diff --git a/mcpgateway/admin.py b/mcpgateway/admin.py
index 00baf322f4..49e7a2a61b 100644
--- a/mcpgateway/admin.py
+++ b/mcpgateway/admin.py
@@ -3231,27 +3231,33 @@ async def admin_ui(
 
     # --------------------------------------------------------------------------------
     # Validate team_id if provided (only when email-based teams are enabled).
-    # Non-admin users get 403 when they supply a team_id they do not belong to.
     # Platform admins with unrestricted tokens (is_admin AND token_teams is None)
-    # bypass the membership check, consistent with the codebase admin bypass
-    # convention. Team-scoped admin tokens are still subject to membership checks.
-    # When team_id is None (not sent), selected_team_id stays None and the
-    # unscoped/public path works as expected.
+    # bypass the membership check. Team-scoped admin tokens can still view any
+    # team for governance. Non-admins get their team filter reset when they
+    # supply a team_id they do not belong to.
     # --------------------------------------------------------------------------------
     selected_team_id = team_id
     user_email = get_user_email(user)
+    is_admin_user = bool(user.get("is_admin", False) if isinstance(user, dict) else getattr(user, "is_admin", False))
+    admin_viewing_non_member_team = False
+
     if team_id and getattr(settings, "email_auth_enabled", False):
-        _is_admin = bool(user.get("is_admin", False) if isinstance(user, dict) else getattr(user, "is_admin", False))
         _token_teams = user.get("token_teams") if isinstance(user, dict) else getattr(user, "token_teams", None)
-        if not (_is_admin and _token_teams is None):
+        if not (is_admin_user and _token_teams is None):
             if not user_teams:
                 LOGGER.warning("team_id requested but user_teams not available; rejecting (team_id=%s)", team_id)
                 raise HTTPException(status_code=403, detail="Unable to verify team membership")
 
             valid_team_ids = {t["id"] for t in user_teams if t.get("id")}
             if str(team_id) not in valid_team_ids:
-                LOGGER.warning("Requested team_id is not in user's teams; rejecting (team_id=%s)", team_id)
-                raise HTTPException(status_code=403, detail="Not a member of the requested team")
+                if not is_admin_user:
+                    LOGGER.warning("Non-admin requested team_id not in their teams; ignoring team filter (team_id=%s)", team_id)
+                    selected_team_id = None
+                else:
+                    # Admin selected a team they don't belong to; show banner and default content to All Teams
+                    LOGGER.info("Admin viewing non-member team for governance (team_id=%s)", team_id)
+                    admin_viewing_non_member_team = True
+                    selected_team_id = None
 
     # --------------------------------------------------------------------------------
     # Helper: attempt to call a listing function with team_id if it supports it.
@@ -3600,6 +3606,7 @@ def _to_dict_and_filter(raw_list):
             "mcpgateway_ui_tool_test_timeout": settings.mcpgateway_ui_tool_test_timeout,
             "allow_public_visibility": settings.allow_public_visibility,
             "selected_team_id": selected_team_id,
+            "admin_viewing_non_member_team": admin_viewing_non_member_team,
             "ui_airgapped": settings.mcpgateway_ui_airgapped,
             "ui_hidden_sections": ui_visibility_config["hidden_sections"],
             "ui_hidden_header_items": ui_visibility_config["hidden_header_items"],
@@ -4739,7 +4746,8 @@ async def admin_get_all_team_ids(
 
     # Check admin
     if current_user.is_admin:
-        team_ids = await team_service.get_all_team_ids(include_inactive=include_inactive, visibility_filter=visibility, include_personal=True, search_query=q)
+        # Admin sees all non-personal teams plus their own personal team (single query)
+        team_ids = await team_service.get_all_team_ids(include_inactive=include_inactive, visibility_filter=visibility, include_personal=False, search_query=q, personal_owner_email=user_email)
     else:
         # For non-admins, get user's teams + public teams logic?
         # get_user_teams gets all teams user is in.
@@ -4810,7 +4818,10 @@ async def admin_search_teams(
     # The CALLER (admin.py) distinguishes.
 
     if current_user.is_admin:
-        result = await team_service.list_teams(page=1, per_page=limit, include_inactive=include_inactive, visibility_filter=visibility, include_personal=True, search_query=search_query)
+        # Admin sees all non-personal teams plus their own personal team (single query)
+        result = await team_service.list_teams(
+            page=1, per_page=limit, include_inactive=include_inactive, visibility_filter=visibility, include_personal=False, search_query=search_query, personal_owner_email=user_email
+        )
         # Result is dict {data, pagination...} (since page provided)
         teams = result["data"]
     else:
@@ -4911,9 +4922,9 @@ async def admin_teams_partial_html(
     pending_requests = team_service.get_pending_join_requests_batch(user_email, list(public_team_ids))
 
     if current_user.is_admin and not relationship:
-        # Admin sees all teams when no relationship filter
+        # Admin sees all non-personal teams plus their own personal team (single query, correct pagination)
         paginated_result = await team_service.list_teams(
-            page=page, per_page=per_page, include_inactive=include_inactive, visibility_filter=visibility, base_url=base_url, include_personal=True, search_query=q
+            page=page, per_page=per_page, include_inactive=include_inactive, visibility_filter=visibility, base_url=base_url, include_personal=False, search_query=q, personal_owner_email=user_email
         )
         data = paginated_result["data"]
         pagination = paginated_result["pagination"]
@@ -5116,7 +5127,8 @@ async def admin_list_teams(
             if q:
                 base_url += f"?q={urllib.parse.quote(q, safe='')}"
 
-            paginated_result = await team_service.list_teams(page=page, per_page=per_page, base_url=base_url, include_personal=True, search_query=q)
+            # Admin sees all non-personal teams plus their own personal team (single query, correct pagination)
+            paginated_result = await team_service.list_teams(page=page, per_page=per_page, base_url=base_url, include_personal=False, search_query=q, personal_owner_email=user_email)
             data = paginated_result["data"]
             pagination = paginated_result["pagination"]
             links = paginated_result["links"]
@@ -5575,6 +5587,10 @@ async def admin_get_team_edit(
         if not team:
             return HTMLResponse(content='<div class="text-red-500">Team not found</div>', status_code=404)
 
+        # Personal teams cannot be updated (service rejects all personal team updates)
+        if team.is_personal:
+            return HTMLResponse(content='<div class="text-red-500">Personal teams cannot be edited</div>', status_code=403)
+
         safe_team_name = html.escape(team.name, quote=True)
         safe_description = html.escape(team.description or "")
         edit_form = rf"""
@@ -5714,7 +5730,18 @@ async def admin_update_team(
 
         # Update team
         user_email = getattr(user, "email", None) or str(user)
-        await team_service.update_team(team_id=team_id, name=name, description=description, visibility=visibility, updated_by=user_email)
+        updated = await team_service.update_team(team_id=team_id, name=name, description=description, visibility=visibility, updated_by=user_email)
+
+        if not updated:
+            is_htmx = request.headers.get("HX-Request") == "true"
+            error_html = '<div class="text-red-500 p-3 bg-red-50 dark:bg-red-900/20 rounded-md mb-4">Team cannot be updated</div>'
+            if is_htmx:
+                response = HTMLResponse(content=error_html, status_code=400)
+                response.headers["HX-Retarget"] = "#edit-team-error"
+                response.headers["HX-Reswap"] = "innerHTML"
+                return response
+            error_msg = urllib.parse.quote("Team cannot be updated")
+            return RedirectResponse(url=f"{root_path}/admin/?error={error_msg}#teams", status_code=303)
 
         # Check if this is an HTMX request
         is_htmx = request.headers.get("HX-Request") == "true"
@@ -5775,7 +5802,10 @@ async def admin_delete_team(
 
         # Delete team (get user email from JWT payload)
         user_email = get_user_email(user)
-        await team_service.delete_team(team_id, deleted_by=user_email)
+        deleted = await team_service.delete_team(team_id, deleted_by=user_email)
+
+        if not deleted:
+            return HTMLResponse(content='<div class="text-red-500">Team cannot be deleted</div>', status_code=400)
 
         # Return success message with script to refresh teams list
         safe_team_name = html.escape(team_name)
diff --git a/mcpgateway/services/team_management_service.py b/mcpgateway/services/team_management_service.py
index 1099d758c1..ed73fff14d 100644
--- a/mcpgateway/services/team_management_service.py
+++ b/mcpgateway/services/team_management_service.py
@@ -1265,6 +1265,7 @@ async def list_teams(
         base_url: Optional[str] = None,
         include_personal: bool = False,
         search_query: Optional[str] = None,
+        personal_owner_email: Optional[str] = None,
     ) -> Union[Tuple[List[EmailTeam], Optional[str]], Dict[str, Any]]:
         """List teams with pagination support (cursor or page based).
 
@@ -1279,6 +1280,7 @@ async def list_teams(
             base_url: Base URL for pagination links
             include_personal: Whether to include personal teams
             search_query: Search term for name/slug/description
+            personal_owner_email: When set (and include_personal=False), includes this user's personal team alongside non-personal teams
 
         Returns:
             Union[Tuple[List[EmailTeam], Optional[str]], Dict[str, Any]]:
@@ -1288,7 +1290,15 @@ async def list_teams(
         query = select(EmailTeam)
 
         if not include_personal:
-            query = query.where(EmailTeam.is_personal.is_(False))
+            if personal_owner_email:
+                query = query.where(
+                    or_(
+                        EmailTeam.is_personal.is_(False),
+                        and_(EmailTeam.is_personal.is_(True), EmailTeam.created_by == personal_owner_email),
+                    )
+                )
+            else:
+                query = query.where(EmailTeam.is_personal.is_(False))
 
         if not include_inactive:
             query = query.where(EmailTeam.is_active.is_(True))
@@ -1340,6 +1350,7 @@ async def get_all_team_ids(
         visibility_filter: Optional[str] = None,
         include_personal: bool = False,
         search_query: Optional[str] = None,
+        personal_owner_email: Optional[str] = None,
     ) -> List[int]:
         """Get all team IDs matching criteria (unpaginated).
 
