploy Collection to Your Team

Publishing a collection makes it available to all team members.

Web UICLI

1. Open the Collections page and find your newly created collection
2. Click the collection name to open its details
3. Look for a Deploy button or kebab menu (three dots)
4. Click Deploy or select Deploy from the kebab menu
5. A dialog appears showing:
6. Artifacts in the collection (verify count and names)
7. Target team(s) to deploy to
8. Enforcement mode: Silent Override (auto-push) or Notify Only (team chooses to adopt)
9. Select your team(s) as the target
10. Choose enforcement mode:
11. Silent Override — Team members automatically receive all artifacts in the collection
12. Notify Only — Team is notified; members opt-in to receive artifacts
13. Click Deploy or Confirm
14. Wait for deployment to complete (usually seconds to a minute)

# Deploy collection to team
skillmeat collection deploy "Data Science Toolkit v1" \
  --team "Data Science" \
  --enforcement silent-override

# Check deployment status
skillmeat collection status "Data Science Toolkit v1"

Verification: Navigate to your team's Deployed Artifacts or Collections view. The collection appears with a green "deployed" status. Confirm all artifacts in the collection are listed.

---

Step 8: Monitor & Audit Activity

Use the Activity Feed to monitor team member actions, deployments, and governance events.

Web UIReference: Activity Types

1. In the Admin Console, navigate to Activity or Audit Log
2. You'll see a chronological feed of events:
3. User logins and logouts
4. Artifact published / updated / deployed
5. Permission changes (member added/removed)
6. Governance policy violations (if any)
7. To filter the feed:
8. Event Type: Show only specific actions (e.g., "Artifact Published", "Member Added")
9. Team: Show events for a specific team
10. User: Show events for a specific team member
11. Date Range: Show events from a specific time period
12. Click any event to drill into details (e.g., click a deployment event to see which artifacts were deployed and to which teams)
13. (Optional) Export activity: Look for an Export button to download audit logs as CSV for compliance reporting

Event	Description
Artifact Published	Team member created a new artifact or new version
Artifact Deployed	Collection deployed to a team or user
User Added	New team member invited and joined
User Removed	Team member removed from team
Permission Changed	Role changed (e.g., Viewer → Contributor)
Policy Updated	Governance policy was modified
Enforcement Changed	Enforcement mode toggled (Silent Override ↔ Notify Only)

Verification: Navigate to the Activity Feed. You see at least 5–10 events (deployments, member additions, policy changes). Filter by team and confirm events are relevant.

---

Step 9: Publish Your First Team-Owned Artifact

Artifacts published by team admins are marked as team-owned and can be governed by team-level policies.

Web UIGovernance Checkpoint

1. Navigate to Artifacts or My Artifacts
2. Look for an artifact created by your team (or create a placeholder skill for testing)
3. Click the artifact to open its details
4. Look for a Publish or Share button
5. A dialog appears asking:
6. Scope: Enterprise-wide or team-only
7. Version: Optionally bump the version (e.g., 0.1.0 → 1.0.0)
8. Changelog: Add a changelog entry describing what's new
9. Approval Required (if governance enforces it): Submit for review
10. Click Publish
11. If approval is required, wait for enterprise/team admin review
12. Once approved, the artifact appears in the marketplace with "team-owned" label

If your governance policies require approval for publishing:

1. Artifact is submitted for review
2. Admin sees it in the Approvals or Pending section
3. Admin reviews: metadata, content, version, changelog
4. Admin clicks Approve (or Request Changes if issues found)
5. Artifact is published and becomes visible to the team

Verification: Navigate to Marketplace or Collections → Team Artifacts. Find your newly published artifact. Confirm it has a "team-owned" or "published by [team]" label.

---

Step 10: Verification Checklist

Confirm your enterprise/team setup is working end-to-end:

Web UI ChecklistTeam Member Verification

• [ ] Teams: At least 2 teams exist with 2+ members each
• [ ] Roles: Members have different roles (Viewer, Contributor, Admin)
• [ ] Governance: At least 3 policies configured (publishing, deployment, version enforcement)
• [ ] Sources: At least 1 artifact source configured (marketplace or GitHub)
• [ ] Collections: At least 1 collection created and assigned to a team
• [ ] Deployment: Collection deployed to team; artifacts visible in team's artifact list
• [ ] Activity Feed: 5+ events visible; filtering works (by team, user, event type)
• [ ] Artifacts: At least 1 team-owned artifact published and visible in marketplace

Ask a team member (not admin) to:

1. Log in using the configured auth provider
2. View collection — navigate to Collections and see your deployed collection
3. View artifacts — confirm artifacts in the collection are visible
4. Deploy locally (if applicable) — skillmeat deploy <artifact> should work without permission errors
5. Report success — if all steps work, your governance and permissions are correctly configured

---

Next Steps

Your team is now set up and ready to share artifacts. Explore deeper operational workflows:

For detailed governance and monitoring: - Enterprise Admin Workflow Guide — Deep dives into artifact inspection, bulk actions, collection management, and activity monitoring

For managing permissions and auth at scale: - Enterprise Features Guide — Complete reference for team setup, RBAC, authentication providers, and multi-tenant governance

For publishing artifacts to the internal marketplace: - Marketplace Full Guide — Publishing workflows, version lifecycle, deprecation, and usage analytics

For setting up deployment automation and CI/CD integration: - Deploying Artifacts Guide — Deployment options including Git PR workflows for teams

For Backstage integration (if applicable): - Backstage Integration Overview — Set up the SkillMeat Backstage plugin for centralized artifact discovery and governance

---

Troubleshooting

Team members cannot log in

• Verify auth provider is active: check Admin Console → Authentication
• If using Clerk or SAML, confirm credentials and API keys are correctly configured
• Try test login as admin in an incognito window to rule out browser cache issues

Deployed collection not visible to team members

• Confirm deployment completed: check Activity Feed for deployment event
• Verify team member has Viewer or Contributor role (not just "invited but not accepted")
• Ask team member to log out and back in to refresh permissions cache

Cannot publish artifact to marketplace

• Verify governance policy allows your role to publish (check Admin Console → Governance)
• If "Review Required" is enabled, artifact may be in pending state — check Approvals section
• Confirm artifact source metadata is valid (e.g., proper version format)

Activity feed shows no events

• Check date filter — ensure date range includes today
• Confirm your user role has audit log access (requires Admin role)
• Events may be filtered by event type — try clearing all filters

---

Getting Help

• Enterprise Setup Support: Contact your deployment engineer or DevOps team
• Governance Questions: See Enterprise Governance Guide
• User Onboarding: Share the New Project Developer Walkthrough with your team members
• Need More? Check CLI Reference for detailed command documentation

---

Time to complete: ~30 minutes
Complexity: Intermediate
Prerequisites met: ✅
Admin-only actions: Yes — requires enterprise admin or super-admin role