Skip to content

Console Admin — Repos, Teams & Tokens

The Prism Console is where tenant admins connect repositories, invite teammates, and manage the developer tokens that authenticate AI coding agents and chatbots against the Prism gateway. This guide walks you through the four jobs you'll do most often: connecting a repo, inviting a teammate, issuing or rotating a token, and watching index progress.

When to read this

  • You are the first person on your team to sign up for Prism and you need to onboard your first repository.
  • A teammate just joined and you need to give them access.
  • You need to issue a developer token for a new IDE / machine / agent.
  • A token leaked (or you suspect it did) and you need to rotate it without breaking running agents.
  • You hit a plan limit (repo count, line count, seats) and want to understand what to do.
  • An index isn't progressing and you need to know where to look.

Connect a repo

Connecting a repo is a one-time, self-service flow per repository.

  1. Sign in to the Console at https://prism-console-swisper.web.app.
  2. Click Connect repository on the dashboard.
  3. Authorize the Prism GitHub App against the organization (or personal account) that owns the repo. You only do this once per GitHub org; subsequent repos in the same org skip this step.
  4. Pick the repo from the searchable list. Only repos the GitHub App has access to are shown — if a repo is missing, re-run the GitHub authorization and tick its checkbox.
  5. Confirm. The Console kicks off three things in the background:
  6. Webhook installation on the GitHub repo (push events → Tier 3 reindex).
  7. Initial clone by the gateway.
  8. Tier 3 ingestion — AST chunking, embedding, PageRank, and BM25 trigger population.

You'll land on the repo card on the dashboard with an indexing status. ETA depends on repo size: a 50k-line repo is typically ready in 5–10 minutes; a 500k-line repo can take 30–60 minutes. The card shows a progress percentage updated every 5 seconds while indexing is active, then every 60 seconds at idle.

When the status flips to complete, the repo is queryable — your coding agent can run prism search "<query>" against it immediately, and any chatbot connected via MCP can call search_code / get_module_map / find_references / get_symbol_definition.

Deeper architecture and operations detail:

  • For the full GitHub OAuth + App permission model, gateway clone semantics, and Tier 1 / Tier 2 / Tier 3 auto-sync setup, see the Prism Repo Onboarding Guide. That doc covers the GCP / Cloud Run side of how the Prism gateway clones, indexes, and keeps your repo current; this guide intentionally stays on the Console UI.
  • For how the indexing pipeline works under the hood (AST chunking, 4-way RRF search, PageRank), see G4 — Indexing Pipeline Deep Dive.

Repo limits per plan

Plan Repos Seats Lines Notes
Free 1 1 100,000 Single repo, single seat — for trying Prism. Tier 3 indexing only.
Team 5 (base) 10 Unlimited Tier 1 + Tier 2 + Tier 3, reranker, full Wiki, multi-seat. Extra repos are available as a paid add-on.
Enterprise Unlimited Unlimited Unlimited SSO/SAML, audit logs, self-hosted, priority indexing.

Heads-up: The Team plan ships with 5 repos, not 10. The spec called for "team 10 / pro unlimited" but the canonical source — apps/prism-console-api/console_api/services/plan_registry.py — defines team.repo_limit = 5 and enterprise.repo_limit = None (unlimited). There is no pro tier; the unlimited tier is called Enterprise. Team admins who need more than 5 repos can either buy a per-repo add-on (extra_repo_count on the tenant) or upgrade to Enterprise.

Plan limits are enforced server-side in PlanService.check_repo_limit() before a repo is registered. If you hit the limit, the Connect repository dialog blocks the add and offers an upgrade CTA. Effective limit is repo_limit + extra_repo_count — so Team tenants who buy two add-ons see a 7-repo ceiling.

Invite teammates

Invites are email-based. The admin sends an invite from the Console; the recipient gets an email with an accept link; on accept, the recipient signs in (creating a Console account if they don't have one) and is added to the tenant.

