Client
Browser (React App)
No API keys stored here
Server
Supabase Edge Functions
Deno runtime · Encrypted secrets
CORS Restricted
API Keys Here
Provider
Google Gemini
Flash · Pro
Provider
Anthropic
Claude
Storage
Supabase (PostgreSQL)
Row-level security · Encrypted at rest
Key insight: API keys are stored as encrypted Edge Function secrets. They never appear in client-side code, network requests, or browser storage.