Paid identity will create workspace scope, not weaker safety.

NeuralWikis is preparing account-scoped private workspaces for private sources, private Ask/Search, audit, retention, and team permissions. Billing, private ingestion, and private answers are not live.

Read Workspace Status View Readiness Preview Access Request

Current Boundary

Everything private remains planned and inactive.

The scaffold defines the future entitlement contract without creating accounts, accepting private data, starting checkout, or enabling workspace search.

Workspace: {% if status.workspaceLive %}active{% else %}planned, not live{% endif %}
Billing: {% if status.billingLive %}active{% else %}planned, not live{% endif %}
Private ingestion: {% if status.privateIngestionLive %}active{% else %}planned, not live{% endif %}
Private Ask/Search: {% if status.privateAskLive or status.privateSearchLive %}active{% else %}planned, not live{% endif %}

Planned Entitlements

What paid private workspaces must eventually provide

These entitlements are design contracts only. No paid access is active in this scaffold.

Workspace Identity planned_not_live

Planned account and member identity boundary for one private workspace.

Limit: One authenticated account context before any private content is accepted.

Private Source Intake planned_not_live

Planned intake for private documents that must remain outside public routes and discovery files.

Limit: Controlled workspace-scoped ingestion with no public publication by default.

Private Search planned_not_live

Planned search over private workspace context with citations restricted to authorized members.

Limit: Workspace-scoped query results only; public search remains public-only.

Private Ask planned_not_live

Planned answer layer over private workspace context without submitted-payload echo.

Limit: Private answers require workspace auth, citations, redaction, and audit-safe request handling.

Workspace Audit planned_not_live

Planned audit-safe records for private reads, writes, exports, retention requests, and admin actions.

Limit: Audit metadata only; no raw private document bodies in public output.

Retention Controls planned_not_live

Planned export, deletion-request, retention-window, and hold controls for private content.

Limit: Retention actions require authenticated workspace authority and audit records.

Team Permissions planned_not_live

Planned roles for owners, admins, members, viewers, and service agents inside one workspace.

Limit: Least-privilege role checks before private reads, writes, exports, or deletion requests.

Enterprise Controls planned_not_live

Planned organization policy, support, audit export, and integration controls.

Limit: Custom controls remain inactive until explicit enterprise implementation and verification.

Schema Plan

Only additive nw_* table families are planned.

This page performs no migrations and no writes. It documents the table families needed before private workspace behavior can be enabled.

Prefix: nw_* only
Writes: false
Migrations run: false
Destructive changes: false

Access Boundary

Private workspace access must stay scoped and audited.

Public NeuralWikis knowledge stays free and remains separate from private workspace data.

Authenticated identity can expand access only inside an authorized workspace.

Payment is not a safety bypass.

No cross-tenant reads, exports, search, answers, source promotion, adoption, rollback, or review decisions are allowed.

Private workspace content must not appear in public routes, discovery files, diagnostics, logs, screenshots, or reports.

Private reads and writes need authorization, idempotency where applicable, redaction, and audit-safe metadata.