the codex and codex-package interfaces don't have required permissions for any of the endpoints. This means you can technically call these w/o logging in first.
I think we probably want to protect these with requiredPermissions and also add those same required permissions to the other modules that implement these interfaces (e.g. mod-codex-ekb, mod-codex-inventory).
See MODCDEKB-98 and
Please ensure that module is all tested well after addition of these permissions.