Simple chat

[AviPeltz]

Summary

• Add inline auth prompt when Claude credentials are missing — replaces silent failure with a clear UI to paste an API key or OAuth token
• Add getAuthStatus query and setApiKey mutation to the ai-chat tRPC router
• Remove durable-session package, streams app, and simplify session management

Test plan

• Start desktop app without any Claude credentials configured — auth prompt should appear in place of the chat input
• Paste a valid API key and click Connect — prompt should disappear and chat input footer should appear
• Paste an invalid key — verify error state is shown
• Start app with existing credentials (e.g. Claude Code OAuth) — chat input footer should render normally, no auth prompt

Summary by CodeRabbit

• New Features

  • Auth prompt added to the AI chat interface to enter/store provider API keys.

• Chores

  • Legacy Streams service and durable-session package removed from the product.
  • AI chat integration updated to a new provider library and dependencies.
  • Environment variables and Content Security Policy entries cleaned up.

• UX

  • Minor UI tweaks: permission label shortened, provider logos updated, responsive/visual adjustments.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR removes the Streams app and the durable-session package, strips Streams-related env/CSP/CI/build wiring, deletes desktop session-manager agent/ and streaming modules, replaces ai-chat getConfig with auth endpoints, and adds an AuthPrompt with conditional UI rendering.

Changes

Cohort / File(s)	Summary
Environment & Build \.env\.example, .github/workflows/build-desktop.yml, .superset/lib/setup/steps.sh, apps/desktop/electron.vite.config.ts, apps/desktop/src/main/env.main.ts, apps/desktop/src/renderer/index.html, apps/desktop/vite/helpers.ts, package.json	Removed Streams-related env vars and HTML placeholder replacement (NEXT_PUBLIC_STREAMS_URL, STREAMS_PORT, STREAMS_INTERNAL_*), updated CSP connect-src, and excluded the streams package from dev/CI/build wiring.
Streams App Removal apps/streams/*	Deleted the entire Streams app: Dockerfile, Fly config, package.json, env module, server/protocol, all routes/handlers/tests, entrypoint, types, and docs.
Durable Session Package Removal packages/durable-session/*	Removed durable-session package: package manifest, client, collections, schema, materialize, errors, react bindings/hooks/components, types, tsconfig, and top-level exports.
Desktop Session-Manager Cleanup apps/desktop/src/lib/trpc/routers/ai-chat/utils/session-manager/*	Removed agent-execution, agent-runner, agent-stream-writer, chunk-batcher, generation-watchdog, proxy-requests, and proxy lifecycle code; eliminated proxyUrl wiring and agent APIs (startAgent/resolvePermission/permission events).
AI Chat Router & Auth apps/desktop/src/lib/trpc/routers/ai-chat/index.ts, .../auth/auth.ts	Replaced getConfig with getAuthStatus, added setApiKey mutation (API key vs OAuth detection), removed interrupt/approveToolUse, and added macOS Keychain Claude Code credential lookup.
Desktop UI: Auth & Chat apps/desktop/src/renderer/.../ChatInterface/*.tsx, AuthPrompt/*	Added AuthPrompt component and conditional rendering in ChatInterface for unauthenticated users.
UI Type Imports & Small Components apps/desktop/src/renderer/.../ChatMessageItem.tsx, ToolCallBlock.tsx, useClaudeCodeHistory.ts, map-tool-state.ts, ContextIndicator/*	Repointed several type imports from @superset/durable-session to @tanstack/ai; removed ContextIndicator and its re-export.
Dependency Changes apps/desktop/package.json, packages/agent/package.json, packages/agent/src/sdk-to-ai-chunks.ts	Removed @durable-streams/client and @superset/durable-session deps from desktop/agent, added @tanstack/ai, and adjusted a local enrich import.
Session-manager Public Surface apps/desktop/src/lib/trpc/routers/ai-chat/utils/session-manager/index.ts	Removed PermissionRequestEvent from re-exports and trimmed session-manager API surface.
Docs & Architecture AGENTS.md, docs/*, apps/streams/ARCHITECTURE.md	Deleted multiple design and operations documents related to Streams, durable sessions, and AI-chat production/architecture.
Minor UI Styling & Components packages/ui/src/components/ai-elements/*, packages/ui/src/components/ai-elements/prompt-input.tsx, PermissionModePicker.tsx, ChatInputFooter files	Small visual and responsive tweaks (inline SVG logos, container class, permission label, ChatInputFooter border removal, input-group radius/weights).

Sequence Diagram(s)

(Skipped — changes are broad removals and do not introduce a new multi-component sequential flow that benefits from a diagram.)

