Summary
AI provider config allows disabling TLS certificate verification via a simple checkbox (acceptInvalidCerts). When enabled, the Rust backend calls reqwest with danger_accept_invalid_certs(true) (src-tauri/src/ai/client.rs line 12), making all API calls to that provider vulnerable to MITM.
Risk
An attacker on the same network can intercept API calls and steal API keys, prompts, and responses. The UI shows a small amber warning but the feature is easy to toggle on and forget about. Severity is high when enabled.
Remediation
- Add a stronger warning (red, explicit mention of API key interception risk)
- Require re-confirmation each time the setting is loaded (don't just persist silently)
- Log when this setting is active so users can audit
- Consider limiting to localhost/private IP base URLs only
Summary
AI provider config allows disabling TLS certificate verification via a simple checkbox (acceptInvalidCerts). When enabled, the Rust backend calls reqwest with danger_accept_invalid_certs(true) (src-tauri/src/ai/client.rs line 12), making all API calls to that provider vulnerable to MITM.
Risk
An attacker on the same network can intercept API calls and steal API keys, prompts, and responses. The UI shows a small amber warning but the feature is easy to toggle on and forget about. Severity is high when enabled.
Remediation