Team Collaboration¶

Manages multi-pentester engagements by assigning testers to specific skills and detecting conflicts when two people are assigned the same test scope.

How it works¶

An admin creates an engagement and assigns pentesters to it
Each assignment specifies which skills (test scopes) that pentester is responsible for
The system prevents assigning the same skill to two different pentesters on the same engagement
Pentesters update their assignment status as they progress (assigned -> in_progress -> completed)

Assignment model¶

Each assignment contains:

Field	Description
`user_id`	The pentester's user ID
`engagement_ref`	Which engagement this is for
`assigned_skills`	List of skills (e.g. `["test-injection", "test-auth", "test-ssrf"]`)
`status`	`assigned`, `in_progress`, or `completed`
`notes`	Free-text notes (scope clarifications, blockers, ...)

Conflict detection¶

When creating or updating an assignment, the system checks for skill conflicts: if skill test-injection is already assigned to User A on engagement acme-2026, assigning it to User B on the same engagement returns a 409 Conflict:

{
  "detail": "Skill 'test-injection' already assigned to user 3"
}

This prevents duplicate work and ensures clear ownership.

API endpoints¶

List assignments for engagement¶

GET /api/v1/assignments/engagements/{engagement_ref}

Create assignment¶

POST /api/v1/assignments

{
  "user_id": 5,
  "engagement_ref": "acme-2026-q1",
  "assigned_skills": ["test-injection", "test-auth", "test-ssrf"],
  "notes": "Focus on the new API endpoints discovered in Phase 2"
}

Returns 409 if the user is already assigned to the engagement, or if any of the skills conflict with another user's assignment.

Update assignment¶

PUT /api/v1/assignments/{assignment_id}

{
  "status": "in_progress",
  "notes": "Started injection testing, found SQLi on /api/search"
}

Delete assignment¶

DELETE /api/v1/assignments/{assignment_id}

List all assignments for a user¶

GET /api/v1/assignments/users/{user_id}

Returns all engagements a pentester is assigned to, across all active engagements.

Assignment response¶

{
  "id": 12,
  "user_id": 5,
  "username": "mario.rossi",
  "engagement_ref": "acme-2026-q1",
  "assigned_skills": ["test-injection", "test-auth", "test-ssrf"],
  "status": "in_progress",
  "notes": "Started injection testing, found SQLi on /api/search",
  "created_at": "2026-03-01T09:00:00Z",
  "updated_at": "2026-03-15T14:30:00Z"
}

CLI equivalent¶

The /coordinate skill provides team workload rebalancing suggestions from the command line.

Connections to other features¶

Cost & ROI: the Cost & ROI feature uses assignment data to calculate per-pentester efficiency metrics (findings per tester, cost per skill)
Webhooks: assignment status changes can be monitored by subscribing to phase_changed events via Webhooks