clay-server 2.22.0-beta.1 → 2.22.0-beta.3

package/lib/daemon.js

@@ -160,11 +160,10 @@ var relay = createServer({
     var slugs = config.projects.map(function (p) { return p.slug; });
     var slug = generateSlug(absPath, slugs);
     relay.addProject(absPath, slug);
-    var projectEntry = { path: absPath, slug: slug, addedAt: Date.now() };
-    // Non-admin users own their projects and they default to private
-    if (wsUser && wsUser.id && wsUser.role !== "admin") {
+    var projectEntry = { path: absPath, slug: slug, addedAt: Date.now(), visibility: "private" };
+    // The user who adds a project always becomes the owner
+    if (wsUser && wsUser.id) {
       projectEntry.ownerId = wsUser.id;
-      projectEntry.visibility = "private";
     }
     config.projects.push(projectEntry);
     // Remove from removedProjects if present
@@ -237,15 +236,10 @@ var relay = createServer({
       try { fs.rmSync(targetDir, { recursive: true, force: true }); } catch (ce) {}
       return { ok: false, error: "Failed to create project: " + e.message };
     }
-    // Register project
-    var projectEntry = { path: targetDir, slug: slug, addedAt: Date.now() };
+    // Register project - creator always becomes owner, default private
+    var projectEntry = { path: targetDir, slug: slug, addedAt: Date.now(), visibility: "private" };
     if (wsUser && wsUser.id) {
-      if (config.osUsers || wsUser.role !== "admin") {
-        projectEntry.ownerId = wsUser.id;
-      }
-      if (wsUser.role !== "admin") {
-        projectEntry.visibility = "private";
-      }
+      projectEntry.ownerId = wsUser.id;
     }
     relay.addProject(targetDir, slug);
     config.projects.push(projectEntry);
@@ -312,15 +306,11 @@ var relay = createServer({
           execSync("chown -R " + wsUser.linuxUser + ":" + wsUser.linuxUser + " " + JSON.stringify(targetDir));
         } catch (e) {}
       }
-      // Register project
-      var projectEntry = { path: targetDir, slug: slug, addedAt: Date.now() };
+      // Register project - creator always becomes owner
+      // Creator always becomes owner, default private
+      var projectEntry = { path: targetDir, slug: slug, addedAt: Date.now(), visibility: "private" };
       if (wsUser && wsUser.id) {
-        if (config.osUsers || wsUser.role !== "admin") {
-          projectEntry.ownerId = wsUser.id;
-        }
-        if (wsUser.role !== "admin") {
-          projectEntry.visibility = "private";
-        }
+        projectEntry.ownerId = wsUser.id;
       }
       relay.addProject(targetDir, slug);
       config.projects.push(projectEntry);
@@ -1041,7 +1031,7 @@ var ipc = createIPCServer(socketPath(), function (msg) {
       var slugs = config.projects.map(function (p) { return p.slug; });
       var slug = generateSlug(absPath, slugs);
       relay.addProject(absPath, slug);
-      config.projects.push({ path: absPath, slug: slug, addedAt: Date.now() });
+      config.projects.push({ path: absPath, slug: slug, addedAt: Date.now(), visibility: "private" });
       saveConfig(config);
       try { syncClayrc(config.projects); } catch (e) {}
       console.log("[daemon] Added project:", slug, "→", absPath);

package/lib/project.js

@@ -1171,6 +1171,15 @@ function createProjectContext(opts) {
       setTimeout(function() { resumeLoop(); }, 500);
     }
 
+    // Auto-assign owner if project has none and a user connects (e.g. IPC-added projects)
+    if (!projectOwnerId && ws._clayUser && ws._clayUser.id && !isMate) {
+      projectOwnerId = ws._clayUser.id;
+      if (opts.onProjectOwnerChanged) {
+        opts.onProjectOwnerChanged(slug, projectOwnerId);
+      }
+      console.log("[project] Auto-assigned owner for " + slug + ": " + projectOwnerId);
+    }
+
     // Send cached state
     var _userId = ws._clayUser ? ws._clayUser.id : null;
     var _filteredProjects = getProjectList(_userId);
@@ -3856,11 +3865,11 @@ function createProjectContext(opts) {
       initMemorySummary(mateCtx, mateId, function () {});
     }
 
-    // Build conversation content for gate check (500 char cap each side)
+    // Build conversation content for gate check
     var userQ = userQuestion || "(unknown)";
     var mateR = mateResponse || "(unknown)";
-    var conversationContent = "User: " + (userQ.length > 500 ? userQ.substring(0, 500) + "..." : userQ) +
-      "\nMate: " + (mateR.length > 500 ? mateR.substring(0, 500) + "..." : mateR);
+    var conversationContent = "User: " + (userQ.length > 2000 ? userQ.substring(0, 2000) + "..." : userQ) +
+      "\nMate: " + (mateR.length > 2000 ? mateR.substring(0, 2000) + "..." : mateR);
 
     // Gate check: ask Haiku if this is worth remembering
     gateMemory(mateCtx, mateId, conversationContent, function (shouldRemember) {
@@ -3872,6 +3881,7 @@ function createProjectContext(opts) {
       var digestPrompt = [
         "[SYSTEM: Session Digest]",
         "Summarize this conversation from YOUR perspective for your long-term memory.",
+        "Pay close attention to the user's exact words, preferences, and any personal/project context they shared.",
         "Output ONLY a single valid JSON object (no markdown, no code fences, no extra text).",
         "",
         "Schema:",
@@ -3879,6 +3889,9 @@ function createProjectContext(opts) {
         '  "date": "YYYY-MM-DD",',
         '  "type": "mention",',
         '  "topic": "short topic description",',
+        '  "summary": "2-3 sentence summary of the full conversation",',
+        '  "key_quotes": ["exact notable things the user said, verbatim or near-verbatim, max 5"],',
+        '  "user_context": "personal info, project details, goals, preferences the user shared (null if none)",',
         '  "my_position": "what I said/recommended",',
         '  "decisions": "what was decided, or null if pending",',
         '  "open_items": "what remains unresolved",',
@@ -3889,7 +3902,8 @@ function createProjectContext(opts) {
         '  "tags": ["relevant", "topic", "tags"]',
         "}",
         "",
-        "IMPORTANT: Output ONLY the JSON object. Nothing else.",
+        "IMPORTANT: Preserve the user's actual words in key_quotes. These are the most valuable part of memory.",
+        "Output ONLY the JSON object. Nothing else.",
       ].join("\n");
 
       var digestText = "";
@@ -3941,19 +3955,42 @@ function createProjectContext(opts) {
     var mateCtx = matesModule.buildMateCtx(projectOwnerId);
     if (!matesModule.isMate(mateCtx, mateId)) return;
 