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• feat(streams): vendor durable-session-proxy into apps/streams #1242 — Introduced the Streams app and durable-session package that this PR removes; direct overlap in files and manifests.
• feat: add shared ai-chat package #1202 — Adds ai-chat/session and durable-session-like client/hooks that overlap the durable-session removals and materialization logic.
• fix(streams): connect desktop directly to Fly.io streams server #1404 — Adjusts Streams integration and env/CD wiring touching many of the same env/CSP/build files changed here.

Poem

🐰 I nibbled wires, cleared the burrows neat,
Streams and sessions folded, tidy and sweet.
A tiny AuthPrompt now guards the gate,
TanStack hops in — the UI feels great.
Hop on, dear repo, tidy and fleet!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Simple chat' is vague and generic, lacking specificity about the main changes in the PR.	Use a more descriptive title that captures the primary change, such as 'Add inline auth prompt and remove durable-session' or 'Simplify chat auth with inline credential prompt'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description covers key points (auth prompt, tRPC endpoints, package removals) and includes a test plan, but lacks detail on implementation and related issues.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chat-test

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🚀 Preview Deployment

🔗 Preview Links

Service	Status	Link
Database (Neon)	✅	View Branch
Electric (Fly.io)	✅	View App
Streams (Fly.io)	❌	Failed to deploy
API (Vercel)	✅	Open Preview
Web (Vercel)	✅	Open Preview
Marketing (Vercel)	✅	Open Preview
Admin (Vercel)	✅	Open Preview
Docs (Vercel)	✅	Open Preview

---

Preview updates automatically with new commits

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

apps/desktop/src/lib/trpc/routers/ai-chat/index.ts (1)

39-50: ⚠️ Potential issue | 🟡 Minor

Module-level credential resolution only supports OAuth, but setApiKey accepts plain API keys.

Lines 41-49 log a warning and skip non-OAuth credentials at startup. But setApiKey happily sets a plain API key via setAnthropicAuthToken. This inconsistency may confuse developers — clarify whether plain API keys are supported or not, and align module-level init with the mutation's behavior.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts` around lines 39 - 50, The
module-level credential resolution currently only accepts OAuth credentials
(cliCredentials with kind === "oauth") but the setter setAnthropicAuthToken /
mutation setApiKey supports plain API keys, creating an inconsistency; update
the startup logic around getCredentialsFromConfig/getCredentialsFromKeychain and
cliCredentials so that it also accepts plain API keys (e.g., cliCredentials.kind
=== "apiKey") and calls setAnthropicAuthToken(cliCredentials.apiKey) for both
kinds, and adjust the console message to reflect whether OAuth or API key was
used (remove the warning that ignores non-OAuth creds). Alternatively, if you
prefer to disallow plain API keys, change the mutation setApiKey to
validate/reject non-OAuth credentials and keep the startup warning — pick one
approach and make the module-level init (cliCredentials check), the
setAnthropicAuthToken call, and the log text consistent.

apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/hooks/useClaudeCodeHistory/useClaudeCodeHistory.ts (1)

28-33: ⚠️ Potential issue | 🟡 Minor

Remove unsafe as UIMessage[] cast and properly convert ClaudeSessionMessage to UIMessage.

The tRPC router returns ClaudeSessionMessage[] with a parts field structure, but line 29 casts it directly to UIMessage[] without validation or conversion. This suppresses type mismatches between the two shapes. When merging with liveMessages (true UIMessage[]), structural incompatibilities could cause runtime issues. Either convert the messages explicitly using a hydration function or update the tRPC router to return the correct UIMessage shape.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/hooks/useClaudeCodeHistory/useClaudeCodeHistory.ts`
around lines 28 - 33, The code in useClaudeCodeHistory constructs allMessages by
casting claudeMessages to UIMessage[] unsafely; replace the cast with an
explicit conversion from ClaudeSessionMessage to UIMessage (or change the tRPC
return type) so shapes match before merging with liveMessages. Implement or call
a hydration/mapper function (e.g., hydrateClaudeToUI or mapClaudeSessionMessage)
to transform each ClaudeSessionMessage.parts into the UIMessage.content/author
fields and validate required properties, then use the resulting UIMessage[] when
building allMessages instead of the as UIMessage[] cast. Ensure the mapper is
applied where claudeMessages is used (inside the useMemo for allMessages) so
downstream code only sees proper UIMessage objects.

