Chore/remove beta public endpoints

[landonshumway-ia]

There is currently no valid use case for supporting public endpoints in the beta environment, as the beta environment is primarily used for state onboarding and searching records through the staff user search. This removes the public API endpoints from the beta environment for both the JCC and Cosmetology APIs

Testing List

• yarn test:unit:all should run without errors or warnings
• yarn serve should run without errors or warnings
• yarn build should run without errors or warnings
• For API configuration changes: CDK tests added/updated in backend/compact-connect/tests/unit/test_api.py
• For API endpoint changes: OpenAPI spec updated to show latest endpoint configuration run compact-connect/bin/download_oas30.py
• Code review

Closes # 1574

Summary by CodeRabbit

Release Notes

• Bug Fixes

  • Refined public provider lookup to exclude providers lacking valid privileges.
  • Public lookup API deployment is now environment-specific, with controlled availability across deployment stages.

• Tests

  • Added test coverage for provider privilege validation in public searches.
  • Added tests verifying environment-specific API deployment behavior.

[coderabbitai]

Warning

Review limit reached

@landonshumway-ia, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 19 minutes and 18 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f1c55a36-cf9b-482a-aad5-e407fe472906

📥 Commits

Reviewing files that changed from the base of the PR and between 1afed89 and 7323966.

📒 Files selected for processing (1)

• backend/compact-connect/docs/internal/api-specification/latest-oas30.json

📝 Walkthrough

Walkthrough

The PR restricts public provider access by enforcing privilege validation in the lookup handler and gating API availability by environment. Unprivileged providers return 404; the public endpoint deploys only to non-beta stages.

Changes

Public Provider Access Gating

Layer / File(s)	Summary
Provider privilege validation in handler backend/compact-connect/lambdas/python/provider-data-v1/handlers/public_lookup.py, backend/compact-connect/lambdas/python/provider-data-v1/tests/function/test_handlers/test_public_lookup.py	The public_get_provider handler adds a @delayed_function(delay_seconds=1.0) decorator and raises CCNotFoundException if the provider has no privileges. Test imports wraps, mocks the delay decorator, patches it on the test class, and adds a test case asserting 404 for unprivileged providers.
Conditional public API deployment backend/compact-connect/stacks/api_stack/v1_api/api.py, backend/cosmetology-app/stacks/api_stack/v1_api/api.py	Both API stacks introduce a deploy_public_lookup_api flag set to environment_name != 'beta', wrapping PublicLookupApi instantiation in a conditional block so the public endpoint is only deployed for non-beta environments.
Integration tests for conditional deployment backend/compact-connect/tests/app/test_pipeline.py, backend/cosmetology-app/tests/app/test_pipeline.py	New test methods verify that beta API stacks omit the public_lookup_api attribute while non-beta stacks include it, using hasattr checks across relevant stage stacks.

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• jlkravitz
• isabeleliassen

🐰 A privilege guard stands tall,
Keeping secrets safe for beta's call,
While test and prod let seekers see,
With delayed whispers—hop so free!

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 33.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Chore/remove beta public endpoints' accurately summarizes the main change: removing public API endpoints from the beta environment.
Description check	✅ Passed	The description clearly explains the rationale for removing beta public endpoints, lists testing requirements from the template, and references the closed issue.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[landonshumway-ia]

Dependency checks are currently failing. Those dependencies have been updated in the following PR: #1572.