Ownership & Distribution¶

Understanding how toolkit ownership works is essential for partners planning their distribution strategy. This guide explains the ownership model, the distinction between provenance and governance, and how to leverage both API-based and file-based distribution channels.

Format Reference

For details on the toolkit structure (provenance wrapper, manifest schema, entity referencing), see Manifest Format.

Ownership Types¶

Toolkit ownership has two dimensions: provenance (who authored it) and governance (who controls the installed copy).

Provenance (Manifest Header)¶

The ownership_type field in a manifest declares who authored/distributed the toolkit:

Type	Description	When to Use
`SYSTEM`	Contio platform toolkit	Reserved for Contio-authored toolkits
`PARTNER`	Formal Contio partner	Partners under a TOS agreement
`PUBLIC`	Independent/community distribution	Third-party authors, open source, marketplaces (default)

Optional Field

The ownership_type field is optional in manifests. If omitted, it defaults to PUBLIC, making it easy for community authors to create toolkits without declaring a formal relationship.

Governance (Installed Toolkit)¶

When a toolkit is installed, its governance determines who can modify or delete it:

Type	Description	Created By	Modifiable By
`SYSTEM`	Platform-provided seed data	Contio (migrations/admin tools)	Contio only
`PARTNER`	Owned by a partner application	Partner Admin API	Partner app only
`WORKSPACE`	Owned by a specific workspace	Manifest file import	Workspace admins

The Governance Principle¶

The installed ownership_type answers: "Who controls this toolkit?"

SYSTEM toolkits are read-only for everyone except Contio staff
PARTNER toolkits can only be modified through the Partner Admin API using your API key
WORKSPACE toolkits can be modified by workspace administrators

Provenance vs. Governance¶

A common point of confusion is the difference between the ownership_type field in a manifest file and the ownership_type of an installed toolkit. These serve different purposes:

Concept	Where It Lives	What It Answers
Provenance	Manifest header (`ownership_type`)	"Who authored/distributed this manifest?"
Governance	Installed toolkit record	"Who can modify this installed copy?"

Why This Distinction Matters¶

When a manifest is imported via the file import endpoint (POST /api/toolkits/import), the manifest provenance is not transferred to governance. Instead:

The manifest header declares provenance (e.g., "PARTNER" or "PUBLIC")
The import endpoint creates a WORKSPACE-governed toolkit
The workspace admin now owns and can customize the imported copy

This separation enables powerful distribution patterns where authors can share their toolkits externally while customers retain full control over their imported copies.

Examples of Provenance vs. Governance¶

Manifest `ownership_type`	Installation Channel	Resulting Governance
`PARTNER`	Partner Admin API	`PARTNER`
`PARTNER`	File import	`WORKSPACE`
`PUBLIC`	File import	`WORKSPACE`
`PUBLIC`	N/A (direct download)	`WORKSPACE` (on import)
`SYSTEM`	Contio migration	`SYSTEM`

Two Distribution Channels¶

Partners have two complementary ways to distribute toolkits:

Channel 1: Partner Admin API (Direct Installation)¶

The standard approach for integrated partner applications:

Partner App ──▶ POST /v1/partner/admin/toolkits ──▶ PARTNER-owned toolkit
                         │
                         ▼
              POST /v1/partner/user/toolkits/{id}/install
                         │
                         ▼
              Workspace receives PARTNER toolkit (partner controls)

Characteristics: - Toolkit remains PARTNER-owned after installation - Only your application can modify the toolkit content - Upgrades are pushed automatically when you update the toolkit - Best for: SaaS integrations, managed deployments, premium features

Channel 2: External File Distribution (Marketplace Model)¶

Export your toolkit as a standalone JSON file for external distribution:

Partner App ──▶ GET /v1/partner/admin/toolkits/{id}/export ──▶ JSON file
                                                                   │
                         ┌─────────────────────────────────────────┘
                         ▼
              Customer downloads from marketplace / website / purchase
                         │
                         ▼
              POST /api/toolkits/import (workspace admin)
                         │
                         ▼
              Workspace receives WORKSPACE-owned toolkit (customer controls)

Characteristics: - Exported file includes full manifest with provenance header ("ownership_type": "PARTNER", "PUBLIC", etc.) - When customer imports, they receive a WORKSPACE-governed copy - Customer can customize, extend, or modify the imported toolkit - Your original PARTNER toolkit (if any) remains unchanged - Best for: Marketplace sales, downloadable templates, one-time purchases

Distribution Strategy Examples¶

Example 1: Freemium Model¶

Offer a free toolkit via file download, premium features via API:

