From 79cd64b10b453cc110e19202b2c8c6e5004802ac Mon Sep 17 00:00:00 2001 From: oratis Date: Thu, 28 May 2026 18:43:30 +0800 Subject: [PATCH] fix(core): allow OpenAI SDK in Tauri webview (dangerouslyAllowBrowser: true) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The OpenAI SDK refuses to construct in a "browser-like" environment by default, to prevent users from accidentally shipping API keys in pages served to untrusted browsers. In the DeepCode Tauri desktop app the renderer trips this guard even though the key is loaded from local Tauri-keychain storage (never exposed to a real browser). The CLI and VS Code extension run in Node, where the guard never trips anyway, so turning the flag on unconditionally is a no-op there and only matters inside the Tauri webview. Fixes the "× Failed to start: It looks like you're running in a browser-like environment" error in the desktop REPL. Co-Authored-By: Claude Opus 4.7 (1M context) --- packages/core/src/providers/deepseek.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/packages/core/src/providers/deepseek.ts b/packages/core/src/providers/deepseek.ts index eddf584..d26ce5c 100644 --- a/packages/core/src/providers/deepseek.ts +++ b/packages/core/src/providers/deepseek.ts @@ -57,6 +57,14 @@ export class DeepSeekProvider implements Provider { baseURL: this.baseURL, fetch: opts.fetch, // If authToken is set, the OpenAI SDK uses Bearer (correct for our dual-header design). + // + // The OpenAI SDK refuses to start in a "browser-like" environment by default to + // avoid users shipping API keys in pages served to untrusted clients. DeepCode is + // never that case: it's a CLI / VS Code extension / Tauri desktop app, all of which + // run on the user's own machine with the key in storage they control. In Node this + // flag is a no-op (the guard's `typeof window` check never trips); in the Tauri + // webview it disables the false-positive guard so the renderer-side provider works. + dangerouslyAllowBrowser: true, }); }