Skip to content

fix: add tiered auth to Privacy Shield /health and /stats endpoints#702

Merged
Lightheartdevs merged 1 commit intoLight-Heart-Labs:mainfrom
yasinBursali:fix/privacy-shield-endpoint-auth
Apr 1, 2026
Merged

fix: add tiered auth to Privacy Shield /health and /stats endpoints#702
Lightheartdevs merged 1 commit intoLight-Heart-Labs:mainfrom
yasinBursali:fix/privacy-shield-endpoint-auth

Conversation

@yasinBursali
Copy link
Copy Markdown
Contributor

@yasinBursali yasinBursali commented Apr 1, 2026

Summary

  • /health and /stats had no authentication while catch-all proxy routes did
  • /health leaked the target LLM API URL and session count; /stats leaked PII scrubbing volume metrics
  • Both endpoints now use tiered responses: unauthenticated callers get non-sensitive base fields only (preserving Docker healthcheck and dashboard-api compatibility), authenticated callers get full operational details
  • Uses Security(security_scheme, auto_error=False) with secrets.compare_digest for timing-safe optional auth

Test plan

  • curl http://localhost:8085/health returns only {status, service, version} — no target_api
  • curl -H "Authorization: Bearer $KEY" http://localhost:8085/health returns all fields
  • curl http://localhost:8085/stats returns only {cache_enabled, cache_size} — no PII counts
  • curl -H "Authorization: Bearer $KEY" http://localhost:8085/stats returns all fields
  • Docker healthcheck still passes (200 OK without auth)
  • Dashboard privacy stats page still loads (dashboard-api calls /stats without auth)

🤖 Generated with Claude Code

@yasinBursali @claude
fix: add authentication to Privacy Shield /health and /stats endpoints
3f0b5ba 
/health and /stats had no auth while catch-all proxy routes did.
/health leaked the target LLM API URL and session count. /stats
leaked PII scrubbing volume metrics.

Use tiered responses for both endpoints: unauthenticated callers
get non-sensitive fields only (preserving Docker healthcheck and
dashboard-api compatibility), authenticated callers get full
operational details including target_api and PII metrics.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Lightheartdevs Lightheartdevs merged commit a30547a into Light-Heart-Labs:main Apr 1, 2026
20 of 21 checks passed
@Lightheartdevs Lightheartdevs mentioned this pull request Apr 3, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yasinBursali @Lightheartdevs