vdavid
diff --git a/‎apps/desktop/src-tauri/src/ai/CLAUDE.md‎
Lines changed: 5 additions & 2 deletions b/‎apps/desktop/src-tauri/src/ai/CLAUDE.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎apps/desktop/src-tauri/src/ai/api_keys.rs‎
Lines changed: 185 additions & 0 deletions b/‎apps/desktop/src-tauri/src/ai/api_keys.rs‎
Lines changed: 185 additions & 0 deletions
diff --git a/‎apps/desktop/src-tauri/src/ai/mod.rs‎
Lines changed: 1 addition & 0 deletions b/‎apps/desktop/src-tauri/src/ai/mod.rs‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎apps/desktop/src-tauri/src/ipc.rs‎
Lines changed: 8 additions & 0 deletions b/‎apps/desktop/src-tauri/src/ipc.rs‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎apps/desktop/src-tauri/src/secrets/CLAUDE.md‎
Lines changed: 6 additions & 2 deletions b/‎apps/desktop/src-tauri/src/secrets/CLAUDE.md‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎apps/desktop/src/lib/ipc/bindings.ts‎
Lines changed: 18 additions & 0 deletions b/‎apps/desktop/src/lib/ipc/bindings.ts‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎apps/desktop/src/lib/settings/CLAUDE.md‎
Lines changed: 13 additions & 9 deletions b/‎apps/desktop/src/lib/settings/CLAUDE.md‎
Lines changed: 13 additions & 9 deletions
@@ -12,6 +12,7 @@ Three provider modes:
 | File | Purpose |
 |---|---|
 | `mod.rs` | Types (`AiStatus`, `AiState`, `DownloadProgress`, `ModelInfo`), model registry (`AVAILABLE_MODELS`, `DEFAULT_MODEL_ID`), `is_local_ai_supported()` gate |
+| `api_keys.rs` | Per-provider cloud API key storage. Delegates to `crate::secrets::store()` (macOS Keychain, Linux Secret Service, or encrypted-file fallback). One entry per provider under key `ai.apiKey.<providerId>`. Exposes `save_ai_api_key` / `get_ai_api_key` / `delete_ai_api_key` / `has_ai_api_key` Tauri commands. Keys are NOT stored in `settings.json`. |
 | `manager.rs` | Central coordinator. Global `Mutex<Option<ManagerState>>` singleton. Most Tauri commands live here. Stores provider + cloud-AI config (`cloud_api_key`/`cloud_base_url`/`cloud_model`). Exposes `resolve_backend() -> BackendResolution` so callers don't reinvent provider routing. Also owns the `STREAM_CANCEL_TOKENS` registry (`register_stream`/`unregister_stream`/`cancel_stream`) for in-flight `stream_folder_suggestions` cancellation. |
 | `download.rs` | HTTP streaming download with Range-based resume. Emits `ai-download-progress` events (200ms throttle). Cooperative cancellation via function parameter (`Fn() -> bool`). |
 | `extract.rs` | Copies bundled `llama-server` binary + dylibs from `resources/ai/` to the AI data dir. Sets Unix permissions, handles symlinks. |
@@ -27,6 +28,7 @@ Three provider modes:
 ### Tauri commands
 
 Core: `get_ai_status`, `get_ai_model_info`, `get_ai_runtime_status`, `configure_ai`, `start_ai_server`, `stop_ai_server`, `check_ai_connection`, `start_ai_download`, `cancel_ai_download`, `get_folder_suggestions`, `stream_folder_suggestions`, `cancel_folder_suggestions`. Note: `get_system_memory_info` moved to top-level `system_memory.rs`.
+API keys: `save_ai_api_key`, `get_ai_api_key`, `delete_ai_api_key`, `has_ai_api_key` (in `api_keys.rs`).
 Legacy (still wired, used by toast): `uninstall_ai`, `dismiss_ai_offer`, `opt_out_ai`, `opt_in_ai`, `is_ai_opted_out`.
 
