Three-Layer Architecture

Workbench / Workspace / Organization — three perspectives, boundaries, and relationships

Think of Evose as three buildings stacked on top of each other. Each layer serves a different audience and does one thing. This structure is what sets Evose apart from "single-purpose AI tools".

End usersUse

Task · Library · Schedule — IM-style hub for every Agent, Workflow, and model

Task
Library
Schedule
Workspace entry

Open Workbench

Boundary in one sentence

Layer 3 decides what exists in the organization · Layer 2 decides how things are assembled inside a workspace · Layer 1 decides what users do with them.

Layer 1 · Workbench (end-user side)

Who it's for: any member of the organization — regular users, business users, cross-department collaborators.

Core action: use. They don't create or configure; they only call AI capabilities that have already been set up.

Four top-level menus:

Menu	Purpose
Task	Main entry · Chat with or trigger any accessible Agent / Chatflow / Workflow / model · IM-style aggregation
Library	Cross-user content space · Share / like / comment / favorite
Schedule	Unified scheduled-trigger entry for all three app types · 6 schedule modes + state machine + run history
Workspace	Jump entry · Switch to Layer 2 to enter the workspace the user manages

→ Deep dive on Workbench

Layer 2 · Workspace (build & govern side)

Who it's for: workspace administrators + app builders — product managers, developers, business operators.

Core action: create + orchestrate + govern. Assemble AI capabilities inside the workspace they own.

Resource category	Capabilities
Apps	Create prompt / orchestrated Agents · Configure tools · Set permissions · Publish to Workbench
Apps	Drag-and-drop Workflow orchestration · Triggers · Version management
Data	Knowledge base (RAG) · Data source (SaaS / database connector)
Capabilities	Tools (MCP / HTTP plugin / EvoTool marketplace) · Skills
Workspace management	Members & permissions · Workspace-level observability · Settings

→ Start building

Layer 3 · Organization Management (system administrators)

Who it's for: organization administrators, IT leads, security leads.

Core action: org-level governance. Manage the global resources, people, models, and security that sit above all workspaces.

8 Module Groups

Group	Modules	Purpose
Org structure	Members & departments · Roles & permissions · Organization info	People management + RBAC role definitions + organization metadata
Model services	Model definition · Model interface platform · Model deployment · Default model configuration	Global model governance: custom models / interface routing / deployment management / global defaults
Tools & skills	System tools · Organization tools · Organization skills · Web search	Org-level Tool / Skill registration + web search provider configuration
API management	API Key	API keys exposed by the organization (for third parties calling the Evose platform API)
Invitations	Invite members · Invite to workspace	Invite organization members + invite to workspaces
Analytics	Observability	Three pillars (Logs / Metrics / Traces) + 4 dimensions (Organization / Workspace / Resource / User)
Security	Keys & credentials · Resource policy	Third-party API credentials (used by Evose to call external services) + resource access policies
Desktop client	Security policy · Security audit	Security configuration for the desktop client + audit logs (supported in both Private and SaaS)

→ Enter Organization Management

Relationships Between the Three Layers

Layer 3 (Org management) configures → models / tools / credentials / roles
        ↓ delivers
Layer 2 (Workspace) uses → assemble Agent / Workflow / Knowledge base in a workspace
        ↓ publishes
Layer 1 (Workbench) uses → end users use the published AI capabilities

Users may have cross-layer identities: a product manager is a builder in Workspace A (Layer 2) and a Workbench user calling other people's Agents (Layer 1). Each layer's permissions are controlled by RBAC + ACL.

SaaS vs Private — Differences at Each Layer

Layer	SaaS	Private
Layer 1 Workbench	Identical	Identical
Layer 2 Workspace	1 organization holds N workspaces	1 organization holds N workspaces
Layer 3 Org management	Multi-tenant, multi-organization · Platform billing (Credits)	1 deployment = 1 organization · No platform billing; customer-configured models

→ Full comparison

Next Steps

Want each layer's specific capabilities → Use / Build / Govern
Want a technical layering view → Core capabilities / Technical architecture