User Management

Pinchy uses an invite-only system for user onboarding. Admins create invite links, new users claim them by setting up their account, and then they are guided through an onboarding conversation with Smithers. This guide covers the full lifecycle: inviting, onboarding, managing, and deactivating users.

Prerequisites

Pinchy is running (see Quick Start)
You are logged in as an admin

Inviting users

User management showing active users and pending invites

Only admins can invite new users. Here is how:

Go to Settings → Users.
Click the Invite User button in the top right.
Fill out the invite form:
- Email (optional) — Pre-fills the email for the new user’s account. If left empty, the invite link can be used by anyone.
- Role — Choose Member or Admin.
- Groups (enterprise only) — If you have an active enterprise license and have created groups, you can assign the new user to one or more groups during invitation. See Groups for details.
Click Create Invite.
Copy the generated invite link and share it with the user.

On devices that support it, a Share button appears instead of Copy, letting you send the link directly via your operating system’s share sheet.

Invite token details

Each invite token is valid for 7 days from creation.
Tokens are single-use — once claimed, the token cannot be reused.
Tokens are stored as SHA-256 hashes in the database. The plain token only appears once, in the invite link.
If a token expires before the user claims it, you can resend the invite from the user list (this creates a fresh token).
Pending invites can be revoked at any time by clicking the Revoke button next to the invite entry.

Accepting an invite

When a new user opens the invite link, they see the account creation page:

The page shows the heading “You’ve been invited to Pinchy”.
The user enters their name and chooses a password (minimum 8 characters).
After clicking Create account, a success message confirms the account was created.
The user clicks Continue to sign in and logs in with their email and password.
After their first login, Smithers (the onboarding agent) greets them with a short interview to learn about the user and set up their personal context.

Managing users

The Settings → Users page shows all users and pending invites in a single list. Each entry displays:

Name — The user’s display name (or a dash for pending invites).
Email — The user’s email address.
Role — Admin or Member.
Groups — Group memberships (visible only with an active enterprise license).
Status — Active, Pending (invite not yet claimed), Expired (invite token expired), or Deactivated.

Viewing user details

Click on any active user row to open the user detail panel. From here you can:

Change their role — Switch between Admin and Member using the Role dropdown. You cannot change your own role, and you cannot demote the last remaining admin.
Manage group memberships (enterprise only) — Check or uncheck groups to add or remove the user from groups.
Reset their password — Generate a password reset link (see below).
Deactivate the user — Prevent the user from logging in (see below).

Click Save to apply any role or group changes.

Changing a user’s role

Click on the user in the user list.
In the detail panel, change the Role dropdown from Member to Admin (or vice versa).
Click Save.

Resetting a user’s password

If a user forgets their password, an admin can generate a reset link:

Click on the user in the user list.
In the detail panel, click Reset Password.
A reset link appears. Copy it and share it with the user.
The user opens the link, enters a new password, and regains access.

Reset links follow the same rules as invite tokens: valid for 7 days, single-use.

Deactivating a user

Deactivation prevents a user from logging in without permanently deleting their data.

Click on the user in the user list.
In the detail panel, click Deactivate.
Confirm the action in the dialog.

When a user is deactivated:

They can no longer log in.
Their personal agents are soft-deleted.
Their data remains in the database and can be restored.
The user appears as “Deactivated” in the user list with reduced opacity.

You cannot deactivate your own account.

Reactivating a user

To restore a deactivated user:

Click on the deactivated user in the user list.
In the detail panel, click Reactivate.

The user can log in again immediately.

Managing pending invites

Pending and expired invites appear in the user list alongside active users:

Pending invites show a Pending status badge and a Revoke button to cancel the invite.
Expired invites show an Expired status badge and a Resend button to generate a fresh invite link.

Profile settings

Every user (not just admins) can manage their own profile at Settings → Profile. This page has three sections:

Changing your name

Go to Settings → Profile.
Update the Name field.
Click Save.

Changing your password

Go to Settings → Profile.
In the Change Password section, enter your current password, then your new password (minimum 8 characters), and confirm it.
Click Change Password.

Logging out

Click the Log out button in the Session section to end your current session and return to the login page.

Emergency admin password reset (CLI)

If the admin has lost their password and there is no other admin who can generate a reset link through the UI, you can reset the password directly from the command line.

Run the following command on the server where Pinchy is deployed:

docker compose exec pinchy pnpm reset-admin

This finds the first admin user, generates a new random password, and prints it to the terminal:

Admin password reset for: admin@example.com
New password: aB3kLm9xPqRs7wZn

To reset the password for a specific user by email:

docker compose exec pinchy pnpm reset-admin --email admin@example.com

Audit trail

All user management actions performed by admins are logged in the audit trail, including:

User invited
Role changed
User deactivated
User reactivated
Password reset initiated

See Audit Trail for more information on viewing and exporting audit logs.