# Proposal: Add Open Room Access

## Summary
Modify the room access model to allow all authenticated users to view and self-join rooms, while maintaining role-based permissions for room operations.

## Motivation
The current room model requires explicit invitation for users to see and join rooms. This creates friction in incident response scenarios where speed is critical. Users should be able to:
1. Discover all active incidents without needing an invitation
2. Self-join rooms to contribute or observe
3. Have their role upgraded by existing members

## Scope

### Backend Changes (chat-room spec)
1. **Public Room Listing**: All authenticated users can view all rooms (not just their own)
2. **Self-Join Mechanism**: New endpoint `POST /api/rooms/{room_id}/join` for self-joining as VIEWER
3. **Role Upgrade Permission**: EDITOR role gains permission to upgrade VIEWER → EDITOR

### Frontend Changes (frontend-core spec)
1. **Member Search**: Add user search functionality when inviting/managing members
2. **Password Visibility Toggle**: Add show/hide password button on login form
3. **Join Room Button**: Display "Join" button for rooms where user is not a member

## Out of Scope
- Creating private/invite-only room types (future enhancement)
- Role downgrade by EDITOR (only OWNER can downgrade)
- Member removal by EDITOR (only OWNER can remove)

## Related Specs
- `chat-room`: Room membership and access control
- `frontend-core`: Login and member management UI