 ## Startup flow
@@ -37,9 +39,10 @@ Tauri setup()
 
 Frontend loads
   -> initializeSettings()           <- loads settings from tauri-plugin-store
+  -> getAiApiKey(providerId)        <- fetches API key from OS secret store
   -> configureAi({                  <- pushes AI config to backend
        provider, contextSize,
-       openaiApiKey, openaiBaseUrl, openaiModel
+       cloudApiKey, cloudBaseUrl, cloudModel
      })
        -> backend: if provider === 'local' && model installed && local AI supported
             -> spawn_and_track_server() (sync, inside lock — PID tracked immediately)
@@ -78,7 +81,7 @@ The frontend (`AiSection.svelte`) tracks `installStep` state and displays "Step
 - Download guard: `download_in_progress` flag prevents concurrent downloads.
 - Server logs written to `llama-server.log` in the AI dir for debugging.
 - `opted_out` field in `AiState` is legacy. `ai.provider` in frontend settings store is the source of truth.
-- OpenAI config (api_key, base_url, model) stored in `ManagerState` so suggestions.rs can read without settings files.
+- OpenAI config (api_key, base_url, model) stored in `ManagerState` so suggestions.rs can read without settings files. The api_key originates from the OS secret store (`api_keys.rs`), pushed in via `configure_ai`.
 - `configure_ai` is idempotent -- frontend calls it on startup and whenever any AI setting changes.
 - `ModelInfo` includes `kv_bytes_per_token` and `base_overhead_bytes` for frontend memory estimation.
 
 
@@ -0,0 +1,185 @@
+//! Cloud AI provider API key storage.
+//!
+//! Delegates to `crate::secrets::store()` for platform-agnostic secret storage so each provider's
+//! key sits in the OS-native secret backend (macOS Keychain, Linux Secret Service, etc.) instead
+//! of `settings.json`. One entry per provider keyed as `ai.apiKey.<providerId>`.
+
+use crate::secrets::SecretStoreError;
+use log::{debug, info};
+use serde::{Deserialize, Serialize};
+
+/// Builds the secret-store key for a given provider id.
+fn store_key(provider_id: &str) -> String {
+    format!("ai.apiKey.{provider_id}")
+}
+
+/// Error types surfaced over IPC for AI API key operations.
+#[derive(Debug, Clone, Serialize, Deserialize, specta::Type)]
+#[serde(rename_all = "snake_case", tag = "type", content = "message")]
+pub enum AiApiKeyError {
+    NotFound(String),
+    AccessDenied(String),
+    Other(String),
+}
+
+impl std::fmt::Display for AiApiKeyError {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::NotFound(msg) => write!(f, "AI API key not found: {msg}"),
+            Self::AccessDenied(msg) => write!(f, "AI API key access denied: {msg}"),
+            Self::Other(msg) => write!(f, "AI API key error: {msg}"),
+        }
+    }
+}
+
+impl std::error::Error for AiApiKeyError {}
+
+impl From<SecretStoreError> for AiApiKeyError {
+    fn from(e: SecretStoreError) -> Self {
+        match e {
+            SecretStoreError::NotFound(msg) => Self::NotFound(msg),
+            SecretStoreError::AccessDenied(msg) => Self::AccessDenied(msg),
+            SecretStoreError::Other(msg) => Self::Other(msg),
+        }
+    }
+}
+
+/// Saves the API key for a provider. Overwrites any existing entry. Logs at INFO without ever
+/// touching the key value — the *change event* is the actionable signal for postmortem debugging
+/// (when did the key get set? did the save reach the keychain?), the key itself is not.
+pub fn save(provider_id: &str, api_key: &str) -> Result<(), AiApiKeyError> {
+    let key = store_key(provider_id);
+    let key_len = api_key.len();
+    crate::secrets::store().set(&key, api_key.as_bytes())?;
+    info!("AI API key saved for provider {provider_id} ({key_len} bytes)");
+    Ok(())
+}
+
+/// Returns the stored API key for a provider, or an error if none is stored.
+pub fn get(provider_id: &str) -> Result<String, AiApiKeyError> {
+    let key = store_key(provider_id);
+    let data = crate::secrets::store().get(&key)?;
+    String::from_utf8(data).map_err(|e| AiApiKeyError::Other(format!("Stored key is not valid UTF-8: {e}")))
+}
+
+/// Deletes the API key for a provider. Returns `Ok(())` even if no entry existed (idempotent).
+pub fn delete(provider_id: &str) -> Result<(), AiApiKeyError> {
+    let key = store_key(provider_id);
+    match crate::secrets::store().delete(&key) {
+        Ok(()) => {
+            info!("AI API key deleted for provider {provider_id}");
+            Ok(())
+        }
+        Err(SecretStoreError::NotFound(_)) => {
+            debug!("AI API key delete for {provider_id} was a no-op (none stored)");
+            Ok(())
+        }
+        Err(e) => Err(e.into()),
+    }
+}
+
+/// Returns true if an API key is stored for the provider.
+pub fn has(provider_id: &str) -> bool {
+    get(provider_id).is_ok()
+}
+
+// --- Tauri commands ---
+
+#[tauri::command]
+#[specta::specta]
+pub fn save_ai_api_key(provider_id: String, api_key: String) -> Result<(), AiApiKeyError> {
+    save(&provider_id, &api_key)
+}
+
+/// Returns the stored API key for the provider, or an empty string if none is stored.
+/// Returning empty (rather than an error) on missing keys keeps the call sites simple — they all
+/// pass the value through to `configure_ai`, which already treats empty-string as "not configured."
+#[tauri::command]
+#[specta::specta]
+pub fn get_ai_api_key(provider_id: String) -> Result<String, AiApiKeyError> {
+    match get(&provider_id) {
+        Ok(key) => Ok(key),
+        Err(AiApiKeyError::NotFound(_)) => Ok(String::new()),
+        Err(e) => Err(e),
+    }
+}
+
+#[tauri::command]
+#[specta::specta]
+pub fn delete_ai_api_key(provider_id: String) -> Result<(), AiApiKeyError> {
+    delete(&provider_id)
+}
+
+#[tauri::command]
+#[specta::specta]
+pub fn has_ai_api_key(provider_id: String) -> bool {
+    has(&provider_id)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::sync::atomic::{AtomicU64, Ordering};
+
+    /// Per-test isolation: each test runs in its own data dir so the PlainFileStore's JSON file
+    /// doesn't race across nextest's per-test processes (which would share the prod app-support
+    /// dir otherwise — secrets `save` succeeds but the subsequent `get` sees another test's write).
+    ///
+    /// Must be called BEFORE the first secret store access in the test — the secret store backend
+    /// is a `LazyLock` and reads these env vars exactly once.
+    ///
+    /// SAFETY: `std::env::set_var` is racy across threads, but each nextest test runs in its own
+    /// process, so the only env-var writes happen here on the test's main thread before any code
+    /// that reads them.
+    fn isolate_secrets() {
+        static COUNTER: AtomicU64 = AtomicU64::new(0);
+        let id = COUNTER.fetch_add(1, Ordering::Relaxed);
+        let dir = std::env::temp_dir().join(format!("cmdr-api-keys-test-{}-{}", std::process::id(), id));
+        std::fs::create_dir_all(&dir).expect("create test data dir");
+        unsafe {
+            std::env::set_var("CMDR_DATA_DIR", &dir);
+            std::env::set_var("CMDR_SECRET_STORE", "file");
+        }
+    }
+
+    #[test]
+    fn save_and_get_roundtrip() {
+        isolate_secrets();
+        save("openai", "sk-test-abc123").unwrap();
+        assert_eq!(get("openai").unwrap(), "sk-test-abc123");
+    }
+
+    #[test]
+    fn get_missing_returns_not_found() {
+        isolate_secrets();
+        match get("openai") {
+            Err(AiApiKeyError::NotFound(_)) => {}
+            other => panic!("expected NotFound, got {other:?}"),
+        }
+    }
+
+    #[test]
+    fn has_reflects_save_and_delete() {
+        isolate_secrets();
+        assert!(!has("openai"));
+        save("openai", "sk-test").unwrap();
+        assert!(has("openai"));
+        delete("openai").unwrap();
+        assert!(!has("openai"));
+    }
+
+    #[test]
+    fn delete_missing_is_idempotent() {
+        isolate_secrets();
+        delete("openai").unwrap();
+        delete("openai").unwrap();
+    }
+
+    #[test]
+    fn save_overwrites_existing() {
+        isolate_secrets();
+        save("openai", "sk-first").unwrap();
+        save("openai", "sk-second").unwrap();
+        assert_eq!(get("openai").unwrap(), "sk-second");
+    }
+}
@@ -11,6 +11,7 @@
 //! 3. Add a new entry to `AVAILABLE_MODELS`
 //! 4. Update `DEFAULT_MODEL_ID` if the new model should be the default
 
