fix(settings): forward saved API keys to sidecar in same session#14
Merged
Merged
Conversation
User report: "OpenRouter API key isn't saving." Same underlying bug
affects the Anthropic key.
Architecture (per sidecar/src/lib/secrets.ts): keychain is the
canonical store, sidecar caches keys in memory, and the renderer is
responsible for writing the keychain AND forwarding the new value to
the sidecar via the appropriate RPC. The sidecar comment even spells
this out:
> "When the user changes a key in Settings, the renderer writes the
> keychain first, then forwards the new value to the sidecar via
> setSecret(name, value)..."
But handleSaveApiKey and handleSaveOpenRouterKey both stopped at
step one. The keychain got written; the sidecar's in-memory map
never did. Result: the new key only takes effect after restart
(which re-bootstraps secrets from the keychain at boot). Within the
same session — set key → run agent → 401 / "API key not set."
Fix: after writing the keychain, forward to the sidecar.
- Anthropic: settings.set({ anthropicApiKey: trimmed }) — already
routes through SECRET_KEYS in settings.ts, lands in setSecret()
plus clears the cached Anthropic SDK client.
- OpenRouter: openrouter.setApiKey / openrouter.clearApiKey — the
purpose-built RPC, lands in setSecret() too.
Both writes are best-effort follow-ups to the keychain write; the
keychain remains the source of truth, so a sidecar transient failure
here can still be recovered by an app restart.
Doesn't address two adjacent reports also flagged by the user:
- "Model changes in General not saving" — General tab's first
model picker (line ~1378) only updates local React state; user
must click the Save button. That's the existing UX; if the user
clicks Save and it still doesn't persist, that's a separate
issue I couldn't reproduce from code-read alone.
- "Notifications / test notifications not working" — needs
runtime diagnostics to know which step fails (macOS permission,
bridge.isTauri, sendNotification). Code looks correct on
inspection.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes user report: "OpenRouter API key isn't saving" (and the same bug for the Anthropic key).
Root cause
`sidecar/src/lib/secrets.ts` documents the intended flow:
The renderer did the first step but not the second. Result: after Save in Settings:
This affects both `handleSaveApiKey` (Anthropic) and `handleSaveOpenRouterKey`.
Fix
After the keychain write, forward to the sidecar:
Both are best-effort follow-ups to the keychain write — the keychain remains source of truth, so a sidecar transient failure here can still be recovered by an app restart.
What this PR does NOT fix (raised by user, separate issues)
Test plan
🤖 Generated with Claude Code