[FEAT][UI]: Role based Admin UI visibility gating

[madhav165]

✨ Feature / Enhancement PR

🔗 Epic / Issue

Closes #3478

---

🚀 Summary (1-2 sentences)

Adds separate UI section/header hide configuration for admin vs non-admin users. Admins can retain full UI access in deployments where non-admin views are restricted, including embedded mode where logout and team selector auto-hiding now only applies to non-admins.

---

🧪 Checks

• make lint passes
• make test passes
• CHANGELOG updated (if user-facing)

---

📓 Notes

New Environment Variables

Variable	Applies to	Default
MCPGATEWAY_UI_HIDE_SECTIONS	non-admin users	[]
MCPGATEWAY_UI_HIDE_HEADER_ITEMS	non-admin users	[]
MCPGATEWAY_UI_HIDE_SECTIONS_ADMIN	admin users	[] (see all)
MCPGATEWAY_UI_HIDE_HEADER_ITEMS_ADMIN	admin users	[] (see all)

Visibility Resolution

flowchart TD
    A[Request to /admin/] --> B{is_admin?}
    B -->|yes| C[Use _ADMIN env vars]
    B -->|no| D[Use existing env vars]
    D --> E{MCPGATEWAY_UI_EMBEDDED?}
    E -->|yes| F[Add logout, team_selector to hidden headers]
    E -->|no| G[No embedded defaults]
    C --> H[Apply query param / cookie overrides]
    F --> H
    G --> H
    H --> I[Map hidden sections → hidden tabs]
    I --> J[Return visibility config]

Loading

Backward Compatibility

Existing deployments without _ADMIN vars behave identically — admins see everything (empty list = no hiding), non-admin behavior unchanged.

Files Changed

• mcpgateway/config.py — 2 new fields with shared validators
• mcpgateway/admin.py — get_ui_visibility_config() gains is_admin param
• .env.example — Document new vars
• docker-compose.yml, docker-compose-embedded.yml — Add new vars
• charts/mcp-stack/values.yaml, values.schema.json — Helm chart entries
• docs/docs/config.schema.json — Schema entries
• docs/docs/manage/admin-ui-customization.md — Role-based visibility docs
• tests/unit/mcpgateway/test_config.py — 5 new tests
• tests/unit/mcpgateway/test_admin.py — 6 new tests

[crivetimihai]

Thanks @madhav165 — useful feature for #3478. The admin/non-admin split for hide sections config is well-designed. Good coverage across .env.example, Helm values, Docker Compose, docs, config, and tests.

[rakdutta]

I verified all six acceptance scenarios (admin vs non-admin hide lists, admin-specific hide overrides, embedded header defaults, and query-param/cookie overrides) — behavior matches the acceptance criteria.
LGTM

[marekdano]

@madhav165 - can you please resolve conflicts?

[crivetimihai]

Reviewed and rebased onto current main. Clean implementation — the role-based branching logic is correct, embedded-mode bypass for admins works as designed, query/cookie overrides remain strictly additive (no visibility bypass), and is_admin is derived server-side from authenticated user state.

Added tests during review for full differential coverage: backward-compat default param, admin cookie/query interaction, route-level integration verifying admin_ui() wires is_admin through to get_ui_visibility_config, and JSON-array parsing for admin header items.

Resolved one rebase conflict: docs/docs/config.schema.json was deleted on main in #4001 — dropped the PR's additions to that file. Also included .secrets.baseline update for test line shifts.