recon_xkg
Authorization + parsing helpers for the undocumented recon_xkg submit flag.
recon_xkg lets an allowlisted API key serve predictions from the
persistent memoization store instead of recomputing everything. It is
deliberately kept out of the public docs/OpenAPI schema. Unauthorized use is
silently ignored (treated as a normal job) rather than rejected with a
distinctive error, so the parameter’s existence is not confirmed to callers —
attempts are only recorded server-side for audit.
Module Contents
- recon_xkg.coerce_recon_xkg(raw) bool
Parse the multipart/JSON
recon_xkgvalue into a bool (default False).
- recon_xkg.is_recon_xkg_allowed(api_key) bool
Return True if
api_keyis on the ReconXKG allowlist.Membership is the only authorization gate. Looks up an active
ReconXkgAllowedKeyrow, with a brief per-process TTL cache. Any lookup error fails closed (returns False).
- recon_xkg.resolve_recon_xkg(api_key, requested: bool) bool
Resolve the effective recon_xkg flag for a submission and audit-log it.
Returns True only when the flag was requested and the key is allowlisted. Unauthorized requests are logged (without leaking to the client) and downgraded to False.
- recon_xkg.log_recon_xkg_outcome(*, api_key_id, public_id: str, row_count: int, hit_count: int, miss_count: int) None
Audit-log the hit/miss outcome of an authorized ReconXKG job.