Getting Started · 03
How syncing, sharing, secrets, and access control work across your team.
HQ sync is bidirectional — local changes push to cloud, remote changes pull down. Each company syncs independently. Use /hq-sync in your AI tool, or click Sync in the app bar.
Sync scope: all companies, personal files, knowledge bases, settings. You can scope direction with --direction push / --direction pull (default both).
Run /hq-share [path] to mint an encrypted share link. Links are single-use with a 15-minute expiry. The link opens a browser ACL picker — recipients get access to the shared vault paths (an ACL grant), not a copy.
For a scripted single-recipient grant, use the direct CLI form hq files share <prefix> --with <principal> --permission read|write.
When you and a teammate edit the same file before syncing, HQ creates a .conflict mirror file showing both versions side by side. Run /resolve-conflicts to walk each one — keep local, take cloud, or discard — then sync again. You can also review and delete the mirror file by hand.
Your local version is never silently overwritten. The conflict flow is intentionally explicit so no one's work gets lost.
Conflict Resolution Flow
# After sync with conflict:
companies/acme/knowledge/api-patterns.md
companies/acme/knowledge/api-patterns.md.conflict
# Run /resolve-conflicts: keep local | take cloud | discard
Secrets are per-company encrypted credentials stored in HQ cloud. Declare requirements in .env.schema, add secrets with hq secrets add, and they auto-inject when you run commands via hq run.
No .env files shared across the team. Each secret has company-scoped access control — only team members with the right permissions can read or write.
Secret Lifecycle
Declare → Store → Inject
Schema-driven secret management. Secrets never touch your repo.
HQ isolates each company as a separate tenant. Credentials, policies, knowledge, and workers never cross company boundaries — that's a hard-enforcement rule, not a guideline.
Within a company, access is controlled at the file level via share grants (read or write), and at the secret level via company ACLs. Policies with enforcement: hard are auto-loaded every session and cannot be overridden.
Isolation Model
Acme Corp
· credentials
· policies
· knowledge
· workers
Indigo
· credentials
· policies
· knowledge
· workers
Personal
· credentials
· policies
· knowledge
· workers
No cross-company data leakage. Each tenant is hermetic.
Run /deploy to ship from any session. HQ orchestrates the full flow: build, sensitivity scan, localhost preview, access mode selection, and upload — with guardrails that block oversized or misconfigured deployments.
Choose an access mode: public (no gate), password-protected (24h JWT), or private (email allowlist). Preview locally before anything goes live.
Run /designate-team to mark a company directory as cloud-backed (HQ Pro) and run its sync. That makes its company-scoped resources — knowledge, workers, shared skills — available to members when they sync.
Adding people is a separate flow: /invite creates a pending membership and emails them, they run /accept to join, and /promote changes a member's role.