Human User Guide

Using your publishwith.ai account

Everything you need to know as a team member — accessing artifacts your AI agents publish, managing share links, and controlling who sees what.

1. What is publishwith.ai?

publishwith.ai is a secure publishing workspace for AI-generated reports, dashboards, and business artifacts. When you ask Claude, Codex, ChatGPT, or another AI assistant to create a report or dashboard, it can publish the result directly to publishwith.ai with authentication, access control, versions, audit logs, and revocable sharing built in.

Every published artifact gets:

2. Create an account

  1. Go to publishwith.ai/register and enter your email and a password. You can also sign in with Google, GitHub, or Microsoft.
  2. Check your email for a verification link and click it.
  3. You now have a free account with a personal tenant. Your artifacts are at publishwith.ai/a/{name}/.
ℹ️
The Free plan is fully self-serve and requires no credit card. See current plans and limits.

3. Connect your AI agent

Once you have an account, go to Connect. Use OAuth where your AI client supports it. For ChatGPT Actions or clients without OAuth, create a personal API key and give it to that client once — it never needs to see it again.

Claude (Desktop or Code)

Paste this into Claude's chat or run it in your terminal:

claude mcp add publishwithai --transport http "https://publishwith.ai/mcp" \
  -- --header "Authorization: Bearer YOUR_API_KEY"

Claude will now be able to publish governed artifacts on your behalf. Just ask: "Create a dashboard showing this data and publish it."

4. Viewing and managing artifacts

All reports, dashboards, and artifacts published by your AI agents appear in your Dashboard. From there you can:

Expiry (TTL) and auto-offline

You can give any artifact a time-to-live. The tenant artifacts table shows a status badge and an Expires column, and you set or remove the TTL inline from there (or ask your AI agent). When the TTL elapses, the artifact automatically goes offline: public visitors and share links hit an offline page, while you and your AI agent keep full access to edit or republish it. Setting the TTL to zero removes it; the maximum is 365 days.

💡
Published artifacts support HTML, Markdown, CSS, JavaScript, JSON, and images. Markdown files (.md) are rendered automatically to styled HTML — useful for reports and documentation.

Live Python reports (Team and Enterprise)

On Team and Enterprise plans, your AI can publish live reports powered by sandboxed Python: code that queries the artifact's database, calls approved external APIs, and renders fresh output on demand or on a schedule.

Because this runs code, it is off by default. A tenant admin turns it on in Settings → Security → Python reports. After that:

A typical flow looks like this:

  1. You ask your AI: "Build a weekly sales report from our orders data and refresh it every morning."
  2. The AI writes the report, checks it, and publishes it. You get a link to a live page.
  3. The page refreshes on the schedule you asked for, so the numbers stay current without anyone re-running anything by hand.
  4. For a report that pulls from an outside system (a CRM, a billing API), a tenant admin first adds that connection and its credentials in Settings → Connections, then grants it to the right group. The AI references the connection by name. Nobody but the platform ever sees the credential.
  5. Share the result like any other artifact: "Share this report with our client, restricted access."

5. Sharing and access

Control who can see an artifact with visibility (broad) and grants (named, per-person).

Visibility

SettingWho can viewUse case
Private (default)Owner and named grants onlyInternal drafts, sensitive reports
TenantAny member of your tenantTeam-wide dashboards
PublicAnyone — no login requiredMarketing pages, public reports

Ask your AI: "Make this report public" or "Restrict this to our tenant only."

External links (named grants)

To share with someone outside your team, grant them access by email. They receive a personal token link — only they can use it.

How external sharing works

sequenceDiagram
    participant User as You (via AI)
    participant AI as AI Agent
    participant MCP as publishwith.ai
    participant Bob as bob@acme.com

    User->>AI: Share the Q3 report with bob@acme.com
    AI->>MCP: share_with(artifact_id, principal={type:external_email, value:bob@acme.com})
    MCP->>Bob: Email with personal link /p/{token}
    MCP->>AI: {result_code:created, share_url:/p/{token}}
    AI->>User: Done — Bob got an email with his personal link

    Note over Bob,MCP: Bob clicks the link
    Bob->>MCP: GET /p/{token}
    MCP-->>Bob: Redirect to login (first visit)
    Bob->>MCP: Logs in or registers free
    MCP->>MCP: Email matches grant ✓
    MCP->>Bob: Report content
      

What if someone else gets the link?

sequenceDiagram
    participant Eve as Other person
    participant MCP as publishwith.ai

    Note over Eve: Eve obtained the link (forwarded, leaked, etc.)
    Eve->>MCP: Clicks the link (logged in as eve@other.com)
    MCP->>MCP: Email mismatch — access denied
    MCP->>Eve: 403 Access denied
      

The error message is generic — it does not reveal who the intended recipient is.

Audiences (reusable recipient groups)

If you regularly share with the same people, save them as an audience: a named set of external contacts. Sharing an artifact with an audience fans out one restricted link per contact, so everyone gets their own private link in a single step. Manage audiences under Admin → Audiences, or ask your AI agent: "Create an audience called Board with alice@acme.com and bob@acme.com," then "Share this report with the Board audience."

6. Inviting team members

On Team and Enterprise plans, you can invite colleagues to your tenant. Go to Dashboard → Team and enter their email. They receive an invitation email with a link to set up their account.

Team members can:

7. Single sign-on (SSO)

Let your team sign in with your corporate identity provider instead of a separate password. SSO is self-service for tenant admins: Team plans support one provider, Enterprise plans support unlimited providers (multi-IdP federation). Free plans do not include SSO.

Set it up under Admin → Auth providers. Pick a preset (Entra ID, Okta, Google) to prefill the form, which shows the exact callback URL to register in your IdP and walks you through the OIDC or SAML fields. You can edit a provider later (the client secret is kept if you leave it blank) and use Test login to verify it. For step-by-step instructions, provider notes (Google, Entra ID, Okta, Keycloak), group-to-role mapping, and troubleshooting, see the SSO setup guide.

Once configured, your team signs in at your branded workspace page publishwith.ai/t/<your-slug>/login (share this link), or from the main login page by choosing Sign in with SSO and entering your workspace slug.

When a tenant admin first signs in through SSO, publishwith.ai automatically claims your email domain for your workspace. After that, anyone who registers with an address on that domain is routed into your workspace instead of creating a separate account, and the login page can point them straight to your SSO. You can also verify a domain manually under Admin → Domains with a DNS TXT record.

8. Database and data

Each data-backed artifact has its own isolated SQLite database. You can query it directly from the dashboard under Artifact → Database, or ask your AI agent to run queries for you.

9. Plans and billing

Three plans: Free, Team, and Enterprise. For current per-plan limits (users, artifacts, database storage, share links, SSO providers, CDN controls) see the pricing page — it is the single source of truth.

Upgrade or cancel anytime from Dashboard → Billing. No lock-in.

10. Getting help