Description
We are observing inconsistent RBAC behavior in Context Forge related to visibility of private MCP tools and gateways.
Working Scenario
When logging in with the configured platform admin user (PLATFORM_ADMIN_EMAIL, e.g., admin@admin.com):
Able to view all private tools and gateways ✅
Full access works as expected
Problem Scenario
We created a new user via API:
POST /auth/email/admin/users
User details:
is_admin: true
Assigned to a team (dev team)
Given platform_admin role
Verified team membership via UI
After logging in via UI:
User can only see public tools
Cannot see private tools or gateways ❌
Expected Behavior
Any user with:
is_admin: true
platform_admin role
should have admin bypass visibility, equivalent to PLATFORM_ADMIN_EMAIL.
Actual Behavior
Only the bootstrap admin (PLATFORM_ADMIN_EMAIL) gets full visibility.
Other users with identical roles do not
Description
We are observing inconsistent RBAC behavior in Context Forge related to visibility of private MCP tools and gateways.
Working Scenario
When logging in with the configured platform admin user (PLATFORM_ADMIN_EMAIL, e.g., admin@admin.com):
Able to view all private tools and gateways ✅
Full access works as expected
Problem Scenario
We created a new user via API:
POST /auth/email/admin/users
User details:
is_admin: true
Assigned to a team (dev team)
Given platform_admin role
Verified team membership via UI
After logging in via UI:
User can only see public tools
Cannot see private tools or gateways ❌
Expected Behavior
Any user with:
is_admin: true
platform_admin role
should have admin bypass visibility, equivalent to PLATFORM_ADMIN_EMAIL.
Actual Behavior
Only the bootstrap admin (PLATFORM_ADMIN_EMAIL) gets full visibility.
Other users with identical roles do not