fix: persist Dictation Cleanup custom API key across restarts#893
Merged
Conversation
The Settings UI writes every inference scope's custom API key through setResolvedLLMConfig, which only persisted to localStorage. But cleanupCustomApiKey is a secret backed by the OS secure store and is stripped from localStorage on startup, so the key was silently lost on every restart. Cleanup requests then failed with HTTP 401 and fell back to pasting the raw, unprocessed transcription. Route the dictation-cleanup scope's customApiKey through the dedicated setCleanupCustomApiKey setter so it is encrypted to the secure store and survives restarts, consistent with how it is read back on startup. Fixes #885
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #885 — the Dictation Cleanup custom-provider API key was silently wiped on every app restart, causing cleanup requests to fail with HTTP 401 and fall back to pasting the raw transcription.
Root cause
All four inference scopes (Dictation Cleanup, Voice Agent, Note Formatting, Chat) edit their custom API key in Settings through one generic writer,
setResolvedLLMConfig, which only wrote tolocalStorage.That works for the other three scopes because their custom keys live in
localStoragepermanently. ButcleanupCustomApiKeyis different — it is a secret backed by the OS secure store (CUSTOM_CLEANUP_API_KEY, encrypted via ElectronsafeStorage). On startup the app:cleanupCustomApiKeyback from the secure store (where the UI never wrote it), andcleanupCustomApiKeyfromlocalStorage(it is inSTALE_SECRET_LOCALSTORAGE_KEYS).So the key entered via Settings → Language Models → Dictation Cleanup was saved only to
localStorage, then read from an empty secure store and wiped fromlocalStorageon the next launch. The dedicatedsetCleanupCustomApiKeysetter (used by Notes onboarding andupdateApiKeys) already persists to the secure store correctly — the Settings editor just wasn't using it.Fix
Route the cleanup scope's
customApiKeythrough the existingsetCleanupCustomApiKeysetter, which encrypts it to the secure store and invalidates the API-key cache — consistent with how the value is read back on startup. One guard, no new abstractions, other three scopes untouched.End-to-end trace (verified)
setResolvedLLMConfig→setCleanupCustomApiKey→debouncedSaveSecret("cleanupCustom")→ IPCsave-cleanup-custom-key→EnvironmentManager.saveCleanupCustomKey→ encrypted.encon disk.initializeSettings→ IPCget-cleanup-custom-key→EnvironmentManager.getCleanupCustomKey→ store state → shown in UI.ReasoningService.getApiKey("custom")reads the secure store first, falls back to store state. Both populated after the fix..encfile (empty value →_deleteSecretKey), as before.Impact on current users
Verification
npm run typecheck— cleaneslinton the changed file — clean