fix(ui): commit API key draft on click-outside instead of discarding it#1039
Merged
Merged
Conversation
Typing a key and clicking the next field silently reverted the value to empty — the click-outside handler cancelled the draft, so it never reached the settings store. This hit Corti BYOK users hardest during onboarding, where the natural flow is paste client ID -> click client secret field. Click-outside now saves the draft; Escape and the ✕ button still cancel.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Users reported their Corti client ID and client secret being cleared out right after typing them in during onboarding — especially those who continued without an account (they're the only cohort forced into BYOK, so they're the ones typing credentials by hand).
Root cause:
ApiKeyInputkeeps typed input in a local draft that only commits on Enter or the ✓ button. Anymousedownoutside the field cancelled the draft, so the natural flow — paste client ID → click the client secret field — silently discarded the value and the field reverted to the empty "Add" placeholder. Validation reads the settings store, which never received the value, so "Use Corti" / Continue stayed disabled.This affected every provider using
ApiKeyInput(OpenAI, Groq, xAI, Mistral, custom), in both onboarding and Settings — Corti was just the most exposed since it has two adjacent credential fields.Fix
Click-outside now commits the draft instead of discarding it. Escape and the ✕ button remain explicit cancels.
saveis wrapped inuseCallbackso the document listener always sees the current draft.Testing
npm run typecheck✅npm run lint✅prettier --check✅