Skip to content

🐛 Move Anthropic API key from localStorage to sessionStorage#13414

Merged
kubestellar-hive[bot] merged 1 commit into
mainfrom
fix/13411
May 13, 2026
Merged

🐛 Move Anthropic API key from localStorage to sessionStorage#13414
kubestellar-hive[bot] merged 1 commit into
mainfrom
fix/13411

Conversation

@kubestellar-hive
Copy link
Copy Markdown
Contributor

@kubestellar-hive kubestellar-hive Bot commented May 13, 2026

Fixes #13411

Problem

The Anthropic API key is stored in localStorage, which:

  • Persists indefinitely (even after the user stops using the console)
  • Is readable by any JavaScript on the same origin
  • Could be exfiltrated by XSS or malicious browser extensions

Fix

  • Replace all localStorage usage for the Anthropic key with sessionStorage
  • Key is automatically cleared when the browser tab/window closes
  • No UX change except users re-enter the key per session

Risk

LOW — behavioral change is that the key no longer persists across browser sessions. Users will need to re-enter it when opening a new tab.
@kubestellar-hive
🐛 Move Anthropic API key from localStorage to sessionStorage
6245c01 
Use sessionStorage instead of localStorage for the Anthropic API
key so it is automatically cleared when the browser tab closes,
reducing the window of exposure from XSS or malicious extensions.

Signed-off-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 13, 2026 04:24
@kubestellar-prow kubestellar-prow Bot added the dco-signoff: yes Indicates the PR's author has signed the DCO. label May 13, 2026
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.
@kubestellar-prow
Copy link
Copy Markdown
Contributor

kubestellar-prow Bot commented May 13, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign mikespreitzer for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@netlify
Copy link
Copy Markdown

netlify Bot commented May 13, 2026
edited
Loading

Deploy Preview for kubestellarconsole ready!

Name Link
🔨 Latest commit 6245c01
🔍 Latest deploy log https://app.netlify.com/projects/kubestellarconsole/deploys/6a03fd00a12f140008087e49
😎 Deploy Preview https://deploy-preview-13414.console-deploy-preview.kubestellar.io
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.
@github-actions github-actions Bot added ai-generated Pull request generated by AI copilot labels May 13, 2026
@kubestellar-prow kubestellar-prow Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label May 13, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

👋 Hey @kubestellar-hive[bot] — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

This is an automated message.
kubestellar-hive[bot]
kubestellar-hive Bot commented May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@kubestellar-hive kubestellar-hive Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security review passed — Moves Anthropic API key from localStorage to sessionStorage. All 2 read locations + tests updated. Correctly addresses #13411. LGTM.
@kubestellar-hive kubestellar-hive Bot merged commit 1a820b1 into main May 13, 2026
38 of 39 checks passed
@kubestellar-prow kubestellar-prow Bot deleted the fix/13411 branch May 13, 2026 04:40
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

Thank you for your contribution! Your PR has been merged.

Check out what's new:

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

Post-merge build verification passed

Both Go and frontend builds compiled successfully against merge commit 1a820b102bbb6eaafe3cdd58ca93e1341c2f6bcd.
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 13, 2026

❌ Post-Merge Verification: failed

Commit: 1a820b102bbb6eaafe3cdd58ca93e1341c2f6bcd
Specs run: Dashboard.spec.ts smoke.spec.ts
Report: https://github.com/kubestellar/console/actions/runs/25778704504
@github-actions github-actions Bot mentioned this pull request May 13, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ai-generated Pull request generated by AI copilot dco-signoff: yes Indicates the PR's author has signed the DCO. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. tier/2-standard

1 participant