From c1798a4642852db0c02f91a8ff7a42eb9c949434 Mon Sep 17 00:00:00 2001
From: Kyle Carberry <kyle@carberry.com>
Date: Wed, 31 Dec 2025 10:50:42 -0500
Subject: [PATCH] Improve agent access page UI

- Remove disabled 'Public (Coming Soon)' visibility option
- Move permissions reference table into a modal dialog
- Display all org members with inherited access when visibility is 'organization'
- Show access source (Team Owner/Admin, Team Member, Direct) in members table
- Fix UserSelector dropdown focus bug by auto-focusing search input on open
---
 .../[agent]/access/agent-access-client.tsx    |  28 ++-
 .../[agent]/access/members-table.tsx          |  77 ++++++-
 .../[agent]/access/permissions-reference.tsx  | 199 ++++++++++--------
 .../[agent]/access/visibility-section.tsx     |  20 --
 internal/site/components/user-selector.tsx    |  14 +-
 5 files changed, 212 insertions(+), 126 deletions(-)

diff --git a/internal/site/app/(app)/[organization]/[agent]/access/agent-access-client.tsx b/internal/site/app/(app)/[organization]/[agent]/access/agent-access-client.tsx
index 253b4f3e..55ee1b97 100644
--- a/internal/site/app/(app)/[organization]/[agent]/access/agent-access-client.tsx
+++ b/internal/site/app/(app)/[organization]/[agent]/access/agent-access-client.tsx
@@ -8,7 +8,7 @@ import { useMemo, useState } from "react";
 import useSWR from "swr";
 import { AddMemberModal } from "./add-member-modal";
 import { MembersTable } from "./members-table";
-import { PermissionsReference } from "./permissions-reference";
+import { PermissionsReferenceModal } from "./permissions-reference";
 import { VisibilitySection } from "./visibility-section";
 
 interface AgentAccessClientProps {
@@ -77,13 +77,20 @@ export function AgentAccessClient({
     orgAdminsAndOwners.map((m) => m.user.id)
   );
 
+  // Get regular org members (not admins/owners) - they get read access when visibility is organization
+  const regularOrgMembers =
+    orgMembers?.filter((m) => m.role === "member") || [];
+
   // Filter out org admins and owners from the member list since they always have access
   const explicitMembers = (members || []).filter(
     (member) => !member.user_id || !orgAdminsAndOwnersIds.has(member.user_id)
   );
 
-  // Total count includes both explicit and implicit members
-  const totalMembersCount = explicitMembers.length + orgAdminsAndOwners.length;
+  // Total count depends on visibility
+  const totalMembersCount =
+    agentVisibility === "organization"
+      ? (orgMembers?.length || 0) // When team visible, all org members have access
+      : explicitMembers.length + orgAdminsAndOwners.length;
 
   return (
     <PageContainer>
@@ -99,8 +106,6 @@ export function AgentAccessClient({
           organizationName={organizationName}
         />
 
-        <PermissionsReference />
-
         <div className="space-y-6">
           <div className="flex items-center justify-between">
             <div>
@@ -111,15 +116,20 @@ export function AgentAccessClient({
                 to this agent
               </p>
             </div>
-            <Button onClick={() => setIsAddingMember(true)}>
-              <UserPlus className="h-4 w-4" />
-              Add Member
-            </Button>
+            <div className="flex items-center gap-4">
+              <PermissionsReferenceModal />
+              <Button onClick={() => setIsAddingMember(true)}>
+                <UserPlus className="h-4 w-4" />
+                Add Member
+              </Button>
+            </div>
           </div>
 
           <MembersTable
             explicitMembers={explicitMembers}
             implicitMembers={orgAdminsAndOwners}
+            regularOrgMembers={regularOrgMembers}
+            agentVisibility={agentVisibility}
             currentUserId={currentUserId}
             onDelete={handleDelete}
             onUpdatePermission={handleUpdatePermission}
diff --git a/internal/site/app/(app)/[organization]/[agent]/access/members-table.tsx b/internal/site/app/(app)/[organization]/[agent]/access/members-table.tsx
index d93a7d24..4a9b95c8 100644
--- a/internal/site/app/(app)/[organization]/[agent]/access/members-table.tsx
+++ b/internal/site/app/(app)/[organization]/[agent]/access/members-table.tsx
@@ -2,12 +2,14 @@
 
 import Avatar from "@/components/ui/avatar";
 import type { AgentMember, OrganizationMember } from "@blink.so/api";
-import { Shield } from "lucide-react";
+import { Shield, Users } from "lucide-react";
 import { useState } from "react";
 
 interface MembersTableProps {
   explicitMembers: AgentMember[];
   implicitMembers: OrganizationMember[];
+  regularOrgMembers: OrganizationMember[];
+  agentVisibility: "private" | "public" | "organization";
   currentUserId: string;
   onDelete: (userId: string | null) => void;
   onUpdatePermission: (
@@ -19,11 +21,25 @@ interface MembersTableProps {
 export function MembersTable({
   explicitMembers,
   implicitMembers,
+  regularOrgMembers,
+  agentVisibility,
   currentUserId,
   onDelete,
   onUpdatePermission,
 }: MembersTableProps) {
-  const totalCount = explicitMembers.length + implicitMembers.length;
+  // Build a set of user IDs that have explicit grants (to exclude from inherited members)
+  const explicitUserIds = new Set(
+    explicitMembers.map((m) => m.user_id).filter(Boolean)
+  );
+
+  // Filter regular org members to exclude those with explicit grants
+  const inheritedTeamMembers =
+    agentVisibility === "organization"
+      ? regularOrgMembers.filter((m) => !explicitUserIds.has(m.user.id))
+      : [];
+
+  const totalCount =
+    explicitMembers.length + implicitMembers.length + inheritedTeamMembers.length;
 
   return (
     <section aria-labelledby="members-heading">
@@ -69,6 +85,13 @@ export function MembersTable({
                 orgMember={orgMember}
               />
             ))}
+            {/* Inherited team members (when visibility is organization) */}
+            {inheritedTeamMembers.map((orgMember) => (
+              <InheritedTeamMemberRow
+                key={`team-${orgMember.user.id}`}
+                orgMember={orgMember}
+              />
+            ))}
             {/* Explicit members */}
             {explicitMembers.map((member) => (
               <ExplicitMemberRow
@@ -123,7 +146,55 @@ function ImplicitMemberRow({ orgMember }: { orgMember: OrganizationMember }) {
       <td className="px-4 py-3">
         <div className="flex items-center gap-1.5 text-xs text-neutral-500 dark:text-neutral-400">
           <Shield className="h-3.5 w-3.5" />
-          <span className="capitalize">{orgMember.role}</span>
+          <span className="capitalize">Team {orgMember.role}</span>
+        </div>
+      </td>
+      <td className="px-4 py-3 text-right">
+        <span className="text-xs text-neutral-400 dark:text-neutral-500">
+          —
+        </span>
+      </td>
+    </tr>
+  );
+}
+
+// Inherited team member row for regular org members when visibility is "organization"
+function InheritedTeamMemberRow({
+  orgMember,
+}: {
+  orgMember: OrganizationMember;
+}) {
+  const displayName =
+    orgMember.user.display_name || orgMember.user.username || "Unknown";
+
+  return (
+    <tr className="bg-neutral-50/50 dark:bg-neutral-900/30">
+      <td className="px-4 py-3">
+        <div className="flex items-center gap-3">
+          <Avatar
+            src={orgMember.user.avatar_url}
+            seed={orgMember.user.id}
+            size={32}
+          />
+          <div className="min-w-0 flex-1">
+            <div className="text-sm text-neutral-900 dark:text-white truncate">
+              {displayName}
+            </div>
+            <div className="text-xs text-neutral-500 dark:text-neutral-400 truncate">
+              @{orgMember.user.username}
+            </div>
+          </div>
+        </div>
+      </td>
+      <td className="px-4 py-3">
+        <span className="text-sm text-neutral-700 dark:text-neutral-300">
+          Read
+        </span>
+      </td>
+      <td className="px-4 py-3">
+        <div className="flex items-center gap-1.5 text-xs text-neutral-500 dark:text-neutral-400">
+          <Users className="h-3.5 w-3.5" />
+          <span>Team member</span>
         </div>
       </td>
       <td className="px-4 py-3 text-right">
diff --git a/internal/site/app/(app)/[organization]/[agent]/access/permissions-reference.tsx b/internal/site/app/(app)/[organization]/[agent]/access/permissions-reference.tsx
index 0a8d28f5..7974d74f 100644
--- a/internal/site/app/(app)/[organization]/[agent]/access/permissions-reference.tsx
+++ b/internal/site/app/(app)/[organization]/[agent]/access/permissions-reference.tsx
@@ -1,7 +1,14 @@
 "use client";
 
