add cli option to explicitly enable the prompt toggle

rootfs · rootfs · commit 45ff58a2ef93 · 2025-10-01T14:36:22.000Z
Signed-off-by: Huamin Chen &lt;hchen@redhat.com&gt;
diff --git a/src/semantic-router/cmd/main.go b/src/semantic-router/cmd/main.go
@@ -15,13 +15,14 @@ import (
 func main() {
 	// Parse command-line flags
 	var (
-		configPath  = flag.String("config", "config/config.yaml", "Path to the configuration file")
-		port        = flag.Int("port", 50051, "Port to listen on for gRPC ExtProc")
-		apiPort     = flag.Int("api-port", 8080, "Port to listen on for Classification API")
-		metricsPort = flag.Int("metrics-port", 9190, "Port for Prometheus metrics")
-		enableAPI   = flag.Bool("enable-api", true, "Enable Classification API server")
-		secure      = flag.Bool("secure", false, "Enable secure gRPC server with TLS")
-		certPath    = flag.String("cert-path", "", "Path to TLS certificate directory (containing tls.crt and tls.key)")
+		configPath            = flag.String("config", "config/config.yaml", "Path to the configuration file")
+		port                  = flag.Int("port", 50051, "Port to listen on for gRPC ExtProc")
+		apiPort               = flag.Int("api-port", 8080, "Port to listen on for Classification API")
+		metricsPort           = flag.Int("metrics-port", 9190, "Port for Prometheus metrics")
+		enableAPI             = flag.Bool("enable-api", true, "Enable Classification API server")
+		enableSystemPromptAPI = flag.Bool("enable-system-prompt-api", false, "Enable system prompt configuration endpoints (SECURITY: only enable in trusted environments)")
+		secure                = flag.Bool("secure", false, "Enable secure gRPC server with TLS")
+		certPath              = flag.String("cert-path", "", "Path to TLS certificate directory (containing tls.crt and tls.key)")
 	)
 	flag.Parse()
 
@@ -58,7 +59,7 @@ func main() {
 	if *enableAPI {
 		go func() {
 			observability.Infof("Starting Classification API server on port %d", *apiPort)
-			if err := api.StartClassificationAPI(*configPath, *apiPort); err != nil {
+			if err := api.StartClassificationAPI(*configPath, *apiPort, *enableSystemPromptAPI); err != nil {
 				observability.Errorf("Classification API server error: %v", err)
 			}
 		}()
diff --git a/src/semantic-router/pkg/api/server.go b/src/semantic-router/pkg/api/server.go
@@ -17,8 +17,9 @@ import (
 
 // ClassificationAPIServer holds the server state and dependencies
 type ClassificationAPIServer struct {
-	classificationSvc *services.ClassificationService
-	config            *config.RouterConfig
+	classificationSvc     *services.ClassificationService
+	config                *config.RouterConfig
+	enableSystemPromptAPI bool
 }
 
 // ModelsInfoResponse represents the response for models info endpoint
@@ -101,7 +102,7 @@ type ClassificationOptions struct {
 }
 
 // StartClassificationAPI starts the Classification API server
-func StartClassificationAPI(configPath string, port int) error {
+func StartClassificationAPI(configPath string, port int, enableSystemPromptAPI bool) error {
 	// Load configuration
 	cfg, err := config.LoadConfig(configPath)
 	if err != nil {
@@ -139,8 +140,9 @@ func StartClassificationAPI(configPath string, port int) error {
 
 	// Create server instance
 	apiServer := &ClassificationAPIServer{
-		classificationSvc: classificationSvc,
-		config:            cfg,
+		classificationSvc:     classificationSvc,
+		config:                cfg,
+		enableSystemPromptAPI: enableSystemPromptAPI,
 	}
 
 	// Create HTTP server with routes
@@ -203,9 +205,14 @@ func (s *ClassificationAPIServer) setupRoutes() *http.ServeMux {
 	mux.HandleFunc("GET /config/classification", s.handleGetConfig)
 	mux.HandleFunc("PUT /config/classification", s.handleUpdateConfig)
 
-	// System prompt configuration endpoints
-	mux.HandleFunc("GET /config/system-prompts", s.handleGetSystemPrompts)
-	mux.HandleFunc("PUT /config/system-prompts", s.handleUpdateSystemPrompts)
+	// System prompt configuration endpoints (only if explicitly enabled)
+	if s.enableSystemPromptAPI {
+		observability.Infof("System prompt configuration endpoints enabled")
+		mux.HandleFunc("GET /config/system-prompts", s.handleGetSystemPrompts)
+		mux.HandleFunc("PUT /config/system-prompts", s.handleUpdateSystemPrompts)
+	} else {
+		observability.Infof("System prompt configuration endpoints disabled for security")
+	}
 
 	return mux
 }
diff --git a/src/semantic-router/pkg/api/server_test.go b/src/semantic-router/pkg/api/server_test.go
