CyberCoveLLC/Triple-C
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 128 Wiki Activity

Remove Anthropic API key authentication support
All checks were successful
Build App / build-windows (push) Successful in 2m28s
Details
Build App / build-linux (push) Successful in 3m13s
Details

Browse Source 
API key auth only provides short-lived session tokens (8hrs or until
session restart) with no refresh mechanism, unlike OAuth which persists
via .credentials.json. Remove the non-functional API key settings UI
and all supporting code (frontend state, Tauri commands, keyring
storage, container env var injection, and fingerprint-based recreation
checks) to avoid user confusion.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Josh Knapp
2026-03-01 03:59:58 +00:00
parent 01ea581f8a
commit da078af73f
10 changed files with 11 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
app/src-tauri/src/commands/project_commands.rs
View File

@@ -124,21 +124,15 @@ pub async fn start_project_container(
let settings = state.settings_store.get();
let image_name = container_config::resolve_image_name(&settings.image_source, &settings.custom_image_name);
// Get API key only if auth mode requires it
let api_key: Option<String> = match project.auth_mode {
AuthMode::Anthropic => {
None
}
AuthMode::Bedrock => {
// Validate auth mode requirements
if project.auth_mode == AuthMode::Bedrock {
let bedrock = project.bedrock_config.as_ref()
.ok_or_else(|| "Bedrock auth mode selected but no Bedrock configuration found.".to_string())?;
// Region can come from per-project or global
if bedrock.aws_region.is_empty() && settings.global_aws.aws_region.is_none() {
return Err("AWS region is required for Bedrock auth mode. Set it per-project or in global AWS settings.".to_string());
}
None
}
};
// Update status to starting
state.projects_store.update_status(&project_id, ProjectStatus::Starting)?;
@@ -164,7 +158,6 @@ pub async fn start_project_container(
let needs_recreation = docker::container_needs_recreation(
&existing_id,
&project,
api_key.as_deref(),
settings.global_claude_instructions.as_deref(),
&settings.global_custom_env_vars,
)
@@ -176,7 +169,6 @@ pub async fn start_project_container(
docker::remove_container(&existing_id).await?;
let new_id = docker::create_container(
&project,
api_key.as_deref(),
&docker_socket,
&image_name,
aws_config_path.as_deref(),
@@ -193,7 +185,6 @@ pub async fn start_project_container(
} else {
let new_id = docker::create_container(
&project,
api_key.as_deref(),
&docker_socket,
&image_name,
aws_config_path.as_deref(),

16
app/src-tauri/src/commands/settings_commands.rs
View File

@@ -2,24 +2,8 @@ use tauri::State;
use crate::docker;
use crate::models::AppSettings;
use crate::storage::secure;
use crate::AppState;
#[tauri::command]
pub async fn set_api_key(key: String) -> Result<(), String> {
secure::store_api_key(&key)
}
#[tauri::command]
pub async fn has_api_key() -> Result<bool, String> {
secure::has_api_key()
}
#[tauri::command]
pub async fn delete_api_key() -> Result<(), String> {
secure::delete_api_key()
}
#[tauri::command]
pub async fn get_settings(state: State<'_, AppState>) -> Result<AppSettings, String> {
Ok(state.settings_store.get())

