Fixing issue #830

[bliu8923]

Use unauthenticated GraphQL client for public template metadata lookups

Description

Summary

This PR separates public template metadata reads from authenticated project operations by introducing a dedicated public GraphQL client path.

• Added GQLClient::new_public() for requests that should not include auth headers.
• Refactored client construction via a shared build_client() helper.
• Updated template metadata fetches to use the public client in:
  • deploy flow (fetch_and_create)
  • MCP deploy_template
  • MCP search_templates
• Kept authenticated client usage for template deployment mutations and other project-scoped actions.

Why

Template listing/detail endpoints are public and do not require user/project credentials. Sending auth headers to those calls is unnecessary and increases token exposure risk. This change aligns with least-privilege behavior by only attaching credentials where required.

Testing

• Added unit/integration-style test in src/client.rs:
  • public_client_can_query_templates_without_auth_headers
  • Spins up a local TCP HTTP server, captures the request, and asserts no authorization header is sent.
  • Verifies the GraphQL response is parsed successfully (id, name, and serializedConfig handling).

Manual verification (recommended)

• Run template deploy flow and confirm template detail fetch succeeds without auth header regressions.
• Run MCP search_templates and deploy_template to confirm public lookup + authenticated deploy behavior remains correct.

[brody192]

Hello, thank you for the PR. Could you update your description to include the original issue with the code and how your changes fix it?

[bliu8923]

Hey @brody192 just did, feel free to take a look. Not a very big open source/Rust dev so open to any input!