Overview
Organizations are the top level of the hierarchy in Applad. Every project, every developer, every piece of infrastructure belongs to an org. One instance can host many completely isolated organizations.Commands
List Organizations
Lists all organizations on this instance with their IDs, names, member counts, and project counts.Create Organization
Creates a new organization. Scaffolds the org directory atorgs/<org-name>/org.yaml with default roles, an empty ssh_keys list, and a generated .env.example.
--name- Name of the organization to create
Delete Organization
Permanently deletes an organization and all its projects, data, and infrastructure configuration. Irreversible. Will prompt for confirmation.Switch Organization
Sets the active organization context for all subsequent commands. Most commands that accept--org default to whichever org you’ve switched to here.
Members
List Members
Lists all members of an org — their identities, roles, and registered SSH key labels. Reads from the runtime database where member records are stored.Invite Member
Sends an invitation to the given email address to join the org with the specified role. The invited developer will need to register their SSH public key when they accept the invitation.--email- Email address of the user to invite--role- Role to assign (e.g.,developer,admin)
Remove Member
Removes a member from an org. Does not delete their data or audit trail entries — those are preserved. If they have an SSH key registered, it is automatically revoked.Change Member Role
Changes a member’s role within an org. Role changes take effect immediately and are recorded in the audit trail.--role- New role to assign
SSH Key Management
SSH keys are the identity system in Applad. Every developer registers their public key. Every CLI command, every UI session, and everyapplad instruct action is attributed to a key fingerprint in the audit trail. Private keys never leave the developer’s machine — Applad only stores and uses public keys.
List SSH Keys
Lists all SSH keys registered to an org — their labels, fingerprints, associated identities, roles, and permission scopes.Add SSH Key
Registers a new SSH public key for an org member. The key file should be the.pub file — the public half of an SSH keypair. Applad reads the public key, computes its fingerprint, and adds it to org.yaml under ssh_keys. The developer’s private key never leaves their machine.
--label- A descriptive label for the key--key- Path to the public key file (.pub)
Revoke SSH Key
Revokes a registered SSH key by its fingerprint. Any in-progress operations using this key are rejected immediately. The key’s historical audit trail entries are preserved — revocation does not erase history. Use this when a developer leaves or a key is compromised.--fingerprint- The fingerprint of the key to revoke
Rotate SSH Key
Replaces an existing key with a new one while preserving the developer’s identity and full audit history. The old key is revoked and the new key is linked to the same identity, so audit trail entries before and after rotation are all traceable to the same person.--old- Fingerprint of the old key to revoke--new- Path to the new public key file
Create Deployment Key
Creates a scoped deployment key for use in CI/CD pipelines (GitHub Actions, GitLab CI, etc.). Unlike developer keys which have broad access, deployment keys have explicitly limited permissions defined by--scopes. They appear distinctly in the audit trail as automated actions rather than human actions, making it easy to distinguish what a person did from what a pipeline did.
--label- A descriptive label for the deployment key--scopes- Comma-separated list of permission scopes