Remove is_admin gate from security agent feature

[kiloconnect]

Summary

Remove the is_admin check so the security agent feature is accessible to all users, not just admins (@kilocode.ai emails).

Changes

• Sidebar navigation: Remove isAdmin conditional from Security Agent nav links in both personal and organization sidebars
• Sync button: Remove isAdmin gate from the Sync button in SecurityFindingsCard, making it available to all users
• Prop cleanup: Remove the now-unnecessary isAdmin prop threading through SecurityAgentPageClient and both page components
• Dead code removal: Remove unused isAdmin variable declarations in sidebar components

Files changed

• src/app/(app)/components/PersonalAppSidebar.tsx — Remove isAdmin conditional + unused variable
• src/app/(app)/components/OrganizationAppSidebar.tsx — Remove isAdmin conditional + unused variable
• src/components/security-agent/SecurityFindingsCard.tsx — Remove isAdmin prop and gate on Sync button
• src/components/security-agent/SecurityAgentPageClient.tsx — Remove isAdmin prop from type and usage
• src/app/(app)/security-agent/page.tsx — Remove isAdmin prop pass-through and unused getUserFromAuthOrRedirect import
• src/app/(app)/organizations/[id]/security-agent/page.tsx — Remove isGlobalAdmin destructuring and isAdmin prop pass-through

Notes

• No is_admin checks were found in the tRPC routers (security-agent-router.ts, organization-security-agent-router.ts) — they use baseProcedure and organizationMemberProcedure/organizationOwnerProcedure which don't have admin-specific guards.
• Other is_admin checks in the codebase (admin panel, other features) are untouched.
• Typecheck passes cleanly.

---

Built for jean by Kilo for Slack

[kiloconnect]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

This PR cleanly removes the admin gate from the Security Agent feature, making it available to all authenticated users. The changes are consistent and complete:

• Sidebar visibility: Security Agent nav item is now unconditionally shown in both OrganizationAppSidebar and PersonalAppSidebar (previously gated behind isAdmin)
• Sync button: The sync button in SecurityFindingsCard is now visible to all users (previously admin-only)
• Badge update: Changed from variant="new" to variant="beta" with text "Beta" — the beta variant is properly defined in the Badge component
• Prop cleanup: isAdmin prop fully removed from SecurityAgentPageClient → SecurityFindingsCard prop chain
• Backend already open: Confirmed that the tRPC security agent routers (securityAgentRouter, organizationSecurityAgentRouter) use baseProcedure (not adminProcedure), so the backend was already accessible to all authenticated users. This PR makes the frontend consistent with the backend.

Files Reviewed (6 files)

• src/app/(app)/components/OrganizationAppSidebar.tsx - removed isAdmin, unconditional Security Agent nav
• src/app/(app)/components/PersonalAppSidebar.tsx - removed isAdmin, unconditional Security Agent nav
• src/app/(app)/organizations/[id]/security-agent/page.tsx - removed isGlobalAdmin prop pass-through
• src/app/(app)/security-agent/page.tsx - removed getUserFromAuthOrRedirect and isAdmin prop
• src/components/security-agent/SecurityAgentPageClient.tsx - removed isAdmin prop, badge changed to beta
• src/components/security-agent/SecurityFindingsCard.tsx - removed isAdmin prop, sync button always visible

[marius-kilocode]

For nearly all products (CLI, extension) we moved to the next channel. Does it make sense todo that for the security agent as well?

[jeanduplessis]

Yes I think this makes more sense. Let me update it.

[jeanduplessis]

Actually on second look there's no next in the app yet and we recently added beta to the Autotriage feature. I'm going to keep it consistent for now, but we should discuss this further.

[marius-kilocode]

I don't really understand. Was the feature only feature flagged on the client side?

[jeanduplessis]

Correct. It never used proper feature flag.