From 8cf6c08841c182a16d45ad78abc820a976586b77 Mon Sep 17 00:00:00 2001
From: logikonline <dave@marketally.com>
Date: Wed, 4 Mar 2026 09:13:55 -0500
Subject: [PATCH] fix(org): handle anonymous users in repo count filtering

Set Private flag based on whether actor is present. When actor is nil (anonymous), Private must be false so SearchRepositoryCondition correctly filters to public repos only. Fixes repo count visibility for unauthenticated users.
---
 routers/api/v2/mcp.go  | 2 +-
 services/org/pinned.go | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/routers/api/v2/mcp.go b/routers/api/v2/mcp.go
index c2898e4e0b..ad1d1bddda 100644
--- a/routers/api/v2/mcp.go
+++ b/routers/api/v2/mcp.go
@@ -2198,7 +2198,7 @@ func toolListRepos(ctx *context_service.APIContext, args map[string]any) (any, e
 		},
 		Actor:    ctx.Doer,
 		OwnerID:  ownerUser.ID,
-		Private:  true,
+		Private:  ctx.Doer != nil,
 		OrderBy:  db.SearchOrderByAlphabetically,
 		Archived: optional.Some(false),
 	})
diff --git a/services/org/pinned.go b/services/org/pinned.go
index 4d7bb9b0ad..a4ae3ce2bf 100644
--- a/services/org/pinned.go
+++ b/services/org/pinned.go
@@ -62,11 +62,13 @@ func GetOrgOverviewStats(ctx context.Context, orgID int64, actor *user_model.Use
 	stats.TotalMembers = memberCount
 	stats.TotalTeams = teamCount
 
-	// Repo count - use SearchRepository with Actor for permission filtering
+	// Repo count - use SearchRepository with Actor for permission filtering.
+	// Private=true only works when Actor is set; for anonymous users we must
+	// use Private=false so SearchRepositoryCondition filters to public repos only.
 	_, stats.TotalRepos, err = repo_model.SearchRepository(ctx, repo_model.SearchRepoOptions{
 		Actor:   actor,
 		OwnerID: orgID,
-		Private: true,
+		Private: actor != nil,
 	})
 	if err != nil {
 		return nil, err