🧹 Nitpick comments (3)

apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/ChatInterface.tsx (1)

22-22: Auth query has no error/loading handling but the fallback is sensible.

getAuthStatus.useQuery() is called without enabled, retry, or refetchInterval options. While authStatus?.authenticated === false gracefully defaults to showing ChatInputFooter during loading/error (since undefined !== false), consider whether the auth status should be re-polled after the app regains focus or on an interval, since credentials could be added externally (e.g., via claude login in a terminal).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/ChatInterface.tsx`
at line 22, The auth query call electronTrpc.aiChat.getAuthStatus.useQuery
currently has no query options; update it to handle background refetching so
credentials added externally are picked up—pass options such as
refetchOnWindowFocus: true (to refetch when app regains focus), and optionally
refetchInterval (e.g., 60_000) and retry (e.g., 1) to control polling and
retries; keep the existing fallback to show ChatInputFooter when authStatus is
undefined/false.

apps/desktop/src/lib/trpc/routers/ai-chat/index.ts (1)

304-320: Both branches of setApiKey are identical — the isOauth check is dead logic.

The if (isOauth) and else branches both call setAnthropicAuthToken(input.apiKey) — only the log message differs. Either collapse into a single path, or if different handling is intended for API keys vs OAuth tokens, implement the distinction.

Suggested simplification

 		setApiKey: publicProcedure
 			.input(z.object({ apiKey: z.string().min(1) }))
 			.mutation(({ input }) => {
-				const isOauth = input.apiKey.startsWith("sk-ant-oat");
-				if (isOauth) {
-					setAnthropicAuthToken(input.apiKey);
-					console.log(
-						"[ai-chat/setApiKey] Set OAuth token via setAnthropicAuthToken",
-					);
-				} else {
-					setAnthropicAuthToken(input.apiKey);
-					console.log(
-						"[ai-chat/setApiKey] Set API key via setAnthropicAuthToken",
-					);
-				}
+				const isOauth = input.apiKey.startsWith("sk-ant-oat");
+				setAnthropicAuthToken(input.apiKey);
+				console.log(
+					`[ai-chat/setApiKey] Set ${isOauth ? "OAuth token" : "API key"} via setAnthropicAuthToken`,
+				);
 				return { success: true };
 			}),

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts` around lines 304 - 320,
In setApiKey (publicProcedure in the ai-chat router) the isOauth check is dead:
both branches call setAnthropicAuthToken(input.apiKey) and only differ by
console.log. Replace the duplicated branches by a single call to
setAnthropicAuthToken(input.apiKey) and then log once (either a generic message
or a conditional log based on isOauth), or if OAuth tokens require different
handling implement that distinct behavior instead of identical calls;
update/remove the isOauth branching accordingly.

apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/AuthPrompt/AuthPrompt.tsx (1)

13-15: Clear the API key input on successful submission.

After a successful mutation, the password field retains the key in component state. Consider clearing it for hygiene.

Suggested fix

 		onSuccess: () => {
 			setError(null);
+			setApiKey("");
 			void utils.aiChat.getAuthStatus.invalidate();
 		},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/AuthPrompt/AuthPrompt.tsx`
around lines 13 - 15, In the AuthPrompt component's onSuccess handler (the
function that currently calls setError(null) and void
utils.aiChat.getAuthStatus.invalidate()), also clear the API key input state so
the password field is emptied after a successful submission; add a call to the
state setter that holds the input (e.g., setApiKey('') or setPassword(''))
inside onSuccess in AuthPrompt so the input is reset when the mutation succeeds.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts`:
- Around line 288-302: getAuthStatus currently only checks
getExistingClaudeCredentials (config/keychain) so it stays false after setApiKey
stores the token only in-memory via setAnthropicAuthToken; update getAuthStatus
to also inspect the in-memory token state (call or import the same accessor that
exposes the in-memory token used by setAnthropicAuthToken) and return
authenticated:true when that token exists, or alternatively modify setApiKey to
persist the credential the same way getExistingClaudeCredentials expects
(config/keychain) so that getExistingClaudeCredentials will return a credential;
reference getAuthStatus, getExistingClaudeCredentials, setApiKey,
setAnthropicAuthToken and AuthPrompt when making the change.

In `@apps/desktop/src/lib/trpc/routers/ai-chat/utils/auth/auth.ts`:
- Around line 116-135: The code path that parses raw macOS Keychain JSON
(ClaudeConfigFile) silently ignores valid JSON that lacks
claudeAiOauth.accessToken; update the logic in the auth parsing block (the
JSON.parse branch in auth.ts) to reuse the same extraction logic used by
getCredentialsFromConfig (or explicitly check for other fields such as apiKey
and oauth_access_token) and return the appropriate credential object
(kind/source) when found, and if no known fields are present emit a clear
warning log mentioning the parsed JSON keys and that no usable credential was
found (instead of falling through silently); reference ClaudeConfigFile,
claudeAiOauth, and getCredentialsFromConfig to locate where to apply this
change.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/AuthPrompt/AuthPrompt.tsx`:
- Around line 12-20: The setApiKey backend mutation currently always returns
success so the front-end setApiKeyMutation onError never fires; update the
backend setApiKey implementation (the setApiKey function that calls
setAnthropicAuthToken) to perform a lightweight validation against Anthropic
(e.g., call a models/list or similar minimal endpoint) after calling
setAnthropicAuthToken and before returning { success: true }, and throw an error
if the validation fails so the frontend setApiKeyMutation.onError can surface
the invalid-key state and utils.aiChat.getAuthStatus.invalidate() remains
correct.

