🔒 Remove hardcoded Gemini API key from build#82
Conversation
🎯 What: Removed the statically injected `GEMINI_API_KEY` from `vite.config.ts` and added a dynamic UI input in `DataIngestion.tsx` to handle the key client-side.⚠️ Risk: Hardcoding the API key in the Vite build configuration exposes it to all users and can lead to unauthorized access and billing issues. 🛡️ Solution: Implemented a Bring-Your-Own-Key (BYOK) architecture by storing the key in the React `App.tsx` state and passing it down to the `analysisService.ts` for dynamic `GoogleGenAI` initialization. Tests were updated to reflect the new parameters. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Reviewer's GuideImplements a Bring-Your-Own-Key flow for Gemini by removing the build-time GEMINI_API_KEY from Vite config, threading a geminiApiKey value through App state and DataIngestion UI into performAnalysis, and updating tests to validate the new props and function signatures. Sequence diagram for BYOK Gemini API key flowsequenceDiagram
actor User
participant DataIngestion
participant App
participant analysisService
participant GoogleGenAI
User->>DataIngestion: type Gemini API key
DataIngestion->>App: setGeminiApiKey(geminiApiKey)
User->>App: trigger performAnalysis
App->>analysisService: performAnalysis(fileCache, apiMode, bureauApiKey, geminiApiKey, setLoading, setError, setAnalysis, setSources)
analysisService->>GoogleGenAI: new GoogleGenAI(apiKey: geminiApiKey)
GoogleGenAI-->>analysisService: model responses
analysisService-->>App: setAnalysis(analysis)
App-->>User: display analysis results
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
…ge graph [skip ci]
…, replace console logs Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…ge graph [skip ci]
|
GEMINI_API_KEY is not set. Skipping real AI review generation. |
…, replace console logs Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
…ge graph [skip ci]



🎯 What: Removed the statically injected
⚠️ Risk: Hardcoding the API key in the Vite build configuration exposes it to all users and can lead to unauthorized access and billing issues.
GEMINI_API_KEYfromvite.config.tsand added a dynamic UI input inDataIngestion.tsxto handle the key client-side.🛡️ Solution: Implemented a Bring-Your-Own-Key (BYOK) architecture by storing the key in the React
App.tsxstate and passing it down to theanalysisService.tsfor dynamicGoogleGenAIinitialization. Tests were updated to reflect the new parameters.PR created automatically by Jules for task 15124981763219646591 started by @NITISH-R-G
Summary by Sourcery
Remove build-time Gemini API key injection and switch to a client-supplied key passed through the UI and app state into analysis services.
New Features:
Enhancements:
Build:
Tests: