Add API documentation for graph retrieval, query, and commit history endpoints

[gkorland]

Migrated from falkordb/code-graph-backend#96

Summary

Adds an API Reference section to the README documenting:

1. Retrieve a graph (GET /graph_entities)
2. Send Query (POST /chat)
3. History change (POST /list_commits, POST /switch_commit)

Resolves #534

---

Originally authored by @Copilot in falkordb/code-graph-backend#96

Summary by CodeRabbit

• Documentation
  • Added API Reference section to README with endpoints and curl examples for graph_entities, chat, list_commits, and switch_commit endpoints.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
code-graph	Error		Mar 10, 2026 8:43am

[coderabbitai]

📝 Walkthrough

Walkthrough

The README.md file is updated with a new API Reference section containing endpoint documentation and curl examples for four APIs: graph_entities, chat, list_commits, and switch_commit. This is a documentation-only change with no code modifications.

Changes

Cohort / File(s)	Summary
Documentation README.md	Added API Reference section with endpoint documentation and curl examples for graph_entities, chat, list_commits, and switch_commit endpoints.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A READme grows with API tales,
Four endpoints gleam, no code avails,
Just words and curls, examples bright,
Documentation done just right! 📚✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding API documentation for graph retrieval, query, and commit history endpoints, which matches the README additions.
Linked Issues check	✅ Passed	The PR fully satisfies issue #534 by adding API Reference documentation for all three required API endpoint groups: graph retrieval, query, and commit history.
Out of Scope Changes check	✅ Passed	All changes are scoped to README.md with API documentation additions directly addressing issue #534 requirements; no unrelated code changes present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch backend/update-readme-missing-apis

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Around line 228-230: The README example includes a literal auth token
("Authorization: OpenSesame") which can encourage reuse and trigger secret
scanners; update the example curl for the graph_entities endpoint to use a
placeholder or environment variable instead (e.g., replace the literal
Authorization header in the curl example for
"http://127.0.0.1:5000/graph_entities?repo=GraphRAG-SDK" with a safe token
reference like ${SECRET_TOKEN} or a named placeholder) so the README no longer
contains a real-looking secret.
- Around line 224-250: Update the curl examples to use the documented
environment variable name SECRET_TOKEN consistently (e.g., replace instances of
<.ENV_SECRET_TOKEN> with ${SECRET_TOKEN}) across the /graph_entities, /chat,
/list_commits, and /switch_commit examples in README.md so the snippets are
copy-pasteable and match the earlier .env example.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 800a6cad-e22f-4258-a9cb-e03cdf23cd8e

📥 Commits

Reviewing files that changed from the base of the PR and between 16feaea and f234233.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use the documented env var name consistently in the curl snippets.

<.ENV_SECRET_TOKEN> does not match the earlier .env example, which defines SECRET_TOKEN. Using ${SECRET_TOKEN} here would be clearer and copy-pasteable.

Suggested doc update

-curl -X GET "http://127.0.0.1:5000/graph_entities?repo=<REPO_NAME>" -H "Authorization: <.ENV_SECRET_TOKEN>"
+curl -X GET "http://127.0.0.1:5000/graph_entities?repo=<REPO_NAME>" -H "Authorization: ${SECRET_TOKEN}"

-curl -X POST http://127.0.0.1:5000/chat -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>", "msg": "<YOUR_QUESTION>"}' -H "Authorization: <.ENV_SECRET_TOKEN>"
+curl -X POST http://127.0.0.1:5000/chat -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>", "msg": "<YOUR_QUESTION>"}' -H "Authorization: ${SECRET_TOKEN}"

-curl -X POST http://127.0.0.1:5000/list_commits -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>"}' -H "Authorization: <.ENV_SECRET_TOKEN>"
+curl -X POST http://127.0.0.1:5000/list_commits -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>"}' -H "Authorization: ${SECRET_TOKEN}"

-curl -X POST http://127.0.0.1:5000/switch_commit -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>", "commit": "<COMMIT_HASH>"}' -H "Authorization: ${SECRET_TOKEN}"
+curl -X POST http://127.0.0.1:5000/switch_commit -H "Content-Type: application/json" -d '{"repo": "<REPO_NAME>", "commit": "<COMMIT_HASH>"}' -H "Authorization: ${SECRET_TOKEN}"

🧰 Tools

🪛 Gitleaks (8.30.0)

[high] 225-230: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 224 - 250, Update the curl examples to use the
documented environment variable name SECRET_TOKEN consistently (e.g., replace
instances of <.ENV_SECRET_TOKEN> with ${SECRET_TOKEN}) across the
/graph_entities, /chat, /list_commits, and /switch_commit examples in README.md
so the snippets are copy-pasteable and match the earlier .env example.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid documenting a literal auth token in the example.

Using Authorization: OpenSesame encourages copying a shared static token pattern into local setups and will keep triggering secret scanners on the README. Prefer the same placeholder or shell variable form you use elsewhere instead.

Suggested doc update

 Example:
 ```bash
-curl -X GET "http://127.0.0.1:5000/graph_entities?repo=GraphRAG-SDK" -H "Authorization: OpenSesame"
+curl -X GET "http://127.0.0.1:5000/graph_entities?repo=GraphRAG-SDK" -H "Authorization: ${SECRET_TOKEN}"

</details>

<!-- suggestion_start -->

<details>
<summary>📝 Committable suggestion</summary>

> ‼️ **IMPORTANT**
> Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

```suggestion
Example:

🧰 Tools

🪛 Gitleaks (8.30.0)

[high] 225-230: Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

(curl-auth-header)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 228 - 230, The README example includes a literal auth
token ("Authorization: OpenSesame") which can encourage reuse and trigger secret
scanners; update the example curl for the graph_entities endpoint to use a
placeholder or environment variable instead (e.g., replace the literal
Authorization header in the curl example for
"http://127.0.0.1:5000/graph_entities?repo=GraphRAG-SDK" with a safe token
reference like ${SECRET_TOKEN} or a named placeholder) so the README no longer
contains a real-looking secret.