28
app/src-tauri/src/docker/container.rs
View File

@@ -10,19 +10,6 @@ use std::hash::{Hash, Hasher};
use super::client::get_docker;
use crate::models::{AuthMode, BedrockAuthMethod, ContainerInfo, EnvVar, GlobalAwsSettings, Project, ProjectPath};
/// Compute a fingerprint for the API key so we can detect when it changes
/// without storing the actual key in Docker labels.
fn compute_api_key_fingerprint(api_key: Option<&str>) -> String {
match api_key {
Some(key) => {
let mut hasher = DefaultHasher::new();
key.hash(&mut hasher);
format!("{:x}", hasher.finish())
}
None => String::new(),
}
}
/// Compute a fingerprint string for the custom environment variables.
/// Sorted alphabetically so order changes do not cause spurious recreation.
fn compute_env_fingerprint(custom_env_vars: &[EnvVar]) -> String {
@@ -140,7 +127,6 @@ pub async fn find_existing_container(project: &Project) -> Result<Option<String>
pub async fn create_container(
project: &Project,
api_key: Option<&str>,
docker_socket_path: &str,
image_name: &str,
aws_config_path: Option<&str>,
@@ -189,10 +175,6 @@ pub async fn create_container(
log::debug!("Skipping HOST_UID/HOST_GID on Windows — Docker Desktop's Linux VM handles user mapping");
}
if let Some(key) = api_key {
env_vars.push(format!("ANTHROPIC_API_KEY={}", key));
}
if let Some(ref token) = project.git_token {
env_vars.push(format!("GIT_TOKEN={}", token));
}
@@ -369,7 +351,6 @@ pub async fn create_container(
labels.insert("triple-c.project-id".to_string(), project.id.clone());
labels.insert("triple-c.project-name".to_string(), project.name.clone());
labels.insert("triple-c.auth-mode".to_string(), format!("{:?}", project.auth_mode));
labels.insert("triple-c.api-key-fingerprint".to_string(), compute_api_key_fingerprint(api_key));
labels.insert("triple-c.paths-fingerprint".to_string(), compute_paths_fingerprint(&project.paths));
labels.insert("triple-c.bedrock-fingerprint".to_string(), compute_bedrock_fingerprint(project));
labels.insert("triple-c.image".to_string(), image_name.to_string());
@@ -453,7 +434,6 @@ pub async fn remove_container(container_id: &str) -> Result<(), String> {
pub async fn container_needs_recreation(
container_id: &str,
project: &Project,
api_key: Option<&str>,
global_claude_instructions: Option<&str>,
global_custom_env_vars: &[EnvVar],
) -> Result<bool, String> {
@@ -492,14 +472,6 @@ pub async fn container_needs_recreation(
}
}
// ── API key fingerprint ─────────────────────────────────────────────
let expected_api_key_fp = compute_api_key_fingerprint(api_key);
let container_api_key_fp = get_label("triple-c.api-key-fingerprint").unwrap_or_default();
if container_api_key_fp != expected_api_key_fp {
log::info!("API key fingerprint mismatch, triggering recreation");
return Ok(true);
}
// ── Project paths fingerprint ──────────────────────────────────────────
let expected_paths_fp = compute_paths_fingerprint(&project.paths);
match get_label("triple-c.paths-fingerprint") {

3
app/src-tauri/src/lib.rs
View File

@@ -79,9 +79,6 @@ pub fn run() {
commands::project_commands::stop_project_container,
commands::project_commands::rebuild_project_container,
// Settings
commands::settings_commands::set_api_key,
commands::settings_commands::has_api_key,
commands::settings_commands::delete_api_key,
commands::settings_commands::get_settings,
commands::settings_commands::update_settings,
commands::settings_commands::pull_image,

39
app/src-tauri/src/storage/secure.rs
View File

@@ -1,42 +1,3 @@
const SERVICE_NAME: &str = "triple-c";
const API_KEY_USER: &str = "anthropic-api-key";
pub fn store_api_key(key: &str) -> Result<(), String> {
let entry = keyring::Entry::new(SERVICE_NAME, API_KEY_USER)
.map_err(|e| format!("Keyring error: {}", e))?;
entry
.set_password(key)
.map_err(|e| format!("Failed to store API key: {}", e))
}
pub fn get_api_key() -> Result<Option<String>, String> {
let entry = keyring::Entry::new(SERVICE_NAME, API_KEY_USER)
.map_err(|e| format!("Keyring error: {}", e))?;
match entry.get_password() {
Ok(key) => Ok(Some(key)),
Err(keyring::Error::NoEntry) => Ok(None),
Err(e) => Err(format!("Failed to retrieve API key: {}", e)),
}
}
pub fn delete_api_key() -> Result<(), String> {
let entry = keyring::Entry::new(SERVICE_NAME, API_KEY_USER)
.map_err(|e| format!("Keyring error: {}", e))?;
match entry.delete_credential() {
Ok(()) => Ok(()),
Err(keyring::Error::NoEntry) => Ok(()),
Err(e) => Err(format!("Failed to delete API key: {}", e)),
}
}
pub fn has_api_key() -> Result<bool, String> {
match get_api_key() {
Ok(Some(_)) => Ok(true),
Ok(None) => Ok(false),
Err(e) => Err(e),
}
}
/// Store a per-project secret in the OS keychain.
pub fn store_project_secret(project_id: &str, key_name: &str, value: &str) -> Result<(), String> {
let service = format!("triple-c-project-{}-{}", project_id, key_name);

3
app/src/App.tsx
View File

@@ -12,7 +12,7 @@ import { useAppState } from "./store/appState";
export default function App() {
const { checkDocker, checkImage } = useDocker();
const { checkApiKey, loadSettings } = useSettings();
const { loadSettings } = useSettings();
const { refresh } = useProjects();
const { loadVersion, checkForUpdates, startPeriodicCheck } = useUpdates();
const { sessions, activeSessionId } = useAppState(
@@ -25,7 +25,6 @@ export default function App() {
checkDocker().then((available) => {
if (available) checkImage();
});
checkApiKey();
refresh();
// Update detection

