diff --git a/app/Http/Controllers/Settings/ApiKeyController.php b/app/Http/Controllers/Settings/ApiKeyController.php
index bff15e0..cf66494 100644
--- a/app/Http/Controllers/Settings/ApiKeyController.php
+++ b/app/Http/Controllers/Settings/ApiKeyController.php
@@ -66,4 +66,32 @@ public function destroy(Request $request): RedirectResponse
 
         return redirect()->route('api-keys.edit')->with('success', 'API key deleted successfully.');
     }
+
+    /**
+     * Store the OpenAI API key (used by onboarding)
+     */
+    public function store(Request $request)
+    {
+        $request->validate([
+            'api_key' => ['required', 'string', 'min:20'],
+        ]);
+
+        $apiKey = $request->input('api_key');
+
+        // Validate the API key
+        if (!$this->apiKeyService->validateApiKey($apiKey)) {
+            return response()->json([
+                'success' => false,
+                'message' => 'The provided API key is invalid. Please check and try again.',
+            ], 422);
+        }
+
+        // Store the API key
+        $this->apiKeyService->setApiKey($apiKey);
+
+        return response()->json([
+            'success' => true,
+            'message' => 'API key saved successfully.',
+        ]);
+    }
 }
diff --git a/app/Http/Middleware/CheckOnboarding.php b/app/Http/Middleware/CheckOnboarding.php
new file mode 100644
index 0000000..1952f69
--- /dev/null
+++ b/app/Http/Middleware/CheckOnboarding.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Services\ApiKeyService;
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class CheckOnboarding
+{
+    protected ApiKeyService $apiKeyService;
+
+    public function __construct(ApiKeyService $apiKeyService)
+    {
+        $this->apiKeyService = $apiKeyService;
+    }
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        // Routes that should be accessible without API key
+        $excludedRoutes = [
+            'onboarding',
+            'api-keys.edit',
+            'api-keys.update',
+            'api-keys.destroy',
+            'api.openai.status',
+            'api.openai.api-key.store',
+            'appearance',
+        ];
+
+        // Skip check for excluded routes
+        if ($request->route() && in_array($request->route()->getName(), $excludedRoutes)) {
+            return $next($request);
+        }
+
+        // Skip if API request (they handle their own errors)
+        if ($request->is('api/*')) {
+            return $next($request);
+        }
+
+        // Check if API key exists
+        if (!$this->apiKeyService->hasApiKey()) {
+            // If not on onboarding page and no API key, redirect to onboarding
+            if ($request->route() && $request->route()->getName() !== 'onboarding') {
+                return redirect()->route('onboarding');
+            }
+        }
+
+        return $next($request);
+    }
+}
\ No newline at end of file
diff --git a/bootstrap/app.php b/bootstrap/app.php
index 57cea11..d07f444 100644
--- a/bootstrap/app.php
+++ b/bootstrap/app.php
@@ -1,5 +1,6 @@
 <?php
 
+use App\Http\Middleware\CheckOnboarding;
 use App\Http\Middleware\HandleAppearance;
 use App\Http\Middleware\HandleInertiaRequests;
 use Illuminate\Foundation\Application;
@@ -17,6 +18,7 @@
         $middleware->encryptCookies(except: ['appearance', 'sidebar_state']);
 
         $middleware->web(append: [
+            CheckOnboarding::class,
             HandleAppearance::class,
             HandleInertiaRequests::class,
             AddLinkHeadersForPreloadedAssets::class,
diff --git a/resources/js/pages/Onboarding.vue b/resources/js/pages/Onboarding.vue
new file mode 100644
index 0000000..6287612
--- /dev/null
+++ b/resources/js/pages/Onboarding.vue
@@ -0,0 +1,292 @@
+<template>
+    <div class="min-h-screen bg-gray-50 dark:bg-gray-900">
+        <div class="flex min-h-screen items-center justify-center p-6">
+            <div class="w-full max-w-md">
+                <!-- Logo and App Name -->
+                <div class="mb-8 text-center">
+                    <div class="mb-4 flex items-center justify-center">
+                        <div class="rounded-xl bg-gray-900 p-3 dark:bg-gray-100">
+                            <svg class="h-10 w-10 text-white dark:text-gray-900" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                                <path