---

Outside diff comments:
In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts`:
- Around line 39-50: The module-level credential resolution currently only
accepts OAuth credentials (cliCredentials with kind === "oauth") but the setter
setAnthropicAuthToken / mutation setApiKey supports plain API keys, creating an
inconsistency; update the startup logic around
getCredentialsFromConfig/getCredentialsFromKeychain and cliCredentials so that
it also accepts plain API keys (e.g., cliCredentials.kind === "apiKey") and
calls setAnthropicAuthToken(cliCredentials.apiKey) for both kinds, and adjust
the console message to reflect whether OAuth or API key was used (remove the
warning that ignores non-OAuth creds). Alternatively, if you prefer to disallow
plain API keys, change the mutation setApiKey to validate/reject non-OAuth
credentials and keep the startup warning — pick one approach and make the
module-level init (cliCredentials check), the setAnthropicAuthToken call, and
the log text consistent.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/hooks/useClaudeCodeHistory/useClaudeCodeHistory.ts`:
- Around line 28-33: The code in useClaudeCodeHistory constructs allMessages by
casting claudeMessages to UIMessage[] unsafely; replace the cast with an
explicit conversion from ClaudeSessionMessage to UIMessage (or change the tRPC
return type) so shapes match before merging with liveMessages. Implement or call
a hydration/mapper function (e.g., hydrateClaudeToUI or mapClaudeSessionMessage)
to transform each ClaudeSessionMessage.parts into the UIMessage.content/author
fields and validate required properties, then use the resulting UIMessage[] when
building allMessages instead of the as UIMessage[] cast. Ensure the mapper is
applied where claudeMessages is used (inside the useMemo for allMessages) so
downstream code only sees proper UIMessage objects.

---

Nitpick comments:
In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts`:
- Around line 304-320: In setApiKey (publicProcedure in the ai-chat router) the
isOauth check is dead: both branches call setAnthropicAuthToken(input.apiKey)
and only differ by console.log. Replace the duplicated branches by a single call
to setAnthropicAuthToken(input.apiKey) and then log once (either a generic
message or a conditional log based on isOauth), or if OAuth tokens require
different handling implement that distinct behavior instead of identical calls;
update/remove the isOauth branching accordingly.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/ChatInterface.tsx`:
- Line 22: The auth query call electronTrpc.aiChat.getAuthStatus.useQuery
currently has no query options; update it to handle background refetching so
credentials added externally are picked up—pass options such as
refetchOnWindowFocus: true (to refetch when app regains focus), and optionally
refetchInterval (e.g., 60_000) and retry (e.g., 1) to control polling and
retries; keep the existing fallback to show ChatInputFooter when authStatus is
undefined/false.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/AuthPrompt/AuthPrompt.tsx`:
- Around line 13-15: In the AuthPrompt component's onSuccess handler (the
function that currently calls setError(null) and void
utils.aiChat.getAuthStatus.invalidate()), also clear the API key input state so
the password field is emptied after a successful submission; add a call to the
state setter that holds the input (e.g., setApiKey('') or setPassword(''))
inside onSuccess in AuthPrompt so the input is reset when the mutation succeeds.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

getAuthStatus will return false even after a successful setApiKey call — auth prompt will never dismiss.

getAuthStatus calls getExistingClaudeCredentials(), which only reads from config files and the macOS Keychain. However, setApiKey (Lines 304-320) only stores the key in-memory via setAnthropicAuthToken. After the client invalidates getAuthStatus, the re-query still finds no persisted credentials, so authenticated remains false and the AuthPrompt reappears.

Either getAuthStatus needs to also check the in-memory token state, or setApiKey needs to persist the credential to a config file / keychain so that getExistingClaudeCredentials can find it.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/ai-chat/index.ts` around lines 288 - 302,
getAuthStatus currently only checks getExistingClaudeCredentials
(config/keychain) so it stays false after setApiKey stores the token only
in-memory via setAnthropicAuthToken; update getAuthStatus to also inspect the
in-memory token state (call or import the same accessor that exposes the
in-memory token used by setAnthropicAuthToken) and return authenticated:true
when that token exists, or alternatively modify setApiKey to persist the
credential the same way getExistingClaudeCredentials expects (config/keychain)
so that getExistingClaudeCredentials will return a credential; reference
getAuthStatus, getExistingClaudeCredentials, setApiKey, setAnthropicAuthToken
and AuthPrompt when making the change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Valid JSON without claudeAiOauth.accessToken is silently ignored.

