Implement a "Bring Your Own Key" (BYOK) feature that allows users to use their own API keys for OpenAI, Anthropic, Groq, and Gemini models. When users provide their own API keys, they should not be charged credits from the platform since they're using their own resources. Secure keys if stored client-side.
Current State
- The settings popup has a commented-out checkbox for "Use custom API key" (lines 211-222 in
SettingsPopup.tsx)
- Basic API key validation exists in the backend (
session_routes.py lines 257-276)
- Credit deduction happens automatically for all users regardless of API key source
- No distinction between platform credits and user's own API costs
Requirements
1. Frontend Changes
2. Backend Changes
3. Credit System Integration
Error Handling
Files for Reference
Frontend Files
Auto-Analyst/auto-analyst-frontend/components/chat/SettingsPopup.tsx - Main BYOK UI
Auto-Analyst/auto-analyst-frontend/components/chat/ChatInterface.tsx - Credit deduction logic
Auto-Analyst/auto-analyst-frontend/lib/hooks/useModelSettings.ts - Settings management
Auto-Analyst/auto-analyst-frontend/lib/contexts/credit-context.tsx - Credit context updates
Backend Files
Auto-Analyst/auto-analyst-backend/src/routes/session_routes.py - API key validation & settings
Auto-Analyst/auto-analyst-backend/src/schemas/model_settings.py - Schema updates
Auto-Analyst/auto-analyst-backend/app.py - Session model configuration
API Routes to Update
/settings/model - Enhanced validation and BYOK flag
/api/model-settings - Return BYOK status
/api/user/deduct-credits - Add BYOK bypass logic
✅ Acceptance Criteria
- API Key Validation: Users can input their API keys and receive immediate validation feedback
- Credit Bypass: No credits are deducted when using custom API keys
- Visual Feedback: Clear UI indication of BYOK vs platform usage
- Error Handling: Helpful error messages for invalid or expired keys
- Security: API keys are validated but not stored permanently (session only)
- Multi-Provider: Works with OpenAI, Anthropic, Groq, and Gemini APIs
Implement a "Bring Your Own Key" (BYOK) feature that allows users to use their own API keys for OpenAI, Anthropic, Groq, and Gemini models. When users provide their own API keys, they should not be charged credits from the platform since they're using their own resources. Secure keys if stored client-side.
Current State
SettingsPopup.tsx)session_routes.pylines 257-276)Requirements
1. Frontend Changes
SettingsPopup.tsx2. Backend Changes
session_routes.py3. Credit System Integration
ChatInterface.tsx(lines 1026-1083)DeepAnalysisSidebar.tsx(lines 456-506, 632-680)/api/user/deduct-creditsImportant Note:
DeepAnalysisSidebar.tsx(lines 456-506, 632-680), CodeFixButton (lines 125-160) and CodeCanvas (lines 692-720) always use models via platform API (non-BYOK). Skip BYOK logic for these two, credits should always be deducted (at least for now).Error Handling
Files for Reference
Frontend Files
Auto-Analyst/auto-analyst-frontend/components/chat/SettingsPopup.tsx- Main BYOK UIAuto-Analyst/auto-analyst-frontend/components/chat/ChatInterface.tsx- Credit deduction logicAuto-Analyst/auto-analyst-frontend/lib/hooks/useModelSettings.ts- Settings managementAuto-Analyst/auto-analyst-frontend/lib/contexts/credit-context.tsx- Credit context updatesBackend Files
Auto-Analyst/auto-analyst-backend/src/routes/session_routes.py- API key validation & settingsAuto-Analyst/auto-analyst-backend/src/schemas/model_settings.py- Schema updatesAuto-Analyst/auto-analyst-backend/app.py- Session model configurationAPI Routes to Update
/settings/model- Enhanced validation and BYOK flag/api/model-settings- Return BYOK status/api/user/deduct-credits- Add BYOK bypass logic✅ Acceptance Criteria