Projects
A project is the top-level workspace in TARX. Every agent, workflow, RAG source, MCP server, skill, credential, and execution lives inside a project. Projects let you organize work by team, client, product, or use case, and they control access via role-based permissions.
The Project Model
TARX's identity model is simple: you are your own organization. There is no separate "organization" or "workspace" entity. Your username (e.g., julian) is your public identity, and your projects are scoped under it.
| Concept | Description |
|---|---|
| Project | A named workspace containing all your resources |
| Project slug | URL-safe identifier (e.g., my-project) — part of every URL |
| Members | Users with access to the project, each with a role |
| Owner | The user who created the project (always admin) |
The URL for any resource in a project follows this pattern:
/{username}/{projectSlug}/{page}
For example:
https://app.tarx.io/julian/content-pipeline/workflowshttps://app.tarx.io/julian/content-pipeline/agentshttps://app.tarx.io/julian/settings
Roles and Permissions
Every project member has exactly one of three roles:
| Role | Description | What they can do |
|---|---|---|
| Admin | Full control | Create/edit/delete any resource, manage members (invite/remove), manage project secrets, run workflows |
| Editor | Day-to-day work | Create/edit/run resources (agents, workflows, RAGs, MCPs, skills); cannot manage members or secrets |
| Reader | Read-only + run | Trigger executions and view canvases; cannot create, edit, or delete anything |
Role Matrix
| Action | Admin | Editor | Reader |
|---|---|---|---|
| View all resources | ✅ | ✅ | ✅ |
| Create agents, workflows, RAGs | ✅ | ✅ | ❌ |
| Edit agents, workflows, RAGs | ✅ | ✅ | ❌ |
| Delete agents, workflows, RAGs | ✅ | ✅ | ❌ |
| Run/trigger workflows | ✅ | ✅ | ✅ |
| Approve Human-in-Loop | ✅ | ✅ | ✅ |
| View canvases | ✅ | ✅ | ✅ |
| Invite members | ✅ | ❌ | ❌ |
| Remove members | ✅ | ❌ | ❌ |
| Change member roles | ✅ | ❌ | ❌ |
| Add/delete project credentials | ✅ | ❌ | ❌ |
| View project members list | ✅ | ✅ | ✅ |
Creating a Project
- Go to Settings (
/{username}/settings). - Click the Projects tab.
- Click New Project.
- Enter a Project Name (e.g., "Content Pipeline", "Support Automation", "Market Research").
- The URL Slug is auto-generated from the name. You can edit it — it must be lowercase, URL-safe, and unique within your account.
- Click Create Project.
You're the owner and admin of the new project. You're redirected to /{username}/{projectSlug}/workflows.
The slug becomes part of every URL you share. Keep it short and descriptive. Good examples: content-pipeline, support-automation, market-research. Avoid generic slugs like project-1.
Inviting Members
You must be a project admin to invite members.
- Go to Settings → Projects tab.
- Select the project you want to manage.
- In the Members section, click Invite Member.
- Enter the email address of the person you want to invite.
- Select their role: Admin, Editor, or Reader.
- Click Send Invite.
The invited user receives an email. When they accept and sign in to TARX, they're added to the project with the assigned role.
During the current beta, projects can have up to 25 members. This limit may increase as the platform scales.
Managing Members
From Settings → Projects → select project → Members:
Change a Member's Role
- Find the member in the list.
- Click the role badge (shows current role).
- Select the new role from the dropdown.
- Changes take effect immediately.
Remove a Member
- Find the member in the list.
- Click the three-dot menu (⋯) next to their name.
- Click Remove from project.
- Confirm the action.
Removed members lose all access immediately. Their previously created resources remain in the project.
Admins cannot remove themselves from a project if they are the only admin. Assign another admin first, then remove yourself.
Switching Between Projects
The left sidebar shows the currently active project name. To switch:
- Click the project name / dropdown arrow at the top of the sidebar.
- A project switcher dropdown appears listing all projects you're a member of.
- Click a project to switch to it.
The URL updates to /{username}/{newProjectSlug}/workflows and all resources shown update to the new project's context.
Project Settings
Each project has a settings section at Settings → Projects → select project:
| Setting | Description |
|---|---|
| Project Name | Display name (does not affect slug) |
| Slug | URL identifier — cannot be changed after creation |
| Members | Manage team members and roles |
| Danger Zone | Delete project (admin only, irreversible) |
Deleting a Project
Deleting a project permanently removes all resources in it — agents, workflows, executions, RAG configs, credentials, and MCP server configs. This cannot be undone.
- Go to Settings → Projects → select project.
- Scroll to the Danger Zone section.
- Click Delete Project.
- Type the project slug to confirm.
- Click Delete permanently.
Access Control
All resources (agents, workflows, etc.) are scoped to a project by project_id. The platform enforces role checks on every read/write operation using the member's role (admin, editor, or reader).
Best Practices
One Project per Use Case
Avoid putting everything in one project. Separate projects give you cleaner access control, cleaner execution history, and cleaner agent/workflow organization.
Good project structure:
content-pipeline— content generation workflows and agentssupport-automation— customer support and triage workflowsexperiments— throwaway experiments and tests
Use Descriptive Agent and Workflow Names
Agents and workflows within a project share a namespace. Clear names prevent confusion when your project grows: gpt4o-researcher, claude-writer, content-pipeline-v2.
Reader Role for Clients
If you're building workflows for a client who only needs to trigger executions and view results, add them as a Reader. They can run workflows and approve Human-in-Loop steps without the risk of accidentally modifying your agent configs.
Admin Access is Sensitive
Admin role includes access to project credentials (OAuth tokens, API secrets). Only grant admin to trusted team members who genuinely need to manage integrations and members.