-    // Extract last user message from history
-    var lastUserText = "";
-    for (var hi = session.history.length - 1; hi >= 0; hi--) {
+    // Collect full conversation from session history (all user + mate turns)
+    var conversationParts = [];
+    var totalLen = 0;
+    var CONV_CAP = 6000; // generous cap for the full conversation
+    for (var hi = 0; hi < session.history.length; hi++) {
       var entry = session.history[hi];
       if (entry.type === "user_message" && entry.text) {
-        lastUserText = entry.text;
-        break;
+        var uText = entry.text;
+        if (totalLen + uText.length > CONV_CAP) {
+          uText = uText.substring(0, Math.max(200, CONV_CAP - totalLen)) + "...";
+        }
+        conversationParts.push("User: " + uText);
+        totalLen += uText.length;
+      } else if (entry.type === "assistant_message" && entry.text) {
+        var aText = entry.text;
+        if (totalLen + aText.length > CONV_CAP) {
+          aText = aText.substring(0, Math.max(200, CONV_CAP - totalLen)) + "...";
+        }
+        conversationParts.push("Mate: " + aText);
+        totalLen += aText.length;
       }
+      if (totalLen >= CONV_CAP) break;
     }
-
-    // Use responsePreview (full accumulated response) instead of delta fragments
+    // Append the final response if not yet in history
     var lastResponseText = responsePreview || "";
-    if (!lastUserText && !lastResponseText) return;
+    if (lastResponseText && conversationParts.length > 0) {
+      var lastPart = conversationParts[conversationParts.length - 1];
+      if (lastPart.indexOf("Mate:") !== 0 || lastPart.indexOf(lastResponseText.substring(0, 50)) === -1) {
+        var rText = lastResponseText;
+        if (totalLen + rText.length > CONV_CAP) {
+          rText = rText.substring(0, Math.max(200, CONV_CAP - totalLen)) + "...";
+        }
+        conversationParts.push("Mate: " + rText);
+      }
+    }
+    if (conversationParts.length === 0) return;
 
     var mateDir = matesModule.getMateDir(mateCtx, mateId);
     var knowledgeDir = path.join(mateDir, "knowledge");
@@ -3967,8 +4004,7 @@ function createProjectContext(opts) {
       });
     }
 
-    var conversationContent = "User: " + (lastUserText.length > 500 ? lastUserText.substring(0, 500) + "..." : lastUserText) +
-      "\nMate: " + (lastResponseText.length > 500 ? lastResponseText.substring(0, 500) + "..." : lastResponseText);
+    var conversationContent = conversationParts.join("\n");
 
     _dmDigestPending = true;
 
@@ -3983,6 +4019,7 @@ function createProjectContext(opts) {
       var digestContext = [
         "[SYSTEM: Session Digest]",
         "Summarize this conversation from YOUR perspective for your long-term memory.",
+        "Pay close attention to the user's exact words, preferences, and any personal/project context they shared.",
         "",
         conversationContent,
       ].join("\n");
@@ -3995,6 +4032,9 @@ function createProjectContext(opts) {
         '  "date": "YYYY-MM-DD",',
         '  "type": "dm",',
         '  "topic": "short topic description",',
+        '  "summary": "2-3 sentence summary of the full conversation",',
+        '  "key_quotes": ["exact notable things the user said, verbatim or near-verbatim, max 5"],',
+        '  "user_context": "personal info, project details, goals, preferences the user shared (null if none)",',
         '  "my_position": "what I said/recommended",',
         '  "decisions": "what was decided, or null if pending",',
         '  "open_items": "what remains unresolved",',
@@ -4005,7 +4045,8 @@ function createProjectContext(opts) {
         '  "tags": ["relevant", "topic", "tags"]',
         "}",
         "",
-        "IMPORTANT: Output ONLY the JSON object. Nothing else.",
+        "IMPORTANT: Preserve the user's actual words in key_quotes. These are the most valuable part of memory.",
+        "Output ONLY the JSON object. Nothing else.",
       ].join("\n");
 
       var digestText = "";
@@ -4413,16 +4454,16 @@ function createProjectContext(opts) {
     } catch (e) {}
 
     if (hasSummary) {
-      // Load summary + latest 3 raw digests
-      var recent = allLines.slice(-3);
+      // Load summary + latest 5 raw digests for richer context
+      var recent = allLines.slice(-5);
       var result = "\n\nYour memory summary:\n" + summaryContent;
       if (recent.length > 0) {
         result += formatRawDigests(recent, "Latest raw session memories:");
       }
       return result;
     } else {
-      // Backward compatible: latest 5 raw digests
-      var recent = allLines.slice(-5);
+      // Backward compatible: latest 8 raw digests
+      var recent = allLines.slice(-8);
       return formatRawDigests(recent, "Your recent session memories:");
     }
   }
@@ -4453,10 +4494,10 @@ function createProjectContext(opts) {
       }
     } catch (e) {}
 
