Bug Summary
API keys generated through the local coding key creation flow are stored in a different database column than the authentication flow uses for verification.
As a result, all generated keys are permanently invalid.
Describe the bug
The key creation endpoint stores hashes in:
api_key
The synchronization endpoint validates using:
api_key_hash
The creation flow never populates api_key_hash.
Therefore authentication queries always return zero matches.
To Reproduce
- Create a local coding API key.
- Save the generated key.
- Attempt synchronization using:
Authorization: Bearer
- Observe:
{
"error": "Invalid API key"
}
- Repeat with newly generated keys.
- Observe identical failure.
Expected behavior
Keys generated through the UI should authenticate successfully.
Actual behavior
Every generated key is rejected.
Additional context
Affected files:
- src/app/api/local-coding/keys/route.ts
- src/app/api/local-coding/sync/route.ts
Related migrations:
- 20260521000000_add_local_coding_tables.sql
- 20260522000000_add_api_key_hash_column.sql
This currently makes the entire local coding sync feature unusable.
Bug Summary
API keys generated through the local coding key creation flow are stored in a different database column than the authentication flow uses for verification.
As a result, all generated keys are permanently invalid.
Describe the bug
The key creation endpoint stores hashes in:
api_key
The synchronization endpoint validates using:
api_key_hash
The creation flow never populates api_key_hash.
Therefore authentication queries always return zero matches.
To Reproduce
Authorization: Bearer
{
"error": "Invalid API key"
}
Expected behavior
Keys generated through the UI should authenticate successfully.
Actual behavior
Every generated key is rejected.
Additional context
Affected files:
Related migrations:
This currently makes the entire local coding sync feature unusable.