@@ -1348,6 +1359,7 @@ async def get_all_team_ids(
             visibility_filter: Filter by visibility (private, team, public)
             include_personal: Whether to include personal teams
             search_query: Search term for name/slug
+            personal_owner_email: When set (and include_personal=False), includes this user's personal team alongside non-personal teams
 
         Returns:
             List[int]: List of team IDs
@@ -1355,7 +1367,15 @@ async def get_all_team_ids(
         query = select(EmailTeam.id)
 
         if not include_personal:
-            query = query.where(EmailTeam.is_personal.is_(False))
+            if personal_owner_email:
+                query = query.where(
+                    or_(
+                        EmailTeam.is_personal.is_(False),
+                        and_(EmailTeam.is_personal.is_(True), EmailTeam.created_by == personal_owner_email),
+                    )
+                )
+            else:
+                query = query.where(EmailTeam.is_personal.is_(False))
 
         if not include_inactive:
             query = query.where(EmailTeam.is_active.is_(True))
diff --git a/mcpgateway/templates/admin.html b/mcpgateway/templates/admin.html
index 8cdfefe8b2..a3fe16cdaa 100644
--- a/mcpgateway/templates/admin.html
+++ b/mcpgateway/templates/admin.html
@@ -952,6 +952,22 @@ <h1 class="text-lg font-semibold text-gray-800 dark:text-gray-200 hidden sm:bloc
           </div>
         </header>
 
+        <!-- Admin Non-Member Team Banner -->
+        {% if admin_viewing_non_member_team %}
+        <div class="bg-red-100 dark:bg-red-900/30 border-b border-red-300 dark:border-red-800">
+          <div class="px-4 py-3">
+            <div class="flex items-center">
+              <svg class="h-5 w-5 text-red-600 dark:text-red-400 mr-3 flex-shrink-0" fill="currentColor" viewBox="0 0 20 20">
+                <path fill-rule="evenodd" d="M18 10a8 8 0 11-16 0 8 8 0 0116 0zm-7-4a1 1 0 11-2 0 1 1 0 012 0zM9 9a1 1 0 000 2v3a1 1 0 001 1h1a1 1 0 100-2v-3a1 1 0 00-1-1H9z" clip-rule="evenodd" />
+              </svg>
+              <p class="text-sm font-semibold text-red-800 dark:text-red-200">
+                ⚠ Since you are not a member of this team, team content won't be visible. Defaulting to All Teams.
+              </p>
+            </div>
+          </div>
+        </div>
+        {% endif %}
+
         <!-- Global notification container for flash messages -->
         <div id="global-notification" class="px-4 mt-4" style="display: none;">
           <!-- Notification content will be inserted here -->
diff --git a/tests/playwright/entities/test_agents_extended.py b/tests/playwright/entities/test_agents_extended.py
index 1fe76200dd..2c2c40700a 100644
--- a/tests/playwright/entities/test_agents_extended.py
+++ b/tests/playwright/entities/test_agents_extended.py
@@ -364,7 +364,7 @@ def test_view_modal_different_agents_show_different_data(
 
         # View first agent - get name from table
         first_row = agents_page.get_agent_row(0)
-        first_name = first_row.locator("td").nth(2).text_content().strip()
+        first_name = first_row.locator("td").nth(3).text_content().strip()
         _open_view_modal(agents_page, 0)
         details = agents_page.page.locator("#agent-details")
         expect(details).to_contain_text(first_name)
@@ -372,7 +372,7 @@ def test_view_modal_different_agents_show_different_data(
 
         # View second agent
         second_row = agents_page.get_agent_row(1)
-        second_name = second_row.locator("td").nth(2).text_content().strip()
+        second_name = second_row.locator("td").nth(3).text_content().strip()
         _open_view_modal(agents_page, 1)
         expect(details).to_contain_text(second_name)
         _close_view_modal(agents_page)
@@ -567,7 +567,7 @@ def test_edit_modal_cancel_does_not_save(self, agents_page: AgentsPage):
 
         # Get original name from table
         first_row = agents_page.get_agent_row(0)
-        original_name = first_row.locator("td").nth(2).text_content().strip()
+        original_name = first_row.locator("td").nth(3).text_content().strip()
 
         _open_edit_modal(agents_page, 0)
 
@@ -588,7 +588,7 @@ def test_edit_modal_cancel_does_not_save(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        current_name = first_row.locator("td").nth(2).text_content().strip()
+        current_name = first_row.locator("td").nth(3).text_content().strip()
         assert current_name == original_name, (
             f"Name should be unchanged after Cancel: expected '{original_name}', "
             f"got '{current_name}'"
@@ -1016,8 +1016,8 @@ def test_agent_name_displayed_in_row(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        # Name is in column index 2
-        name_cell = first_row.locator("td").nth(2)
+        # Name is in column index 3 (after Actions, S.No., Agent ID)
+        name_cell = first_row.locator("td").nth(3)
         name_text = name_cell.text_content().strip()
         assert len(name_text) > 0, "Agent name should not be empty"
 
@@ -1028,8 +1028,8 @@ def test_endpoint_url_displayed_in_row(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        # Endpoint is in column index 4
-        endpoint_cell = first_row.locator("td").nth(4)
+        # Endpoint is in column index 5 (after Actions, S.No., Agent ID, Name, Description)
+        endpoint_cell = first_row.locator("td").nth(5)
         endpoint_text = endpoint_cell.text_content().strip()
         assert len(endpoint_text) > 0, "Endpoint URL should not be empty"
         assert "://" in endpoint_text, (
@@ -1043,8 +1043,8 @@ def test_description_displayed_in_row(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        # Description is in column index 3
-        desc_cell = first_row.locator("td").nth(3)
+        # Description is in column index 4 (after Actions, S.No., Agent ID, Name)
+        desc_cell = first_row.locator("td").nth(4)
         # Description may be empty but the cell should exist
         expect(desc_cell).to_be_attached()
 
@@ -1055,8 +1055,8 @@ def test_tags_displayed_as_badges(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        # Tags column is at index 5
-        tags_cell = first_row.locator("td").nth(5)
+        # Tags column is at index 6 (after Actions, S.No., Agent ID, Name, Description, Endpoint)
+        tags_cell = first_row.locator("td").nth(6)
 
         # Check if there are any tag badges (spans with inline-flex styling)
         tag_badges = tags_cell.locator("span")
@@ -1074,8 +1074,8 @@ def test_visibility_badge_displayed(self, agents_page: AgentsPage):
         _skip_if_no_agents(agents_page)
 
         first_row = agents_page.get_agent_row(0)
-        # Visibility is the last column, index 11
-        visibility_cell = first_row.locator("td").nth(11)
+        # Visibility is the last column, index 12
+        visibility_cell = first_row.locator("td").nth(12)
         visibility_text = visibility_cell.text_content().strip()
         assert visibility_text in [
             "Public",
diff --git a/tests/playwright/entities/test_gateways_extended.py b/tests/playwright/entities/test_gateways_extended.py
index 7b490d0cdf..9dd95848c8 100644
--- a/tests/playwright/entities/test_gateways_extended.py
+++ b/tests/playwright/entities/test_gateways_extended.py
@@ -51,7 +51,7 @@ def test_test_modal_opens_with_correct_url(self, gateways_page: GatewaysPage):
 
         # Get the URL from the first row before opening modal
         first_row = gateways_page.get_gateway_row(0)
-        gateway_url = first_row.locator("td").nth(3).text_content().strip()
+        gateway_url = first_row.locator("td").nth(4).text_content().strip()
 
         gateways_page.open_test_modal(0)
 
@@ -217,7 +217,7 @@ def test_view_modal_opens_with_details(self, gateways_page: GatewaysPage):
 
         # Get first gateway name from table
         first_row = gateways_page.get_gateway_row(0)
-        gateway_name = first_row.locator("td").nth(2).text_content().strip()
+        gateway_name = first_row.locator("td").nth(3).text_content().strip()
 
         gateways_page.open_view_modal(0)
 
@@ -251,7 +251,7 @@ def test_view_modal_shows_url_field(self, gateways_page: GatewaysPage):
 
         # Get URL from table
         first_row = gateways_page.get_gateway_row(0)
-        gateway_url = first_row.locator("td").nth(3).text_content().strip()
+        gateway_url = first_row.locator("td").nth(4).text_content().strip()
 
         gateways_page.open_view_modal(0)
 
@@ -353,14 +353,14 @@ def test_view_modal_different_gateways(self, gateways_page: GatewaysPage):
 
         # View first gateway
         first_row = gateways_page.get_gateway_row(0)
-        first_name = first_row.locator("td").nth(2).text_content().strip()
+        first_name = first_row.locator("td").nth(3).text_content().strip()
         gateways_page.open_view_modal(0)
         expect(gateways_page.view_modal_details).to_contain_text(first_name)
         gateways_page.close_view_modal()
 
         # View second gateway
         second_row = gateways_page.get_gateway_row(1)
-        second_name = second_row.locator("td").nth(2).text_content().strip()
+        second_name = second_row.locator("td").nth(3).text_content().strip()
         gateways_page.open_view_modal(1)
         expect(gateways_page.view_modal_details).to_contain_text(second_name)
         gateways_page.close_view_modal()
@@ -383,7 +383,7 @@ def test_edit_modal_opens_with_prepopulated_name(self, gateways_page: GatewaysPa
         _skip_if_no_gateways(gateways_page)
 
         first_row = gateways_page.get_gateway_row(0)
-        gateway_name = first_row.locator("td").nth(2).text_content().strip()
+        gateway_name = first_row.locator("td").nth(3).text_content().strip()
 
         gateways_page.open_edit_modal(0)
 
@@ -400,7 +400,7 @@ def test_edit_modal_opens_with_prepopulated_url(self, gateways_page: GatewaysPag
         _skip_if_no_gateways(gateways_page)
 
         first_row = gateways_page.get_gateway_row(0)
-        gateway_url = first_row.locator("td").nth(3).text_content().strip()
+        gateway_url = first_row.locator("td").nth(4).text_content().strip()
 
         gateways_page.open_edit_modal(0)
         expect(gateways_page.edit_modal_url_input).to_have_value(gateway_url)
@@ -554,7 +554,7 @@ def test_edit_modal_cancel_does_not_save(self, gateways_page: GatewaysPage):
 
         # Get original name
         first_row = gateways_page.get_gateway_row(0)
-        original_name = first_row.locator("td").nth(2).text_content().strip()
+        original_name = first_row.locator("td").nth(3).text_content().strip()
 
         gateways_page.open_edit_modal(0)
 
@@ -571,7 +571,7 @@ def test_edit_modal_cancel_does_not_save(self, gateways_page: GatewaysPage):
         gateways_page.wait_for_gateways_table_loaded()
 
         first_row = gateways_page.get_gateway_row(0)
-        current_name = first_row.locator("td").nth(2).text_content().strip()
+        current_name = first_row.locator("td").nth(3).text_content().strip()
         assert current_name == original_name, f"Name should be unchanged after Cancel: expected '{original_name}', got '{current_name}'"
 
     def test_edit_modal_visibility_radios_reflect_current(self, gateways_page: GatewaysPage):
@@ -582,7 +582,7 @@ def test_edit_modal_visibility_radios_reflect_current(self, gateways_page: Gatew
 
         # Get current visibility from table
         first_row = gateways_page.get_gateway_row(0)
-        visibility_text = first_row.locator("td").nth(9).text_content().strip().lower()
+        visibility_text = first_row.locator("td").nth(10).text_content().strip().lower()
 
         gateways_page.open_edit_modal(0)
 
@@ -1081,7 +1081,7 @@ def test_edit_gateway_tags(self, gateways_page: GatewaysPage):
 
         # Track the gateway name so we can find it after reload
         first_row = gateways_page.get_gateway_row(0)
-        gateway_name = first_row.locator("td").nth(2).text_content().strip()
+        gateway_name = first_row.locator("td").nth(3).text_content().strip()
 
         new_tags = f"edited,test-tag-{uuid.uuid4().hex[:6]}"
 
@@ -1119,7 +1119,7 @@ def test_edit_gateway_tags(self, gateways_page: GatewaysPage):
 
         # Check tags in the matched row
         gateway_row = gateways_page.get_gateway_row_by_name(gateway_name).first
-        tags_cell = gateway_row.locator("td").nth(4)
+        tags_cell = gateway_row.locator("td").nth(5)
         tags_text = tags_cell.text_content().strip().lower()
         assert "edited" in tags_text, f"Expected 'edited' in tags for '{gateway_name}', got '{tags_text}'"
         gateways_page.clear_search()
@@ -1242,7 +1242,7 @@ def test_search_partial_name_match(self, gateways_page: GatewaysPage):
 
         # Get first gateway name
         first_row = gateways_page.get_gateway_row(0)
-        full_name = first_row.locator("td").nth(2).text_content().strip()
+        full_name = first_row.locator("td").nth(3).text_content().strip()
 
         if len(full_name) < 3:
             pytest.skip("Gateway name too short for partial match test")
@@ -1264,7 +1264,7 @@ def test_search_by_url(self, gateways_page: GatewaysPage):
 
         # Get URL from first gateway
         first_row = gateways_page.get_gateway_row(0)
-        gateway_url = first_row.locator("td").nth(3).text_content().strip()
+        gateway_url = first_row.locator("td").nth(4).text_content().strip()
 
         # Search by URL (or partial URL)
         search_term = gateway_url.split("//")[-1].split("/")[0]  # hostname
@@ -1314,7 +1314,7 @@ def test_gateway_row_owner_displayed(self, gateways_page: GatewaysPage):
 
         first_row = gateways_page.get_gateway_row(0)
         # Owner column index shifted +1 after Gateway ID insertion (Actions=0, S.No.=1, GatewayID=2, Name=3, URL=4, Tags=5, Status=6, LastSeen=7, Owner=8)
-        owner = first_row.locator("td").nth(8).text_content().strip()
+        owner = first_row.locator("td").nth(9).text_content().strip()
         # Owner should be an email or "None"
         assert "@" in owner or owner == "None", f"Unexpected owner value: '{owner}'"
 
@@ -1325,7 +1325,7 @@ def test_gateway_row_team_displayed(self, gateways_page: GatewaysPage):
         _skip_if_no_gateways(gateways_page)
 
         first_row = gateways_page.get_gateway_row(0)
-        team = first_row.locator("td").nth(8).text_content().strip()
+        team = first_row.locator("td").nth(9).text_content().strip()
         # Team should be a name or "None"
         assert len(team) > 0, "Team cell should not be empty"
 
@@ -1337,7 +1337,7 @@ def test_gateway_row_last_seen_displayed(self, gateways_page: GatewaysPage):
 
         first_row = gateways_page.get_gateway_row(0)
         # LastSeen column index shifted +1 after Gateway ID insertion
-        last_seen = first_row.locator("td").nth(7).text_content().strip()
+        last_seen = first_row.locator("td").nth(8).text_content().strip()
         # Should contain a date-like pattern or "N/A"
         assert len(last_seen) > 0, "Last seen cell should not be empty"
 
@@ -1349,7 +1349,7 @@ def test_active_status_badge_style(self, gateways_page: GatewaysPage):
 
         first_row = gateways_page.get_gateway_row(0)
         # Status column index shifted +1 after Gateway ID insertion
-        status_cell = first_row.locator("td").nth(6)
+        status_cell = first_row.locator("td").nth(7)
         status_text = status_cell.text_content().strip()
         assert status_text in ("Active", "Inactive"), f"Unexpected status: '{status_text}'"
 
@@ -1360,7 +1360,7 @@ def test_visibility_badge_content(self, gateways_page: GatewaysPage):
         _skip_if_no_gateways(gateways_page)
 
         first_row = gateways_page.get_gateway_row(0)
-        visibility_cell = first_row.locator("td").nth(9)
+        visibility_cell = first_row.locator("td").nth(10)
         vis_text = visibility_cell.text_content().strip()
         assert any(v in vis_text for v in ["Public", "Team", "Private"]), f"Unexpected visibility: '{vis_text}'"
 
diff --git a/tests/playwright/entities/test_tools_extended.py b/tests/playwright/entities/test_tools_extended.py
index 96b7d3015b..f616b155d3 100644
--- a/tests/playwright/entities/test_tools_extended.py
+++ b/tests/playwright/entities/test_tools_extended.py
@@ -348,7 +348,7 @@ def test_view_modal_shows_description_field(self, tools_page: ToolsPage):
 
         # Get description from table (shifted +1 after Tool ID insertion)
         first_row = tools_page.get_tool_row(0)
-        description = first_row.locator("td").nth(6).text_content().strip()
+        description = first_row.locator("td").nth(7).text_content().strip()
 
         tools_page.open_tool_view_modal(0)
 
@@ -405,7 +405,7 @@ def test_view_modal_contains_tool_name(self, tools_page: ToolsPage):
         # Get the name from the table - Name column varies by row structure
         first_row = tools_page.get_tool_row(0)
         # Name is in column index 4 (Actions=0, S.No.=1, ToolID=2, Source=3, Name=4)
-        tool_name = first_row.locator("td").nth(4).text_content().strip()
+        tool_name = first_row.locator("td").nth(5).text_content().strip()
 
         tools_page.open_tool_view_modal(0)
         # Tool details should mention the tool name
@@ -425,7 +425,7 @@ def test_view_modal_different_tools(self, tools_page: ToolsPage):
 
         # View first tool
         first_row = tools_page.get_tool_row(0)
-        first_name = first_row.locator("td").nth(3).text_content().strip()
+        first_name = first_row.locator("td").nth(4).text_content().strip()
         try:
             tools_page.open_tool_view_modal(0)
         except AssertionError as exc:
@@ -437,7 +437,7 @@ def test_view_modal_different_tools(self, tools_page: ToolsPage):
 
         # View second tool
         second_row = tools_page.get_tool_row(1)
-        second_name = second_row.locator("td").nth(3).text_content().strip()
+        second_name = second_row.locator("td").nth(4).text_content().strip()
         try:
             tools_page.open_tool_view_modal(1)
         except AssertionError as exc:
@@ -598,7 +598,7 @@ def test_edit_modal_cancel_does_not_save(self, tools_page: ToolsPage):
 
         # Get original name
         first_row = tools_page.get_tool_row(0)
-        original_name = first_row.locator("td").nth(3).text_content().strip()
+        original_name = first_row.locator("td").nth(4).text_content().strip()
 
         tools_page.open_tool_edit_modal(0)
 
@@ -615,7 +615,7 @@ def test_edit_modal_cancel_does_not_save(self, tools_page: ToolsPage):
         tools_page.wait_for_tools_table_loaded()
 
         first_row = tools_page.get_tool_row(0)
-        current_name = first_row.locator("td").nth(3).text_content().strip()
+        current_name = first_row.locator("td").nth(4).text_content().strip()
         assert current_name == original_name, (
             f"Name should be unchanged after Cancel: expected '{original_name}', got '{current_name}'"
         )
@@ -831,7 +831,7 @@ def test_search_by_name(self, tools_page: ToolsPage):
 
         # Get first tool name
         first_row = tools_page.get_tool_row(0)
-        tool_name = first_row.locator("td").nth(3).text_content().strip()
+        tool_name = first_row.locator("td").nth(4).text_content().strip()
 
         if len(tool_name) < 3:
             pytest.skip("Tool name too short for search test")
@@ -873,7 +873,7 @@ def test_search_partial_match(self, tools_page: ToolsPage):
         _skip_if_no_tools(tools_page)
 
         first_row = tools_page.get_tool_row(0)
-        full_name = first_row.locator("td").nth(3).text_content().strip()
+        full_name = first_row.locator("td").nth(4).text_content().strip()
 
         if len(full_name) < 3:
             pytest.skip("Tool name too short for partial match test")
diff --git a/tests/unit/mcpgateway/services/test_team_management_service.py b/tests/unit/mcpgateway/services/test_team_management_service.py
index 247146d6a1..57545cb884 100644
--- a/tests/unit/mcpgateway/services/test_team_management_service.py
+++ b/tests/unit/mcpgateway/services/test_team_management_service.py
@@ -945,6 +945,34 @@ async def test_list_teams_include_personal(self, service, mock_db):
             await service.list_teams(include_personal=True)
             mock_paginate.assert_called()
 
+    @pytest.mark.asyncio
+    async def test_list_teams_personal_owner_email(self):
+        """personal_owner_email includes admin's own personal team but excludes other users'."""
+        from sqlalchemy import create_engine
+        from sqlalchemy.orm import Session as OrmSession
+
+        from mcpgateway.db import Base
+
+        engine = create_engine("sqlite:///:memory:", connect_args={"check_same_thread": False})
+        Base.metadata.create_all(engine)
+        with OrmSession(engine) as db:
+            db.add_all(
+                [
+                    EmailTeam(id="id-admin-personal", name="admin-personal", slug="admin-personal", created_by="admin@example.com", is_personal=True),
+                    EmailTeam(id="id-other-personal", name="other-personal", slug="other-personal", created_by="other@example.com", is_personal=True),
+                    EmailTeam(id="id-shared", name="shared-team", slug="shared-team", created_by="admin@example.com", is_personal=False),
+                ]
+            )
+            db.commit()
+
+            svc = TeamManagementService(db)
+            teams, _ = await svc.list_teams(include_personal=False, personal_owner_email="admin@example.com")
+            names = {t.name for t in teams}
+
+        assert "admin-personal" in names
+        assert "shared-team" in names
+        assert "other-personal" not in names
+
     @pytest.mark.asyncio
     async def test_list_teams_with_search_query_page(self, service, mock_db):
         """Test list_teams applies search_query and page-based ordering."""
@@ -981,6 +1009,33 @@ async def test_get_all_team_ids_with_filters(self, service, mock_db):
         assert result == ["team-1", "team-2"]
         mock_db.commit.assert_called_once()
 
+    @pytest.mark.asyncio
+    async def test_get_all_team_ids_personal_owner_email(self):
+        """personal_owner_email includes admin's own personal team ID but excludes other users'."""
+        from sqlalchemy import create_engine
+        from sqlalchemy.orm import Session as OrmSession
+
+        from mcpgateway.db import Base
+
+        engine = create_engine("sqlite:///:memory:", connect_args={"check_same_thread": False})
+        Base.metadata.create_all(engine)
+        with OrmSession(engine) as db:
+            db.add_all(
+                [
+                    EmailTeam(id="id-admin-personal", name="admin-personal", slug="admin-personal", created_by="admin@example.com", is_personal=True),
+                    EmailTeam(id="id-other-personal", name="other-personal", slug="other-personal", created_by="other@example.com", is_personal=True),
+                    EmailTeam(id="id-shared", name="shared-team", slug="shared-team", created_by="admin@example.com", is_personal=False),
+                ]
+            )
+            db.commit()
+
+            svc = TeamManagementService(db)
+            team_ids = await svc.get_all_team_ids(include_personal=False, personal_owner_email="admin@example.com")
+
+        assert "id-admin-personal" in team_ids
+        assert "id-shared" in team_ids
+        assert "id-other-personal" not in team_ids
+
     @pytest.mark.asyncio
     async def test_get_teams_count_with_filters(self, service, mock_db):
         """Test get_teams_count applies filters and returns scalar count."""
@@ -2254,3 +2309,4 @@ async def test_remove_member_role_revocation_exception(self, service, mock_db, m
 
             # Verify - member should still be removed
             assert result is True
+
diff --git a/tests/unit/mcpgateway/test_admin.py b/tests/unit/mcpgateway/test_admin.py
index d115fe69e8..0fa4138cc1 100644
--- a/tests/unit/mcpgateway/test_admin.py
+++ b/tests/unit/mcpgateway/test_admin.py
@@ -440,6 +440,7 @@ async def test_admin_list_servers_with_various_states(self, mock_server_service,
         # Mock team service
         mock_team_service = AsyncMock()
         mock_team_service.get_user_teams = AsyncMock(return_value=[])
+
         mock_team_service_class.return_value = mock_team_service
 
         # Setup servers with different states
@@ -2126,6 +2127,7 @@ async def test_admin_list_prompts_with_complex_arguments(self, mock_team_service
         # Mock team service
         mock_team_service = AsyncMock()
         mock_team_service.get_user_teams = AsyncMock(return_value=[])
+
         mock_team_service_class.return_value = mock_team_service
 
         # Mock prompt object with model_dump method
@@ -2390,6 +2392,7 @@ async def test_admin_list_gateways_with_auth_info(self, mock_team_service_class,
         # Mock team service
         mock_team_service = AsyncMock()
         mock_team_service.get_user_teams = AsyncMock(return_value=[])
+
         mock_team_service_class.return_value = mock_team_service
 
         # Create a mock gateway object with model_dump method
@@ -3736,15 +3739,18 @@ def name(self):
         mock_gateways.return_value = []
         mock_roots.return_value = []
 
-        with pytest.raises(HTTPException) as exc_info:
-            await admin_ui(
-                request=mock_request,
-                team_id="not-a-team",
-                include_inactive=False,
-                db=mock_db,
-                user={"email": "admin@example.com", "db": mock_db},
-            )
-        assert exc_info.value.status_code == 403
+        # Non-admin requesting a team they don't belong to: selected_team_id silently reset to None
+        response = await admin_ui(
+            request=mock_request,
+            team_id="not-a-team",
+            include_inactive=False,
+            db=mock_db,
+            user={"email": "admin@example.com", "db": mock_db},
+        )
+        assert isinstance(response, HTMLResponse)
+        template_call = mock_request.app.state.templates.TemplateResponse.call_args
+        context = template_call[0][2]
+        assert context["selected_team_id"] is None
 
     @patch.object(ServerService, "list_servers", new_callable=AsyncMock)
     @patch.object(ToolService, "list_tools", new_callable=AsyncMock)
@@ -5543,6 +5549,260 @@ async def test_admin_ui_a2a_disabled(self, mock_roots, mock_gateways, mock_promp
         assert context["a2a_agents"] == []  # Should be empty list when A2A disabled
 
 
+class TestAdminNonMemberTeamBanner:
+    """Test the admin non-member team banner feature."""
+
+    @patch.object(ServerService, "list_servers", new_callable=AsyncMock)
+    @patch.object(ToolService, "list_tools", new_callable=AsyncMock)
+    @patch.object(ResourceService, "list_resources", new_callable=AsyncMock)
+    @patch.object(PromptService, "list_prompts", new_callable=AsyncMock)
+    @patch.object(GatewayService, "list_gateways", new_callable=AsyncMock)
+    @patch.object(RootService, "list_roots", new_callable=AsyncMock)
+    async def test_admin_viewing_non_member_team_flag_true(
+        self,
+        mock_roots,
+        mock_gateways,
+        mock_prompts,
+        mock_resources,
+        mock_tools,
+        mock_servers,
+        mock_request,
+        mock_db,
+        monkeypatch,
+    ):
+        """Test that admin_viewing_non_member_team flag is True when admin selects non-member team."""
+
+        class _Team:
+            def __init__(self, team_id: str, name: str):
+                self.id = team_id
+                self.name = name
+                self.type = "organization"
+                self.is_personal = False
+
+        # Admin user's teams (they are member of team-1 only)
+        user_teams = [_Team("team-1", "Team One")]
+
+        team_service = MagicMock()
+        team_service.get_user_teams = AsyncMock(return_value=user_teams)
+        team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-1": 2})
+        team_service.get_user_roles_batch = MagicMock(return_value={"team-1": "member"})
+        monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+        monkeypatch.setattr(settings, "email_auth_enabled", True)
+
+        # Mock service responses
+        mock_servers.return_value = []
+        mock_tools.return_value = ([], None)
+        mock_resources.return_value = []
+        mock_prompts.return_value = []
+        mock_gateways.return_value = []
+        mock_roots.return_value = []
+
+        # Admin user with team-scoped token selecting team-2 (which they are NOT a member of)
+        # token_teams must be set (non-None) so the unrestricted-admin bypass does NOT skip the check
+        response = await admin_ui(
+            request=mock_request,
+            team_id="team-2",
+            include_inactive=False,
+            db=mock_db,
+            user={"email": "admin@example.com", "is_admin": True, "token_teams": ["team-1"], "db": mock_db},
+        )
+
+        assert isinstance(response, HTMLResponse)
+        template_call = mock_request.app.state.templates.TemplateResponse.call_args
+        context = template_call[0][2]
+
+        # Verify the flag is True (admin viewing non-member team) and content defaults to All Teams
+        assert context["admin_viewing_non_member_team"] is True
+        assert context["is_admin"] is True
+        assert context["selected_team_id"] is None
+
+    @patch.object(ServerService, "list_servers", new_callable=AsyncMock)
+    @patch.object(ToolService, "list_tools", new_callable=AsyncMock)
+    @patch.object(ResourceService, "list_resources", new_callable=AsyncMock)
+    @patch.object(PromptService, "list_prompts", new_callable=AsyncMock)
+    @patch.object(GatewayService, "list_gateways", new_callable=AsyncMock)
+    @patch.object(RootService, "list_roots", new_callable=AsyncMock)
+    async def test_admin_viewing_member_team_flag_false(
+        self,
+        mock_roots,
+        mock_gateways,
+        mock_prompts,
+        mock_resources,
+        mock_tools,
+        mock_servers,
+        mock_request,
+        mock_db,
+        monkeypatch,
+    ):
+        """Test that admin_viewing_non_member_team flag is False when admin selects their own team."""
+
+        class _Team:
+            def __init__(self, team_id: str, name: str):
+                self.id = team_id
+                self.name = name
+                self.type = "organization"
+                self.is_personal = False
+
+        # Admin user's teams
+        user_teams = [_Team("team-1", "Team One")]
+
+        team_service = MagicMock()
+        team_service.get_user_teams = AsyncMock(return_value=user_teams)
+        team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-1": 2})
+        team_service.get_user_roles_batch = MagicMock(return_value={"team-1": "owner"})
+        monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+        monkeypatch.setattr(settings, "email_auth_enabled", True)
+
+        # Mock service responses
+        mock_servers.return_value = []
+        mock_tools.return_value = ([], None)
+        mock_resources.return_value = []
+        mock_prompts.return_value = []
+        mock_gateways.return_value = []
+        mock_roots.return_value = []
+
+        # Admin user selecting team-1 (which they ARE a member of)
+        response = await admin_ui(
+            request=mock_request,
+            team_id="team-1",
+            include_inactive=False,
+            db=mock_db,
+            user={"email": "admin@example.com", "is_admin": True, "db": mock_db},
+        )
+
+        assert isinstance(response, HTMLResponse)
+        template_call = mock_request.app.state.templates.TemplateResponse.call_args
+        context = template_call[0][2]
+
+        # Verify the flag is False (admin viewing their own team)
+        assert context["admin_viewing_non_member_team"] is False
+        assert context["is_admin"] is True
+        assert context["selected_team_id"] == "team-1"
+
+    @patch.object(ServerService, "list_servers", new_callable=AsyncMock)
+    @patch.object(ToolService, "list_tools", new_callable=AsyncMock)
+    @patch.object(ResourceService, "list_resources", new_callable=AsyncMock)
+    @patch.object(PromptService, "list_prompts", new_callable=AsyncMock)
+    @patch.object(GatewayService, "list_gateways", new_callable=AsyncMock)
+    @patch.object(RootService, "list_roots", new_callable=AsyncMock)
+    async def test_non_admin_viewing_team_flag_false(
+        self,
+        mock_roots,
+        mock_gateways,
+        mock_prompts,
+        mock_resources,
+        mock_tools,
+        mock_servers,
+        mock_request,
+        mock_db,
+        monkeypatch,
+    ):
+        """Test that admin_viewing_non_member_team flag is False for non-admin users."""
+
+        class _Team:
+            def __init__(self, team_id: str, name: str):
+                self.id = team_id
+                self.name = name
+                self.type = "organization"
+                self.is_personal = False
+
+        user_teams = [_Team("team-1", "Team One")]
+
+        team_service = MagicMock()
+        team_service.get_user_teams = AsyncMock(return_value=user_teams)
+        team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-1": 2})
+        team_service.get_user_roles_batch = MagicMock(return_value={"team-1": "member"})
+        monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+        monkeypatch.setattr(settings, "email_auth_enabled", True)
+
+        # Mock service responses
+        mock_servers.return_value = []
+        mock_tools.return_value = ([], None)
+        mock_resources.return_value = []
+        mock_prompts.return_value = []
+        mock_gateways.return_value = []
+        mock_roots.return_value = []
+
+        # Non-admin user (is_admin=False)
+        response = await admin_ui(
+            request=mock_request,
+            team_id="team-1",
+            include_inactive=False,
+            db=mock_db,
+            user={"email": "user@example.com", "is_admin": False, "db": mock_db},
+        )
+
+        assert isinstance(response, HTMLResponse)
+        template_call = mock_request.app.state.templates.TemplateResponse.call_args
+        context = template_call[0][2]
+
+        # Verify the flag is False (non-admin user)
+        assert context["admin_viewing_non_member_team"] is False
+        assert context["is_admin"] is False
+
+    @patch.object(ServerService, "list_servers", new_callable=AsyncMock)
+    @patch.object(ToolService, "list_tools", new_callable=AsyncMock)
+    @patch.object(ResourceService, "list_resources", new_callable=AsyncMock)
+    @patch.object(PromptService, "list_prompts", new_callable=AsyncMock)
+    @patch.object(GatewayService, "list_gateways", new_callable=AsyncMock)
+    @patch.object(RootService, "list_roots", new_callable=AsyncMock)
+    async def test_admin_no_team_selected_flag_false(
+        self,
+        mock_roots,
+        mock_gateways,
+        mock_prompts,
+        mock_resources,
+        mock_tools,
+        mock_servers,
+        mock_request,
+        mock_db,
+        monkeypatch,
+    ):
+        """Test that admin_viewing_non_member_team flag is False when no team is selected."""
+
+        class _Team:
+            def __init__(self, team_id: str, name: str):
+                self.id = team_id
+                self.name = name
+                self.type = "organization"
+                self.is_personal = False
+
+        user_teams = [_Team("team-1", "Team One")]
+
+        team_service = MagicMock()
+        team_service.get_user_teams = AsyncMock(return_value=user_teams)
+        team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-1": 2})
+        team_service.get_user_roles_batch = MagicMock(return_value={"team-1": "member"})
+        monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+        monkeypatch.setattr(settings, "email_auth_enabled", True)
+
+        # Mock service responses
+        mock_servers.return_value = []
+        mock_tools.return_value = ([], None)
+        mock_resources.return_value = []
+        mock_prompts.return_value = []
+        mock_gateways.return_value = []
+        mock_roots.return_value = []
+
+        # Admin user with no team selected (team_id=None)
+        response = await admin_ui(
+            request=mock_request,
+            team_id=None,
+            include_inactive=False,
+            db=mock_db,
+            user={"email": "admin@example.com", "is_admin": True, "db": mock_db},
+        )
+
+        assert isinstance(response, HTMLResponse)
+        template_call = mock_request.app.state.templates.TemplateResponse.call_args
+        context = template_call[0][2]
+
+        # Verify the flag is False (no team selected)
+        assert context["admin_viewing_non_member_team"] is False
+        assert context["is_admin"] is True
+        assert context["selected_team_id"] is None
+
+
 class TestSetLoggingService:
     """Test the logging service setup functionality."""
 
@@ -5805,6 +6065,7 @@ async def test_admin_list_teams_admin_view(monkeypatch, mock_request, mock_db, a
     team_service = MagicMock()
     team_service.list_teams = AsyncMock(return_value={"data": [team], "pagination": pagination, "links": links})
     team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-1": 3})
+
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_list_teams(request=mock_request, page=1, per_page=5, q="t", db=mock_db, user={"email": "u@example.com", "db": mock_db})
@@ -5823,6 +6084,7 @@ async def test_admin_list_teams_non_admin_view(monkeypatch, mock_request, mock_d
     team_service = MagicMock()
     team_service.get_user_teams = AsyncMock(return_value=[SimpleNamespace(id="t1"), SimpleNamespace(id="t2")])
     team_service.get_member_counts_batch_cached = AsyncMock(return_value={"t1": 1, "t2": 2})
+
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_list_teams(request=mock_request, page=1, per_page=5, q=None, db=mock_db, user={"email": "u@example.com", "db": mock_db})
@@ -6054,7 +6316,7 @@ async def test_admin_add_team_members_view_exception(monkeypatch, mock_request,
 async def test_admin_get_team_edit_success(monkeypatch, mock_request, mock_db, allow_permission):
     monkeypatch.setattr(settings, "email_auth_enabled", True)
     team_service = MagicMock()
-    team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(id="team-1", name="Team One", slug="team-one", description="Desc", visibility="private"))
+    team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(id="team-1", name="Team One", slug="team-one", description="Desc", visibility="private", is_personal=False))
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
     response = await admin_get_team_edit("team-1", mock_request, db=mock_db, _user={"email": "u@example.com", "db": mock_db})
     assert isinstance(response, HTMLResponse)
@@ -6138,7 +6400,7 @@ async def test_admin_update_team_success(monkeypatch, mock_db, allow_permission)
     request.form = AsyncMock(return_value=FakeForm({"name": "Team One", "description": "Desc", "visibility": "private"}))
 
     team_service = MagicMock()
-    team_service.update_team = AsyncMock(return_value=None)
+    team_service.update_team = AsyncMock(return_value=True)
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_update_team("team-1", request=request, db=mock_db, user={"email": "u@example.com", "db": mock_db})
@@ -6146,6 +6408,76 @@ async def test_admin_update_team_success(monkeypatch, mock_db, allow_permission)
     assert response.headers.get("HX-Trigger") is not None
 
 
+@pytest.mark.asyncio
+async def test_admin_update_team_rejected_personal_team_htmx(monkeypatch, mock_db, allow_permission):
+    """update_team returning False (personal team) must surface an error, not false success."""
+    monkeypatch.setattr(settings, "email_auth_enabled", True)
+    request = MagicMock(spec=Request)
+    request.scope = {"root_path": "/root"}
+    request.headers = {"HX-Request": "true"}
+    request.form = AsyncMock(return_value=FakeForm({"name": "My Team", "description": "Desc", "visibility": "private"}))
+
+    team_service = MagicMock()
+    team_service.update_team = AsyncMock(return_value=False)
+    monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+
+    response = await admin_update_team("team-1", request=request, db=mock_db, user={"email": "u@example.com", "db": mock_db})
+    assert isinstance(response, HTMLResponse)
+    assert response.status_code == 400
+    assert "cannot be updated" in response.body.decode().lower()
+
+
+@pytest.mark.asyncio
+async def test_admin_update_team_rejected_personal_team_redirect(monkeypatch, mock_db, allow_permission):
+    """update_team returning False with non-HTMX request redirects with error."""
+    monkeypatch.setattr(settings, "email_auth_enabled", True)
+    request = MagicMock(spec=Request)
+    request.scope = {"root_path": "/root"}
+    request.headers = {}
+    request.form = AsyncMock(return_value=FakeForm({"name": "My Team", "description": "Desc", "visibility": "private"}))
+
+    team_service = MagicMock()
+    team_service.update_team = AsyncMock(return_value=False)
+    monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+
+    response = await admin_update_team("team-1", request=request, db=mock_db, user={"email": "u@example.com", "db": mock_db})
+    assert isinstance(response, RedirectResponse)
+    assert response.status_code == 303
+    assert "error" in str(response.headers.get("location", "")).lower()
+
+
+@pytest.mark.asyncio
+async def test_admin_get_team_edit_blocks_other_personal_team(monkeypatch, mock_request, mock_db, allow_permission):
+    """Editing another user's personal team must return 403."""
+    monkeypatch.setattr(settings, "email_auth_enabled", True)
+    team_service = MagicMock()
+    team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(
+        id="team-personal", name="other-personal", slug="other-personal",
+        description="", visibility="private", is_personal=True, created_by="other@example.com",
+    ))
+    monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+
+    response = await admin_get_team_edit("team-personal", mock_request, db=mock_db, _user={"email": "admin@example.com", "db": mock_db})
+    assert response.status_code == 403
+    assert "cannot be edited" in response.body.decode().lower()
+
+
+@pytest.mark.asyncio
+async def test_admin_get_team_edit_blocks_own_personal_team(monkeypatch, mock_request, mock_db, allow_permission):
+    """Editing your own personal team is also blocked (service rejects all personal team updates)."""
+    monkeypatch.setattr(settings, "email_auth_enabled", True)
+    team_service = MagicMock()
+    team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(
+        id="team-personal", name="my-personal", slug="my-personal",
+        description="", visibility="private", is_personal=True, created_by="admin@example.com",
+    ))
+    monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+
+    response = await admin_get_team_edit("team-personal", mock_request, db=mock_db, _user={"email": "admin@example.com", "db": mock_db})
+    assert response.status_code == 403
+    assert "cannot be edited" in response.body.decode().lower()
+
+
 @pytest.mark.asyncio
 async def test_admin_update_team_email_auth_disabled(monkeypatch, mock_db, allow_permission):
     monkeypatch.setattr(settings, "email_auth_enabled", False)
@@ -6234,7 +6566,7 @@ async def test_admin_update_team_success_redirect(monkeypatch, mock_db, allow_pe
     request.form = AsyncMock(return_value=FakeForm({"name": "Team One", "description": "Desc", "visibility": "private"}))
 
     team_service = MagicMock()
-    team_service.update_team = AsyncMock(return_value=None)
+    team_service.update_team = AsyncMock(return_value=True)
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_update_team("team-1", request=request, db=mock_db, user={"email": "u@example.com", "db": mock_db})
@@ -6740,7 +7072,7 @@ async def test_admin_delete_team_success(monkeypatch, mock_db, allow_permission)
     request = MagicMock(spec=Request)
     team_service = MagicMock()
     team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(id="team-1", name="Team One"))
-    team_service.delete_team = AsyncMock(return_value=None)
+    team_service.delete_team = AsyncMock(return_value=True)
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_delete_team("team-1", request, db=mock_db, user={"email": "owner@example.com", "db": mock_db})
@@ -6748,6 +7080,22 @@ async def test_admin_delete_team_success(monkeypatch, mock_db, allow_permission)
     assert "deleted successfully" in response.body.decode()
 
 
+@pytest.mark.asyncio
+async def test_admin_delete_team_rejected_personal_team(monkeypatch, mock_db, allow_permission):
+    """delete_team returning False (personal team) must surface an error, not false success."""
+    monkeypatch.setattr(settings, "email_auth_enabled", True)
+    request = MagicMock(spec=Request)
+    team_service = MagicMock()
+    team_service.get_team_by_id = AsyncMock(return_value=SimpleNamespace(id="team-personal", name="Personal Team"))
+    team_service.delete_team = AsyncMock(return_value=False)
+    monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
+
+    response = await admin_delete_team("team-personal", request, db=mock_db, user={"email": "admin@example.com", "db": mock_db})
+    assert isinstance(response, HTMLResponse)
+    assert response.status_code == 400
+    assert "cannot be deleted" in response.body.decode().lower()
+
+
 @pytest.mark.asyncio
 async def test_admin_delete_team_email_auth_disabled(monkeypatch, mock_db, allow_permission):
     monkeypatch.setattr(settings, "email_auth_enabled", False)
@@ -6790,6 +7138,7 @@ async def test_admin_teams_partial_html_controls_admin(monkeypatch, mock_request
     team_service.discover_public_teams = AsyncMock(return_value=[])
     team_service.get_pending_join_requests_batch.return_value = {}
     team_service.list_teams = AsyncMock(return_value={"data": [team], "pagination": pagination, "links": links})
+
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_teams_partial_html(
@@ -6822,6 +7171,7 @@ async def test_admin_teams_partial_html_selector_public(monkeypatch, mock_reques
     team_service.discover_public_teams = AsyncMock(return_value=[public_team])
     team_service.get_pending_join_requests_batch.return_value = {}
     team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-2": 5})
+
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_teams_partial_html(
@@ -6911,6 +7261,7 @@ async def test_admin_teams_partial_html_admin_relationship_none(monkeypatch, moc
     team_service.get_pending_join_requests_batch.return_value = {}
     team_service.list_teams = AsyncMock(return_value={"data": [other_team], "pagination": pagination, "links": links})
     team_service.get_member_counts_batch_cached = AsyncMock(return_value={"team-2": 0})
+
     monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: team_service)
 
     response = await admin_teams_partial_html(
@@ -14390,6 +14741,7 @@ async def test_admin_get_all_team_ids_admin(self, monkeypatch, mock_db):
 
         ts = MagicMock()
         ts.get_all_team_ids = AsyncMock(return_value=["id-1", "id-2"])
+
         monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: ts)
 
         result = await admin_get_all_team_ids(include_inactive=False, visibility=None, q=None, db=mock_db, user={"email": "admin@test.com"})
@@ -14406,6 +14758,7 @@ async def test_admin_get_all_team_ids_non_admin(self, monkeypatch, mock_db):
         team1 = SimpleNamespace(id="t1", name="Team1", slug="team1", is_active=True, visibility="public")
         ts = MagicMock()
         ts.get_user_teams = AsyncMock(return_value=[team1])
+
         monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: ts)
 
         result = await admin_get_all_team_ids(include_inactive=False, visibility=None, q=None, db=mock_db, user={"email": "user@test.com"})
@@ -14451,6 +14804,7 @@ async def test_admin_search_teams_admin(self, monkeypatch, allow_permission, moc
         team = SimpleNamespace(id="t1", name="Alpha", slug="alpha", description="desc", visibility="public", is_active=True)
         ts = MagicMock()
         ts.list_teams = AsyncMock(return_value={"data": [team]})
+
         monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: ts)
 
         result = await admin_search_teams(q="Alpha", include_inactive=False, limit=10, visibility=None, db=mock_db, user={"email": "admin@test.com"})
@@ -14470,6 +14824,7 @@ async def test_admin_search_teams_non_admin_filters(self, monkeypatch, allow_per
         team3 = SimpleNamespace(id="t3", name="Zzz Team", slug="zzz", description="", visibility="public", is_active=True)
         ts = MagicMock()
         ts.get_user_teams = AsyncMock(return_value=[team1, team2, team3])
+
         monkeypatch.setattr("mcpgateway.admin.TeamManagementService", lambda db: ts)
 