-    // Cap conversation content for gate (500 chars each side)
+    // Cap conversation content for gate
     var cappedContent = conversationContent;
-    if (cappedContent.length > 1200) {
-      cappedContent = cappedContent.substring(0, 1200) + "...";
+    if (cappedContent.length > 3000) {
+      cappedContent = cappedContent.substring(0, 3000) + "...";
     }
 
     var gateContext = [
@@ -4475,20 +4516,25 @@ function createProjectContext(opts) {
 
     var gatePrompt = opts.gatePrompt || [
       'Should this conversation be saved to long-term memory?',
-      'Answer "yes" ONLY if there is:',
-      "- A new decision or commitment",
+      'Answer "yes" if ANY of these apply:',
+      "- A new decision, commitment, or direction",
       "- A change in position or strategy",
       "- New information relevant to this Mate's role",
-      "- A user preference or pattern not already in the summary",
+      "- A user preference, opinion, or pattern not already in the summary",
+      "- The user shared personal context, project details, or goals",
+      "- The user expressed what they like, dislike, or care about",
+      "- The user gave instructions on how they want things done",
+      "- Anything the user would reasonably expect to be remembered next time",
+      "",
+      'Answer "no" ONLY if:',
+      "- It exactly duplicates what is already in the memory summary",
+      "- The entire conversation is a single trivial exchange (e.g. just 'hi' / 'hello')",
       "",
-      'Answer "no" if:',
-      "- It duplicates what is already in the memory summary",
-      "- It is casual/trivial conversation",
-      "- It is not relevant to this Mate's role",
+      "When in doubt, answer yes. It is better to remember too much than to forget something important.",
       "",
       'Answer with ONLY "yes" or "no". Nothing else.',
     ].join("\n");
-    var defaultOnError = !!opts.defaultYes;
+    var defaultOnError = opts.defaultYes !== undefined ? !!opts.defaultYes : true;
 
     var gateText = "";
     var _gateSession = null;
@@ -4575,20 +4621,27 @@ function createProjectContext(opts) {
       "3. Moving resolved open threads out of \"Open Threads\"",
       "4. Adding to \"My Track Record\" if a past prediction/recommendation can now be evaluated",
       "5. Removing outdated or redundant information",
+      "6. Preserving important user quotes and context from key_quotes and user_context fields",
       "",
       "Maintain this structure:",
       "",
       "# Memory Summary",
       "Last updated: YYYY-MM-DD (session count: N+1)",
       "",
+      "## User Context",
+      "(who they are, what they work on, project details, goals)",
       "## User Patterns",
+      "(preferences, work style, communication style, likes/dislikes)",
       "## Key Decisions",
+      "## Notable Quotes",
+      "(important things the user said, verbatim when possible)",
       "## My Track Record",
       "## Open Threads",
       "## Recurring Topics",
       "",
       "Keep it concise. Each section should have at most 10 bullet points.",
       "Drop the oldest/least relevant if needed.",
+      "The Notable Quotes section is valuable for preserving the user's voice and intent.",
       "Output ONLY the updated markdown. Nothing else.",
     ].join("\n");
 
@@ -4679,14 +4732,20 @@ function createProjectContext(opts) {
       "# Memory Summary",
       "Last updated: YYYY-MM-DD (session count: N)",
       "",
+      "## User Context",
+      "(who they are, what they work on, project details, goals)",
       "## User Patterns",
+      "(preferences, work style, communication style, likes/dislikes)",
       "## Key Decisions",
+      "## Notable Quotes",
+      "(important things the user said, verbatim when possible)",
       "## My Track Record",
       "## Open Threads",
       "## Recurring Topics",
       "",
-      "Keep it concise. Focus on patterns and decisions, not individual session details.",
+      "Keep it concise. Focus on patterns, decisions, and the user's own words.",
       "Each section should have at most 10 bullet points.",
+      "Preserve key_quotes from digests in the Notable Quotes section.",
       "Set session count to " + digestsText.length + ".",
       "Output ONLY the markdown. Nothing else.",
     ].join("\n");

package/lib/public/app.js

@@ -2212,6 +2212,9 @@ import { initDebate, handleDebateStarted, handleDebateResumed, handleDebateTurn,
       sendBtn.disabled = false;
       setSendBtnMode("send");
       connectOverlay.classList.add("hidden");
+      // Hide update banner on reconnect; server will re-send update_available if still needed
+      var updPill = $("update-pill-wrap");
+      if (updPill) updPill.classList.add("hidden");
       stopVerbCycle();
     } else if (status === "processing") {
       if (dot) { dot.classList.add("connected"); dot.classList.add("processing"); }

package/lib/public/css/icon-strip.css

@@ -498,6 +498,113 @@
 .project-ctx-item.project-ctx-delete { color: var(--error); }
 .project-ctx-item.project-ctx-delete:hover { background: var(--error-8); }
 
+/* --- Project Access Popover --- */
+.project-access-popover {
+  position: fixed;
+  background: var(--sidebar-bg);
+  border: 1px solid var(--border);
+  border-radius: 12px;
+  padding: 0;
+  width: 260px;
+  box-shadow: 0 8px 30px rgba(var(--shadow-rgb), 0.35);
+  z-index: 9999;
+  animation: ctxMenuAppear 0.12s ease-out;
+  overflow: hidden;
+}
+.project-access-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px 14px 8px;
+  border-bottom: 1px solid var(--border);
+}
+.project-access-title {
+  font-size: 13px;
+  font-weight: 600;
+  color: var(--text);
+}
+.project-access-close {
+  background: none;
+  border: none;
+  color: var(--text-secondary);
+  font-size: 18px;
+  cursor: pointer;
+  padding: 0 2px;
+  line-height: 1;
+}
+.project-access-close:hover { color: var(--text); }
+.project-access-section {
+  padding: 10px 14px;
+}
+.project-access-label {
+  display: block;
+  font-size: 11px;
+  font-weight: 600;
+  color: var(--text-secondary);
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  margin-bottom: 6px;
+}
+.project-access-vis-row {
+  display: flex;
+  gap: 6px;
+}
+.project-access-vis-btn {
+  flex: 1;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  gap: 6px;
+  padding: 7px 0;
+  font-size: 12px;
+  font-family: inherit;
+  color: var(--text-secondary);
+  background: rgba(var(--overlay-rgb), 0.04);
+  border: 1px solid var(--border);
+  border-radius: 8px;
+  cursor: pointer;
+  transition: all 0.15s;
+}
+.project-access-vis-btn .lucide { width: 14px; height: 14px; }
+.project-access-vis-btn:hover { background: rgba(var(--overlay-rgb), 0.08); }
+.project-access-vis-btn.active {
+  background: var(--accent-8, rgba(99, 102, 241, 0.08));
+  border-color: var(--accent, #6366f1);
+  color: var(--accent, #6366f1);
+  font-weight: 500;
+}
+.project-access-user-list {
+  max-height: 200px;
+  overflow-y: auto;
+}
+.project-access-user-item {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  padding: 5px 0;
+  font-size: 13px;
+  color: var(--text);
+  cursor: pointer;
+}
+.project-access-user-item input[type="checkbox"] {
+  accent-color: var(--accent, #6366f1);
+  width: 15px;
+  height: 15px;
+  cursor: pointer;
+}
+.project-access-user-item:hover { color: var(--text); }
+.project-access-empty {
+  font-size: 12px;
+  color: var(--text-tertiary);
+  padding: 8px 0;
+}
+.project-access-loading {
+  padding: 20px 14px;
+  text-align: center;
+  font-size: 12px;
+  color: var(--text-secondary);
+}
+
 /* --- Emoji picker popover --- */
 .emoji-picker {
   position: fixed;

package/lib/public/modules/sidebar.js

@@ -2672,6 +2672,158 @@ var EMOJI_CATEGORIES = [
   ]},
 ];
 
