Skip to content

Security: @public_access applied too broadly — chat endpoint is unauthenticated #565

New issue
New issue
Open
Open
Security: @public_access applied too broadly — chat endpoint is unauthenticated#565
Labels
bugSomething isn't working
@gkorland

Description

@gkorland
gkorland
opened on Mar 10, 2026

Description

The @public_access decorator in api/index.py is applied to many more endpoints than intended. When CODE_GRAPH_PUBLIC=1, the following endpoints become unauthenticated:

  • /api/chat — makes LLM calls (costs money)
  • /api/graph_entities
  • /api/get_neighbors
  • /api/auto_complete
  • /api/list_repos
  • /api/repo_info
  • /api/find_paths
  • /api/list_commits

Only analyze_repo and switch_commit were intended to be public.

Impact

When CODE_GRAPH_PUBLIC=1, the chat endpoint is reachable without auth, allowing anyone to trigger LLM calls at the operator's expense.

Suggested Fix

Remove @public_access from all endpoints except analyze_repo and switch_commit (or whichever are explicitly intended to be public and don't incur costs).

Context

Found during code review of PR #522.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions