CaseMark hands every user their own AI key
CaseMark's fork lets each person plug in their own Anthropic or Gemini credentials instead of riding on a shared, firm-wide key.
There's now a Models section under each user's account where they paste in their own key for the AI provider they want to use. The fork stores it encrypted, then quietly tests it against the provider before trusting it, so a typo or a dead key gets flagged as unverified rather than failing silently mid-matter. Pull a key and it's soft-deleted - the underlying secret is wiped while the record stays for audit.
The more interesting part is what happens when a user has no key of their own. CaseMark closed that door for production: the server will not quietly fall back to its own shared credentials, and a related fix stopped the interface from leaking the tail end of the server key. The behaviour is now fail-closed by default rather than fail-open.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?