60
app/src/components/settings/ApiKeyInput.tsx
View File

@@ -1,68 +1,10 @@
import { useState } from "react";
import { useSettings } from "../../hooks/useSettings";
export default function ApiKeyInput() {
const { hasKey, saveApiKey, removeApiKey } = useSettings();
const [key, setKey] = useState("");
const [error, setError] = useState<string | null>(null);
const [saving, setSaving] = useState(false);
const handleSave = async () => {
if (!key.trim()) return;
setSaving(true);
setError(null);
try {
await saveApiKey(key.trim());
setKey("");
} catch (e) {
setError(String(e));
} finally {
setSaving(false);
}
};
return (
<div>
<label className="block text-sm font-medium mb-1">Authentication</label>
<p className="text-xs text-[var(--text-secondary)] mb-3">
Each project can use <strong>claude login</strong> (OAuth, run inside the terminal), an <strong>API key</strong>, or <strong>AWS Bedrock</strong>. Set auth mode per-project.
Each project can use <strong>claude login</strong> (OAuth, run inside the terminal) or <strong>AWS Bedrock</strong>. Set auth mode per-project.
</p>
<label className="block text-xs text-[var(--text-secondary)] mb-1 mt-3">
API Key (for projects using API key mode)
</label>
{hasKey ? (
<div className="flex items-center gap-2">
<span className="text-sm text-[var(--success)]">Key configured</span>
<button
onClick={async () => {
try { await removeApiKey(); } catch (e) { setError(String(e)); }
}}
className="text-xs text-[var(--error)] hover:underline"
>
Remove
</button>
</div>
) : (
<div className="space-y-2">
<input
type="password"
value={key}
onChange={(e) => setKey(e.target.value)}
placeholder="sk-ant-..."
className="w-full px-3 py-2 bg-[var(--bg-primary)] border border-[var(--border-color)] rounded text-sm text-[var(--text-primary)] focus:outline-none focus:border-[var(--accent)]"
onKeyDown={(e) => e.key === "Enter" && handleSave()}
/>
<button
onClick={handleSave}
disabled={saving || !key.trim()}
className="px-3 py-1.5 text-xs bg-[var(--accent)] text-white rounded hover:bg-[var(--accent-hover)] disabled:opacity-50 transition-colors"
>
{saving ? "Saving..." : "Save Key"}
</button>
</div>
)}
{error && <div className="text-xs text-[var(--error)] mt-1">{error}</div>}
</div>
);
}

32
app/src/hooks/useSettings.ts
View File

@@ -5,39 +5,13 @@ import * as commands from "../lib/tauri-commands";
import type { AppSettings } from "../lib/types";
export function useSettings() {
const { hasKey, setHasKey, appSettings, setAppSettings } = useAppState(
const { appSettings, setAppSettings } = useAppState(
useShallow(s => ({
hasKey: s.hasKey,
setHasKey: s.setHasKey,
appSettings: s.appSettings,
setAppSettings: s.setAppSettings,
}))
);
const checkApiKey = useCallback(async () => {
try {
const has = await commands.hasApiKey();
setHasKey(has);
return has;
} catch {
setHasKey(false);
return false;
}
}, [setHasKey]);
const saveApiKey = useCallback(
async (key: string) => {
await commands.setApiKey(key);
setHasKey(true);
},
[setHasKey],
);
const removeApiKey = useCallback(async () => {
await commands.deleteApiKey();
setHasKey(false);
}, [setHasKey]);
const loadSettings = useCallback(async () => {
try {
const settings = await commands.getSettings();
@@ -59,10 +33,6 @@ export function useSettings() {
);
return {
hasKey,
checkApiKey,
saveApiKey,
removeApiKey,
appSettings,
loadSettings,
saveSettings,

4
app/src/lib/tauri-commands.ts
View File

@@ -26,10 +26,6 @@ export const rebuildProjectContainer = (projectId: string) =>
invoke<Project>("rebuild_project_container", { projectId });
// Settings
export const setApiKey = (key: string) =>
invoke<void>("set_api_key", { key });
export const hasApiKey = () => invoke<boolean>("has_api_key");
export const deleteApiKey = () => invoke<void>("delete_api_key");
export const getSettings = () => invoke<AppSettings>("get_settings");
export const updateSettings = (settings: AppSettings) =>
invoke<AppSettings>("update_settings", { settings });

6
app/src/store/appState.ts
View File

@@ -24,9 +24,6 @@ interface AppState {
setDockerAvailable: (available: boolean | null) => void;
imageExists: boolean | null;
setImageExists: (exists: boolean | null) => void;
hasKey: boolean | null;
setHasKey: (has: boolean | null) => void;
// App settings
appSettings: AppSettings | null;
setAppSettings: (settings: AppSettings) => void;
@@ -85,9 +82,6 @@ export const useAppState = create<AppState>((set) => ({
setDockerAvailable: (available) => set({ dockerAvailable: available }),
imageExists: null,
setImageExists: (exists) => set({ imageExists: exists }),
hasKey: null,
setHasKey: (has) => set({ hasKey: has }),
// App settings
appSettings: null,
setAppSettings: (settings) => set({ appSettings: settings }),