+// --- Project Access Popover ---
+var projectAccessPopover = null;
+
+function closeProjectAccessPopover() {
+  if (projectAccessPopover) {
+    projectAccessPopover.remove();
+    projectAccessPopover = null;
+    document.removeEventListener("click", closeAccessOnOutside);
+    document.removeEventListener("keydown", closeAccessOnEscape);
+  }
+}
+
+function closeAccessOnOutside(e) {
+  if (projectAccessPopover && !projectAccessPopover.contains(e.target)) closeProjectAccessPopover();
+}
+function closeAccessOnEscape(e) {
+  if (e.key === "Escape") closeProjectAccessPopover();
+}
+
+function showProjectAccessPopover(anchorEl, slug) {
+  closeProjectAccessPopover();
+
+  var popover = document.createElement("div");
+  popover.className = "project-access-popover";
+  popover.innerHTML = '<div class="project-access-loading">Loading...</div>';
+  popover.addEventListener("click", function (e) { e.stopPropagation(); });
+  document.body.appendChild(popover);
+  projectAccessPopover = popover;
+
+  // Position near anchor
+  requestAnimationFrame(function () {
+    var rect = anchorEl.getBoundingClientRect();
+    popover.style.position = "fixed";
+    popover.style.left = (rect.right + 8) + "px";
+    popover.style.top = rect.top + "px";
+    popover.style.zIndex = "9999";
+    var popRect = popover.getBoundingClientRect();
+    if (popRect.right > window.innerWidth - 8) {
+      popover.style.left = (rect.left - popRect.width - 8) + "px";
+    }
+    if (popRect.bottom > window.innerHeight - 8) {
+      popover.style.top = (window.innerHeight - popRect.height - 8) + "px";
+    }
+  });
+
+  setTimeout(function () {
+    document.addEventListener("click", closeAccessOnOutside);
+    document.addEventListener("keydown", closeAccessOnEscape);
+  }, 0);
+
+  // Fetch access info and user list in parallel
+  Promise.all([
+    fetch("/api/admin/projects/" + encodeURIComponent(slug) + "/access").then(function (r) { return r.json(); }),
+    fetch("/api/admin/users").then(function (r) { return r.json(); }),
+  ]).then(function (results) {
+    var access = results[0];
+    var usersData = results[1];
+    if (access.error || usersData.error) {
+      popover.innerHTML = '<div class="project-access-loading">Failed to load</div>';
+      return;
+    }
+    renderAccessPopover(popover, slug, access, usersData.users || []);
+  }).catch(function () {
+    popover.innerHTML = '<div class="project-access-loading">Failed to load</div>';
+  });
+}
+
+function renderAccessPopover(popover, slug, access, allUsers) {
+  var visibility = access.visibility || "public";
+  var allowedUsers = access.allowedUsers || [];
+  var ownerId = access.ownerId;
+
+  // Filter out the owner from the user list (owner always has access)
+  var selectableUsers = allUsers.filter(function (u) { return u.id !== ownerId; });
+
+  var html = '';
+  html += '<div class="project-access-header">';
+  html += '<span class="project-access-title">Project Access</span>';
+  html += '<button class="project-access-close">&times;</button>';
+  html += '</div>';
+
+  // Visibility toggle
+  html += '<div class="project-access-section">';
+  html += '<label class="project-access-label">Visibility</label>';
+  html += '<div class="project-access-vis-row">';
+  html += '<button class="project-access-vis-btn' + (visibility === "private" ? ' active' : '') + '" data-vis="private">';
+  html += iconHtml("lock") + ' Private';
+  html += '</button>';
+  html += '<button class="project-access-vis-btn' + (visibility === "public" ? ' active' : '') + '" data-vis="public">';
+  html += iconHtml("globe") + ' Public';
+  html += '</button>';
+  html += '</div>';
+  html += '</div>';
+
+  // Allowed users (only when private)
+  html += '<div class="project-access-section project-access-users-section"' + (visibility !== "private" ? ' style="display:none"' : '') + '>';
+  html += '<label class="project-access-label">Allowed Users</label>';
+  html += '<div class="project-access-user-list">';
+  for (var i = 0; i < selectableUsers.length; i++) {
+    var u = selectableUsers[i];
+    var checked = allowedUsers.indexOf(u.id) !== -1 ? " checked" : "";
+    html += '<label class="project-access-user-item">';
+    html += '<input type="checkbox" data-uid="' + u.id + '"' + checked + '>';
+    html += '<span>' + escapeHtml(u.displayName || u.username || u.id) + '</span>';
+    html += '</label>';
+  }
+  if (selectableUsers.length === 0) {
+    html += '<div class="project-access-empty">No other users</div>';
+  }
+  html += '</div>';
+  html += '</div>';
+
+  popover.innerHTML = html;
+  refreshIcons();
+
+  // Close button
+  popover.querySelector(".project-access-close").addEventListener("click", function () {
+    closeProjectAccessPopover();
+  });
+
+  // Visibility toggle
+  popover.querySelectorAll(".project-access-vis-btn").forEach(function (btn) {
+    btn.addEventListener("click", function () {
+      var newVis = btn.dataset.vis;
+      popover.querySelectorAll(".project-access-vis-btn").forEach(function (b) { b.classList.remove("active"); });
+      btn.classList.add("active");
+      var usersSection = popover.querySelector(".project-access-users-section");
+      if (usersSection) usersSection.style.display = newVis === "private" ? "" : "none";
+      fetch("/api/admin/projects/" + encodeURIComponent(slug) + "/visibility", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ visibility: newVis }),
+      });
+    });
+  });
+
+  // User checkboxes
+  popover.querySelectorAll('.project-access-user-item input[type="checkbox"]').forEach(function (cb) {
+    cb.addEventListener("change", function () {
+      var selected = [];
+      popover.querySelectorAll('.project-access-user-item input[type="checkbox"]:checked').forEach(function (c) {
+        selected.push(c.dataset.uid);
+      });
+      fetch("/api/admin/projects/" + encodeURIComponent(slug) + "/users", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ allowedUsers: selected }),
+      });
+    });
+  });
+}
+
 function closeProjectCtxMenu() {
   if (projectCtxMenu) {
     projectCtxMenu.remove();
@@ -2797,6 +2949,23 @@ function showProjectCtxMenu(anchorEl, slug, name, icon, position) {
   });
   menu.appendChild(shareItem);
 
+  // --- Manage Access (owner or admin, multi-user only) ---
+  if (ctx.multiUser && slug.indexOf("--") === -1) {
+    var isProjectOwner = ctx.myUserId && ctx.projectOwnerId && ctx.myUserId === ctx.projectOwnerId;
+    var isAdmin = ctx.permissions && ctx.permissions.projectSettings !== false;
+    if (isProjectOwner || isAdmin) {
+      var accessItem = document.createElement("button");
+      accessItem.className = "project-ctx-item";
+      accessItem.innerHTML = iconHtml("users") + " <span>Manage Access</span>";
+      accessItem.addEventListener("click", function (e) {
+        e.stopPropagation();
+        closeProjectCtxMenu();
+        showProjectAccessPopover(anchorEl, slug);
+      });
+      menu.appendChild(accessItem);
+    }
+  }
+
   if (!ctx.permissions || ctx.permissions.deleteProject !== false) {
     // --- Separator ---
     var sep = document.createElement("div");

package/lib/server.js

@@ -1512,13 +1512,23 @@ function createServer(opts) {
         return;
       }
       var mu = getMultiUserFromReq(req);
-      if (!mu || mu.role !== "admin") {
-        res.writeHead(403, { "Content-Type": "application/json" });
-        res.end('{"error":"Admin access required"}');
+      if (!mu) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end('{"error":"Authentication required"}');
         return;
       }
-      res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ users: users.getAllUsers() }));
+      // Admins get full user list; project owners get limited list (id, displayName, username)
+      if (mu.role === "admin") {
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ users: users.getAllUsers() }));
+      } else {
+        var allU = users.getAllUsers();
+        var safeUsers = allU.map(function (u) {
+          return { id: u.id, displayName: u.displayName, username: u.username };
+        });
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ users: safeUsers }));
+      }
       return;
     }
 
@@ -1990,9 +2000,12 @@ function createServer(opts) {
         return;
       }
       var mu = getMultiUserFromReq(req);
-      if (!mu || mu.role !== "admin") {
+      var _visSlug = fullUrl.split("/")[4];
+      var _visAccess = onGetProjectAccess ? onGetProjectAccess(_visSlug) : null;
+      var _isOwner = mu && _visAccess && _visAccess.ownerId && mu.id === _visAccess.ownerId;
+      if (!mu || (mu.role !== "admin" && !_isOwner)) {
         res.writeHead(403, { "Content-Type": "application/json" });
-        res.end('{"error":"Admin access required"}');
+        res.end('{"error":"Admin or project owner access required"}');
         return;
       }
       var projSlug = fullUrl.split("/")[4];
@@ -2092,9 +2105,12 @@ function createServer(opts) {
         return;
       }
       var mu = getMultiUserFromReq(req);
-      if (!mu || mu.role !== "admin") {
+      var _usrSlug = fullUrl.split("/")[4];
+      var _usrAccess = onGetProjectAccess ? onGetProjectAccess(_usrSlug) : null;
+      var _isOwnerU = mu && _usrAccess && _usrAccess.ownerId && mu.id === _usrAccess.ownerId;
+      if (!mu || (mu.role !== "admin" && !_isOwnerU)) {
         res.writeHead(403, { "Content-Type": "application/json" });
-        res.end('{"error":"Admin access required"}');
+        res.end('{"error":"Admin or project owner access required"}');
         return;
       }
       var projSlug = fullUrl.split("/")[4];
@@ -2134,7 +2150,7 @@ function createServer(opts) {
       return;
     }
 
-    // Get project access info (admin only)
+    // Get project access info (admin or project owner)
     if (req.method === "GET" && /^\/api\/admin\/projects\/[a-z0-9_-]+\/access$/.test(fullUrl)) {
       if (!users.isMultiUser()) {
         res.writeHead(404, { "Content-Type": "application/json" });
@@ -2142,9 +2158,12 @@ function createServer(opts) {
         return;
       }
       var mu = getMultiUserFromReq(req);
-      if (!mu || mu.role !== "admin") {
+      var _accSlug = fullUrl.split("/")[4];
+      var _accAccess = onGetProjectAccess ? onGetProjectAccess(_accSlug) : null;
+      var _isOwnerA = mu && _accAccess && _accAccess.ownerId && mu.id === _accAccess.ownerId;
+      if (!mu || (mu.role !== "admin" && !_isOwnerA)) {
         res.writeHead(403, { "Content-Type": "application/json" });
-        res.end('{"error":"Admin access required"}');
+        res.end('{"error":"Admin or project owner access required"}');
         return;
       }
       var projSlug = fullUrl.split("/")[4];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clay-server",
-  "version": "2.22.0-beta.1",
+  "version": "2.22.0-beta.3",
   "description": "Self-hosted Claude Code in your browser. Multi-session, multi-user, push notifications.",
   "bin": {
     "clay-server": "./bin/cli.js",