refactor: encapsulate state management for spec and suggestions generation

- Made the generation status variables private and introduced getter functions for both spec and suggestions generation states.
- Updated relevant route handlers to utilize the new getter functions, improving encapsulation and reducing direct access to shared state.
- Enhanced code maintainability by centralizing state management logic.

apps/server/src/routes/setup/common.ts

@@ -12,8 +12,29 @@ import {
 
 const logger = createLogger("Setup");
 
-// Storage for API keys (in-memory cache)
-export const apiKeys: Record<string, string> = {};
+// Storage for API keys (in-memory cache) - private
+const apiKeys: Record<string, string> = {};
+
+/**
+ * Get an API key for a provider
+ */
+export function getApiKey(provider: string): string | undefined {
+  return apiKeys[provider];
+}
+
+/**
+ * Set an API key for a provider
+ */
+export function setApiKey(provider: string, key: string): void {
+  apiKeys[provider] = key;
+}
+
+/**
+ * Get all API keys (for read-only access)
+ */
+export function getAllApiKeys(): Record<string, string> {
+  return { ...apiKeys };
+}
 
 /**
  * Helper to persist API keys to .env file

apps/server/src/routes/setup/get-claude-status.ts

@@ -7,7 +7,7 @@ import { promisify } from "util";
 import os from "os";
 import path from "path";
 import fs from "fs/promises";
-import { apiKeys } from "./common.js";
+import { getApiKey } from "./common.js";
 
 const execAsync = promisify(exec);
 
@@ -71,8 +71,8 @@ export async function getClaudeStatus() {
     method: "none" as string,
     hasCredentialsFile: false,
     hasToken: false,
-    hasStoredOAuthToken: !!apiKeys.anthropic_oauth_token,
-    hasStoredApiKey: !!apiKeys.anthropic,
+    hasStoredOAuthToken: !!getApiKey("anthropic_oauth_token"),
+    hasStoredApiKey: !!getApiKey("anthropic"),
     hasEnvApiKey: !!process.env.ANTHROPIC_API_KEY,
     hasEnvOAuthToken: !!process.env.CLAUDE_CODE_OAUTH_TOKEN,
     // Additional fields for detailed status
@@ -159,14 +159,14 @@ export async function getClaudeStatus() {
   }
 
   // In-memory stored OAuth token (from setup wizard - subscription auth)
-  if (!auth.authenticated && apiKeys.anthropic_oauth_token) {
+  if (!auth.authenticated && getApiKey("anthropic_oauth_token")) {
     auth.authenticated = true;
     auth.oauthTokenValid = true;
     auth.method = "oauth_token"; // Stored OAuth token from setup wizard
   }
 
   // In-memory stored API key (from settings UI - pay-per-use)
-  if (!auth.authenticated && apiKeys.anthropic) {
+  if (!auth.authenticated && getApiKey("anthropic")) {
     auth.authenticated = true;
     auth.apiKeyValid = true;
     auth.method = "api_key"; // Manually stored API key

apps/server/src/routes/setup/routes/api-keys.ts

@@ -3,15 +3,19 @@
  */
 
 import type { Request, Response } from "express";
-import { apiKeys, getErrorMessage, logError } from "../common.js";
+import {
+  getApiKey,
+  getErrorMessage,
+  logError,
+} from "../common.js";
 
 export function createApiKeysHandler() {
   return async (_req: Request, res: Response): Promise<void> => {
     try {
       res.json({
         success: true,
-        hasAnthropicKey: !!apiKeys.anthropic || !!process.env.ANTHROPIC_API_KEY,
-        hasGoogleKey: !!apiKeys.google || !!process.env.GOOGLE_API_KEY,
+        hasAnthropicKey: !!getApiKey("anthropic") || !!process.env.ANTHROPIC_API_KEY,
+        hasGoogleKey: !!getApiKey("google") || !!process.env.GOOGLE_API_KEY,
       });
     } catch (error) {
       logError(error, "Get API keys failed");

apps/server/src/routes/setup/routes/store-api-key.ts

@@ -4,7 +4,7 @@
 
 import type { Request, Response } from "express";
 import {
-  apiKeys,
+  setApiKey,
   persistApiKeyToEnv,
   getErrorMessage,
   logError,
@@ -28,7 +28,7 @@ export function createStoreApiKeyHandler() {
         return;
       }
 
-      apiKeys[provider] = apiKey;
+      setApiKey(provider, apiKey);
 
       // Also set as environment variable and persist to .env
       // IMPORTANT: OAuth tokens and API keys must be stored separately