Staging

[galshubeli]

Summary by CodeRabbit

• New Features
  • Added demo graphs (when a general prefix is configured): visible alongside user graphs; deletion and destructive SQL are blocked for safety.
• Documentation
  • Enhanced API docs with grouped tags and documented authentication schemes; standardized 401 Unauthorized responses across endpoints.
  • Updated environment template to document the optional GENERAL_PREFIX setting.
• Bug Fixes
  • Improved mobile responsiveness by switching to dynamic viewport units, reducing overflow/clipping in pages, chat, menus, and modals.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Adds OpenAPI tags and custom schema with cookie-based security, documents 401 responses across routes, introduces GENERAL_PREFIX demo-graph handling with guards, adds helper utilities in graphs, updates database/tokens/auth routers with tags, and switches CSS viewport units to dynamic dvw/dvh (with two ddvw typos). Updates .env.example comments.

Changes

Cohort / File(s)	Summary of Changes
OpenAPI schema and tagging api/app_factory.py, api/routes/auth.py	Custom OpenAPI generator with cookie security schemes (ApiTokenAuth, SessionAuth) and auto-security on 401 endpoints; adds OpenAPI tags to app and Authentication router.
Graphs: demo prefix, helpers, and 401 docs api/routes/graphs.py	Adds GENERAL_PREFIX demo-graph logic (list inclusion, delete/SQL destructive guards), bypasses user prefix for demo IDs; adds helpers (get_database_type_and_loader, sanitize_query, sanitize_log_input); tags router; annotates endpoints with 401 responses; integrates streaming messages and schema refresh on SQL.
Database route docs/tag api/routes/database.py	Tags router as “Database Connection”; adds explicit 401 response to POST /database.
API tokens docs/tag api/routes/tokens.py	Tags router as “API Tokens”; documents 401 responses for generate/list/delete endpoints.
Environment example .env.example	Documents optional GENERAL_PREFIX with commented lines and placeholder value.
CSS: dynamic viewport units app/public/css/base.css, app/public/css/chat-components.css, app/public/css/modals.css, app/public/css/responsive.css	Replaces vh/vw with dvh/dvw (and related calc/max-width). Notes: two occurrences of “ddvw” units (50ddvw, 80ddvw) appear anomalous/typo-like.
CSS: sidebar width app/public/css/menu.css	Changes .sidebar-container max-width from 50dvw to 50ddvw (likely unit typo).

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Client
  participant FastAPI App
  participant OpenAPI Override
  participant get_openapi

  Client->>FastAPI App: GET /openapi.json
  activate FastAPI App
  FastAPI App->>OpenAPI Override: app.openapi()
  activate OpenAPI Override
  OpenAPI Override->>get_openapi: Build base schema
  get_openapi-->>OpenAPI Override: Schema
  OpenAPI Override->>OpenAPI Override: Inject ApiTokenAuth, SessionAuth (cookie)
  OpenAPI Override->>OpenAPI Override: For ops with 401, set security: [ApiTokenAuth] OR [SessionAuth]
  OpenAPI Override-->>FastAPI App: Cached schema
  deactivate OpenAPI Override
  FastAPI App-->>Client: openapi.json
  deactivate FastAPI App

Loading

sequenceDiagram
  autonumber
  participant Client
  participant Graphs API
  participant Loader
  participant SchemaRefresher
  participant Formatter

  Client->>Graphs API: POST /graphs/{graph_id} (SQL)
  alt graph_id starts with GENERAL_PREFIX
    Graphs API-->>Client: Stream: "Demo graph—destructive ops blocked" (if destructive)
    Graphs API-->>Client: Final result or error
  else Non-demo graph
    Graphs API->>Loader: Execute SQL
    Loader-->>Graphs API: Rows/Effect
    opt Schema modified
      Graphs API->>SchemaRefresher: Refresh graph schema
      SchemaRefresher-->>Graphs API: OK/Fail
    end
    Graphs API->>Formatter: Format user-friendly response
    Formatter-->>Graphs API: Message
    Graphs API-->>Client: Stream steps + final message
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Add Swagger and REST API in README #162 — Similar OpenAPI customization and router metadata; overlaps app_factory and tagging.
• Staging #156 — Introduces GENERAL_PREFIX and related graphs behavior; touches same files and concepts.
• Staging #129 — Modifies graph ID construction; closely related to new demo-graph ID handling.

Suggested reviewers

• gkorland
• Naseem77

Poem

I twitch my ears at tags so neat,
Two cookies guard each API seat.
Demo graphs? I’ll hop, not bite—
No deletes on this moonlit night.
dvh dreams on mobile skies,
Schemas refreshed, carrots prize. 🥕✨

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 822474c and dcd2613.

📒 Files selected for processing (11)

• .env.example (1 hunks)
• api/app_factory.py (1 hunks)
• api/routes/auth.py (1 hunks)
• api/routes/database.py (2 hunks)
• api/routes/graphs.py (12 hunks)
• api/routes/tokens.py (4 hunks)
• app/public/css/base.css (1 hunks)
• app/public/css/chat-components.css (1 hunks)
• app/public/css/menu.css (1 hunks)
• app/public/css/modals.css (5 hunks)
• app/public/css/responsive.css (4 hunks)

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch staging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None