Documentation Index
Fetch the complete documentation index at: https://docs.osschat.dev/llms.txt
Use this file to discover all available pages before exploring further.
Providers and Encryption
OpenChat supports two provider paths:osschatshared OpenRouter key (free-tier style usage controls).- User-managed credentials for
openrouter,openai,anthropic,google,xai,groq,mistral,cohere,codex, andclaude-code.
Provider Registry
Provider metadata is defined inapps/web/src/lib/provider-credentials.ts.
- Each provider has
authType(apiKeyoroauth), placeholder, and optional docs URL. - UI reads these definitions in
settings-providers.tsx.
Encryption Model
Secrets are encrypted server-side before persistence.- Web server route encrypts incoming secrets in
api/provider-credentials.ts. - Encryption helpers are in
lib/server-crypto.tsusing AES-256-GCM. - Ciphertext is stored in Convex
userProviderCredentialstable.
Runtime Provider Resolution
streamExecution.ts resolves provider auth at request time:
osschatuses serverOPENROUTER_API_KEY.- Other providers fetch encrypted user credential via internal query.
- Secret is decrypted in action runtime and used to instantiate provider SDK client.
Operational Best Practices
- Rotate encryption keys with a controlled migration plan.
- Apply rate limits to credential update/delete endpoints.
- Keep provider secrets server-only; never expose raw values to the client.