feat: Smart Key Extraction confirmation dialog + universal toggles#5
Merged
easyvibecoding merged 5 commits intomainfrom Mar 18, 2026
Merged
feat: Smart Key Extraction confirmation dialog + universal toggles#5easyvibecoding merged 5 commits intomainfrom
easyvibecoding merged 5 commits intomainfrom
Conversation
Three-tier confidence strategy for captured API keys: - >= 0.7: auto-mask + store (unchanged original behavior) - 0.35~0.7: mask first → confirmation dialog → confirm/reject - < 0.35: silently ignore Confirmation dialog: inline content script overlay with editable service name, confidence display, 30s auto-dismiss, Escape support, queue for multiple pending confirmations, rejectedKeys dedup. Universal toggles (popup, default OFF): - Universal Masking: scanAndMask on non-supported platforms - Universal Detection: scanForNewKeys on non-supported platforms Supported platforms unchanged — Demo Mode auto-enables both. Other: generic-key pattern (confidence 0.50), isAlreadyStoredKey() dedup, confirm_captured_key handler, removeMaskForValue(). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
td.api-key-token .api-key-token-value contains truncated key previews (sk-...QngA) that never match full key patterns, so visibility was never restored. This caused key list items to stay hidden in Demo Mode. Only hide [data-state="open"] code (dialog content with full keys). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
generic-key pattern has prefix '' which caused containsFullKey()
in pre-hide.ts to match ALL text (indexOf('') always returns 0),
hiding entire dialogs. Filter out empty prefixes from KEY_PREFIXES.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add turbo:before-render listener in pre-hide.ts that hides key elements in the incoming body BEFORE Turbo renders it. Uses the same selectors from capture-patterns.ts preHideCSS. Also change toast duration from 10s to 25s. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- confirmation-dialog-spec.md (zh + en): full spec for three-tier confidence strategy, confirmation dialog, universal toggles, generic key pattern, IPC flow, deduplication - implementation-status.md: add 4 new Chrome Extension features - CLAUDE.md: 6 new Key Technical Decisions Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
turbo:before-renderpre-hideChanges
Smart Key Extraction Confirmation Dialog
masker.ts: three-tier routing insubmitCapturedKey(), inline confirmation dialog UI with editable service name, 30sauto-dismiss, Escape support, dialog queue for multiple pending keys
masker.ts:removeMaskForValue()restores original text on reject,rejectedKeysSet prevents re-detection for page lifetimemasker.ts:isAlreadyStoredKey()skips values matching existing Core patterns,generateMaskedPreview()extracted as reusablefunction
service-worker.ts:_sender→sender,confirm_captured_keyhandler resubmits with confidence 1.0, relayskey_confirmedback to content script tab
ipc-protocol: addsubmit_captured_keytoRequestActionUniversal Masking / Detection Toggles
popup.html/ts: two toggle switches (purple theme, default OFF)service-worker.ts:isUniversalMasking/isUniversalDetectionstate, persisted inchrome.storage.localmasker.ts:shouldAutoCapture()extended withisUniversalDetection, bootstrap andstate_changedaddelse if (shouldAutoCapture())for non-supported platforms. Supported platform behavior unchanged.Bug Fixes
capture-patterns.ts: removetd.api-key-token .api-key-token-valuefrom OpenAI preHideCSS — truncated previews never matchpatterns, causing permanent hidden state
capture-patterns.ts: filter empty prefix fromKEY_PREFIXES— generic-key pattern'sprefix: ''causedcontainsFullKey()tomatch ALL text via
indexOf('')pre-hide.ts: addturbo:before-renderlistener to hide key elements in incoming Turbo body before render, preventing GitHub PATflash
masker.ts: toast duration changed from 10s to 25sGeneric Key Pattern
capture-patterns.ts: newgeneric-keypattern (confidence 0.50) matches common prefixes (key-,token-,api-,secret-,sk-,pk-,rk-) + 30+ char alphanumeric stringsDesign Decisions
shouldMask()andshouldAutoCapture()preserve originalisOnSupportedPlatform()behavior.Universal toggles only extend to non-supported platforms.
isDemoModeguards onscanAndMask(),debouncedScan(),enablePreHide()remain untouched. Newlogic added as
else ifbranches only.Test Results
hf_ZODVY****...ghp_dF9g****...sk-ant-a****...Test plan
🤖 Generated with Claude Code