┌──────────────────────────────────────────────────────────────-───┐
│                     Partner Distribution                         │
├────────────────────────────────────────────────────────────-─────┤
│                                                                  │
│  FREE TIER (File Distribution)                                   │
│  ─────────────────────────────                                   │
│  • Export "essentials" toolkit as JSON                           │
│  • Host on website / GitHub / marketplace                        │
│  • Customer imports → WORKSPACE-owned                            │
│  • Customer can customize freely                                 │
│                                                                  │
│  PREMIUM TIER (API Distribution)                                 │
│  ──────────────────────────────                                  │
│  • Full toolkit installed via Partner API                        │
│  • Remains PARTNER-owned                                         │
│  • Automatic updates when you publish new versions               │
│  • Premium features only available through your app              │
│                                                                  │
└─────────────────────────────────────────────────────────-────────┘

Example 2: Marketplace with Customization¶

Sell toolkits on a marketplace where customers can modify after purchase:

Create the toolkit via Partner Admin API
Export the manifest to a JSON file
List on marketplace (your website, partner portal, etc.)
Customer purchases and downloads the JSON file
Customer imports via their workspace admin panel
Customer owns the copy and can customize for their organization

This model works well for: - Industry-specific meeting templates - Compliance-focused workflows - Vertical solutions (legal, healthcare, finance)

Example 3: Hybrid Managed + Self-Service¶

Some customers want managed updates; others want full control:

Customer Preference	Distribution Method	Ownership
"Keep me updated automatically"	Partner API install	`PARTNER`
"I want to customize it myself"	File export + import	`WORKSPACE`

Slug Collision Protection¶

Slugs are unique identifiers for toolkits within a scope. Contio enforces protection rules to prevent accidental overwrites:

Protection Rules¶

Existing Toolkit	Import Attempt	Result
None	Any slug	✅ Creates new `WORKSPACE` toolkit
`WORKSPACE`-owned	Same slug	✅ Upgrades existing toolkit
`PARTNER`-owned	Same slug	❌ Blocked (403 Forbidden)
`SYSTEM`-owned	Same slug	❌ Blocked (403 Forbidden)

Why This Matters¶

If you've installed your toolkit via the Partner Admin API (creating a PARTNER-owned toolkit), your customers cannot accidentally overwrite it by importing a file with the same slug. This protects your managed installations from being replaced.

Scenario: You install "acme-sales-toolkit" via API. Later, someone shares an old exported version of the same toolkit. If a workspace admin tries to import it:

POST /api/toolkits/import
{
  "name": "Acme Sales Toolkit",
  "slug": "acme-sales-toolkit",  // Same slug as existing PARTNER toolkit
  ...
}

Response: 403 Forbidden
"cannot import over PARTNER toolkit \"acme-sales-toolkit\""

Recommended Slug Naming¶

To avoid conflicts and clearly identify your toolkits:

{partner-prefix}-{toolkit-name}[-{variant}]

Examples:
  acme-sales-discovery
  acme-sales-discovery-lite     (free version)
  acme-sales-discovery-pro      (premium version)
  acme-sales-discovery-custom   (customer-modified version)

Exporting Toolkits for Distribution¶

Single Toolkit Export¶

GET /v1/partner/admin/toolkits/{toolkitId}/export
Authorization: X-API-Key your-api-key

Response:

{
  "name": "Acme Sales Discovery",
  "slug": "acme-sales-discovery",
  "version": "2.1.0",
  "ownership_type": "PARTNER",
  "manifest": {
    "schema_version": "1",
    "toolkit_prompt": "You are a sales discovery assistant...",
    "templates": [...],
    "next_steps": [...],
    "action_buttons": [...],
    "shortcuts": []
  }
}

Bulk Export¶

Export multiple toolkits in a single request:

POST /v1/partner/admin/toolkits/export
Authorization: X-API-Key your-api-key
Content-Type: application/json

{
  "toolkit_ids": ["tk_abc123", "tk_def456"]
}

What's Included in Exports¶

Included	Not Included
Full manifest with all entities	Installation records
Entity relationships (`$ref`/`$id`)	Workspace-specific customizations
AI prompts and configurations	Usage analytics
Version information	Entity database IDs

Customer Import Experience¶

When a workspace admin imports your exported toolkit, they use the internal import endpoint:

POST /api/toolkits/import
Authorization: Bearer {workspace-admin-token}
Content-Type: application/json

{
  "name": "Acme Sales Discovery",
  "slug": "acme-sales-discovery-imported",  // Often modified to avoid conflicts
  "version": "2.1.0",
  "ownership_type": "PARTNER",              // Preserved from your export
  "manifest": {
    "schema_version": "1",
    ...
  }
}

What happens:

The import endpoint validates the manifest structure
All entities are created with ownership_type = WORKSPACE
The toolkit itself is created with ownership_type = WORKSPACE
The customer now fully owns and controls the imported copy
Your original PARTNER toolkit (if it exists) is unaffected

Version Management Across Channels¶

API-Distributed Toolkits (PARTNER-owned)¶

When you update a PARTNER toolkit, installed workspaces can receive updates:

// Update your toolkit
await sdk.admin.updateToolkit(toolkitId, {
  version: '2.2.0',
  manifest: updatedManifest
});

// Workspaces with the toolkit installed can pull updates
// (implementation depends on your upgrade strategy)

File-Distributed Toolkits (WORKSPACE-owned)¶

Customers who imported via file do not receive automatic updates. To update them:

Publish a new version on your distribution channel
Notify customers of the update
Customer re-imports (may need to use a new slug or delete old version first)

Consider including version information in your distribution:

acme-sales-discovery-v2.1.0.json
acme-sales-discovery-v2.2.0.json

Best Practices¶

For API Distribution¶

✅ Use consistent slugs across all customer installations
✅ Version your toolkits semantically (major.minor.patch)
✅ Document breaking changes between versions
✅ Provide upgrade paths for customers on older versions

For File Distribution¶

✅ Include version in filename: toolkit-name-v1.2.0.json
✅ Provide a changelog alongside your toolkit files
✅ Consider offering both "stable" and "latest" downloads
✅ Document any manual steps required after import
✅ Use distinct slugs for free vs. premium variants

For Hybrid Distribution¶

✅ Use slug suffixes to distinguish variants: -lite, -pro, -custom
✅ Clearly communicate which version a customer has
✅ Provide migration paths from file-distributed to API-managed

Licensing¶

When distributing toolkits externally, it's important to declare the terms under which recipients can use the content. The license field in the manifest header provides a machine-readable declaration of usage rights.

SPDX License Identifiers¶

Contio uses SPDX license identifiers — the industry standard for machine-readable license declarations. These are the same identifiers used by npm, GitHub, and other major package ecosystems.

Pattern	Example	Use Case
Standard License	`"MIT"`, `"Apache-2.0"`	Open source, well-known licenses
Creative Commons	`"CC-BY-4.0"`, `"CC-BY-NC-4.0"`	Content licenses (good for templates)
License Expression	`"(MIT OR Apache-2.0)"`	Dual-licensed content
Custom Reference	`"LicenseRef-AcmePartner"`	Custom/proprietary licenses
No License Granted	`"UNLICENSED"`	Proprietary, all rights reserved

Manifest License Fields¶

Two fields are available in the manifest header:

{
  "name": "Acme Sales Discovery",
  "slug": "acme-sales-discovery",
  "version": "2.1.0",
  "ownership_type": "PARTNER",
  "license": "LicenseRef-AcmePartner",
  "license_url": "https://acme.com/toolkit-license",
  "manifest": {
    "schema_version": "1",
    ...
  }
}

Field	Required	Description
`license`	No	SPDX identifier or expression declaring usage terms
`license_url`	No	URL to full license text (recommended for custom licenses)

Choosing a License¶

For Free/Open Toolkits:

License	Allows	Requires
`MIT`	Commercial use, modification, distribution	Attribution
`Apache-2.0`	Commercial use, modification, distribution	Attribution, state changes
`CC-BY-4.0`	Commercial use, adaptation, distribution	Attribution
`CC-BY-NC-4.0`	Non-commercial use, adaptation	Attribution

For Commercial/Proprietary Toolkits:

Use LicenseRef-{YourCompany} with a license_url pointing to your terms:

{
  "license": "LicenseRef-AcmePartner",
  "license_url": "https://acme.com/partner-toolkit-terms"
}

For All-Rights-Reserved Content:

{
  "license": "UNLICENSED"
}

License in Exports¶

When you export a toolkit, the license fields are included in both the metadata and the manifest:

{
  "metadata": {
    "name": "Acme Sales Discovery",
    "slug": "acme-sales-discovery",
    "version": "2.1.0",
    "license": "LicenseRef-AcmePartner",
    "license_url": "https://acme.com/toolkit-license"
  },
  "manifest": {
    "schema_version": "1",
    "license": "LicenseRef-AcmePartner",
    "license_url": "https://acme.com/toolkit-license",
    ...
  }
}

This ensures the license declaration travels with the toolkit through both API responses and file-based distribution.

Licensing Best Practices¶

For API Distribution (PARTNER-owned):

✅ License is informational — your app controls access
✅ Consider UNLICENSED or a custom LicenseRef-* for SaaS-delivered content
✅ Terms are typically covered by your partner agreement

For File Distribution (Marketplace):

✅ Always include a license — customers need to know their rights
✅ Use license_url to link to full terms
✅ Consider CC-BY-4.0 for freely-shareable templates
✅ Use LicenseRef-* with clear terms for commercial products

For Hybrid Distribution:

Variant	Suggested License	Notes
Free tier (file)	`CC-BY-4.0` or `MIT`	Encourages adoption
Premium tier (API)	`LicenseRef-YourCo`	Your terms govern
Customer-modified	—	Customer's choice once WORKSPACE-owned

What License Protects¶

The license field declares terms for the intellectual property in your toolkit:

✅ AI prompts and persona instructions
✅ Meeting template structures and guidance
✅ Workflow configurations
✅ Action button logic and messaging

It does not grant or restrict:

❌ API access (controlled by authentication)
❌ Installation rights (controlled by ownership_type)
❌ Modification rights (controlled by governance, not license)

Example: Marketplace Distribution with License¶

{
  "name": "Legal Discovery Toolkit",
  "slug": "acme-legal-discovery",
  "version": "1.0.0",
  "ownership_type": "PARTNER",
  "license": "LicenseRef-AcmeLegal",
  "license_url": "https://acme.com/legal-toolkit-license",
  "manifest": {
    "schema_version": "1",
    "license": "LicenseRef-AcmeLegal",
    "license_url": "https://acme.com/legal-toolkit-license",
    "toolkit_prompt": "You are a legal discovery assistant...",
    "templates": [...]
  }
}

When a customer imports this toolkit: 1. They receive a WORKSPACE-owned copy (can customize) 2. The license declaration is preserved (usage terms still apply) 3. Attribution requirements (if any) remain in effect

Export Controls¶

Export functionality is governed by provenance to protect platform IP and contractual partner content. The rules are based on the toolkit's ownership_type:

Export Eligibility by Provenance¶

Provenance	Exportable?	Rationale
`SYSTEM`	❌ No	Platform IP — Contio controls distribution of built-in toolkits
`PARTNER`	❌ No	Contractual IP — protected under partner agreement
`PUBLIC`	✅ Yes	Community content — intended for open distribution
`WORKSPACE` (assembled)	✅ Yes	User-created content — they control it

Why Restrict SYSTEM and PARTNER Exports?¶

SYSTEM toolkits are Contio's intellectual property:

Built-in templates, AI prompts, and workflows developed by Contio
Distributed exclusively through the platform
Export would allow unauthorized redistribution

PARTNER toolkits are protected content:

Partners have formal agreements with Contio
Content may be licensed exclusively for in-platform use
Export restrictions honor contractual terms between Contio and partners

Allowed Exports¶

PUBLIC toolkits can be exported because:

Authors intend for open distribution (marketplaces, GitHub, etc.)
No contractual restrictions on redistribution
The PUBLIC provenance signals community/open availability

WORKSPACE-assembled toolkits can be exported because:

Users created or customized the content themselves
They have full ownership and control
Exporting their own work is a natural expectation

Export Behavior in the API¶

When a toolkit is not exportable, the export endpoints return a 403 Forbidden response:

GET /v1/partner/admin/toolkits/{toolkitId}/export

{
  "error": "cannot export SYSTEM toolkit",
  "code": "export_restricted"
}

Practical Implications¶

Scenario	Export Allowed?
Export a Contio-provided meeting template	❌ No (`SYSTEM`)
Export a partner's premium toolkit	❌ No (`PARTNER`)
Export a community toolkit from a marketplace	✅ Yes (`PUBLIC`)
Export a toolkit you built from scratch	✅ Yes (`WORKSPACE`)
Export a toolkit you imported and customized	✅ Yes (`WORKSPACE`)

Importing Exported Content¶

When a user imports an exported toolkit (a PUBLIC or WORKSPACE export), the imported copy becomes WORKSPACE-governed:

The imported toolkit is owned by the importing workspace
Workspace admins can modify, extend, or delete it
The original provenance (PUBLIC) is preserved in metadata for attribution

This ensures that: - Open-source attribution is maintained - Users retain full control over imported content - The original author's distribution intent is honored

Summary¶

Question	Answer
What does `ownership_type` in a manifest mean?	Declares provenance (who authored it), not governance
What is the default `ownership_type`?	`PUBLIC` — for community/third-party toolkits
When should I use `PARTNER`?	When you have a formal agreement with Contio
What governance do API-installed toolkits have?	`PARTNER` — only your app can modify
What governance do file-imported toolkits have?	`WORKSPACE` — customer controls
Can customers import over my PARTNER toolkit?	No — slug collision protection blocks it
Can I distribute via both channels?	Yes — they're complementary strategies
Can `PUBLIC` toolkits be proprietary?	Yes — `ownership_type` (distribution) is orthogonal to `license` (usage rights)