+pub mod api_keys;
 pub mod client;
 #[cfg(test)]
 mod client_integration_test;
 
@@ -185,6 +185,10 @@ fn collect_cross_platform_types(types: &mut Types) -> Vec<Function> {
         crate::ai::manager::opt_out_ai,
         crate::ai::manager::opt_in_ai,
         crate::ai::manager::is_ai_opted_out,
+        crate::ai::api_keys::save_ai_api_key,
+        crate::ai::api_keys::get_ai_api_key,
+        crate::ai::api_keys::delete_ai_api_key,
+        crate::ai::api_keys::has_ai_api_key,
         crate::ai::suggestions::get_folder_suggestions,
         // set_mcp_enabled, set_mcp_port are generic (<R: Runtime>) — excluded from specta
         crate::commands::mcp::get_mcp_running,
@@ -884,6 +888,10 @@ pub fn builder() -> Builder<tauri::Wry> {
         crate::ai::manager::opt_out_ai,
         crate::ai::manager::opt_in_ai,
         crate::ai::manager::is_ai_opted_out,
+        crate::ai::api_keys::save_ai_api_key,
+        crate::ai::api_keys::get_ai_api_key,
+        crate::ai::api_keys::delete_ai_api_key,
+        crate::ai::api_keys::has_ai_api_key,
         crate::ai::suggestions::get_folder_suggestions,
         // stream_folder_suggestions / cancel_folder_suggestions: streaming via tauri Channel<T>;
         // not specta-friendly yet, kept on raw invoke (eslint opt-out at FE call sites).
 
@@ -24,8 +24,12 @@ Generic key-value secret storage with pluggable backends.
 
 ### Generic byte storage, not typed credentials
 
-The trait stores opaque `&[u8]` / `Vec<u8>`. Callers (like `network/keychain.rs` for SMB) handle their own
-serialization format. This keeps the store reusable for any secret type.
+The trait stores opaque `&[u8]` / `Vec<u8>`. Callers handle their own serialization format. Current consumers:
+
+- `network/keychain.rs` — SMB credentials, stored as `username\0password` under keys like `smb://server/share`.
+- `ai/api_keys.rs` — cloud AI provider API keys, stored as raw UTF-8 under keys like `ai.apiKey.openai`.
+
+This keeps the store reusable for any future secret type.
 
 ### File-based stores use `CMDR_DATA_DIR`
 
 
@@ -874,6 +874,18 @@ export const commands = {
   optInAi: () => __TAURI_INVOKE<void>('opt_in_ai'),
   // Returns whether the user has opted out of AI features.
   isAiOptedOut: () => __TAURI_INVOKE<boolean>('is_ai_opted_out'),
+  saveAiApiKey: (providerId: string, apiKey: string) =>
+    typedError<null, AiApiKeyError>(__TAURI_INVOKE('save_ai_api_key', { providerId, apiKey })),
+  /**
+   *  Returns the stored API key for the provider, or an empty string if none is stored.
+   *  Returning empty (rather than an error) on missing keys keeps the call sites simple — they all
+   *  pass the value through to `configure_ai`, which already treats empty-string as "not configured."
+   */
+  getAiApiKey: (providerId: string) =>
+    typedError<string, AiApiKeyError>(__TAURI_INVOKE('get_ai_api_key', { providerId })),
+  deleteAiApiKey: (providerId: string) =>
+    typedError<null, AiApiKeyError>(__TAURI_INVOKE('delete_ai_api_key', { providerId })),
+  hasAiApiKey: (providerId: string) => __TAURI_INVOKE<boolean>('has_ai_api_key', { providerId }),
   /**
    *  Generates folder name suggestions for the given directory.
    *
@@ -1748,6 +1760,12 @@ export type ActivityPhase =
   // Idle — indexing initialized but no active work.
   | 'idle'
 