-import { Card, CardContent, CardHeader, CardTitle } from "@/components/ui/card";
-import { Check, X } from "lucide-react";
+import {
+  Dialog,
+  DialogContent,
+  DialogDescription,
+  DialogHeader,
+  DialogTitle,
+  DialogTrigger,
+} from "@/components/ui/dialog";
+import { Check, HelpCircle, X } from "lucide-react";
 
 const PERMISSION_FEATURES = [
   {
@@ -72,107 +79,115 @@ function PermissionIcon({ allowed }: { allowed: boolean }) {
   );
 }
 
-export function PermissionsReference() {
+export function PermissionsReferenceModal() {
   return (
-    <Card>
-      <CardHeader>
-        <CardTitle className="text-lg">Permission levels</CardTitle>
-        <p className="text-sm text-muted-foreground mt-1">
-          Understand what each permission level allows
-        </p>
-      </CardHeader>
-      <CardContent>
-        <div className="mb-4 p-4 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg">
-          <p className="text-sm text-blue-900 dark:text-blue-100">
-            <strong>Note:</strong> Organization admins and owners automatically
-            have admin permission on all agents in this organization.
-          </p>
-        </div>
-        <div className="space-y-6">
-          {/* Permission headers */}
-          <div className="grid grid-cols-[1fr_auto_auto_auto] gap-4 pb-3 border-b">
-            <div className="text-sm font-medium text-muted-foreground">
-              Feature
-            </div>
-            <div className="text-sm font-medium text-center w-24">Read</div>
-            <div className="text-sm font-medium text-center w-24">Write</div>
-            <div className="text-sm font-medium text-center w-24">Admin</div>
+    <Dialog>
+      <DialogTrigger asChild>
+        <button className="inline-flex items-center gap-1 text-sm text-muted-foreground hover:text-foreground transition-colors">
+          <HelpCircle className="h-4 w-4" />
+          <span>What can each role do?</span>
+        </button>
+      </DialogTrigger>
+      <DialogContent className="max-w-2xl max-h-[85vh] overflow-y-auto">
+        <DialogHeader>
+          <DialogTitle>Permission levels</DialogTitle>
+          <DialogDescription>
+            Understand what each permission level allows
+          </DialogDescription>
+        </DialogHeader>
+        <div className="mt-4">
+          <div className="mb-4 p-4 bg-blue-50 dark:bg-blue-900/20 border border-blue-200 dark:border-blue-800 rounded-lg">
+            <p className="text-sm text-blue-900 dark:text-blue-100">
+              <strong>Note:</strong> Organization admins and owners automatically
+              have admin permission on all agents in this organization.
+            </p>
           </div>
-
-          {/* Permission categories */}
-          {PERMISSION_FEATURES.map((category, categoryIndex) => (
-            <div key={categoryIndex} className="space-y-3">
-              <h4 className="text-sm font-medium text-foreground">
-                {category.category}
-              </h4>
-              <div className="space-y-2">
-                {category.features.map((feature, featureIndex) => (
-                  <div
-                    key={featureIndex}
-                    className="grid grid-cols-[1fr_auto_auto_auto] gap-4 items-center py-2"
-                  >
-                    <div className="text-sm text-muted-foreground">
-                      {feature.name}
-                    </div>
-                    <div className="flex justify-center w-24">
-                      <PermissionIcon allowed={feature.read} />
-                    </div>
-                    <div className="flex justify-center w-24">
-                      <PermissionIcon allowed={feature.write} />
-                    </div>
-                    <div className="flex justify-center w-24">
-                      <PermissionIcon allowed={feature.admin} />
-                    </div>
-                  </div>
-                ))}
+          <div className="space-y-6">
+            {/* Permission headers */}
+            <div className="grid grid-cols-[1fr_auto_auto_auto] gap-4 pb-3 border-b">
+              <div className="text-sm font-medium text-muted-foreground">
+                Feature
               </div>
+              <div className="text-sm font-medium text-center w-24">Read</div>
+              <div className="text-sm font-medium text-center w-24">Write</div>
+              <div className="text-sm font-medium text-center w-24">Admin</div>
             </div>
-          ))}
 
-          {/* Summary section */}
-          <div className="pt-4 border-t space-y-3">
-            <div className="flex items-start gap-3">
-              <div className="flex items-center justify-center w-6 h-6 rounded-full bg-blue-100 dark:bg-blue-900/30 flex-shrink-0 mt-0.5">
-                <span className="text-xs font-medium text-blue-600 dark:text-blue-400">
-                  R
-                </span>
-              </div>
-              <div>
-                <p className="text-sm font-medium">Read</p>
-                <p className="text-xs text-muted-foreground">
-                  Perfect for team members who need to use the agent
-                </p>
-              </div>
-            </div>
-            <div className="flex items-start gap-3">
-              <div className="flex items-center justify-center w-6 h-6 rounded-full bg-purple-100 dark:bg-purple-900/30 flex-shrink-0 mt-0.5">
-                <span className="text-xs font-medium text-purple-600 dark:text-purple-400">
-                  W
-                </span>
+            {/* Permission categories */}
+            {PERMISSION_FEATURES.map((category, categoryIndex) => (
+              <div key={categoryIndex} className="space-y-3">
+                <h4 className="text-sm font-medium text-foreground">
+                  {category.category}
+                </h4>
+                <div className="space-y-2">
+                  {category.features.map((feature, featureIndex) => (
+                    <div
+                      key={featureIndex}
+                      className="grid grid-cols-[1fr_auto_auto_auto] gap-4 items-center py-2"
+                    >
+                      <div className="text-sm text-muted-foreground">
+                        {feature.name}
+                      </div>
+                      <div className="flex justify-center w-24">
+                        <PermissionIcon allowed={feature.read} />
+                      </div>
+                      <div className="flex justify-center w-24">
+                        <PermissionIcon allowed={feature.write} />
+                      </div>
+                      <div className="flex justify-center w-24">
+                        <PermissionIcon allowed={feature.admin} />
+                      </div>
+                    </div>
+                  ))}
+                </div>
               </div>
-              <div>
-                <p className="text-sm font-medium">Write</p>
-                <p className="text-xs text-muted-foreground">
-                  For developers who build and debug agents
-                </p>
+            ))}
+
+            {/* Summary section */}
+            <div className="pt-4 border-t space-y-3">
+              <div className="flex items-start gap-3">
+                <div className="flex items-center justify-center w-6 h-6 rounded-full bg-blue-100 dark:bg-blue-900/30 flex-shrink-0 mt-0.5">
+                  <span className="text-xs font-medium text-blue-600 dark:text-blue-400">
+                    R
+                  </span>
+                </div>
+                <div>
+                  <p className="text-sm font-medium">Read</p>
+                  <p className="text-xs text-muted-foreground">
+                    Perfect for team members who need to use the agent
+                  </p>
+                </div>
               </div>
-            </div>
-            <div className="flex items-start gap-3">
-              <div className="flex items-center justify-center w-6 h-6 rounded-full bg-orange-100 dark:bg-orange-900/30 flex-shrink-0 mt-0.5">
-                <span className="text-xs font-medium text-orange-600 dark:text-orange-400">
-                  A
-                </span>
+              <div className="flex items-start gap-3">
+                <div className="flex items-center justify-center w-6 h-6 rounded-full bg-purple-100 dark:bg-purple-900/30 flex-shrink-0 mt-0.5">
+                  <span className="text-xs font-medium text-purple-600 dark:text-purple-400">
+                    W
+                  </span>
+                </div>
+                <div>
+                  <p className="text-sm font-medium">Write</p>
+                  <p className="text-xs text-muted-foreground">
+                    For developers who build and debug agents
+                  </p>
+                </div>
               </div>
-              <div>
-                <p className="text-sm font-medium">Admin</p>
-                <p className="text-xs text-muted-foreground">
-                  Full control for managing the agent and its access
-                </p>
+              <div className="flex items-start gap-3">
+                <div className="flex items-center justify-center w-6 h-6 rounded-full bg-orange-100 dark:bg-orange-900/30 flex-shrink-0 mt-0.5">
+                  <span className="text-xs font-medium text-orange-600 dark:text-orange-400">
+                    A
+                  </span>
+                </div>
+                <div>
+                  <p className="text-sm font-medium">Admin</p>
+                  <p className="text-xs text-muted-foreground">
+                    Full control for managing the agent and its access
+                  </p>
+                </div>
               </div>
             </div>
           </div>
         </div>
-      </CardContent>
-    </Card>
+      </DialogContent>
+    </Dialog>
   );
 }
diff --git a/internal/site/app/(app)/[organization]/[agent]/access/visibility-section.tsx b/internal/site/app/(app)/[organization]/[agent]/access/visibility-section.tsx
index 70b1cec7..2c04faf3 100644
--- a/internal/site/app/(app)/[organization]/[agent]/access/visibility-section.tsx
+++ b/internal/site/app/(app)/[organization]/[agent]/access/visibility-section.tsx
@@ -151,26 +151,6 @@ export function VisibilitySection({
               </p>
             </div>
           </label>
-          <label className="relative flex cursor-not-allowed rounded-lg border border-neutral-300 dark:border-neutral-700 p-4 opacity-60">
-            <input
-              type="radio"
-              name="visibility"
-              value="public"
-              disabled
-              className="mt-0.5 h-4 w-4 shrink-0 border-neutral-300 text-blue-600 focus:ring-blue-600"
-            />
-            <div className="ml-3">
-              <p className="text-sm font-medium text-neutral-900 dark:text-white">
-                Public
-                <span className="ml-2 text-xs font-normal text-neutral-500 dark:text-neutral-400">
-                  (Coming Soon)
-                </span>
-              </p>
-              <p className="text-xs text-neutral-500 dark:text-neutral-400">
-                Anyone with the link can access
-              </p>
-            </div>
-          </label>
           <button
             onClick={() => setIsEditing(false)}
             className="text-sm text-neutral-600 hover:text-neutral-700 dark:text-neutral-400 dark:hover:text-neutral-300"
diff --git a/internal/site/components/user-selector.tsx b/internal/site/components/user-selector.tsx
index e2c95291..0b451496 100644
--- a/internal/site/components/user-selector.tsx
+++ b/internal/site/components/user-selector.tsx
@@ -14,7 +14,7 @@ import { Input } from "@/components/ui/input";
 import { cn } from "@/lib/utils";
 import Client from "@blink.so/api";
 import { Check, ChevronsUpDown, Search, Users } from "lucide-react";
-import { useEffect, useMemo, useState } from "react";
+import { useEffect, useMemo, useRef, useState } from "react";
 import useSWR from "swr";
 
 interface UserSelectorProps {
@@ -40,6 +40,7 @@ export function UserSelector({
   const [searchQuery, setSearchQuery] = useState("");
   const [debouncedQuery, setDebouncedQuery] = useState("");
   const client = useMemo(() => new Client(), []);
+  const inputRef = useRef<HTMLInputElement>(null);
 
   // Debounce search query - only when dropdown is open
   useEffect(() => {
@@ -52,11 +53,17 @@ export function UserSelector({
     return () => clearTimeout(timer);
   }, [searchQuery, open]);
 
-  // Reset search when dropdown closes
+  // Reset search when dropdown closes, focus input when it opens
   useEffect(() => {
     if (!open) {
       setSearchQuery("");
       setDebouncedQuery("");
+    } else {
+      // Focus input when dropdown opens (small delay to let it render)
+      const timer = setTimeout(() => {
+        inputRef.current?.focus();
+      }, 0);
+      return () => clearTimeout(timer);
     }
   }, [open]);
 
@@ -127,9 +134,12 @@ export function UserSelector({
         <div className="flex items-center border-b px-3 py-2">
           <Search className="mr-2 h-4 w-4 shrink-0 opacity-50" />
           <Input
+            ref={inputRef}
             placeholder="Search users..."
             value={searchQuery}
             onChange={(e) => setSearchQuery(e.target.value)}
+            onPointerDown={(e) => e.stopPropagation()}
+            onKeyDown={(e) => e.stopPropagation()}
             className="h-8 border-0 p-0 focus-visible:ring-0 focus-visible:ring-offset-0"
           />
         </div>