Fix: stop shipping Anthropic and Gemini API keys in the browser bundle

Upstream Mike reads `NEXT_PUBLIC_ANTHROPIC_API_KEY` and `NEXT_PUBLIC_GEMINI_API_KEY` into the static user profile - which means those values land in the client JS bundle and ship to every browser. clapointe-carbonleo patches this with two lines.

securityinfrastructure

The bug is in frontend/src/contexts/UserProfileContext.tsx. The static profile object uses process.env.NEXT_PUBLIC_* reads to populate claudeApiKey and geminiApiKey. Anything prefixed NEXT_PUBLIC_ in a Next.js app is inlined at build time and included in the client-side bundle - that is the entire point of the prefix. Setting a production API key in those variables exposes it to anyone who opens DevTools.

The fix replaces both reads with the string "configured", used only as a sentinel to gate UI (whether a model shows as available in the selector). Actual model calls run server-side against backend-held keys, so the sentinel string never reaches an API. Two lines changed, bug closed.

If you have inherited the upstream code, check for any NEXT_PUBLIC_*_API_KEY, NEXT_PUBLIC_*_SECRET, or NEXT_PUBLIC_*_TOKEN reads in your frontend codebase - same class of mistake, same exposure. The "configured" sentinel works as long as the backend actually has the keys provisioned; if a key is missing, the UI will claim the model is available when it is not. A /models/available endpoint from the backend would be more accurate, but that is a cleanup, not a security issue.

So what Import this if you are tracking upstream and have not already audited your `NEXT_PUBLIC_*` usage. Two-line fix, real credential-exposure bug. Check your own fork for any other `NEXT_PUBLIC_*` secrets while you are there.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from clapointe-carbonleo/mike-legal, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
c52c1648 Remove NEXT_PUBLIC API keys - hardcode availability instead clapointe-carbonleo 2026-05-06 ↗ GitHub
commit body
API keys must never be NEXT_PUBLIC_* (they end up in the browser bundle).
Model availability now hardcoded to 'configured' so all models show as available.
The backend uses its own server-side keys for actual API calls.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-10.md from inside the repo you want the changes in.

⬇ Download capture-thread-10.md