+                                    stroke-linecap="round"
+                                    stroke-linejoin="round"
+                                    stroke-width="2"
+                                    d="M8 12h.01M12 12h.01M16 12h.01M21 12c0 4.418-4.03 8-9 8a9.863 9.863 0 01-4.255-.949L3 20l1.395-3.72C3.512 15.042 3 13.574 3 12c0-4.418 4.03-8 9-8s9 3.582 9 8z"
+                                />
+                            </svg>
+                        </div>
+                    </div>
+                    <h1 class="text-3xl font-semibold text-gray-900 dark:text-white">Welcome to Clueless</h1>
+                    <p class="mt-2 text-gray-600 dark:text-gray-400">AI-powered meeting assistant</p>
+                </div>
+
+                <!-- Progress Indicator -->
+                <div v-if="showSteps" class="mb-6 flex items-center justify-center space-x-2">
+                    <div
+                        v-for="i in 2"
+                        :key="i"
+                        :class="[
+                            'h-1.5 w-20 rounded-full transition-all duration-300',
+                            i <= currentStep ? 'bg-gray-900 dark:bg-gray-100' : 'bg-gray-200 dark:bg-gray-700',
+                        ]"
+                    ></div>
+                </div>
+
+                <!-- Main Card -->
+                <div class="rounded-xl bg-white shadow-sm ring-1 ring-gray-200 dark:bg-gray-800 dark:ring-gray-700">
+                    <div class="p-6">
+                        <!-- Step 1: API Key -->
+                        <div v-if="currentStep === 1">
+                            <h2 class="mb-6 text-xl font-medium text-gray-900 dark:text-white">Setup OpenAI API</h2>
+
+                            <div class="space-y-4">
+                                <div>
+                                    <label class="mb-2 block text-sm font-medium text-gray-700 dark:text-gray-300"> API Key </label>
+                                    <div class="relative">
+                                        <input
+                                            v-model="apiKey"
+                                            :type="showApiKey ? 'text' : 'password'"
+                                            placeholder="sk-..."
+                                            class="w-full rounded-lg border border-gray-300 bg-white px-4 py-2.5 text-gray-900 placeholder-gray-400 focus:border-gray-400 focus:ring-1 focus:ring-gray-400 focus:outline-none dark:border-gray-600 dark:bg-gray-700 dark:text-white dark:placeholder-gray-500"
+                                            @input="validateApiKey"
+                                        />
+                                        <button
+                                            @click="showApiKey = !showApiKey"
+                                            type="button"
+                                            class="absolute top-1/2 right-3 -translate-y-1/2 text-gray-400 hover:text-gray-600 dark:hover:text-gray-300"
+                                        >
+                                            <svg v-if="!showApiKey" class="h-5 w-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                                                <path
+                                                    stroke-linecap="round"
+                                                    stroke-linejoin="round"
+                                                    stroke-width="2"
+                                                    d="M15 12a3 3 0 11-6 0 3 3 0 016 0z"
+                                                />
+                                                <path
+                                                    stroke-linecap="round"
+                                                    stroke-linejoin="round"
+                                                    stroke-width="2"
+                                                    d="M2.458 12C3.732 7.943 7.523 5 12 5c4.478 0 8.268 2.943 9.542 7-1.274 4.057-5.064 7-9.542 7-4.477 0-8.268-2.943-9.542-7z"
+                                                />
+                                            </svg>
+                                            <svg v-else class="h-5 w-5" fill="none" stroke="currentColor" viewBox="0 0 24 24">
+                                                <path
+                                                    stroke-linecap="round"
+                                                    stroke-linejoin="round"
+                                                    stroke-width="2"
+                                                    d="M13.875 18.825A10.05 10.05 0 0112 19c-4.478 0-8.268-2.943-9.543-7a9.97 9.97 0 011.563-3.029m5.858.908a3 3 0 114.243 4.243M9.878 9.878l4.242 4.242M9.88 9.88l-3.29-3.29m7.532 7.532l3.29 3.29M3 3l3.59 3.59m0 0A9.953 9.953 0 0112 5c4.478 0 8.268 2.943 9.543 7a10.025 10.025 0 01-4.132 5.411m0 0L21 21"
+                                                />
+                                            </svg>
+                                        </button>
+                                    </div>
+                                    <Transition
+                                        enter-active-class="transition duration-200 ease-out"
+                                        enter-from-class="opacity-0"
+                                        enter-to-class="opacity-100"
+                                        leave-active-class="transition duration-150 ease-in"
+                                        leave-from-class="opacity-100"
+                                        leave-to-class="opacity-0"
+                                    >
+                                        <p v-if="apiKeyError" class="mt-1.5 text-sm text-red-600 dark:text-red-400">
+                                            {{ apiKeyError }}
+                                        </p>
+                                        <p v-else-if="apiKeyValid" class="mt-1.5 text-sm text-green-600 dark:text-green-400">
+                                            ✓ Valid API key format
+                                        </p>
+                                    </Transition>
+                                </div>
+
+                                <div class="rounded-lg bg-gray-50 p-3 dark:bg-gray-900/50">
+                                    <p class="text-sm text-gray-600 dark:text-gray-400">
+                                        Need an API key?
+                                        <button
+                                            @click="openOpenAI"
+                                            class="font-medium text-gray-900 underline hover:text-gray-700 dark:text-gray-100 dark:hover:text-gray-300"
+                                        >
+                                            Get one from OpenAI
+                                        </button>
+                                    </p>
+                                </div>
+                            </div>
+
+                            <div class="mt-6 flex justify-end">
+                                <button
+                                    @click="saveApiKey"
+                                    :disabled="!apiKeyValid || isValidating"
+                                    :class="[
+                                        'rounded-lg px-6 py-2.5 text-sm font-medium transition-all',
+                                        apiKeyValid && !isValidating
+                                            ? 'bg-gray-900 text-white hover:bg-gray-800 dark:bg-gray-100 dark:text-gray-900 dark:hover:bg-gray-200'
+                                            : 'cursor-not-allowed bg-gray-100 text-gray-400 dark:bg-gray-800 dark:text-gray-600',
+                                    ]"
+                                >
+                                    <span v-if="isValidating" class="flex items-center">
+                                        <svg class="mr-2 h-4 w-4 animate-spin" fill="none" viewBox="0 0 24 24">
+                                            <circle class="opacity-25" cx="12" cy="12" r="10" stroke="currentColor" stroke-width="4"></circle>
+                                            <path
+                                                class="opacity-75"
+                                                fill="currentColor"
+                                                d="M4 12a8 8 0 018-8V0C5.373 0 0 5.373 0 12h4zm2 5.291A7.962 7.962 0 014 12H0c0 3.042 1.135 5.824 3 7.938l3-2.647z"
+                                            ></path>
+                                        </svg>
+                                        Validating...
