Version: 1.0.0
Date: 2026-04-08
Status: Production Ready
The Gitea Robot API provides secure, agent-optimized access to issue data with PageRank-based prioritization. This document describes the security model, configuration, and best practices.
All Robot API endpoints require authentication via:
- Session cookies (for web UI users)
- Access tokens (for API clients and agents)
Unauthenticated requests to private repositories receive a 404 Not Found response to prevent repository enumeration.
The Robot API enforces repository-level permissions:
| Permission | Requirement | Behavior on Denial |
|---|---|---|
| Read Issues | unit.TypeIssues read access |
404 Not Found |
| Private Repo Access | Authenticated user | 404 Not Found |
All error conditions return 404 Not Found to prevent:
- Repository enumeration attacks
- Username enumeration
- Repository existence leaks
Examples:
- Invalid owner/repo → 404
- Repository doesn't exist → 404
- Permission denied → 404
- Validation failure → 404
PageRank calculations are cached to prevent CPU exhaustion:
| Setting | Default | Description |
|---|---|---|
PAGERANK_CACHE_TTL |
300s (5 min) | Cache expiration time |
| Concurrent computation | Prevented | Only one calculation per repo at a time |
Behavior:
- Cache hit → Return cached scores immediately
- Cache miss, not computing → Start calculation, cache results
- Cache miss, already computing → Return "in progress" error
[issue_graph]
ENABLED = true
PAGERANK_CACHE_TTL = 300
AUDIT_LOG = true
STRICT_MODE = falseAll Robot API access is logged with:
[ROBOT_AUDIT] status=SUCCESS|DENIED user=username(uid=N) repo=owner/repo endpoint=/api/v1/robot/triage ip=x.x.x.x timestamp=RFC3339 [reason=...]
Log Levels:
- Successful access → INFO
- Denied access → INFO (with reason)
- Errors → ERROR
Enable/Disable:
[issue_graph]
AUDIT_LOG = true # Enable
AUDIT_LOG = false # DisableReturns PageRank-scored issues for prioritization.
Parameters:
owner(required): Repository ownerrepo(required): Repository name
Response (200 OK):
{
"quick_ref": {
"total": 150,
"open": 42
},
"recommendations": [
{
"id": 123,
"index": 42,
"title": "Fix critical bug",
"pagerank": 0.0852,
"status": "open"
}
],
"project_health": {
"avg_pagerank": 0.0234,
"max_pagerank": 0.0852
}
}Error Responses:
- 404: Feature disabled, repo not found, permission denied, or validation error
- 500: Internal server error (rare, also returns 404 in strict mode)
Returns issues ready to be worked on (no blocking dependencies).
Parameters:
owner(required): Repository ownerrepo(required): Repository name
Response (200 OK):
{
"repo_id": 123,
"repo_name": "myrepo",
"total_count": 10,
"ready_issues": [
{
"id": 456,
"index": 23,
"title": "Add feature X",
"page_rank": 0.0456,
"priority": 25,
"is_blocked": false,
"blocker_count": 0
}
]
}Returns the full dependency graph for visualization.
Parameters:
owner(required): Repository ownerrepo(required): Repository name
Response (200 OK):
{
"repo_id": 123,
"repo_name": "myrepo",
"node_count": 50,
"edge_count": 30,
"nodes": [...],
"edges": [...]
}For API clients, use personal access tokens with minimal required scopes:
curl -H "Authorization: token YOUR_TOKEN" \
"https://gitea.example.com/api/v1/robot/triage?owner=acme&repo=project"Always enable audit logging in production:
[issue_graph]
AUDIT_LOG = trueBalance freshness vs. performance:
| Use Case | Recommended TTL |
|---|---|
| High-activity repos | 60-120 seconds |
| Normal repos | 300 seconds (default) |
| Low-activity repos | 600-1800 seconds |
Check cache effectiveness:
cache := robot.GetPageRankCache()
entries, computing := cache.GetStats()
log.Info("PageRank cache: %d entries, %d computing", entries, computing)[issue_graph]
STRICT_MODE = trueIn strict mode, all errors return 404 (no 500 errors ever exposed).
All inputs are validated for:
| Check | Rule |
|---|---|
| Owner name | Required, max 40 chars |
| Repo name | Required, max 100 chars |
| Path traversal | .. blocked |
| Invalid chars | `/<>: |
Note: Validation failures return 404 to prevent information disclosure.
Before deploying to production:
- Enable issue graph feature
- Configure appropriate cache TTL
- Enable audit logging
- Test with private repository (verify 404 for unauthorized access)
- Test with public repository (verify 200 for anonymous access)
- Verify PageRank caching works (second request should be faster)
- Check audit logs are being written
- Configure log rotation for audit logs
Causes:
- Feature disabled → Check
ENABLED = true - Permission denied → Verify user has issue read access
- Repo doesn't exist → Check owner/repo spelling
Causes:
- Cache TTL too low → Increase
PAGERANK_CACHE_TTL - Cache not persisting → Check for errors in logs
Solutions:
- Increase cache TTL
- Check database performance
- Monitor concurrent computation (should be 1 per repo)
Solutions:
- Verify
AUDIT_LOG = true - Check log level (must be INFO or lower)
- Verify log destination is writable
| Version | Date | Changes |
|---|---|---|
| 1.0.0 | 2026-04-08 | Initial secure implementation with auth, audit, caching |
Document Maintainer: Terraphim Security Team
Last Updated: 2026-04-08T17:47:00Z