Assist is a platform where teams can build, host, and deploy internal AI software and agents in one place — giving companies a safe, controlled environment to standardize workflows and improve operations.

What are sandcastles?

Sandcastles are purpose-built internal apps created by non-technical teams on the Assist platform. They allow employees to build custom tools and workflows without engineering resources.

How much does Assist cost?

Assist uses pay-as-you-go pricing: provider costs + 5%, $0.17 per 1k tool calls, with no seat fees. Enterprise custom pricing is also available.

Do we need engineers to use Assist?

No. Assist is designed for non-technical teams to build and deploy AI tools. Engineers can use it too, but it doesn't require engineering resources to get started.

Managing Groups

Groups let you grant permissions to many people at once. Instead of giving each person on the procurement team individual access to the Vendor Scorecard sandcastle, you create a "Procurement" group, add the team members, and grant the group access. When someone joins or leaves the team, you update the group — every resource permission follows automatically.

Before you begin

You need to be a workspace admin to create, edit, or delete groups.

Creating a group

Go to Workspace > Permissions and select the Groups tab.
Click Create Group.
Enter a name and an optional description. The name should reflect the team or role: "Finance", "Procurement", "Engineering", "Operations Leads".
Save.

Adding members to a group

On the Groups tab, find the group and expand it.
Click Add Member.
Select the user from the workspace member list.
The user immediately inherits every permission the group holds.

Removing members from a group

Expand the group.
Click the remove icon next to the member.
The user immediately loses every permission they held through this group membership (unless they also have the same access through a different path — direct grant or another group).

Granting resource permissions to a group

Switch to the Resources tab.
Find the resource (subagent, sandcastle, tool, etc.).
Click Grant Access.
Select the group (not an individual user) and choose the permission level (View, Execute, Edit, or Admin).
Every member of the group now has that level of access.

You can also grant from the Groups tab: expand the group, click Add Permission, select the resource type and resource, and choose the level.

Deleting a group

Deleting a group removes all its permission grants and member associations. Members lose any access they held through this group (unless they have access through another path). This is not reversible — recreating a group with the same name does not restore the permissions.

Tips

Mirror your org chart. One group per team is the most maintainable pattern. When someone changes teams, move them between groups.
Use groups for resource classes. If every sandcastle should be accessible to the ops team, grant the Ops group Execute on each sandcastle as you create it. It becomes a one-step process.
Audit quarterly. Groups grow stale. Once a quarter, review membership and remove people who have moved on.