Environments support collaborative access through role-based membership. The tusky.environment module includes methods to add, list, update, and remove members from any environment you own or manage.
Roles
Tusky uses three roles with escalating permissions:
| Role | Permissions |
|---|
| Viewer | Download and view files. Cannot upload, delete, or manage members. |
| Manager | Everything a Viewer can do, plus upload and delete files, invite or remove Viewers. |
| Owner | Full control — upload, delete, manage all members, modify environment settings. Each environment has exactly one owner (the creator). |
Add a Member
Invite a user by their Sui wallet address:
const member = await tusky.environment.addMember("env_abc123", {
address: "0x1a2b3c...user_wallet_address",
role: "manager",
});
console.log("Added member:", member.id);
console.log("Role:", member.role);
For encrypted environments, adding a member updates the on-chain Seal policy to include the new wallet. The member can decrypt environment content using their wallet — no encryption keys are ever transmitted. List Members
Retrieve all members of an environment:
const members = await tusky.environment.members("env_abc123");
for (const member of members) {
console.log(`${member.address} — ${member.role}`);
}
Member Object
| Field | Type | Description |
|---|
id | string | Unique member ID. |
address | string | Sui wallet address of the member. |
role | string | One of viewer, manager, or owner. |
createdAt | string | ISO 8601 timestamp of when the member was added. |
Update a Member’s Role
Change a member’s role:
const updated = await tusky.environment.updateMember("member_def456", "manager");
console.log("Updated role:", updated.role);
Promoting a member to manager grants them the ability to upload, delete, and manage Viewers. Only the environment owner can promote members.
Remove a Member
Revoke a member’s access to the environment:
await tusky.environment.removeMember("member_def456");
console.log("Member removed");
Removing a member from an encrypted environment revokes their decryption capability. They will no longer be able to decrypt any files in the environment, even if they previously downloaded encrypted content.
Complete Example
import { Tusky } from "@tusky-io/ts-sdk";
const tusky = new Tusky({ apiKey: process.env.TUSKY_API_KEY });
const environmentId = "env_abc123";
// Add a manager
const member = await tusky.environment.addMember(environmentId, {
address: "0xAliceWalletAddress",
role: "manager",
});
// List all members
const members = await tusky.environment.members(environmentId);
console.log("Environment members:");
for (const m of members) {
console.log(` ${m.address} [${m.role}]`);
}
// Downgrade to viewer
await tusky.environment.updateMember(member.id, "viewer");
// Remove the member
await tusky.environment.removeMember(member.id);
console.log("Member removed from environment");
What’s Next