Roles:

Role What they can do
Admin Everything: connect/disconnect repos, invite/remove members, change plan, issue/revoke any token (their own and other members'), see billing.
Member Read-only on the tenant: see repos, see indexing status, run AI features against the connected repos. Members issue and manage their own developer tokens but cannot see or revoke other members' tokens.

Invite flow:

  1. Settings → MembersInvite.
  2. Enter the teammate's email + role.
  3. The Console emails an accept link valid for 7 days. The invite appears in Members as pending.
  4. On accept, the teammate signs in. Their status flips to active and they immediately see all repos connected to the tenant.

Seat limits per plan (Free: 1, Team: 10, Enterprise: unlimited) are enforced at invite time, not at accept time. If you're at the seat cap, the Invite button is disabled with an upgrade hint.

Manage developer tokens

Developer tokens are how coding agents and chatbots authenticate against the Prism gateway. They look like prism_<64-hex-chars>, are stored only as SHA-256 hashes in console.developer_tokens (the raw token is never persisted), and grant read access to the repos owned by the tenant that issued them.

Create a token

  1. Settings → Developer tokensGenerate token.
  2. Give it a memorable label — typically the machine or IDE that will use it (heiko-macbook-claude-code, windsurf-on-wsl, prod-codex-agent).
  3. The raw token is shown once in a copyable banner. Save it immediately — to your shell rc file (PRISM_TOKEN=...), your IDE's MCP config, or a password manager. Once you close the banner, the token cannot be recovered; only its 8-character preview is visible afterward.

List and inspect tokens

The Developer tokens page shows every token you own (and, if you're admin, every active token across the tenant). Each row shows label, preview (prism_abc123…), created date, and last_used_at — the timestamp of the most recent successful gateway call. Use last_used_at to identify stale tokens before rotating.

Rotate or revoke

Tokens are revoked, not edited. To rotate:

  1. Generate a new token with the same label suffixed -v2 (or whatever convention you like).
  2. Update the consumer (IDE config, agent env var, MCP config) to the new token.
  3. Verify with prism whoami or your chatbot's MCP "Connected" indicator.
  4. Revoke the old token from the Console (sets revoked_at = now(); the gateway rejects the next call within seconds — no caching).

A revoked token cannot be un-revoked. If you revoke by mistake, generate a fresh one.

Token rules you must know

  • Tokens never expire — by design. There is no expiry field on console.developer_tokens; the only way a token stops working is if you revoke it or the tenant is suspended. This is intentional: long-running agent loops, scheduled jobs, and unattended IDEs should not break every 60 days. The trade-off is that token hygiene is your responsibility — see the rotation rule below.
  • Treat tokens as secrets. A live token grants read access to every chunk, every symbol, every line of code across every repo the tenant owns. That includes any private repos you've connected.
  • Rotate immediately if a token appears in chat logs, screenshots, or commits. Live tokens have been pasted into Claude / Cursor chats before — it is the most common incident type. Treat any token you have shown to a third-party LLM, posted in a screenshot, or accidentally committed as compromised. Generate a new one, swap the consumer, revoke the old one. Don't wait.
  • One token can be used from multiple machines / clients. There is no per-token concurrency limit. If you prefer a separate token per machine (so revoking your laptop doesn't kick the CI server), that's a hygiene choice — issue as many as you like.
  • Members can only manage their own tokens. Admins see all active tokens across the tenant in the Developer tokens page and can revoke any of them — useful when offboarding.

Watch index status

The Console dashboard shows a card per repo with the current indexing status:

Status Meaning
pending Connection accepted, gateway hasn't started yet (typically < 30s).
cloning Gateway is fetching the repo.
indexing AST chunking + embedding in progress. The card shows percent complete + ETA.
complete Ready to query. last_indexed is the timestamp of the most recent successful run.
failed Last index run errored. Click the card to see the error message and a Retry button.
suspended The tenant is suspended (plan downgrade or billing issue). Repos are still indexed; new pushes are not.

Polling cadence (set by the Console):

  • 60-second TTL while every repo card is complete (steady state — cheap).
  • 5-second polling while any card is pending / cloning / indexing (you want feedback immediately).