+// Error types surfaced over IPC for AI API key operations.
+export type AiApiKeyError =
+  | { type: 'not_found'; message: string }
+  | { type: 'access_denied'; message: string }
+  | { type: 'other'; message: string }
+
 // Result of checking connectivity to an AI API endpoint.
 export type AiConnectionCheckResult = {
   connected: boolean
 
@@ -131,11 +131,11 @@ backend (via `getAiRuntimeStatus()` and Tauri events) with registry settings (`a
   handles provider switching (auto-stops local server when switching away), and conditionally renders one of the two
   sub-sections.
 - **`AiCloudSection.svelte`** — Cloud/API provider config. Provider preset dropdown (`cloud-providers.ts`), per-provider
-  API key storage in a JSON blob (`ai.cloudProviderConfigs`), endpoint URL, model combobox. Old flat settings
-  (`ai.openaiApiKey`, `ai.openaiBaseUrl`, `ai.openaiModel`) are migrated on first load. Includes a two-step connection
-  check (`check_ai_connection` Tauri command) that auto-triggers on API key or base URL changes (1s debounce), fetches
-  available models from the `/models` endpoint, and shows connection status (connected, auth error, unreachable). When
-  models are available, the Model field becomes a combobox with filtered dropdown; otherwise it's a plain text input.
+  endpoint URL and model stored in `ai.cloudProviderConfigs`, per-provider API key stored in the OS secret store via
+  `saveAiApiKey` / `getAiApiKey`. Includes a two-step connection check (`check_ai_connection` Tauri command) that
+  auto-triggers on API key or base URL changes (1s debounce), fetches available models from the `/models` endpoint, and
+  shows connection status (connected, auth error, unreachable). When models are available, the Model field becomes a
+  combobox with filtered dropdown; otherwise it's a plain text input.
 - **`AiLocalSection.svelte`** — Local LLM management. Server lifecycle (start/stop), model download with multi-step
   install tracking, context window setting with explicit "Apply" button (triggers server restart), RAM gauge (stacked
   bar) showing memory usage relative to system total with warning icons at >70% and >90% projected usage, system memory
@@ -176,7 +176,8 @@ row intentionally spans the full width.
 
 - **cloud-providers.ts** — Cloud provider preset definitions (OpenAI, Anthropic, Groq, etc.) and per-provider config
   helpers (`getProviderConfigs`, `setProviderConfig`, `resolveCloudConfig`). Used by `AiSection` and the startup flow in
-  `+layout.svelte` to resolve the effective API key, base URL, and model before calling `configureAi`.
+  `+layout.svelte` to resolve the effective base URL and model. The API key is fetched separately from the OS secret
+  store via `getAiApiKey(providerId)` before calling `configureAi`.
 - **settings-search.ts** — Fuzzy search over setting definitions; returns ranked matches with highlight ranges
 - **settings-applier.ts** — Listens for setting changes and applies side effects (CSS vars, backend config sync)
 - **network-settings.ts** — Network-specific setting helpers (proxy config, SMB auth defaults)
@@ -226,10 +227,13 @@ Defining all settings in a registry enables:
 3. UI generation for Advanced section (technical settings don't need custom UI)
 4. Schema migration (registry knows what's valid, can transform old data)
 
-### Why store OpenAI API key in `settings.json`, not keychain?
+### Why store cloud AI API keys in the OS secret store, not `settings.json`?
 
-Simpler first version. The file is already in the user's private app support directory. Keychain integration can come
-later if needed. The key is never sent anywhere except the user's configured endpoint.
+API keys live in the OS-native secret store (macOS Keychain, Linux Secret Service, or an encrypted file fallback on
+Linux without Secret Service) via `crate::secrets`. Access goes through the `saveAiApiKey` / `getAiApiKey` /
+`deleteAiApiKey` / `hasAiApiKey` Tauri commands. `ai.cloudProviderConfigs` in `settings.json` only holds non-secret
+fields (`model`, `baseUrl`). This keeps API keys out of Time Machine, cloud-sync backups, and any tool that mirrors
+`~/Library/Application Support`. Same secret store backs SMB credentials — see `src-tauri/src/secrets/CLAUDE.md`.
 
 ### Why debounced saves?