If the keychain entry parses as JSON but lacks claudeAiOauth?.accessToken, execution falls through without returning a credential or logging a warning. Other valid fields (e.g., apiKey, oauth_access_token) present in the JSON would be skipped, unlike the config-file path which checks multiple fields. If the JSON shape varies, consider checking additional fields like getCredentialsFromConfig does, or at minimum log a warning.

Proposed fix

 			try {
 				const config: ClaudeConfigFile = JSON.parse(raw);
 				if (config.claudeAiOauth?.accessToken) {
 					console.log(
 						"[claude/auth] Found OAuth credentials in macOS Keychain (Claude Code-credentials)",
 					);
 					return {
 						apiKey: config.claudeAiOauth.accessToken,
 						source: "keychain",
 						kind: "oauth",
 					};
 				}
+				// Check other known fields in the JSON
+				const apiKey = config.apiKey || config.api_key;
+				const oauthToken = config.oauthAccessToken || config.oauth_access_token;
+				if (apiKey) {
+					console.log("[claude/auth] Found API key in macOS Keychain (Claude Code-credentials)");
+					return { apiKey, source: "keychain", kind: "apiKey" };
+				}
+				if (oauthToken) {
+					console.log("[claude/auth] Found OAuth token in macOS Keychain (Claude Code-credentials)");
+					return { apiKey: oauthToken, source: "keychain", kind: "oauth" };
+				}
+				console.warn("[claude/auth] Claude Code-credentials JSON found but no recognized credential fields");
 			} catch {
 				// Not valid JSON — treat as raw API key

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (raw) {
	try {
	const config: ClaudeConfigFile = JSON.parse(raw);
	if (config.claudeAiOauth?.accessToken) {
	console.log(
	"[claude/auth] Found OAuth credentials in macOS Keychain (Claude Code-credentials)",
	);
	return {
	apiKey: config.claudeAiOauth.accessToken,
	source: "keychain",
	kind: "oauth",
	};
	}
	} catch {
	// Not valid JSON — treat as raw API key
	console.log(
	"[claude/auth] Found raw credentials in macOS Keychain (Claude Code-credentials)",
	);
	return { apiKey: raw, source: "keychain", kind: "apiKey" };
	}
	if (raw) {
	try {
	const config: ClaudeConfigFile = JSON.parse(raw);
	if (config.claudeAiOauth?.accessToken) {
	console.log(
	"[claude/auth] Found OAuth credentials in macOS Keychain (Claude Code-credentials)",
	);
	return {
	apiKey: config.claudeAiOauth.accessToken,
	source: "keychain",
	kind: "oauth",
	};
	}
	// Check other known fields in the JSON
	const apiKey = config.apiKey || config.api_key;
	const oauthToken = config.oauthAccessToken || config.oauth_access_token;
	if (apiKey) {
	console.log("[claude/auth] Found API key in macOS Keychain (Claude Code-credentials)");
	return { apiKey, source: "keychain", kind: "apiKey" };
	}
	if (oauthToken) {
	console.log("[claude/auth] Found OAuth token in macOS Keychain (Claude Code-credentials)");
	return { apiKey: oauthToken, source: "keychain", kind: "oauth" };
	}
	console.warn("[claude/auth] Claude Code-credentials JSON found but no recognized credential fields");
	} catch {
	// Not valid JSON — treat as raw API key
	console.log(
	"[claude/auth] Found raw credentials in macOS Keychain (Claude Code-credentials)",
	);
	return { apiKey: raw, source: "keychain", kind: "apiKey" };
	}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@apps/desktop/src/lib/trpc/routers/ai-chat/utils/auth/auth.ts` around lines
116 - 135, The code path that parses raw macOS Keychain JSON (ClaudeConfigFile)
silently ignores valid JSON that lacks claudeAiOauth.accessToken; update the
logic in the auth parsing block (the JSON.parse branch in auth.ts) to reuse the
same extraction logic used by getCredentialsFromConfig (or explicitly check for
other fields such as apiKey and oauth_access_token) and return the appropriate
credential object (kind/source) when found, and if no known fields are present
emit a clear warning log mentioning the parsed JSON keys and that no usable
credential was found (instead of falling through silently); reference
ClaudeConfigFile, claudeAiOauth, and getCredentialsFromConfig to locate where to
apply this change.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Invalid API keys won't trigger the error path — setApiKey always returns { success: true }.

The test plan requires "Paste an invalid key: verify an error state is shown," but the backend setApiKey mutation (Lines 304-320 of index.ts) unconditionally calls setAnthropicAuthToken and returns { success: true } without validating the key against the Anthropic API. The onError handler here will never fire for an invalid key — users will only discover the key is bad when they attempt to send a message.

