MyBotBoxMyBotBox
Architecture

Multi-tenancy

Organizations, workspaces, workflows, the permissions model, and the YID identifier.

MyBotBox is multi-tenant from the ground up. Three nested entities define every boundary, and a single permissions table governs who can reach what.

The hierarchy

flowchart TB
    classDef actor fill:#FF6B35,stroke:#C2410C,color:#fff
    classDef tenant fill:#00D4AA,stroke:#0F766E,color:#06302B
    classDef wf fill:#3B82F6,stroke:#1E40AF,color:#fff
    classDef acl fill:#8B5CF6,stroke:#6D28D9,color:#fff

    U(["User · YID"]):::actor

    subgraph ORG["Organization — billing & team boundary"]
        M["member<br/>owner / admin / member / viewer"]:::tenant
        SUB["subscription<br/>Free · Starter · Pro · Enterprise"]:::tenant
    end

    subgraph WS["Workspaces"]
        PRIV["Private<br/>ownerId = you"]:::tenant
        SHARED["Shared<br/>granted access"]:::tenant
    end

    subgraph WORK["Workflow"]
        WF["workflow"]:::wf
        DEP["deployment version<br/>(immutable)"]:::wf
        EX["executions + logs"]:::wf
    end

    PERM{{"permissions<br/>userId · entityType · entityId · type"}}:::acl

    U --> M
    U --> PRIV
    PERM -. grants .-> SHARED
    PRIV --> WF
    SHARED --> WF
    WF --> DEP --> EX
    SUB -. meters .-> EX
EntityWhat it is
OrganizationThe billing and team boundary. Holds the subscription, members, branding, and SSO.
WorkspaceA project container. A private workspace is one you own; a shared workspace is one you reach through a permission grant.
WorkflowLives inside a workspace. Deploys to an immutable version; executions and logs hang off it.

Permissions

Access is governed by a single permissions table — one row per (userId, entityType, entityId) with a permission level of read, write, or admin. Permission groups let an org admin grant a bundle of access at once and auto-assign it when a member joins. See the Permissions guide for the member-facing view.

Every query and every workflow execution is scoped by workspaceId and organizationId. There is no cross-tenant read path — a workflow can only touch data inside its own boundary.

YID — the cross-product identifier

Every user gets an immutable YID at signup: yid_<base62_11chars>_<YYYYMMDD> (for example yid_aB3xK9mP2qR_20260417).

  • Generated once, never changes
  • The date suffix encodes the account's creation date
  • Stable across MyBotBox and future products, so identity federates cleanly

Billing boundary

The subscription sits on the organization, and usage is metered per execution — each run records its model, token counts, and cost, which roll up to the org's current billing period. Plan limits (bots, messages, seats) are enforced at the org level. See Billing & Usage.

Request PipelineExecution & Data Flow
On this page

On this page

The hierarchy
Permissions
YID — the cross-product identifier
Billing boundary