The polling switch back to 60s happens automatically once everything is complete again. If a webhook-triggered Tier 3 reindex starts (someone pushes to a connected repo), the card flips to indexing and the dashboard accelerates polling back to 5s.

Where errors surface: failures land on the repo card with a one-line message. Common causes — GitHub App lost permissions, a repo was renamed, the embedding provider rate-limited — are linked to short remediation steps. For deeper diagnostics, run prism doctor from a machine that has the CLI installed — it queries the gateway's status endpoint and reports overlay state, auth, and recent index health.

FAQ

Q: What happens when I hit my repo limit?

A: The Connect repository dialog disables the Confirm button and shows an upgrade CTA. Existing repos keep working — only the new connection is blocked. Team admins can either buy a per-repo add-on (which bumps the effective limit by 1 per add-on) or upgrade the plan. See Repo limits per plan for the actual numbers.

Q: How do I rotate a token without breaking my agent?

A: Generate a new token first, swap your agent's PRISM_TOKEN (or MCP config) to the new value, verify with prism whoami (CLI) or the Connected indicator (MCP client), then revoke the old token. The revoke takes effect on the gateway's next request — typically within seconds — so the swap is zero-downtime if you sequence it generate → swap → verify → revoke. See Rotate or revoke.

Q: My teammate accepted the invite but doesn't see the repo — why?

A: Two common causes. First, they signed in with a different identity provider account than the email the invite was sent to (e.g., personal Google vs. work Google) — Console treats those as separate users. Solution: revoke the pending/accepted invite and re-invite the exact email of the account they actually sign in with. Second, the repo was connected by someone whose token is now revoked and the GitHub App lost org-wide install permissions — fix by re-running the GitHub authorization from the Connect repository dialog with an admin GitHub account.

Q: Can I delete a repo from the index?

A: Yes. From the repo card on the dashboard, Disconnect. This stops the webhook, marks the gateway's copy as deleted, and frees the slot for your plan's repo_limit count immediately. The repo's chunks are purged from the index on the next gateway maintenance cycle (typically within an hour). Reconnecting the same repo later triggers a fresh full index — there is no soft-delete to restore.

Q: What's the difference between admin and member?

A: Admins manage the tenant: repos, members, billing, and all tokens (including other people's). Members are read-only on the tenant — they can use every connected repo and AI feature, and manage their own developer tokens, but cannot connect/disconnect repos, invite/remove people, or see other members' tokens. See Invite teammates for the full matrix.

Q: Do tokens expire?

A: No — tokens never expire by design. They only stop working if you revoke them or the tenant is suspended. This keeps long-running agents alive but means you are responsible for hygiene: rotate any token that has been pasted into a chat, screenshot, or commit. See Token rules you must know.

Q: A teammate left the company — what do I do?

A: From Members, remove the teammate (this seat frees up immediately). Then from Developer tokens, sort by owner email and Revoke every token they issued. Admins can see and revoke any active token in the tenant — use this offboarding step to ensure their tokens cannot keep querying the gateway from forgotten machines.

Q: How fresh is the index after a push?

A: Tier 3 (the default for all repos via webhook) reindexes the changed files within seconds of the GitHub push event reaching the gateway. The dashboard card flips to indexing and polls at 5s until done. For sub-second freshness on uncommitted work, the CLI's auto-overlay handles working-tree dirty files automatically — see G4 — Indexing Pipeline Deep Dive and G5 — Branches & Overlays.

  • G1 — Coding Agents Setup — once you have a token, here's how to wire it into your IDE / coding agent so it actually calls Prism.
  • G7 — Console AI (Wiki + AI Architect) — the Console's AI features that operate on the repos you connect here.
  • Prism Repo Onboarding Guide — the deep, end-to-end module doc covering the GCP / Cloud Run / GitHub App side of repo onboarding. Read this if you're operating the gateway or debugging a stuck index.
  • G4 — Indexing Pipeline Deep Dive — what happens between "Connect repo" and "complete" — AST chunking, embeddings, PageRank, search.
  • Glossary — definitions for gateway, indexed_at, token, branch overlay, and the other terms used across the guide collection.