Consider adding a lightweight validation call (e.g., a models list request) in the setApiKey mutation before returning success.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/AuthPrompt/AuthPrompt.tsx`
around lines 12 - 20, The setApiKey backend mutation currently always returns
success so the front-end setApiKeyMutation onError never fires; update the
backend setApiKey implementation (the setApiKey function that calls
setAnthropicAuthToken) to perform a lightweight validation against Anthropic
(e.g., call a models/list or similar minimal endpoint) after calling
setAnthropicAuthToken and before returning { success: true }, and throw an error
if the validation fails so the frontend setApiKeyMutation.onError can surface
the invalid-key state and utils.aiChat.getAuthStatus.invalidate() remains
correct.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/ui/src/components/ai-elements/model-selector.tsx (1)

173-187: Decorative SVGs should be hidden from assistive technology.

Both inline SVGs are decorative (the provider name is conveyed elsewhere). Adding aria-hidden="true" prevents screen readers from attempting to announce them.

♻️ Proposed fix

 		<svg
 			viewBox="0 0 24 24"
 			xmlns="http://www.w3.org/2000/svg"
 			className={cn("size-3", className)}
+			aria-hidden="true"
 		>

Same for the OpenAI SVG at Line 190.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/ui/src/components/ai-elements/model-selector.tsx` around lines 173 -
187, The SVG used for the anthropic provider (inside the provider ===
"anthropic" branch) is decorative and should be hidden from assistive tech; add
aria-hidden="true" to that <svg> element, and do the same for the OpenAI SVG
used elsewhere (the other provider branch) so screen readers ignore these
decorative inline icons.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/ui/src/components/ai-elements/model-selector.tsx`:
- Around line 172-212: ModelSelectorLogo renders inline SVGs for "anthropic" and
"openai" but ModelSelectorLogoGroup only targets child imgs and the SVG branches
drop {...props}, causing styling and props to be lost; update
ModelSelectorLogoGroup's child selectors to include svg (e.g. add [&>svg]
alongside [&>img]) and modify ModelSelectorLogo so the SVG branches spread the
incoming props (apply {...props} and merge className via cn on the <svg>
elements) so event handlers, sizes and classes are preserved and group styles
apply consistently.

---

Nitpick comments:
In `@packages/ui/src/components/ai-elements/model-selector.tsx`:
- Around line 173-187: The SVG used for the anthropic provider (inside the
provider === "anthropic" branch) is decorative and should be hidden from
assistive tech; add aria-hidden="true" to that <svg> element, and do the same
for the OpenAI SVG used elsewhere (the other provider branch) so screen readers
ignore these decorative inline icons.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat packages/ui/src/components/ai-elements/model-selector.tsx

Repository: superset-sh/superset

Length of output: 9130

---

SVG logos won't receive ModelSelectorLogoGroup styling and props are silently discarded.

ModelSelectorLogoGroup (lines 226–237) applies styling via [&>img] selectors (rounded-full, bg-background, p-px, ring-1, etc.). When ModelSelectorLogo renders inline SVGs for "anthropic" and "openai" providers, those SVG elements won't match the [&>img] selector, causing visual inconsistency in grouped layouts.

Additionally, the component type accepts img attributes (Omit<ComponentProps<"img">, "src" | "alt">), but the SVG branches silently discard any passed ...props (like height, width, or event handlers). Only the fallback <img> tag uses these props. This creates a type contract mismatch.

To fix:

1. Update ModelSelectorLogoGroup selectors to also target SVG: [&>svg] alongside [&>img], or
2. Wrap inline SVGs in a container element that can receive the group styling uniformly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/ui/src/components/ai-elements/model-selector.tsx` around lines 172 -
212, ModelSelectorLogo renders inline SVGs for "anthropic" and "openai" but
ModelSelectorLogoGroup only targets child imgs and the SVG branches drop
{...props}, causing styling and props to be lost; update
ModelSelectorLogoGroup's child selectors to include svg (e.g. add [&>svg]
alongside [&>img]) and modify ModelSelectorLogo so the SVG branches spread the
incoming props (apply {...props} and merge className via cn on the <svg>
elements) so event handlers, sizes and classes are preserved and group styles
apply consistently.

[coderabbitai]

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@packages/ui/src/components/ai-elements/model-selector.tsx`:
- Around line 172-216: The anthropic and openai SVG branches are not forwarding
{...props} and thus miss passed attributes and the ModelSelectorLogoGroup
styling; update the SVG returned in the provider === "anthropic" and provider
=== "openai" branches to spread ...props onto the <svg> (so it receives
id/aria/data props) and ensure the group styling is applied by including the
same group-aware className (the one used by ModelSelectorLogoGroup /
cn("size-3", className) pattern) so inline SVGs receive rounded/ring/background
styles just like the <img>; modify the SVG elements in those branches to accept
props and className via cn(..., className) and keep the fallback <img>
unchanged.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx (2)

63-63: Hardcoded hex colors bypass the design-token system

#353535, #1C1C1C (line 63) and #303030, #212121 (line 76) are raw hex values rather than CSS variables. Any future dark-theme adjustment requires finding and updating these scattered strings.

♻️ Suggested refactor — map to semantic tokens

If exact shades are unavailable in the token set, introduce named CSS variables in the theme file and reference them here:

- [&_[data-slot=input-group]]:dark:border-[`#353535`] [&_[data-slot=input-group]]:dark:bg-[`#1C1C1C`]
+ [&_[data-slot=input-group]]:dark:border-[--input-group-border] [&_[data-slot=input-group]]:dark:bg-[--input-group-bg]

- [&_[data-size]]:dark:border-[`#303030`] [&_[data-size]]:dark:bg-[`#212121`]
+ [&_[data-size]]:dark:border-[--tool-border] [&_[data-size]]:dark:bg-[--tool-bg]

Then define --input-group-border, --input-group-bg, --tool-border, and --tool-bg in the dark-mode CSS layer.

Also applies to: 76-76

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx`
at line 63, Replace the hardcoded dark-mode hex colors in ChatInputFooter.tsx
(the className string that styles [data-slot=input-group] and the tool styles
around line 63/76) with semantic CSS variables from the design-token system;
update the className to reference variables like var(--input-group-border),
var(--input-group-bg), var(--tool-border), and var(--tool-bg) (or existing token
names) and then add those variables to the dark-mode theme layer (or the tokens
file) so the component uses the theme tokens instead of raw values `#353535`,
`#1C1C1C`, `#303030`, and `#212121`.

---

76-76: [data-size] selector is attribute-presence-only — potentially over-broad

[&_[data-size]] matches any descendant element that carries any data-size attribute value, not a specific one. Any future child component that uses data-size for a different semantic (e.g., icon sizing, breakpoint hints) will unintentionally inherit the border and background styles applied here. Prefer a more specific selector (e.g., [data-size="sm"], [data-slot=tool-button]) or apply styles through the component's own props/variants.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx`
at line 76, The selector on PromptInputTools is too broad—`[&_[data-size]]`
targets any descendant with any data-size attribute; narrow it to the intended
target (e.g., use `[&_[data-size="sm"]]` if you only want small-size children,
or switch to a more specific attribute like `[data-slot="tool-button"]`) or move
the border/background styles into PromptInputTools' own props/variants so child
components with unrelated data-size values aren't affected; update the className
on PromptInputTools accordingly and adjust any affected child components to use
the chosen specific attribute.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx`:
- Line 63: The CSS rule using border-[0.5px] in the ChatInputFooter markup (the
div with [&_[data-slot=input-group]]:border-[0.5px]) and the matching
[data-size] elements should be changed to a value that renders consistently on
1× displays; replace border-[0.5px] with either border (1px) or border-[0.75px]
so Chromium will resolve to 1px on 1× and finer on higher DPRs, updating both
the [&_[data-slot=input-group]]:border-[0.5px] entry and the equivalent
[&_[data-size]]:border-[0.5px] occurrences in the ChatInputFooter component to
the chosen value.

---

Nitpick comments:
In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx`:
- Line 63: Replace the hardcoded dark-mode hex colors in ChatInputFooter.tsx
(the className string that styles [data-slot=input-group] and the tool styles
around line 63/76) with semantic CSS variables from the design-token system;
update the className to reference variables like var(--input-group-border),
var(--input-group-bg), var(--tool-border), and var(--tool-bg) (or existing token
names) and then add those variables to the dark-mode theme layer (or the tokens
file) so the component uses the theme tokens instead of raw values `#353535`,
`#1C1C1C`, `#303030`, and `#212121`.
- Line 76: The selector on PromptInputTools is too broad—`[&_[data-size]]`
targets any descendant with any data-size attribute; narrow it to the intended
target (e.g., use `[&_[data-size="sm"]]` if you only want small-size children,
or switch to a more specific attribute like `[data-slot="tool-button"]`) or move
the border/background styles into PromptInputTools' own props/variants so child
components with unrelated data-size values aren't affected; update the className
on PromptInputTools accordingly and adjust any affected child components to use
the chosen specific attribute.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

border-[0.5px] is invisible on 1× DPI displays

0.5 CSS pixels collapses to 0 (invisible) or snaps to 1 px depending on device pixel ratio. On any 1× monitor the border won't render at all, making this purely a Retina-only decoration. Since this is an Electron/desktop app targeting multiple display densities, consider using border (1px) or border-[0.75px] which Chromium resolves to 1px at 1× while rendering finer at 2×.

