GitHub Security Flaw: 'RegisterRoutes' Exposes Sensitive Endpoints Without Authentication Middleware

A latent security vulnerability has been identified in a GitHub repository's codebase. The exported function `Handler.RegisterRoutes` in `internal/kitchen/handlers.go` registers approximately 25 sensitive endpoints—including `/github/deploy/*`, `/analyze`, `/purge`, and `/pantry`—using the bare `mux.HandleFunc` method. Crucially, this registration bypasses all critical authentication middleware layers: `opAuth`, `agentAuth`, and `stagerAuth`. This creates a direct, unprotected pathway to operator-level functions.

While the function is currently only invoked from test code, preventing an active exploit, its design presents a significant latent risk. The function is exported, lacks any guardrails, and resides in non-test production code. A comment within the code referencing an "auth-disabled mode" suggests a plausible future refactor where this function could be wired into a live production environment. Such a change would silently expose every sensitive operator endpoint without any authentication, effectively creating a backdoor.

Proposed fixes aim to eliminate this architectural "footgun." The preferred solution is to delete the `RegisterRoutes` function entirely, forcing tests to register only the specific routes they require. Alternative mitigations include moving the function to a `_test.go` file or renaming it with a build constraint to prevent accidental production use. This flaw underscores the critical importance of segregating test utilities from production code and the dangers of exported functions that bypass security controls, even when not currently in use.