fix(11.3-01): add is_public parameter with safe default (false)

The agent was deploying all services as public without asking the user.
Now:

1. Added is_public parameter to DeployServiceArgs (default: false)
2. Preview shows is_public with clear explanation:
   - "Service will be INTERNAL only (not accessible from internet)"
   - "Service will be PUBLICLY accessible from the internet"
3. Uses args.is_public when creating deployment config

This ensures services are internal by default for safety, and the agent
must explicitly show and confirm public access with the user.

Co-Authored-By: Claude <noreply@anthropic.com>

Author: 2 people

src/agent/tools/platform/deploy_service.rs

@@ -35,6 +35,10 @@ pub struct DeployServiceArgs {
     pub region: Option<String>,
     /// Optional: override detected port
     pub port: Option<u16>,
+    /// Whether to make the service publicly accessible (default: false for safety)
+    /// Internal services can only be accessed within the cluster/network
+    #[serde(default)]
+    pub is_public: bool,
     /// If true (default), show recommendation but don't deploy yet
     /// If false with settings, deploy immediately
     #[serde(default = "default_preview")]
@@ -101,8 +105,14 @@ Uses provided overrides or recommendation defaults to deploy immediately.
 - machine_type: Override machine selection (e.g., cx22, e2-small)
 - region: Override region selection (e.g., nbg1, us-central1)
 - port: Override detected port
+- is_public: Whether service should be publicly accessible (default: false)
 - preview_only: If true (default), show recommendation only
 
+**IMPORTANT - Public vs Internal:**
+- is_public=false (default): Service is internal-only, not accessible from internet
+- is_public=true: Service gets a public URL, accessible from anywhere
+- ALWAYS show this in the preview and ask user before deploying public services
+
 **What it analyzes:**
 - Programming language and framework
 - Port configuration from source code, package.json, Dockerfiles
@@ -150,6 +160,10 @@ User: "deploy this service"
                         "type": "integer",
                         "description": "Override: port to expose"
                     },
+                    "is_public": {
+                        "type": "boolean",
+                        "description": "Whether service should be publicly accessible. Default: false (internal only). Set to true for public URL."
+                    },
                     "preview_only": {
                         "type": "boolean",
                         "description": "If true (default), show recommendation only. If false, deploy."
@@ -419,6 +433,12 @@ User: "deploy this service"
                     "region_reasoning": recommendation.region_reasoning,
                     "port": recommendation.port,
                     "health_check_path": recommendation.health_check_path,
+                    "is_public": args.is_public,
+                    "is_public_note": if args.is_public {
+                        "Service will be PUBLICLY accessible from the internet"
+                    } else {
+                        "Service will be INTERNAL only (not accessible from internet)"
+                    },
                     "confidence": recommendation.confidence,
                 },
                 "alternatives": {
@@ -648,7 +668,7 @@ User: "deploy this service"
             &final_provider,
             &final_region,
             &final_machine,
-            true, // is_public
+            args.is_public,
             recommendation.health_check_path.as_deref(),
         );
 
@@ -669,7 +689,7 @@ User: "deploy this service"
             cluster_id: None, // Cloud Runner doesn't need cluster
             registry_id: None, // Auto-provision
             auto_deploy_enabled: true,
-            is_public: Some(true),
+            is_public: Some(args.is_public),
             cloud_runner_config: Some(cloud_runner_config),
         };