This also applies to the same value on Line 76 for [data-size] elements.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apps/desktop/src/renderer/screens/main/components/WorkspaceView/ContentView/TabsContent/TabView/ChatPane/ChatInterface/components/ChatInputFooter/ChatInputFooter.tsx`
at line 63, The CSS rule using border-[0.5px] in the ChatInputFooter markup (the
div with [&_[data-slot=input-group]]:border-[0.5px]) and the matching
[data-size] elements should be changed to a value that renders consistently on
1× displays; replace border-[0.5px] with either border (1px) or border-[0.75px]
so Chromium will resolve to 1px on 1× and finer on higher DPRs, updating both
the [&_[data-slot=input-group]]:border-[0.5px] entry and the equivalent
[&_[data-size]]:border-[0.5px] occurrences in the ChatInputFooter component to
the chosen value.

[coderabbitai]

🧹 Nitpick comments (2)

packages/ui/src/components/ui/input-group.tsx (1)

18-18: border-[0.5px] may render inconsistently on low-DPI displays.

Sub-pixel border widths (0.5px) are rounded by some browsers/renderers — on 1× DPI screens the border may appear as 0px (invisible) or snap to 1px, producing an inconsistent look. Since this targets an Electron desktop app (typically HiDPI), it's likely fine in practice, but worth keeping in mind if you support varied display densities.

The rest of the styling changes (rounded-xl, shadow-none) look good and align with the PR's presentational polish goals.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/ui/src/components/ui/input-group.tsx` at line 18, The class string
in the InputGroup component (in input-group.tsx) uses a sub-pixel border width
"border-[0.5px]" which can render inconsistently on low-DPI displays; replace
that token with a consistent 1px border (e.g., "border" or "border-[1px]") in
the same class list inside the InputGroup (the string that currently contains
"group/input-group ... border-[0.5px] ...") to ensure consistent rendering
across DPIs.

packages/ui/src/components/ai-elements/prompt-input.tsx (1)

973-976: Consider using design tokens instead of hardcoded hex values.

dark:border-[#303030] and dark:bg-[#212121] hardcode palette values that bypass the project's theming layer. If the dark-mode palette evolves, these will require manual updates.

♻️ Suggested refactor

Replace the hardcoded hex values with semantic CSS custom properties already defined in the design system, for example:

-			"border-[0.5px] border-neutral-400/60 dark:border-[`#303030`] dark:bg-[`#212121`]",
+			"border-[0.5px] border-neutral-400/60 dark:border-border dark:bg-secondary",

Adjust the token names to match whatever the project's dark-mode surface/border tokens are.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/ui/src/components/ai-elements/prompt-input.tsx` around lines 973 -
976, The className in the cn(...) call inside prompt-input.tsx uses hardcoded
hex values for dark mode (dark:border-[`#303030`] and dark:bg-[`#212121`]); update
these to use the project's semantic design tokens/CSS custom properties instead
(e.g. replace those two hardcoded classes with classes or utility tokens that
reference the dark-mode border and surface variables from your design system) so
theming/branding changes propagate automatically—locate the cn(...) usage in the
PromptInput component and swap the hardcoded hex classes for the appropriate
token names (dark border token and dark surface/background token) used across
the codebase.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@packages/ui/src/components/ai-elements/prompt-input.tsx`:
- Around line 973-976: The className in the cn(...) call inside prompt-input.tsx
uses hardcoded hex values for dark mode (dark:border-[`#303030`] and
dark:bg-[`#212121`]); update these to use the project's semantic design tokens/CSS
custom properties instead (e.g. replace those two hardcoded classes with classes
or utility tokens that reference the dark-mode border and surface variables from
your design system) so theming/branding changes propagate automatically—locate
the cn(...) usage in the PromptInput component and swap the hardcoded hex
classes for the appropriate token names (dark border token and dark
surface/background token) used across the codebase.

In `@packages/ui/src/components/ui/input-group.tsx`:
- Line 18: The class string in the InputGroup component (in input-group.tsx)
uses a sub-pixel border width "border-[0.5px]" which can render inconsistently
on low-DPI displays; replace that token with a consistent 1px border (e.g.,
"border" or "border-[1px]") in the same class list inside the InputGroup (the
string that currently contains "group/input-group ... border-[0.5px] ...") to
ensure consistent rendering across DPIs.

[Kitenite]

Closing: stale 'Simple chat' PR from Feb 17. Chat implementation has evolved significantly since.

[Kitenite]

Hey — just a heads up, this was closed as part of an automated stale PR cleanup. If you think this was done in error, feel free to reopen it!

[Kitenite]

Hey — this was closed by an automated cleanup of PRs with major merge conflicts that are 3+ weeks old. If you think this was done incorrectly, please feel free to reopen it. Sorry for any inconvenience!