         result = await admin_search_teams(q="zzz", include_inactive=False, limit=10, visibility="public", db=mock_db, user={"email": "user@test.com"})
@@ -19185,3 +19540,755 @@ async def test_admin_search_prompts_include_public_adds_visibility_condition(mon
         db=mock_db, user={"email": "user@example.com", "db": mock_db},
     )
     assert response is not None
+
+
+
+@pytest.mark.asyncio
+class TestAdminTeamVisibilitySecurity:
+    """
+    Regression tests for admin team visibility security issue.
+
+    Tests that admin users cannot see personal teams of other users or private teams
+    they are not members of. This addresses the security vulnerability where admins
+    could view all teams including personal workspaces.
+
+    Security Invariants:
+    - Admin users should only see teams they are members of, plus discoverable public teams
+    - Personal teams of other users should NEVER be exposed to admins
+    - Private teams the admin is not a member of should NOT be visible to admins
+    """
+
+    @pytest.fixture
+    def mock_admin_user(self):
+        """Create a mock admin user."""
+        from mcpgateway.db import EmailUser
+        user = MagicMock(spec=EmailUser)
+        user.email = "admin@example.com"
+        user.is_admin = True
+        user.is_active = True
+        return user
+
+    @pytest.fixture
+    def mock_regular_user(self):
+        """Create a mock regular user."""
+        from mcpgateway.db import EmailUser
+        user = MagicMock(spec=EmailUser)
+        user.email = "user@example.com"
+        user.is_admin = False
+        user.is_active = True
+        return user
+
+    @pytest.fixture
+    def mock_personal_team(self):
+        """Create a mock personal team."""
+        from mcpgateway.db import EmailTeam
+        team = MagicMock(spec=EmailTeam)
+        team.id = "personal-team-id"
+        team.name = "user@example.com"
+        team.slug = "user-example-com"
+        team.description = "Personal workspace"
+        team.created_by = "user@example.com"
+        team.is_personal = True
+        team.visibility = "private"
+        team.is_active = True
+        return team
+
+    @pytest.fixture
+    def mock_private_team(self):
+        """Create a mock private team."""
+        from mcpgateway.db import EmailTeam
+        team = MagicMock(spec=EmailTeam)
+        team.id = "private-team-id"
+        team.name = "Private Team"
+        team.slug = "private-team"
+        team.description = "A private team"
+        team.created_by = "user@example.com"
+        team.is_personal = False
+        team.visibility = "private"
+        team.is_active = True
+        return team
+
+    @pytest.fixture
+    def mock_public_team(self):
+        """Create a mock public team."""
+        from mcpgateway.db import EmailTeam
+        team = MagicMock(spec=EmailTeam)
+        team.id = "public-team-id"
+        team.name = "Public Team"
+        team.slug = "public-team"
+        team.description = "A public team"
+        team.created_by = "user@example.com"
+        team.is_personal = False
+        team.visibility = "public"
+        team.is_active = True
+        return team
+
+    async def test_admin_teams_partial_excludes_personal_teams(self, monkeypatch, mock_admin_user, mock_personal_team, mock_public_team):
+        """Admin should NOT see other users' personal teams via admin_teams_partial_html.
+
+        The service layer handles personal team inclusion via personal_owner_email,
+        so only the admin's own personal team is included (not other users').
+        """
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_request.url.path = "/admin/teams/partial"
+
+        mock_db = MagicMock()
+
+        # Mock auth service to return admin user
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        # Mock team service - list_teams should be called with include_personal=False and personal_owner_email
+        mock_team_service = MagicMock()
+        mock_team_service.get_user_teams = AsyncMock(return_value=[])
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[mock_public_team])
+        mock_team_service.get_user_roles_batch = MagicMock(return_value={})
+        mock_team_service.get_pending_join_requests_batch = MagicMock(return_value={})
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [mock_public_team],
+            "pagination": MagicMock(page=1, per_page=50, total_items=1, total_pages=1, has_next=False, has_prev=False),
+            "links": None
+        })
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_teams_partial_html(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                include_inactive=False,
+                visibility=None,
+                render=None,
+                q=None,
+                relationship=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify list_teams was called with include_personal=False and personal_owner_email
+            mock_team_service.list_teams.assert_called_once()
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_personal"] is False, "Admin should not see other users' personal teams"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com", "Admin's own personal team should be included via service layer"
+
+    async def test_admin_get_all_team_ids_excludes_personal_teams(self, monkeypatch, mock_admin_user, mock_personal_team):
+        """Admin should NOT see other users' personal teams via admin_get_all_team_ids.
+
+        The service layer handles personal team inclusion via personal_owner_email,
+        so only the admin's own personal team is included (not other users').
+        """
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.get_all_team_ids = AsyncMock(return_value=["public-team-id"])
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"):
+
+            await admin_get_all_team_ids(
+                include_inactive=False,
+                visibility=None,
+                q=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify get_all_team_ids was called with include_personal=False and personal_owner_email
+            mock_team_service.get_all_team_ids.assert_called_once()
+            call_kwargs = mock_team_service.get_all_team_ids.call_args[1]
+            assert call_kwargs["include_personal"] is False, "Admin should not see other users' personal teams"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com", "Admin's own personal team should be included via service layer"
+
+    async def test_admin_search_teams_excludes_personal_teams(self, monkeypatch, mock_admin_user, mock_public_team):
+        """Admin should NOT see other users' personal teams via admin_search_teams.
+
+        The service layer handles personal team inclusion via personal_owner_email,
+        so only the admin's own personal team is included (not other users').
+        """
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [mock_public_team],
+            "pagination": MagicMock(),
+            "links": None
+        })
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._normalize_search_query", return_value="test"):
+
+            await admin_search_teams(
+                q="test",
+                include_inactive=False,
+                limit=50,
+                visibility=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify list_teams was called with include_personal=False and personal_owner_email
+            mock_team_service.list_teams.assert_called_once()
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_personal"] is False, "Admin should not see other users' personal teams"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com", "Admin's own personal team should be included via service layer"
+
+    async def test_admin_list_teams_excludes_personal_teams(self, monkeypatch, mock_admin_user, mock_public_team):
+        """Admin should NOT see other users' personal teams via admin_list_teams.
+
+        The service layer handles personal team inclusion via personal_owner_email,
+        so only the admin's own personal team is included (not other users').
+        """
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [mock_public_team],
+            "pagination": MagicMock(page=1, per_page=50, total_items=1, total_pages=1, has_next=False, has_prev=False),
+            "links": None
+        })
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_list_teams(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                q=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db},
+                unified=False
+            )
+
+            # Verify list_teams was called with include_personal=False and personal_owner_email
+            mock_team_service.list_teams.assert_called_once()
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_personal"] is False, "Admin should not see other users' personal teams"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com", "Admin's own personal team should be included via service layer"
+
+    async def test_non_admin_can_see_own_personal_team(self, monkeypatch, mock_regular_user, mock_personal_team):
+        """Non-admin users should still see their own personal team."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_request.url.path = "/admin/teams/partial"
+
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_regular_user)
+
+        mock_team_service = MagicMock()
+        # Non-admin gets their teams via get_user_teams which includes personal
+        mock_team_service.get_user_teams = AsyncMock(return_value=[mock_personal_team])
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[])
+        mock_team_service.get_user_roles_batch = MagicMock(return_value={"personal-team-id": "owner"})
+        mock_team_service.get_pending_join_requests_batch = MagicMock(return_value={})
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={"personal-team-id": 1})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="user@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_teams_partial_html(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                include_inactive=False,
+                visibility=None,
+                render=None,
+                q=None,
+                relationship=None,
+                db=mock_db,
+                user={"email": "user@example.com", "db": mock_db}
+            )
+
+            # Verify get_user_teams was called with include_personal=True for non-admin
+            mock_team_service.get_user_teams.assert_called_once()
+            call_kwargs = mock_team_service.get_user_teams.call_args[1]
+            assert call_kwargs["include_personal"] is True, "Non-admin should see their own personal team"
+
+    async def test_admin_can_see_own_personal_team(self, monkeypatch, mock_admin_user):
+        """Admin users SHOULD see their own personal team (regression test for fix)."""
+        from mcpgateway.db import EmailTeam
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        # Create admin's personal team
+        admin_personal_team = MagicMock(spec=EmailTeam)
+        admin_personal_team.id = "admin-personal-team-id"
+        admin_personal_team.name = "admin@example.com"
+        admin_personal_team.slug = "admin-example-com"
+        admin_personal_team.description = "Admin's personal workspace"
+        admin_personal_team.created_by = "admin@example.com"
+        admin_personal_team.is_personal = True
+        admin_personal_team.visibility = "private"
+        admin_personal_team.is_active = True
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_request.url.path = "/admin/teams/partial"
+
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.get_user_teams = AsyncMock(return_value=[])
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[])
+        mock_team_service.get_user_roles_batch = MagicMock(return_value={})
+        mock_team_service.get_pending_join_requests_batch = MagicMock(return_value={})
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={"admin-personal-team-id": 1})
+
+        # list_teams returns empty (no non-personal teams)
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [],
+            "pagination": MagicMock(page=1, per_page=50, total_items=0, total_pages=0, has_next=False, has_prev=False),
+            "links": None
+        })
+
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_teams_partial_html(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                include_inactive=False,
+                visibility=None,
+                render=None,
+                q=None,
+                relationship=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify list_teams was called with include_personal=False and personal_owner_email
+            # (service layer handles including admin's own personal team via SQL query)
+            mock_team_service.list_teams.assert_called_once()
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_personal"] is False, "Should not include other users' personal teams"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com", "Admin's personal team included via service layer"
+
+    async def test_admin_teams_partial_excludes_other_personal_teams(self, monkeypatch, mock_admin_user, mock_private_team, mock_public_team):
+        """Admin listing excludes other users' personal teams (include_personal=False with personal_owner_email)."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_request.url.path = "/admin/teams/partial"
+
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        # Admin is not a member of any teams
+        mock_team_service.get_user_teams = AsyncMock(return_value=[])
+        # Only public teams are discoverable
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[mock_public_team])
+        mock_team_service.get_user_roles_batch = MagicMock(return_value={})
+        mock_team_service.get_pending_join_requests_batch = MagicMock(return_value={})
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+
+        # list_teams should only return public teams, not private ones
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [mock_public_team],  # Only public team, NO private teams
+            "pagination": MagicMock(page=1, per_page=50, total_items=1, total_pages=1, has_next=False, has_prev=False),
+            "links": None
+        })
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_teams_partial_html(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                include_inactive=False,
+                visibility=None,
+                render=None,
+                q=None,
+                relationship=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify the returned data does not include private teams
+            mock_team_service.list_teams.assert_called_once()
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_personal"] is False
+
+            # The service layer should handle filtering private teams based on membership
+            # This test verifies the admin endpoint doesn't bypass that filtering
+
+
+
+class TestAdminPersonalTeamFiltering:
+    """Test suite for admin personal team filtering via service-layer personal_owner_email.
+
+    Personal team inclusion/exclusion is now handled by the service layer via the
+    personal_owner_email parameter. Admin endpoints pass the admin's email so the
+    service query includes their personal team while excluding other users' personal teams.
+    Filtering (active, visibility, search) is applied uniformly by the SQL query.
+    """
+
+    @pytest.fixture
+    def mock_admin_user(self):
+        """Create mock admin user."""
+        user = MagicMock()
+        user.email = "admin@example.com"
+        user.is_admin = True
+        user.is_active = True
+        return user
+
+    @pytest.fixture
+    def mock_personal_team(self):
+        """Create mock personal team for admin."""
+        team = MagicMock()
+        team.id = "personal-team-123"
+        team.name = "admin@example.com"
+        team.slug = "admin-example-com"
+        team.description = "Personal team"
+        team.is_personal = True
+        team.is_active = True
+        team.visibility = "private"
+        team.created_by = "admin@example.com"
+        return team
+
+    # Tests for admin_get_all_team_ids
+    @pytest.mark.asyncio
+    async def test_admin_get_all_team_ids_passes_personal_owner_email(self, mock_admin_user):
+        """admin_get_all_team_ids passes personal_owner_email to the service layer."""
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.get_all_team_ids = AsyncMock(return_value=["team1", "team2", "personal-team-123"])
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"):
+
+            result = await admin_get_all_team_ids(
+                include_inactive=False,
+                visibility=None,
+                q=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            # Verify service was called with personal_owner_email
+            mock_team_service.get_all_team_ids.assert_called_once()
+            call_kwargs = mock_team_service.get_all_team_ids.call_args[1]
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
+            assert call_kwargs["include_personal"] is False
+            # Result from service is returned directly
+            assert result["count"] == 3
+
+    @pytest.mark.asyncio
+    async def test_admin_get_all_team_ids_forwards_filters(self, mock_admin_user):
+        """admin_get_all_team_ids forwards all filters to the service layer."""
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.get_all_team_ids = AsyncMock(return_value=["team1"])
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"):
+
+            await admin_get_all_team_ids(
+                include_inactive=True,
+                visibility="public",
+                q="search",
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            call_kwargs = mock_team_service.get_all_team_ids.call_args[1]
+            assert call_kwargs["include_inactive"] is True
+            assert call_kwargs["visibility_filter"] == "public"
+            assert call_kwargs["search_query"] == "search"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
+
+    # Tests for admin_search_teams
+    @pytest.mark.asyncio
+    async def test_admin_search_teams_passes_personal_owner_email(self, mock_admin_user):
+        """admin_search_teams passes personal_owner_email to the service layer."""
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [MagicMock(id="team1")],
+            "pagination": MagicMock(),
+            "links": None
+        })
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._normalize_search_query", return_value="admin"):
+
+            await admin_search_teams(
+                q="admin",
+                include_inactive=False,
+                limit=50,
+                visibility=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
+            assert call_kwargs["include_personal"] is False
+
+    @pytest.mark.asyncio
+    async def test_admin_search_teams_forwards_filters(self, mock_admin_user):
+        """admin_search_teams forwards all filters to the service layer."""
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [],
+            "pagination": MagicMock(),
+            "links": None
+        })
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._normalize_search_query", return_value="test"):
+
+            await admin_search_teams(
+                q="test",
+                include_inactive=True,
+                limit=25,
+                visibility="public",
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["include_inactive"] is True
+            assert call_kwargs["visibility_filter"] == "public"
+            assert call_kwargs["search_query"] == "test"
+            assert call_kwargs["per_page"] == 25
+
+    # Tests for admin_teams_partial_html
+    @pytest.mark.asyncio
+    async def test_admin_teams_partial_html_passes_personal_owner_email(self, monkeypatch, mock_admin_user):
+        """admin_teams_partial_html passes personal_owner_email to the service layer."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock(return_value=HTMLResponse(content=""))
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [MagicMock(id="team1")],
+            "pagination": MagicMock(page=1, per_page=50, total_items=1, total_pages=1, has_next=False, has_prev=False),
+            "links": None
+        })
+        mock_team_service.get_user_teams = AsyncMock(return_value=[])
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[])
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._get_user_team_roles", return_value={}):
+
+            result = await admin_teams_partial_html(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                include_inactive=False,
+                visibility=None,
+                relationship=None,
+                q=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            assert isinstance(result, HTMLResponse)
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
+            assert call_kwargs["include_personal"] is False
+
+    @pytest.mark.asyncio
+    async def test_admin_teams_partial_html_forwards_filters(self, monkeypatch, mock_admin_user):
+        """admin_teams_partial_html forwards all filters to the service layer."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock(return_value=HTMLResponse(content=""))
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [],
+            "pagination": MagicMock(page=2, per_page=10, total_items=0, total_pages=0, has_next=False, has_prev=True),
+            "links": None
+        })
+        mock_team_service.get_user_teams = AsyncMock(return_value=[])
+        mock_team_service.discover_public_teams = AsyncMock(return_value=[])
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._get_user_team_roles", return_value={}):
+
+            await admin_teams_partial_html(
+                request=mock_request,
+                page=2,
+                per_page=10,
+                include_inactive=True,
+                visibility="public",
+                relationship=None,
+                q="search",
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db}
+            )
+
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["page"] == 2
+            assert call_kwargs["per_page"] == 10
+            assert call_kwargs["include_inactive"] is True
+            assert call_kwargs["visibility_filter"] == "public"
+            assert call_kwargs["search_query"] == "search"
+
+    # Tests for admin_list_teams
+    @pytest.mark.asyncio
+    async def test_admin_list_teams_passes_personal_owner_email(self, monkeypatch, mock_admin_user):
+        """admin_list_teams passes personal_owner_email to the service layer."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock()
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [MagicMock(id="team1")],
+            "pagination": MagicMock(page=1, per_page=50, total_items=1, total_pages=1, has_next=False, has_prev=False),
+            "links": None
+        })
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            await admin_list_teams(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                q=None,
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db},
+                unified=False
+            )
+
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
+            assert call_kwargs["include_personal"] is False
+
+    @pytest.mark.asyncio
+    async def test_admin_list_teams_forwards_search_query(self, monkeypatch, mock_admin_user):
+        """admin_list_teams forwards search query to the service layer."""
+        monkeypatch.setattr("mcpgateway.admin.settings.email_auth_enabled", True)
+
+        mock_request = MagicMock()
+        mock_request.app.state.templates.TemplateResponse = MagicMock(return_value=HTMLResponse(content=""))
+        mock_db = MagicMock()
+
+        mock_auth_service = MagicMock()
+        mock_auth_service.get_user_by_email = AsyncMock(return_value=mock_admin_user)
+
+        mock_team_service = MagicMock()
+        mock_team_service.list_teams = AsyncMock(return_value={
+            "data": [],
+            "pagination": MagicMock(page=1, per_page=50, total_items=0, total_pages=0, has_next=False, has_prev=False),
+            "links": None
+        })
+        mock_team_service.get_member_counts_batch_cached = AsyncMock(return_value={})
+
+        with patch("mcpgateway.admin.EmailAuthService", return_value=mock_auth_service), \
+             patch("mcpgateway.admin.TeamManagementService", return_value=mock_team_service), \
+             patch("mcpgateway.admin.get_user_email", return_value="admin@example.com"), \
+             patch("mcpgateway.admin._resolve_root_path", return_value=""):
+
+            result = await admin_list_teams(
+                request=mock_request,
+                page=1,
+                per_page=50,
+                q="nomatch",
+                db=mock_db,
+                user={"email": "admin@example.com", "db": mock_db},
+                unified=False
+            )
+
+            assert isinstance(result, HTMLResponse)
+            call_kwargs = mock_team_service.list_teams.call_args[1]
+            assert call_kwargs["search_query"] == "nomatch"
+            assert call_kwargs["personal_owner_email"] == "admin@example.com"
diff --git a/tests/unit/mcpgateway/test_admin_module.py b/tests/unit/mcpgateway/test_admin_module.py
index 7298d4da2f..3e09b74dc1 100644
--- a/tests/unit/mcpgateway/test_admin_module.py
+++ b/tests/unit/mcpgateway/test_admin_module.py
@@ -834,10 +834,12 @@ def get_user_roles_batch(self, email, team_ids):
     monkeypatch.setattr(admin, "verify_jwt_token_cached", AsyncMock(return_value={"user": {"auth_provider": "local"}}))
     monkeypatch.setattr(admin, "create_jwt_token", AsyncMock(return_value="jwt"))
 
-    with pytest.raises(HTTPException) as exc_info:
-        await admin.admin_ui(request, "not-a-member-team", True, mock_db, user=user)
-    assert exc_info.value.status_code == 403
-    assert "Not a member" in exc_info.value.detail
+    # Non-admin requesting non-member team: selected_team_id silently reset to None
+    response = await admin.admin_ui(request, "not-a-member-team", True, mock_db, user=user)
+    assert isinstance(response, HTMLResponse)
+    template_call = request.app.state.templates.TemplateResponse.call_args
+    context = template_call[0][2]
+    assert context["selected_team_id"] is None
 
 
 @pytest.mark.asyncio
@@ -955,11 +957,13 @@ def get_user_roles_batch(self, email, team_ids):
     monkeypatch.setattr(admin, "verify_jwt_token_cached", AsyncMock(return_value={"user": {"auth_provider": "local"}}))
     monkeypatch.setattr(admin, "create_jwt_token", AsyncMock(return_value="jwt"))
 
-    # Admin with team-scoped token requesting a team they're not a member of -> 403
-    with pytest.raises(HTTPException) as exc_info:
-        await admin.admin_ui(request, "other-team", False, mock_db, user=user)
-    assert exc_info.value.status_code == 403
-    assert "Not a member" in exc_info.value.detail
+    # Admin with team-scoped token requesting a non-member team: banner shown, content defaults to All Teams
+    response = await admin.admin_ui(request, "other-team", False, mock_db, user=user)
+    assert isinstance(response, HTMLResponse)
+    template_call = request.app.state.templates.TemplateResponse.call_args
+    context = template_call[0][2]
+    assert context["admin_viewing_non_member_team"] is True
+    assert context["selected_team_id"] is None
 
 
 @pytest.mark.asyncio
@@ -1374,6 +1378,7 @@ async def get_user_teams(self, _email, include_personal=True):
                 SimpleNamespace(id="team-4", name="Beta", slug="beta", is_active=False, visibility="private"),
             ]
 
+
     class _StubAuthService:
         def __init__(self, _db):
             self._user = None
@@ -1433,6 +1438,7 @@ async def get_user_teams(self, _email, include_personal=True):
                 SimpleNamespace(id="t-3", name="Gamma", slug="gamma", description="desc", visibility="private", is_active=False),
             ]
 
+
     class _StubAuthService:
         def __init__(self, _db):
             self._user = None
diff --git a/tests/unit/mcpgateway/test_translate_stdio_endpoint.py b/tests/unit/mcpgateway/test_translate_stdio_endpoint.py
index a2464b33da..781440a107 100644
--- a/tests/unit/mcpgateway/test_translate_stdio_endpoint.py
+++ b/tests/unit/mcpgateway/test_translate_stdio_endpoint.py
@@ -15,7 +15,7 @@
 import os
 import sys
 import tempfile
-from unittest.mock import Mock, patch
+from unittest.mock import AsyncMock, Mock, patch
 
 import pytest
 
@@ -415,7 +415,9 @@ async def test_mock_subprocess_creation(self):
         # Mock subprocess with proper async behavior
         mock_process = Mock()
         mock_process.stdin = Mock()
-        mock_process.stdout = Mock()
+        mock_stdout = AsyncMock()
+        mock_stdout.readline = AsyncMock(return_value=b"")  # EOF immediately
+        mock_process.stdout = mock_stdout
         mock_process.pid = 12345
 
         # Mock the wait method to be awaitable
@@ -444,8 +446,9 @@ async def mock_wait():
             # Check that base environment is preserved
             assert "PATH" in env  # PATH should be preserved from os.environ
 
-            # Don't call stop() as it will try to wait for the mock process
-            # Just verify the start() worked correctly
+            # Let the pump task finish (it will hit EOF from the mock)
+            if endpoint._pump_task:
+                await endpoint._pump_task
 
     @pytest.mark.asyncio
     async def test_subprocess_creation_failure(self):