Is your feature request related to a problem? Please describe.
Currently, the frontend exposes the Gemini API key using NEXT_PUBLIC_GEMINI_API_KEY, which bundles the credential into the client-side JavaScript and makes it visible through browser devtools/network inspection. This creates a critical security vulnerability where malicious users can abuse the API key, exhaust quotas, or perform unauthorized requests.
Additionally, custom prompts from .gitbunrc and CLI arguments are directly appended into the LLM prompt pipeline without sanitization, length validation, or injection boundaries, making the AI enhancement flow vulnerable to prompt injection and malformed instruction chaining.
Describe the solution you'd like
I would like to introduce a secure server-side AI architecture for the Next.js frontend and harden the LLM prompt pipeline.
Proposed improvements:
- Move Gemini inference to a secure Next.js API route (
/api/generate)
- Replace
NEXT_PUBLIC_GEMINI_API_KEY with a server-only GEMINI_API_KEY
- Refactor frontend AI calls to communicate only with the API route
- Add prompt sanitization and validation middleware
- Implement request throttling/rate limiting
- Add typed request-response validation using
zod
- Ensure AI fallback handling remains intact
This change would improve security, maintainability, and production readiness while preventing credential leakage and prompt injection abuse.
Describe alternatives you've considered
Some smaller alternatives were considered:
- Simply obfuscating the frontend API key
- Adding frontend-only validation before Gemini requests
- Limiting prompt size without architectural changes
However, these approaches do not properly secure the API key because any NEXT_PUBLIC_* variable is still exposed to the browser bundle. A server-side proxy architecture is the most robust and scalable solution.
Additional context
Potential files affected:
frontend/src/lib/gemini.ts
frontend/src/lib/generateCommit.ts
frontend/src/app/api/generate/route.ts
src/llm/ollamaEnhancer.ts
src/config/loadConfig.ts
Additional enhancements that can be included:
- Prompt boundary enforcement
- Injection phrase filtering
- Request schema validation
- Cooldown handling for playground spam
- Better error handling and fallback states
This issue addresses both:
- Critical frontend credential exposure
- Unsafe prompt concatenation in the AI enhancement pipeline
Is your feature request related to a problem? Please describe.
Currently, the frontend exposes the Gemini API key using
NEXT_PUBLIC_GEMINI_API_KEY, which bundles the credential into the client-side JavaScript and makes it visible through browser devtools/network inspection. This creates a critical security vulnerability where malicious users can abuse the API key, exhaust quotas, or perform unauthorized requests.Additionally, custom prompts from
.gitbunrcand CLI arguments are directly appended into the LLM prompt pipeline without sanitization, length validation, or injection boundaries, making the AI enhancement flow vulnerable to prompt injection and malformed instruction chaining.Describe the solution you'd like
I would like to introduce a secure server-side AI architecture for the Next.js frontend and harden the LLM prompt pipeline.
Proposed improvements:
/api/generate)NEXT_PUBLIC_GEMINI_API_KEYwith a server-onlyGEMINI_API_KEYzodThis change would improve security, maintainability, and production readiness while preventing credential leakage and prompt injection abuse.
Describe alternatives you've considered
Some smaller alternatives were considered:
However, these approaches do not properly secure the API key because any
NEXT_PUBLIC_*variable is still exposed to the browser bundle. A server-side proxy architecture is the most robust and scalable solution.Additional context
Potential files affected:
Additional enhancements that can be included:
This issue addresses both: