Skip to content

fix: prevent API key erasure on save and resolve Graph View unmount crash#75

Merged
VariableThe merged 2 commits into
mainfrom
fix/save-api-key
Jun 27, 2026
Merged

fix: prevent API key erasure on save and resolve Graph View unmount crash#75
VariableThe merged 2 commits into
mainfrom
fix/save-api-key

Conversation

@VariableThe

@VariableThe VariableThe commented Jun 27, 2026

Copy link
Copy Markdown
Owner

Summary

Fixes two issues reported by users:

  1. API Key Erasure: Pasting an API key or saving settings after configuring other preferences would erase existing API keys.
  2. Graph View Crash: Opening or navigating Graph View via Cmd+G caused fg.graphData is not a function TypeError.

Root Cause & Changes

  • Settings UI: When Settings opened, apiKey state initialized to ''. Saving settings ran else { await window.electronAPI.setApiKey('') }, unintentionally deleting valid credentials from the OS keyring. Updated saveSettings to only overwrite credentials when a non-empty string is provided and added an explicit Clear Key UI button.
  • Keyring Updating: In macOS keyring (keyring::Entry), setting a password on an existing item could return duplicate item errors. Updated set_api_key in keychain.rs to delete existing items before storing updated secrets.
  • Graph View: Merged defensive checks (typeof fg.method === 'function') and ref caching into GraphView.tsx to prevent unmount race conditions when toggling Graph View.

Verification

  • Clean npm run lint & npx vitest run
  • Documented in CHANGELOG.md & AUDIT_LOG.md

Summary by CodeRabbit

  • Bug Fixes
    • Improved API key saving so values are trimmed, whitespace-only inputs are treated as empty, and failures don’t silently clear or partially persist keys.
    • Added a visible Clear Key action in Settings to remove a saved API key without re-entering it.
    • Reduced Graph View crashes by hardening navigation and Cmd+G toggling behavior with safer update/unmount handling.
  • Documentation
    • Updated the changelog and audit log to reflect these fixes.

@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 96d7ccbb-69b7-4094-8361-a98cc36e9945

📥 Commits

Reviewing files that changed from the base of the PR and between bacc1e5 and 3c36dc3.

📒 Files selected for processing (2)
  • src-tauri/src/commands/keychain.rs
  • src/Settings.tsx
💤 Files with no reviewable changes (1)
  • src/Settings.tsx
🚧 Files skipped from review as they are similar to previous changes (1)
  • src-tauri/src/commands/keychain.rs

📝 Walkthrough

Walkthrough

The PR updates API key save and clear behavior in the Settings flow and Tauri keychain command, and refreshes the changelog and audit log entries.

Changes

API key persistence and release notes

Layer / File(s) Summary
Keychain update behavior
src-tauri/src/commands/keychain.rs
set_api_key trims inputs, clears empty values, and replaces existing credentials before storing a new key.
Settings save and clear flow
src/Settings.tsx
saveSettings trims the API key, adds error handling around keyring calls, updates saved-state tracking, and adds a conditional Clear Key button that clears stored and local state.
Release note entries
CHANGELOG.md, AUDIT_LOG.md
The changelog and audit log add entries for the API key changes and the Graph View fix notes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

🐇 I trimmed the key and tucked it tight,
Then freed the vault by clear daylight.
The logs now hop in tidy lines,
And Graph View gleams in friendly signs.
Hop, hop—this patch feels just right.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the two main fixes: API key save behavior and the Graph View unmount crash.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/save-api-key

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
AUDIT_LOG.md (2)

17-25: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Remove or merge redundant Graph View bugfix entry.

This entry is subsumed by the more comprehensive entry above (lines 5-16). Both share the same date and both cover Graph View fixes, but the newer entry is more accurate (correct fg.graphData reference vs e.graphData here) and covers all changes in this release cycle. Keeping both creates audit trail fragmentation.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AUDIT_LOG.md` around lines 17 - 25, Remove the redundant Graph View bugfix
audit entry in AUDIT_LOG so the release notes stay consolidated under the more
complete 2026-06-27 entry. Update or merge the duplicate text in the Graph View
section so only one entry remains for this fix set, keeping the accurate
description tied to GraphView.tsx and the onNodeClick/graphData cleanup changes.

5-16: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Consolidate redundant audit log entries.

There are two consecutive 2026-06-27 entries that both document Graph View fixes. The new entry (lines 5-16) is more comprehensive and accurate (uses fg.graphData matching the actual code, and includes API key fixes). The older entry (lines 17-25) is now redundant and partially outdated (e.graphData vs fg.graphData). For a clean audit trail, merge or remove the older entry so each fix is documented once.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@AUDIT_LOG.md` around lines 5 - 16, The audit log contains duplicate
2026-06-27 entries for Graph View fixes, and the older one is now redundant and
partially outdated. Remove or merge the older Graph View-only entry so the
consolidated `AUDIT_LOG.md` record appears once, keeping the more complete
summary that matches the actual `GraphView.tsx`, `src/Settings.tsx`, and
`src-tauri/src/commands/keychain.rs` changes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src-tauri/src/commands/keychain.rs`:
- Around line 17-22: The Clear Key flow in keychain handling is swallowing
errors from delete_credential(), which can make the command succeed even when
removal fails. Update the keychain command logic around the delete_credential()
calls to treat the missing-entry case as a successful no-op, but propagate any
other delete errors back to the caller; use the existing keychain entry handling
in the relevant function that returns Ok(true) for the missing case.

In `@src/Settings.tsx`:
- Around line 104-106: Saving settings currently clears the API key implicitly
in the save flow when isApiKeySet is still false, which can erase an existing
key before getApiKeyStatus() finishes. Update Settings.tsx so the save handler
only persists a non-empty key through the existing key-setting path, and remove
the setApiKey('') branch from the save logic; keep key removal only in the
explicit Clear Key action. Use the save handler in Settings.tsx and the
electronAPI.setApiKey call sites to locate the change.

---

Nitpick comments:
In `@AUDIT_LOG.md`:
- Around line 17-25: Remove the redundant Graph View bugfix audit entry in
AUDIT_LOG so the release notes stay consolidated under the more complete
2026-06-27 entry. Update or merge the duplicate text in the Graph View section
so only one entry remains for this fix set, keeping the accurate description
tied to GraphView.tsx and the onNodeClick/graphData cleanup changes.
- Around line 5-16: The audit log contains duplicate 2026-06-27 entries for
Graph View fixes, and the older one is now redundant and partially outdated.
Remove or merge the older Graph View-only entry so the consolidated
`AUDIT_LOG.md` record appears once, keeping the more complete summary that
matches the actual `GraphView.tsx`, `src/Settings.tsx`, and
`src-tauri/src/commands/keychain.rs` changes.
🪄 Autofix (Beta)

✅ Autofix completed


ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 2b3de5ba-fcc8-4830-aabd-780756e7dc85

📥 Commits

Reviewing files that changed from the base of the PR and between bf7e180 and bacc1e5.

📒 Files selected for processing (4)
  • AUDIT_LOG.md
  • CHANGELOG.md
  • src-tauri/src/commands/keychain.rs
  • src/Settings.tsx

Comment thread src-tauri/src/commands/keychain.rs Outdated
Comment thread src/Settings.tsx Outdated
@coderabbitai

coderabbitai Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

Fixes Applied Successfully

Fixed 2 file(s) based on 2 unresolved review comments.

Files modified:

  • src-tauri/src/commands/keychain.rs
  • src/Settings.tsx

Commit: 3c36dc3341296551c99dd26a3277b654e199dbd5

The changes have been pushed to the fix/save-api-key branch.

Time taken: 2m 23s

Fixed 2 file(s) based on 2 unresolved review comments.

Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
@VariableThe VariableThe merged commit 1c3908f into main Jun 27, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant