You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This enhancement significantly improves the application's security posture by hardening how encryption keys (used for LLM API keys and the local key-store) are handled.
Key improvements:
Non-Extractable Keys: Encryption keys are now generated/imported with extractable: false. This means even if an attacker manages to execute script in the origin, they cannot extract the raw key bytes from the CryptoKey object.
Secure Key Storage: Keys are stored directly as CryptoKey objects in IndexedDB, leveraging the browser's structured clone algorithm. This replaces the previous pattern of storing keys as JWK strings (in localStorage or IndexedDB), which were easily readable.
API Key Protection: LLM API keys are no longer dependent on a master key stored in localStorage. The master key is now moved to the secure IndexedDB-based crypto store.
Automated Migration: The implementation includes robust, backward-compatible migration logic that automatically moves existing keys from legacy storage to the new secure store upon first access, ensuring no data loss for users.
Verified Security: Added a comprehensive test suite covering core crypto operations and migration scenarios, utilizing fake-indexeddb for reliable verification.
- Centralize secure key management in src/lib/crypto.ts using Web Crypto API.
- Implement non-extractable CryptoKey storage in IndexedDB (using structured clone).
- Migrate LLM API keys encryption from localStorage to secure IndexedDB store.
- Migrate key-store master key from JWK string to non-extractable CryptoKey.
- Add fake-indexeddb for robust testing of secure storage logic.
- Implement backward-compatible migration paths for all existing encrypted data.
- Add comprehensive test suites for crypto utilities and migration flows.
Co-authored-by: d-oit <6849456+d-oit@users.noreply.github.com>
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.
When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.
I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!
For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer TIP This summary will be updated as you push new changes.
We reviewed changes in 1f064eb...b7dcdba on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.
AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.
The reason will be displayed to describe this comment to others. Learn more.
Unexpected any. Specify a different type
The any type can sometimes leak into your codebase. TypeScript compiler skips the type checking of the any typed variables, so it creates a potential safety hole, and source of bugs in your codebase. We recommend using unknown or never type variable.
The reason will be displayed to describe this comment to others. Learn more.
Unexpected any. Specify a different type
The any type can sometimes leak into your codebase. TypeScript compiler skips the type checking of the any typed variables, so it creates a potential safety hole, and source of bugs in your codebase. We recommend using unknown or never type variable.
The reason will be displayed to describe this comment to others. Learn more.
Unexpected function declaration in the global scope, wrap in an IIFE for a local variable, assign as global property for a global variable
It is considered a best practice to avoid 'polluting' the global scope with variables that are intended to be local to the script. Global variables created from a script can produce name collisions with global variables created from another script, which will usually lead to runtime errors or unexpected behavior. It is mostly useful for browser scripts.
The reason will be displayed to describe this comment to others. Learn more.
`getKey` has a cyclomatic complexity of 6 with "medium" risk
A function with high cyclomatic complexity can be hard to understand and
maintain. Cyclomatic complexity is a software metric that measures the number of
independent paths through a function. A higher cyclomatic complexity indicates
that the function has more decision points and is more complex.
The reason will be displayed to describe this comment to others. Learn more.
Unexpected function declaration in the global scope, wrap in an IIFE for a local variable, assign as global property for a global variable
It is considered a best practice to avoid 'polluting' the global scope with variables that are intended to be local to the script. Global variables created from a script can produce name collisions with global variables created from another script, which will usually lead to runtime errors or unexpected behavior. It is mostly useful for browser scripts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This enhancement significantly improves the application's security posture by hardening how encryption keys (used for LLM API keys and the local key-store) are handled.
Key improvements:
extractable: false. This means even if an attacker manages to execute script in the origin, they cannot extract the raw key bytes from theCryptoKeyobject.CryptoKeyobjects in IndexedDB, leveraging the browser's structured clone algorithm. This replaces the previous pattern of storing keys as JWK strings (inlocalStorageorIndexedDB), which were easily readable.localStorage. The master key is now moved to the secure IndexedDB-based crypto store.fake-indexeddbfor reliable verification.PR created automatically by Jules for task 4796541718176994595 started by @d-oit