THU-505: Move model API keys to local-only table#858
THU-505: Move model API keys to local-only table#858raivieiraadriano92 wants to merge 8 commits into
Conversation
raivieiraadriano92
changed the title
Semgrep Security ScanNo security issues found. |
raivieiraadriano92
had a problem deploying
to
preview
GitHub Actions
Failure
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
Preview environment deployed 🚀
Stack: Auto-destroys on PR close/merge. Login via the bundled Keycloak realm — |
PR Metrics
Updated Thu, 14 May 2026 11:17:54 GMT · run #1493 |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 9d366d0. Configure here.
| </Tooltip> | ||
| </TooltipProvider> | ||
| )} | ||
| {model.provider !== 'thunderbolt' && !model.apiKey && ( |
There was a problem hiding this comment.
Duplicated needsApiKey logic across two files
Low Severity
The needsApiKey logic (model.provider !== 'thunderbolt' && !model.apiKey) is defined as a named helper in model-selector.tsx but duplicated inline in index.tsx at line 1149. If the condition for determining whether a model needs an API key changes in the future (e.g., excluding custom providers that run local LLMs), both locations must be updated in sync, risking inconsistency.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 9d366d0. Configure here.
2 participants
Summary
api_keyout of the syncedmodelstable into a new local-onlymodels_secretstable that PowerSync never syncs — API keys never leave the devicemodels_secretsso consumers still getapiKeytransparentlyapi_keyfrom E2EE encrypted columns and backend schema (with migration)Test plan
models_secrets, not inmodelsmodels_secretsupdated, warning disappearsmodels_secretsrow deletedapiKey: null, no warning shown🤖 Generated with Claude Code
Note
Medium Risk
Changes database schema and model CRUD/query logic to split synced vs local-only data, which could affect model selection and provider connectivity if joins/migrations misbehave. UI now disables selection for models missing a required key, which may impact existing user flows.
Overview
API keys are removed from the synced
modelsschema (backend migration + Drizzle schemas) and from the E2EE encrypted column list, and are instead stored in a new local-onlymodels_secretstable that is excluded from PowerSync syncing.Model DAL queries (
getAllModels,getAvailableModels,getModel,getSelectedModelQuery,getSystemModel) nowLEFT JOINmodels_secretsto continue exposingModel.apiKeytransparently, and model mutations (createModel,updateModel,resetModelToDefault,deleteModel) manage secret rows transactionally (including delete-on-model-delete).The UI surfaces missing-key configuration: the model selector and settings list show an amber warning + tooltip for models without a required key and disable selecting such models; settings models page also replaces the prior detail/new routes with an in-page edit modal and centralized delete confirmation. Tests are updated/added to validate secret storage/join behavior.
Reviewed by Cursor Bugbot for commit 9d366d0. Bugbot is set up for automated code reviews on this repo. Configure here.