Merge pull request #613 from FalkorDB/async-endpoints

docs: sync docs with current FastAPI implementation

Author: gkorland

.env.template

@@ -2,15 +2,28 @@
 FALKORDB_HOST=localhost
 FALKORDB_PORT=6379
 
-# OpenAI API key for LLM features
-OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
+# Optional FalkorDB authentication
+FALKORDB_USERNAME=
+FALKORDB_PASSWORD=
 
-# Secret token for API authentication
+# Token checked by authenticated endpoints. If left empty, the current
+# implementation accepts requests without an Authorization header.
 SECRET_TOKEN=<YOUR_SECRET_TOKEN>
 
-# Flask server settings
-FLASK_RUN_HOST=0.0.0.0
-FLASK_RUN_PORT=5000
-
-# Set to 1 to enable public access for analyze_repo/switch_commit endpoints
+# Set to 1 to make read-only endpoints public.
 CODE_GRAPH_PUBLIC=0
+
+# Limit /api/analyze_folder to this directory tree. Leave commented to use
+# the repository root as the default allowed directory.
+# ALLOWED_ANALYSIS_DIR=/absolute/path/to/projects
+
+# LiteLLM model used by /api/chat
+MODEL_NAME=gemini/gemini-flash-lite-latest
+
+# Provider credential for the default Gemini model. Change this to the
+# appropriate provider key if you change MODEL_NAME.
+GEMINI_API_KEY=<YOUR_GEMINI_API_KEY>
+
+# Optional Uvicorn bind settings used by start.sh / make run-*
+HOST=0.0.0.0
+PORT=5000

README.md

@@ -19,45 +19,42 @@ Connect and ask questions: [![Discord](https://img.shields.io/badge/Discord-%235
 
 ```
 code-graph/
-├── api/                  # Python backend (Flask)
-│   ├── index.py          # Main Flask app with API routes
-│   ├── graph.py          # Graph operations (FalkorDB)
-│   ├── llm.py            # LLM integration for chat
-│   ├── project.py        # Project management
-│   ├── info.py           # Repository info
-│   ├── prompts.py        # LLM prompts
-│   ├── auto_complete.py  # Auto-completion
-│   ├── analyzers/        # Source code analyzers (Python, Java, C, C#)
-│   ├── entities/         # Entity models
-│   ├── git_utils/        # Git operations
-│   └── code_coverage/    # Code coverage utilities
+├── api/                  # Python backend (FastAPI)
+│   ├── index.py          # FastAPI app, auth deps, API routes, SPA serving
+│   ├── graph.py          # FalkorDB graph operations
+│   ├── llm.py            # GraphRAG + LiteLLM chat integration
+│   ├── project.py        # Repository cloning and analysis orchestration
+│   ├── info.py           # Repository metadata stored in Redis/FalkorDB
+│   ├── prompts.py        # LLM system and prompt templates
+│   ├── auto_complete.py  # Prefix search helper
+│   ├── analyzers/        # Source analyzers (Python, Java, C#)
+│   ├── entities/         # Graph/entity models
+│   ├── git_utils/        # Git history graph utilities
+│   └── code_coverage/    # Coverage utilities
 ├── app/                  # React frontend (Vite)
 │   ├── src/              # Frontend source code
-│   │   ├── App.tsx       # Main application component
-│   │   ├── main.tsx      # Entry point
-│   │   ├── components/   # React components
-│   │   └── lib/          # Utility functions
 │   ├── public/           # Static assets
-│   ├── package.json      # Frontend dependencies
-│   ├── vite.config.ts    # Vite configuration
-│   └── tsconfig.json     # TypeScript configuration
-├── tests/                # Backend tests
-├── e2e/                  # End-to-end tests (Playwright)
-├── Dockerfile            # Unified Docker build
-├── docker-compose.yml    # Docker Compose setup
-├── Makefile              # Development commands
-├── start.sh              # Container startup script
-├── pyproject.toml        # Python project configuration
-└── .env.template         # Environment variables template
+│   ├── package.json      # Frontend dependencies and scripts
+│   ├── vite.config.ts    # Vite config and /api proxy for dev mode
+│   └── tsconfig*.json    # TypeScript config
+├── tests/                # Backend/unit and endpoint tests
+├── e2e/                  # End-to-end helpers and Playwright assets
+├── Dockerfile            # Unified container image
+├── docker-compose.yml    # Local FalkorDB + app stack
+├── Makefile              # Common dev/build/test commands
+├── start.sh              # Container entrypoint
+├── pyproject.toml        # Python package and dependency config
+└── .env.template         # Example environment variables
 ```
 
 ## Running Locally
 
 ### Prerequisites
 
-- Python 3.12+
+- Python `>=3.12,<3.14`
 - Node.js 20+
-- FalkorDB instance (local or cloud)
+- [`uv`](https://docs.astral.sh/uv/)
+- A FalkorDB instance (local or cloud)
 
 ### 1. Start FalkorDB
 
@@ -69,152 +66,181 @@ code-graph/
 docker run -p 6379:6379 -it --rm falkordb/falkordb
 ```
 
-### 2. Set Up Environment Variables
+### 2. Configure environment variables
 
-Copy the template and configure:
+Copy the template and adjust it for your setup:
 
 ```bash
 cp .env.template .env
 ```
 
 | Variable | Description | Required | Default |
 |----------|-------------|----------|---------|
-| `OPENAI_API_KEY` | Your OpenAI API key for code analysis | Yes | - |
-| `SECRET_TOKEN` | User-defined token for request authorization | Yes | - |
-| `FALKORDB_HOST` | FalkorDB server hostname | No | localhost |
-| `FALKORDB_PORT` | FalkorDB server port | No | 6379 |
+| `FALKORDB_HOST` | FalkorDB hostname | No | `localhost` |
+| `FALKORDB_PORT` | FalkorDB port | No | `6379` |
+| `FALKORDB_USERNAME` | Optional FalkorDB username | No | empty |
+| `FALKORDB_PASSWORD` | Optional FalkorDB password | No | empty |
+| `SECRET_TOKEN` | Token checked by protected endpoints | No | empty |
+| `CODE_GRAPH_PUBLIC` | Set `1` to skip auth on read-only endpoints | No | `0` |
+| `ALLOWED_ANALYSIS_DIR` | Root path allowed for `/api/analyze_folder` | No | repository root |
+| `MODEL_NAME` | LiteLLM model used by `/api/chat` | No | `gemini/gemini-flash-lite-latest` |
+| `HOST` | Optional Uvicorn bind host for `start.sh`/`make run-*` | No | `0.0.0.0` or `127.0.0.1` depending on command |
+| `PORT` | Optional Uvicorn bind port for `start.sh`/`make run-*` | No | `5000` |
 
-Edit `.env` with your values:
+The chat endpoint also needs the provider credential expected by your chosen `MODEL_NAME`. The default model is Gemini, so set `GEMINI_API_KEY` unless you switch to a different LiteLLM provider/model.
 
-```bash
-FALKORDB_HOST=localhost
-FALKORDB_PORT=6379
-OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
-SECRET_TOKEN=<YOUR_SECRET_TOKEN>
-```
+### Authentication behavior
+
+- Send `Authorization: Bearer <SECRET_TOKEN>` (or the raw token string) when `SECRET_TOKEN` is configured.
+- Read endpoints use the `public_or_auth` dependency.
+- Mutating endpoints (`/api/analyze_folder`, `/api/analyze_repo`, `/api/switch_commit`) use the `token_required` dependency.
+- If `SECRET_TOKEN` is unset, the current implementation accepts requests without an `Authorization` header.
+- Setting `CODE_GRAPH_PUBLIC=1` makes the read-only endpoints public even when `SECRET_TOKEN` is configured.
 
-### 3. Install Dependencies
+### 3. Install dependencies
 
 ```bash
 # Install backend dependencies
-pip install -e ".[test]"
+uv sync --all-extras
 
 # Install frontend dependencies
 npm install --prefix ./app
+
+# Optional: install Playwright dependencies from the repo root
+npm install
 ```
 
-Or using Make:
+If you do not use `uv`, `pip install -e ".[test]"` also installs the backend package and test dependencies.
+
+### 4. Run the app
+
+**Backend API with auto-reload:**
 
 ```bash
-make install
+uv run uvicorn api.index:app --host 127.0.0.1 --port 5000 --reload
 ```
 
-### 4. Build & Start
+**Frontend hot-reload with Vite:**
 
 ```bash
-# Build the frontend
-npm --prefix ./app run build
+# Terminal 1: backend API
+uv run uvicorn api.index:app --host 127.0.0.1 --port 5000 --reload
 
-# Start the backend (serves both API and frontend)
-flask --app api/index.py run --debug
+# Terminal 2: Vite dev server
+cd app && npm run dev
 ```
 
-The application will be available at [http://localhost:5000](http://localhost:5000).
-
-### Development Mode
+The Vite dev server runs on `http://localhost:3000` and proxies `/api/*` requests to `http://127.0.0.1:5000`.
 
-For frontend development with hot-reload:
+**Single-process built frontend + backend:**
 
 ```bash
-# Terminal 1: Start the Python backend
-flask --app api/index.py run --debug --port 5000
-
-# Terminal 2: Start the Vite dev server (proxies API calls to backend)
-cd app && npm run dev
+npm --prefix ./app run build
+uv run uvicorn api.index:app --host 0.0.0.0 --port 5000
 ```
 
-The Vite dev server runs on `http://localhost:3000` and proxies API requests to the Flask backend on port 5000.
+In this mode, the FastAPI app serves the built React SPA from `app/dist` on `http://localhost:5000`.
 
 ### Using Make
 
 ```bash
-make install       # Install all dependencies
-make build-dev     # Build frontend (development)
-make build-prod    # Build frontend (production)
-make run-dev       # Build + start dev server
-make run-prod      # Build + start production server
-make test          # Run backend tests
-make lint          # Run frontend linting
-make clean         # Clean build artifacts
+make install       # Install backend + frontend dependencies
+make build-dev     # Build frontend in development mode
+make build-prod    # Build frontend for production
+make run-dev       # Build dev frontend + run Uvicorn with reload
+make run-prod      # Build prod frontend + run Uvicorn
+make test          # Run backend pytest suite
+make lint          # Run Ruff + frontend type-check
+make e2e           # Run Playwright tests from repo root
+make clean         # Remove build/test artifacts
 ```
 
+`make test` currently points at the right backend test entrypoint, but some legacy analyzer/git-history tests still need maintenance before the suite passes on a clean checkout.
+
 ## Running with Docker
 
 ### Using Docker Compose
 
 ```bash
-docker-compose up
+docker compose up --build
 ```
 
-This starts both FalkorDB and the CodeGraph application.
+This starts FalkorDB and the CodeGraph app together. The checked-in compose file sets `CODE_GRAPH_PUBLIC=1` for the app service.
 
-### Using Docker Directly
+### Using Docker directly
 
 ```bash
 docker build -t code-graph .
 
 docker run -p 5000:5000 \
   -e FALKORDB_HOST=host.docker.internal \
   -e FALKORDB_PORT=6379 \
-  -e OPENAI_API_KEY=<YOUR_KEY> \
-  -e SECRET_TOKEN=<YOUR_TOKEN> \
+  -e MODEL_NAME=gemini/gemini-flash-lite-latest \
+  -e GEMINI_API_KEY=<YOUR_GEMINI_API_KEY> \
+  -e SECRET_TOKEN=<YOUR_SECRET_TOKEN> \
   code-graph
 ```
 
 ## Creating a Code Graph
 
-### Analyze a Local Folder
+### Analyze a local folder
+
+`analyze_folder` only accepts paths under `ALLOWED_ANALYSIS_DIR` (defaults to the repository root unless you override it).
 
 ```bash
-curl -X POST http://127.0.0.1:5000/analyze_folder \
+curl -X POST http://127.0.0.1:5000/api/analyze_folder \
   -H "Content-Type: application/json" \
-  -H "Authorization: <YOUR_SECRET_TOKEN>" \
+  -H "Authorization: Bearer <YOUR_SECRET_TOKEN>" \
   -d '{"path": "<FULL_PATH_TO_FOLDER>", "ignore": [".github", ".git"]}'
 ```
 
-### Analyze a GitHub Repository
+### Analyze a Git repository
 
 ```bash
-curl -X POST http://127.0.0.1:5000/analyze_repo \
+curl -X POST http://127.0.0.1:5000/api/analyze_repo \
   -H "Content-Type: application/json" \
-  -H "Authorization: <YOUR_SECRET_TOKEN>" \
-  -d '{"repo_url": "https://github.com/user/repo"}'
+  -H "Authorization: Bearer <YOUR_SECRET_TOKEN>" \
+  -d '{"repo_url": "https://github.com/user/repo", "ignore": [".github", ".git"]}'
+```
+
+### List indexed repositories
+
+```bash
+curl http://127.0.0.1:5000/api/list_repos
 ```
 
 ## Supported Languages
 
-- Python
-- Java
-- C
-- C#
+`api/analyzers/source_analyzer.py` currently enables these analyzers:
 
-Support for additional languages is planned.
+- Python (`.py`)
+- Java (`.java`)
+- C# (`.cs`)
+
+A C analyzer exists in the source tree, but it is commented out and is not currently registered.
 
 ## API Endpoints
 
+### Read endpoints
+
+| Method | Endpoint | Description |
+|--------|----------|-------------|
+| GET | `/api/list_repos` | List all indexed repositories |
+| GET | `/api/graph_entities?repo=<name>` | Fetch a subgraph for a repository |
+| POST | `/api/get_neighbors` | Return neighboring nodes for the provided IDs |
+| POST | `/api/auto_complete` | Prefix-search indexed entities |
+| POST | `/api/repo_info` | Return repository stats and saved metadata |
+| POST | `/api/find_paths` | Find paths between two graph nodes |
+| POST | `/api/chat` | Ask questions over the code graph via GraphRAG |
+| POST | `/api/list_commits` | List commits from the repository's git graph |
+
+### Mutating endpoints
+
 | Method | Endpoint | Description |
 |--------|----------|-------------|
-| GET | `/list_repos` | List all available repositories |
-| GET | `/graph_entities?repo=<name>` | Get graph entities for a repository |
-| POST | `/get_neighbors` | Get neighbors of specified nodes |
-| POST | `/auto_complete` | Auto-complete entity names |
-| POST | `/repo_info` | Get repository information |
-| POST | `/find_paths` | Find paths between two nodes |
-| POST | `/chat` | Chat with the code graph using natural language |
-| POST | `/analyze_folder` | Analyze a local source folder |
-| POST | `/analyze_repo` | Analyze a GitHub repository |
-| POST | `/list_commits` | List commits of a repository |
-| POST | `/switch_commit` | Switch to a specific commit |
+| POST | `/api/analyze_folder` | Analyze a local source folder |
+| POST | `/api/analyze_repo` | Clone and analyze a git repository |
+| POST | `/api/switch_commit` | Switch the indexed repository to a specific commit |
 
 ## License