Add Swagger and REST API in README

[gkorland]

Fix #159

Summary by CodeRabbit

• New Features
  • API tokens: generate, list, and delete via UI modal and REST endpoints.
  • Model Context Protocol (MCP) endpoints enabled by default with a runtime toggle.
  • Improved API docs with operation IDs for key database routes.
• Documentation
  • Docker-first Quick Start, REST API examples, MCP guidance, and full Token Management guide.
  • Updated environment setup: single DB URL (FALKORDB_URL), new DISABLE_MCP, FASTAPI_SECRET_KEY, OAUTH_BASE_URL; OAuth keys now optional.
• UI/Style
  • New token management modal and updated profile buttons.
• Chores
  • Added fastapi-mcp, bumped litellm, local app package, ignore demo tokens, expanded wordlist.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Introduces API token management (backend routes, UI, TS module, CSS, templates), integrates optional MCP endpoints (FastApiMCP) gated by DISABLE_MCP, updates auth to accept API tokens, adds OpenAPI operation_id metadata, adjusts typings, revises env/docs/README, and updates dependencies (fastapi-mcp, litellm). Minor repo hygiene (.gitignore, wordlist).

Changes

Cohort / File(s)	Summary
Env and config docs refresh /.env.example, /.github/copilot-instructions.md, /README.md, /TOKEN_MANAGEMENT.md	Rebranded env example, switched to FALKORDB_URL, added FASTAPI_SECRET_KEY, DISABLE_MCP, model overrides, OAuth notes; docs updated for Docker-first, MCP surface, REST API; added token management documentation.
MCP integration /api/app_factory.py, /Pipfile	Added fastapi-mcp dependency and conditional MCP HTTP mount controlled by DISABLE_MCP; defines operations list_databases/connect_database/database_schema/query_database.
API token feature (backend) /api/routes/tokens.py, /api/auth/user_management.py	New tokens router (generate/list/delete) with token_required; auth extracts Bearer/cookie/query token via get_token, sets user_email, supports provider "api".
API token feature (frontend) /app/templates/components/token_modal.j2, /app/templates/components/user_profile.j2, /app/templates/chat.j2, /app/ts/modules/tokens.ts, /app/ts/app.ts, /app/public/css/modals.css, /app/public/css/buttons.css	Added token management modal UI, API Tokens button, TS module to drive modal/actions (generate/copy/list/delete), styles for modal/buttons.
OpenAPI/typing polish /api/routes/graphs.py, /api/routes/database.py, /api/agents/relevancy_agent.py	Added operation_id to key routes; refined type hints for requests and agent histories; expanded docstrings.
Repository hygiene /.gitignore, /.github/wordlist.txt, /package.json	Ignored demo_tokens.py, expanded wordlist, added local dependency "queryweaver-app": "file:app".
No-op/formatting /api/routes/auth.py	Removed extra blank lines.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor User
    participant UI as Frontend (Modal)
    participant TS as tokens.ts
    participant API as FastAPI /api/tokens
    participant Auth as token_required
    participant DB as Organizations Graph
    participant CB as app.state.callback_handler

    rect rgba(200,240,255,0.2)
    note over User,UI: Open Tokens Modal
    User->>UI: Click "API Tokens"
    UI->>TS: setupTokenManagement()
    TS->>API: GET /api/tokens/list
    API->>Auth: Validate (OAuth or API token)
    Auth-->>API: user_email
    API->>DB: MATCH tokens by user_email
    DB-->>API: Token list
    API-->>TS: { tokens: [...] }
    TS->>UI: Render table
    end

    rect rgba(220,255,220,0.2)
    note over User,API: Generate Token
    User->>UI: Click "Generate New Token"
    UI->>TS: generateToken()
    TS->>API: POST /api/tokens/generate
    API->>Auth: Validate
    Auth-->>API: user_email
    API->>CB: persist ('api', user_data, api_token)
    CB-->>API: ok
    API-->>TS: { token_id, created_at }
    TS->>UI: Show token (masked), Copy/Show controls
    TS->>API: GET /api/tokens/list (refresh)
    API-->>TS: updated list
    end

    rect rgba(255,230,230,0.2)
    note over User,API: Delete Token
    User->>UI: Click "Delete" (last 4)
    UI->>TS: confirm delete
    TS->>API: DELETE /api/tokens/{last4}
    API->>Auth: Validate
    Auth-->>API: user_email
    API->>DB: DELETE matching token(s)
    DB-->>API: count
    API-->>TS: 200/404
    TS->>UI: Update list / show error
    end

Loading

sequenceDiagram
    autonumber
    participant Env as ENV
    participant App as app_factory
    participant MCP as FastApiMCP
    participant API as FastAPI

    Env-->>App: DISABLE_MCP = [unset/false/true]
    alt MCP enabled (unset/false)
        App->>MCP: new FastApiMCP(name="queryweaver", ops=[list,connect,schema,query])
        MCP->>API: mount_http(/mcp)
    else MCP disabled (true/1/yes)
        App->>API: Skip MCP mount (log)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Add Swagger to API (#159)	❓	Only operation_id metadata/doc updates observed; cannot confirm Swagger enablement/configuration from this diff alone.

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Add API token management routes and models (api/routes/tokens.py, entire file)	Token CRUD and related API are unrelated to adding Swagger.
Auth changes to support API tokens (api/auth/user_management.py, multiple lines)	Extends authentication beyond Swagger-related scope.
Frontend token management UI and scripts (app/templates/components/token_modal.j2, app/ts/modules/tokens.ts, app/public/css/modals.css, multiple lines)	UI feature work not tied to Swagger addition.
MCP endpoint integration (api/app_factory.py, multiple lines)	Adds optional MCP surface; not required for Swagger.
Dependency additions (Pipfile: fastapi-mcp)	Supports MCP feature; unrelated to Swagger objective.

Possibly related PRs

• Staging #129 — Touches authentication/token subsystem similar to this PR’s token routes and auth helpers.
• add left toolbar and show the graph schema #80 — Modifies graphs routes; overlaps with this PR’s operation_id/doc changes on graph endpoints.
• Staging #104 — Addresses FastAPI configuration/migration areas also affected here (.env, app factory).

Suggested reviewers

• galshubeli

Poem

I nibbled configs, hopped through routes anew,
Tokens sprouted softly, shiny, fresh with dew.
MCP burrow opened, whispering HTTP,
Swagger names aligned, neat as carrots three.
With paws on keys I weave, compile, deploy—
QueryWeaver hums; a bunny’s build-time joy. 🥕

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch swagger

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 6 package(s) with unknown licenses.
• ⚠️ 9 packages with OpenSSF Scorecard issues.

View full job summary