fix(server): clarify public controls schema openapi

abhinav-galileo · abhinav-galileo · commit 3cd0ee1d1274 · 2026-05-15T13:57:47.000+05:30
diff --git a/server/src/agent_control_server/endpoints/controls.py b/server/src/agent_control_server/endpoints/controls.py
@@ -551,7 +551,6 @@ async def create_control(
     response_model=GetControlSchemaResponse,
     summary="Get control definition JSON schema",
     response_description="JSON schema for ControlDefinition",
-    openapi_extra={"security": []},
 )
 # Public schema metadata: no tenant state, no auth operation.
 async def get_control_schema() -> GetControlSchemaResponse:
diff --git a/server/src/agent_control_server/main.py b/server/src/agent_control_server/main.py
@@ -347,6 +347,8 @@ def custom_openapi() -> dict[str, Any]:
     if "JSONValue" in schemas:
         schemas["JSONValue"] = {"description": "Any JSON value"}
 
+    # This route is intentionally public metadata. FastAPI still emits inherited
+    # API-key security for it, so patch only this operation in the generated spec.
     controls_schema_path = f"{api_v1_prefix}/controls/schema"
     controls_schema_operation = (
         openapi_schema.get("paths", {})

Original file line number	Diff line number	Diff line change
`@@ -551,7 +551,6 @@ async def create_control(`
`551`	`551`	`response_model=GetControlSchemaResponse,`
`552`	`552`	`summary="Get control definition JSON schema",`
`553`	`553`	`response_description="JSON schema for ControlDefinition",`
`554`		`- openapi_extra={"security": []},`
`555`	`554`	`)`
`556`	`555`	`# Public schema metadata: no tenant state, no auth operation.`
`557`	`556`	`async def get_control_schema() -> GetControlSchemaResponse:`