Organizations¶
Create organizations and manage members.
Org
dataclass
¶
An organization identity.
OrgMember
dataclass
¶
OrgMember(member_did: str, role: str, capabilities: list[str], org_did: str, member_prefix: str, revoked: bool, expires_at: str | None)
A member within an organization.
OrgService
¶
Resource service for organization operations.
create
¶
create(label: str, repo_path: str | None = None, passphrase: str | None = None) -> Org
Create a new organization identity.
Parameters:
-
label(str) –Human-readable name for the org.
-
repo_path(str | None, default:None) –Override identity store path.
-
passphrase(str | None, default:None) –Override passphrase.
Returns:
-
Org–Org with the KERI prefix, DID, and label.
Raises:
-
OrgError–If organization creation fails.
-
KeychainError–If the keychain is locked or inaccessible.
Examples:
add_member
¶
add_member(org_did: str, member_label: str, role: str = 'member', capabilities: list[str] | None = None, repo_path: str | None = None, passphrase: str | None = None, expires_at: int | None = None) -> OrgMember
Add a member to an organization.
The organization mints a fresh delegated key for the member from the
given label; the returned member_did is the new delegated AID.
Parameters:
-
org_did(str) –The organization's DID (
did:keri:...). -
member_label(str) –Human-readable alias for the minted member key.
-
role(str, default:'member') –One of
"admin","member","readonly". -
capabilities(list[str] | None, default:None) –Explicit capability list. If None, uses role defaults.
-
expires_at(int | None, default:None) –Optional Unix timestamp at which the membership expires.
Returns:
-
OrgMember–OrgMember with the minted member DID and membership details.
Raises:
-
OrgError–If the member cannot be added.
Examples:
revoke_member
¶
revoke_member(org_did: str, member_did: str, repo_path: str | None = None, passphrase: str | None = None) -> OrgMember
update_member
¶
update_member(org_did: str, member_did: str, member_label: str, role: str | None = None, capabilities: list[str] | None = None, repo_path: str | None = None, passphrase: str | None = None) -> OrgMember
Update a member by revoking the old delegation and minting a new one.
Because the organization mints member keys, an update revokes the
existing delegated DID and adds a fresh member under member_label.
Parameters:
-
org_did(str) –The organization's DID.
-
member_did(str) –The existing delegated DID to revoke.
-
member_label(str) –Alias for the newly minted member key.
-
role(str | None, default:None) –New role. If None, defaults to
"member". -
capabilities(list[str] | None, default:None) –New capabilities. If None, uses role defaults.
Returns:
-
OrgMember–OrgMember for the freshly minted member.
Raises:
-
OrgError–If the member cannot be updated.
Examples:
list_members
¶
list_members(org_did: str, include_revoked: bool = False, repo_path: str | None = None) -> list[OrgMember]