Skip to content

Gate /debug/github-cache behind admin or explicit debug flag #359

Description

@shuv1337

Problem / Context

Cache dogfood (2026-06-24) found that /debug/github-cache is reachable by any authenticated user — there is no admin gate, role check, or explicit debug-mode flag beyond having a valid session.

This page exposes:

  • Quick warm / Full warm controls (can trigger cache warming workloads)
  • Last warm results and warm-lock state
  • Per-repo cache inspector (owner/repo form showing cache class and freshness per target)
  • Sync job counts/failures

Source: dogfood-output/cache-dogfood-report.md (Observations §2)

Related: #358 (warm controls currently skipped: disabled in local dev)

Reproduction

  1. Authenticate as any normal user (not admin)
  2. Navigate to http://127.0.0.1:3000/debug/github-cache
  3. Page loads with full debug/warm controls — no access denied

Acceptance Criteria

  • /debug/github-cache is not reachable by arbitrary authenticated users in production
  • Access requires an explicit gate: admin role, allowlisted user IDs, or env-gated debug mode (e.g. only when NODE_ENV=development + explicit flag)
  • Unauthorized users receive 404 or forbidden — not a partial/leaky debug UI
  • Warm triggers and cache inspector remain available to authorized operators
  • Gate behavior documented in AGENTS.md or ops runbook

Evidence

  • dogfood-output/screenshots/cache-debug-overview.png
  • dogfood-output/cache-dogfood-report.md (Observations)

Implementation Notes

Per AGENTS.md, the debug surface is intended for operators monitoring warm lock, sync jobs, and per-repo cache targets. It should not be a general authenticated-user feature.

Consider:

  • Middleware/route guard checking admin membership or internal allowlist
  • Dev-only exposure via explicit env (DEBUG_GITHUB_CACHE_ENABLED=1) in addition to auth
  • Separate from repo-scoped cache reads — this page can trigger writes (warm) and enumerate cache topology

Tasks

  • Decide access model (admin-only vs env-gated dev tool vs both)
  • Add server-side guard on /debug/github-cache route and warm API endpoints
  • Verify normal users cannot access in production-like config
  • Document who can access and how to enable in local dev

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions