jkomoros
commented
1 year ago Just thinking out loud.
There might be two simple web clients, or perhaps one with two modes, for two use cases, where the end user has their own OPENAI_API_KEY and one where they don't.
The first can be 100% static and local, hosted anywhere. When you first load it it asks you to paste in your API key. It assures you that the API key won't be stored anywhere except sent to OpenAI. There's a way to opt-in for it to store the API key locally in local storage.
Another mode is for when someone else wants to "host" usage with their own API key. This has the possibility of exhausting their budget if they get a lot of traffic. This would require some kind of simple server side functionality where the key can be kept safe from the end user but applied to OpenAI requests. Perhaps a simple Firebase Cloud Function (downside being that would require rewriting the core logic of the context creation in javascript (which perhaps isn't that bad). Anyway, it allows an indirection that keeps the OpenAI key safe.
For both apps, we should stuff the endpoints you select into the URL of the tool, so when you share the URL with others they automatically query the same endpoints as you. The API key, obviously, is never transmitted.
dalmaer
A simple web polymath client that lets you define which federated resources to query?