Security: Move OpenAI API call to server-side proxy

## Problem
`src/Chatbot.jsx` constructs the OpenAI client with `dangerouslyAllowBrowser: true`, which exposes the API key in the browser JavaScript bundle. Any user who opens DevTools can extract the key.

## Proposed Solution
- Add a Vercel serverless function at `api/chat.js` that makes the OpenAI call server-side
- Move `VITE_API_KEY` to a non-prefixed `OPENAI_API_KEY` server env var
- Update the frontend to call the `/api/chat` endpoint instead of OpenAI directly
- Remove `dangerouslyAllowBrowser: true` flag

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security: Move OpenAI API call to server-side proxy #2

Problem

Proposed Solution

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security: Move OpenAI API call to server-side proxy #2

Description

Problem

Proposed Solution

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions