Description
The @public_access decorator in api/index.py is applied to many more endpoints than intended. When CODE_GRAPH_PUBLIC=1, the following endpoints become unauthenticated:
/api/chat — makes LLM calls (costs money)/api/graph_entities/api/get_neighbors/api/auto_complete/api/list_repos/api/repo_info/api/find_paths/api/list_commits
Only analyze_repo and switch_commit were intended to be public.
Impact
When CODE_GRAPH_PUBLIC=1, the chat endpoint is reachable without auth, allowing anyone to trigger LLM calls at the operator's expense.
Suggested Fix
Remove @public_access from all endpoints except analyze_repo and switch_commit (or whichever are explicitly intended to be public and don't incur costs).
Context
Found during code review of PR #522.
Description
The
@public_accessdecorator inapi/index.pyis applied to many more endpoints than intended. WhenCODE_GRAPH_PUBLIC=1, the following endpoints become unauthenticated:/api/chat— makes LLM calls (costs money)/api/graph_entities/api/get_neighbors/api/auto_complete/api/list_repos/api/repo_info/api/find_paths/api/list_commitsOnly
analyze_repoandswitch_commitwere intended to be public.Impact
When
CODE_GRAPH_PUBLIC=1, thechatendpoint is reachable without auth, allowing anyone to trigger LLM calls at the operator's expense.Suggested Fix
Remove
@public_accessfrom all endpoints exceptanalyze_repoandswitch_commit(or whichever are explicitly intended to be public and don't incur costs).Context
Found during code review of PR #522.