Mythos

Shared Libraries allows a πŸ“MythOS user to grant another user access to manage their library via πŸ“MythOS MCP or API key. This enables agentic workflows where one account's tools can read, create, and update memos in another account's library.

How It Works

Requesting Access

  • Navigate to Settings β†’ Libraries
  • Enter the library owner's email address in the request field
  • Click Request Access β€” this creates a pending grant
  • The library owner receives an email notification (via Resend) and an in-app notification

Approving / Denying

  • The library owner sees incoming requests under Incoming Requests on their Settings β†’ Libraries page
  • They can Approve (grants access immediately) or Deny (deletes the request)
  • Once approved, the requester's Libraries list shows the library with an "Approved" badge

Using a Shared Library

Once approved, the grantee can target the shared library in any MCP tool call or API request by passing the library parameter with the owner's username:

library: "targetUsername"

All standard operations work cross-library: read_memo, search_memos, create_memo, update_memo, chat_with_library, etc.

Revoking Access

  • The grantee can remove their own access from Settings β†’ Libraries via the "Remove" button
  • Library owners can deny pending requests but cannot revoke approved grants from the UI (requires manual DB removal for now)

Technical Details

Data Model

Grants are stored in the library_grants MongoDB collection:

  • granteeUid β€” the user requesting access
  • libraryUsername β€” the library owner's username
  • status β€” "pending" or "approved"
  • requestedBy, approvedBy β€” UIDs for audit trail
  • grantedAt, createdAt β€” timestamps

Unique index on (granteeUid, libraryUsername) prevents duplicate requests.

Authorization

The internal API guard (internal-api-guard.ts) checks for an approved library_grants document at request time. No caching β€” access is immediate upon approval.

Privacy

Invitations require the library owner's email address, not their username. Since usernames are public, this prevents unsolicited access requests from strangers.

Notifications

  • Email: Sent via Resend using the library-request.tsx React Email template
  • In-app: Created via createNotification() with type library_request

Key Files

  • src/app/api/settings/libraries/route.ts β€” GET, POST, PATCH, DELETE handlers
  • src/app/settings/libraries/page.tsx β€” frontend settings page
  • src/emails/library-request.tsx β€” email notification template
  • src/lib/services/email.service.ts β€” sendLibraryRequestEmail()
  • src/types/community.ts β€” NotificationType includes library_request

Contexts

Created with πŸ’œ by One Inc | Copyright 2026