fix(backend): filter disabled servers from regular users, allow global_admin to see all

Author: Lasim

services/backend/src/routes/mcp/servers/get.ts

@@ -100,7 +100,7 @@ export default async function getServer(server: FastifyInstance) {
       let hasAccess = false;
 
       if (userRole === 'global_admin') {
-        // Global admin can access all servers
+        // Global admin can access all servers (including disabled)
         hasAccess = true;
       } else if (server.visibility === 'global') {
         // All authenticated users can access global servers
@@ -110,6 +110,11 @@ export default async function getServer(server: FastifyInstance) {
         hasAccess = teamIds.includes(server.owner_team_id);
       }
 
+      // Regular users (non-admin) cannot access disabled servers
+      if (hasAccess && userRole !== 'global_admin' && server.status === 'disabled') {
+        hasAccess = false;
+      }
+
       if (!hasAccess) {
         request.log.info({
           operation: 'get_mcp_server',

services/backend/src/services/mcpCatalogService.ts

@@ -276,8 +276,14 @@ export class McpCatalogService {
           )
         )
       );
+
+      // Regular users only see active servers (not disabled/deprecated/maintenance)
+      // unless they explicitly filter by a specific status
+      if (!filters?.status) {
+        whereConditions.push(eq(this.mcpServers.status, 'active'));
+      }
     }
-    
+
     // Apply additional filters
     if (filters) {
       if (filters.category_id) {