+                                    </span>
+                                    <span v-else>Continue</span>
+                                </button>
+                            </div>
+                        </div>
+
+                        <!-- Step 2: GitHub Star -->
+                        <div v-else-if="currentStep === 2">
+                            <div class="text-center">
+                                <div class="mb-4 inline-flex rounded-full bg-gray-100 p-3 dark:bg-gray-700">
+                                    <svg class="h-8 w-8 text-gray-700 dark:text-gray-300" fill="currentColor" viewBox="0 0 24 24">
+                                        <path
+                                            d="M12 0c-6.626 0-12 5.373-12 12 0 5.302 3.438 9.8 8.207 11.387.599.111.793-.261.793-.577v-2.234c-3.338.726-4.033-1.416-4.033-1.416-.546-1.387-1.333-1.756-1.333-1.756-1.089-.745.083-.729.083-.729 1.205.084 1.839 1.237 1.839 1.237 1.07 1.834 2.807 1.304 3.492.997.107-.775.418-1.305.762-1.604-2.665-.305-5.467-1.334-5.467-5.931 0-1.311.469-2.381 1.236-3.221-.124-.303-.535-1.524.117-3.176 0 0 1.008-.322 3.301 1.23.957-.266 1.983-.399 3.003-.404 1.02.005 2.047.138 3.006.404 2.291-1.552 3.297-1.23 3.297-1.23.653 1.653.242 2.874.118 3.176.77.84 1.235 1.911 1.235 3.221 0 4.609-2.807 5.624-5.479 5.921.43.372.823 1.102.823 2.222v3.293c0 .319.192.694.801.576 4.765-1.589 8.199-6.086 8.199-11.386 0-6.627-5.373-12-12-12z"
+                                        />
+                                    </svg>
+                                </div>
+                                <h2 class="mb-2 text-xl font-medium text-gray-900 dark:text-white">Support Clueless</h2>
+                                <p class="mb-6 text-sm text-gray-600 dark:text-gray-400">
+                                    If you find Clueless helpful, please consider starring our repository on GitHub. It helps others discover the
+                                    project!
+                                </p>
+
+                                <button
+                                    @click="openGitHub"
+                                    class="mb-4 inline-flex items-center rounded-lg bg-gray-900 px-4 py-2.5 text-sm font-medium text-white hover:bg-gray-800 dark:bg-gray-100 dark:text-gray-900 dark:hover:bg-gray-200"
+                                >
+                                    <svg class="mr-2 h-4 w-4" fill="currentColor" viewBox="0 0 16 16">
+                                        <path
+                                            d="M8 .25a.75.75 0 01.673.418l1.882 3.815 4.21.612a.75.75 0 01.416 1.279l-3.046 2.97.719 4.192a.75.75 0 01-1.088.791L8 12.347l-3.766 1.98a.75.75 0 01-1.088-.79l.72-4.194L.818 6.374a.75.75 0 01.416-1.28l4.21-.611L7.327.668A.75.75 0 018 .25z"
+                                        />
+                                    </svg>
+                                    Star on GitHub
+                                </button>
+
+                                <Transition
+                                    enter-active-class="transition duration-200 ease-out"
+                                    enter-from-class="opacity-0 scale-95"
+                                    enter-to-class="opacity-100 scale-100"
+                                >
+                                    <p v-if="hasStarred" class="mb-4 text-sm text-green-600 dark:text-green-400">✓ Thank you for your support!</p>
+                                </Transition>
+                            </div>
+
+                            <div class="mt-6 flex items-center justify-between">
+                                <button
+                                    @click="currentStep = 1"
+                                    class="text-sm text-gray-500 hover:text-gray-700 dark:text-gray-400 dark:hover:text-gray-200"
+                                >
+                                    Back
+                                </button>
+                                <button
+                                    @click="completeOnboarding"
+                                    class="rounded-lg bg-gray-900 px-6 py-2.5 text-sm font-medium text-white hover:bg-gray-800 dark:bg-gray-100 dark:text-gray-900 dark:hover:bg-gray-200"
+                                >
+                                    Get Started
+                                </button>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</template>
+
+<script setup lang="ts">
+import { router } from '@inertiajs/vue3';
+import axios from 'axios';
+import { computed, ref } from 'vue';
+
+const currentStep = ref(1);
+const apiKey = ref('');
+const showApiKey = ref(false);
+const apiKeyValid = ref(false);
+const apiKeyError = ref('');
+const isValidating = ref(false);
+const hasStarred = ref(false);
+
+const showSteps = computed(() => currentStep.value > 0);
+
+const validateApiKey = () => {
+    const key = apiKey.value.trim();
+
+    if (!key) {
+        apiKeyValid.value = false;
+        apiKeyError.value = '';
+        return;
+    }
+
+    if (!key.startsWith('sk-')) {
+        apiKeyValid.value = false;
+        apiKeyError.value = 'API key should start with "sk-"';
+        return;
+    }
+
+    if (key.length < 20) {
+        apiKeyValid.value = false;
+        apiKeyError.value = 'API key seems too short';
+        return;
+    }
+
+    apiKeyValid.value = true;
+    apiKeyError.value = '';
+};
+
+const saveApiKey = async () => {
+    if (!apiKeyValid.value || isValidating.value) return;
+
+    isValidating.value = true;
+
+    try {
+        const response = await axios.post('/api/openai/api-key', {
+            api_key: apiKey.value,
+        });
+
+        if (response.data.success) {
+            currentStep.value = 2;
+        } else {
+            apiKeyError.value = 'Failed to save API key. Please try again.';
+        }
+    } catch {
+        apiKeyError.value = 'Invalid API key or connection error. Please check and try again.';
+    } finally {
+        isValidating.value = false;
+    }
+};
+
+const openGitHub = async () => {
+    try {
+        // Use NativePHP API endpoint to open in default browser
+        await axios.post('/api/open-external', {
+            url: 'https://github.com/vijaythecoder/clueless',
+        });
+        hasStarred.value = true;
+    } catch (error) {
+        console.error('Failed to open GitHub:', error);
+        // Fallback for web browser
+        window.open('https://github.com/vijaythecoder/clueless', '_blank');
+        hasStarred.value = true;
+    }
+};
+
+const openOpenAI = async () => {
+    try {
+        // Use NativePHP API endpoint to open in default browser
+        await axios.post('/api/open-external', {
+            url: 'https://platform.openai.com/api-keys',
+        });
+    } catch (error) {
+        console.error('Failed to open OpenAI:', error);
+        // Fallback for web browser
+        window.open('https://platform.openai.com/api-keys', '_blank');
+    }
+};
+
+const completeOnboarding = () => {
+    // Navigate to realtime agent
+    router.visit('/realtime-agent');
+};
+</script>
diff --git a/resources/js/pages/RealtimeAgent/Main.vue b/resources/js/pages/RealtimeAgent/Main.vue
index e958c03..d7f3c0f 100644
--- a/resources/js/pages/RealtimeAgent/Main.vue
+++ b/resources/js/pages/RealtimeAgent/Main.vue
@@ -2657,7 +2657,7 @@ onMounted(async () => {
     try {
         const response = await axios.get('/api/openai/status');
         hasApiKey.value = response.data.hasApiKey;
-        
+
         if (!hasApiKey.value) {
             // Redirect to settings page if no API key
             window.location.href = '/settings/api-keys';
diff --git a/resources/js/pages/Welcome.vue b/resources/js/pages/Welcome.vue
index 69cc5ce..f3e0d5d 100644
--- a/resources/js/pages/Welcome.vue
+++ b/resources/js/pages/Welcome.vue
@@ -1,5 +1,5 @@
 <script setup lang="ts">
-import { Head, Link } from '@inertiajs/vue3';
+import { Head } from '@inertiajs/vue3';
 </script>
 
 <template>
diff --git a/resources/js/pages/settings/ApiKeys.vue b/resources/js/pages/settings/ApiKeys.vue
index dcdd8ca..5eef08a 100644
--- a/resources/js/pages/settings/ApiKeys.vue
+++ b/resources/js/pages/settings/ApiKeys.vue
@@ -124,7 +124,10 @@ const deleteApiKey = () => {
                                 </p>
                             </div>
 
-                            <div v-if="form.errors.openai_api_key" class="flex items-center gap-2 rounded-md border border-red-500 bg-red-50 p-3 text-sm text-red-800 dark:border-red-700 dark:bg-red-950 dark:text-red-200">
+                            <div
+                                v-if="form.errors.openai_api_key"
+                                class="flex items-center gap-2 rounded-md border border-red-500 bg-red-50 p-3 text-sm text-red-800 dark:border-red-700 dark:bg-red-950 dark:text-red-200"
+                            >
                                 <AlertCircle class="h-4 w-4" />
                                 <span>{{ form.errors.openai_api_key }}</span>
                             </div>
diff --git a/routes/settings.php b/routes/settings.php
index 7065612..78d52c7 100644
--- a/routes/settings.php
+++ b/routes/settings.php
@@ -9,6 +9,9 @@
 Route::put('settings/api-keys', [ApiKeyController::class, 'update'])->name('api-keys.update');
 Route::delete('settings/api-keys', [ApiKeyController::class, 'destroy'])->name('api-keys.destroy');
 
+// API endpoint for saving API key (used by onboarding)
+Route::post('/api/openai/api-key', [ApiKeyController::class, 'store'])->name('api.openai.api-key.store');
+
 Route::get('settings/appearance', function () {
     return Inertia::render('settings/Appearance');
 })->name('appearance');
diff --git a/routes/web.php b/routes/web.php
index a37499d..9b7c3ae 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -14,6 +14,11 @@
     return Inertia::render('Welcome');
 })->name('home');
 
+// Onboarding Route
+Route::get('/onboarding', function () {
+    return Inertia::render('Onboarding');
+})->name('onboarding');
+
 Route::get('dashboard', function () {
     return Inertia::render('Dashboard');
 })->name('dashboard');
@@ -40,6 +45,21 @@
     ]);
 })->name('api.openai.status');
 
+// Open external URL in default browser (for NativePHP)
+Route::post('/api/open-external', function (\Illuminate\Http\Request $request) {
+    $url = $request->input('url');
+    
+    // Validate URL
+    if (!filter_var($url, FILTER_VALIDATE_URL)) {
+        return response()->json(['error' => 'Invalid URL'], 400);
+    }
+    
+    // Use NativePHP Shell to open in default browser
+    \Native\Laravel\Facades\Shell::openExternal($url);
+    
+    return response()->json(['success' => true]);
+})->name('api.open-external');
+
 // Template Routes
 Route::get('/templates', [\App\Http\Controllers\TemplateController::class, 'index'])
     ->name('templates.index');
diff --git a/tests/Feature/ApiKeyStoreTest.php b/tests/Feature/ApiKeyStoreTest.php
new file mode 100644
index 0000000..393d6e6
--- /dev/null
+++ b/tests/Feature/ApiKeyStoreTest.php
@@ -0,0 +1,146 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Services\ApiKeyService;
+use Mockery;
+use Tests\TestCase;
+
+class ApiKeyStoreTest extends TestCase
+{
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+    }
+
+    protected function tearDown(): void
+    {
+        Mockery::close();
+        parent::tearDown();
+    }
+
+    public function test_stores_valid_api_key_successfully(): void
+    {
+        $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+        $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+
+        $validApiKey = 'sk-1234567890abcdef1234567890abcdef1234567890abcdef';
+
+        $mockApiKeyService->shouldReceive('validateApiKey')
+            ->once()
+            ->with($validApiKey)
+            ->andReturn(true);
+
+        $mockApiKeyService->shouldReceive('setApiKey')
+            ->once()
+            ->with($validApiKey);
+
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => $validApiKey
+        ]);
+
+        $response->assertStatus(200)
+                 ->assertJson([
+                     'success' => true,
+                     'message' => 'API key saved successfully.'
+                 ]);
+    }
+
+    public function test_rejects_invalid_api_key(): void
+    {
+        $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+        $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+
+        $invalidApiKey = 'sk-1234567890abcdef1234567890abcdef1234567890invalid';
+
+        $mockApiKeyService->shouldReceive('validateApiKey')
+            ->once()
+            ->with($invalidApiKey)
+            ->andReturn(false);
+
+        $mockApiKeyService->shouldNotReceive('setApiKey');
+
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => $invalidApiKey
+        ]);
+
+        $response->assertStatus(422)
+                 ->assertJson([
+                     'success' => false,
+                     'message' => 'The provided API key is invalid. Please check and try again.'
+                 ]);
+    }
+
+    public function test_validates_required_api_key_field(): void
+    {
+        $response = $this->postJson('/api/openai/api-key', []);
+
+        $response->assertStatus(422)
+                 ->assertJsonValidationErrors(['api_key']);
+    }
+
+    public function test_validates_api_key_minimum_length(): void
+    {
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => 'sk-short'
+        ]);
+
+        $response->assertStatus(422)
+                 ->assertJsonValidationErrors(['api_key']);
+    }
+
+    public function test_validates_api_key_is_string(): void
+    {
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => 123456
+        ]);
+
+        $response->assertStatus(422)
+                 ->assertJsonValidationErrors(['api_key']);
+    }
+
+    public function test_handles_api_key_service_exception(): void
+    {
+        $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+        $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+
+        $validApiKey = 'sk-1234567890abcdef1234567890abcdef1234567890abcdef';
+
+        $mockApiKeyService->shouldReceive('validateApiKey')
+            ->once()
+            ->with($validApiKey)
+            ->andThrow(new \Exception('Service error'));
+
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => $validApiKey
+        ]);
+
+        // Controller doesn't handle exceptions, so it returns 500
+        $response->assertStatus(500);
+    }
+
+    public function test_api_key_endpoint_accessible_without_existing_api_key(): void
+    {
+        // This test ensures the middleware allows access to the API key store endpoint
+        // even when no API key is configured
+        
+        $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+        $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+
+        $validApiKey = 'sk-1234567890abcdef1234567890abcdef1234567890abcdef';
+
+        $mockApiKeyService->shouldReceive('validateApiKey')
+            ->once()
+            ->andReturn(true);
+
+        $mockApiKeyService->shouldReceive('setApiKey')
+            ->once();
+
+        $response = $this->postJson('/api/openai/api-key', [
+            'api_key' => $validApiKey
+        ]);
+
+        $response->assertStatus(200);
+    }
+}
\ No newline at end of file
diff --git a/tests/Feature/Controllers/ConversationControllerTest.php b/tests/Feature/Controllers/ConversationControllerTest.php
index d7103a4..0764cb6 100644
--- a/tests/Feature/Controllers/ConversationControllerTest.php
+++ b/tests/Feature/Controllers/ConversationControllerTest.php
@@ -3,8 +3,14 @@
 use App\Models\ConversationSession;
 use App\Models\ConversationTranscript;
 use App\Models\ConversationInsight;
+use App\Services\ApiKeyService;
 
 beforeEach(function () {
+    // Mock API key service to return true (API key exists) for all conversation tests
+    $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+    $mockApiKeyService->shouldReceive('hasApiKey')->andReturn(true);
+    $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+    
     // Create a test conversation session for some tests
     $this->session = ConversationSession::create([
         'user_id' => null,
diff --git a/tests/Feature/DashboardTest.php b/tests/Feature/DashboardTest.php
index b649d39..e62dcca 100644
--- a/tests/Feature/DashboardTest.php
+++ b/tests/Feature/DashboardTest.php
@@ -1,11 +1,23 @@
 <?php
 
+use App\Services\ApiKeyService;
+
 test('dashboard page is accessible', function () {
+    // Mock API key service to return true (API key exists)
+    $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+    $mockApiKeyService->shouldReceive('hasApiKey')->andReturn(true);
+    $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+    
     $response = $this->get('/dashboard');
     $response->assertStatus(200);
 });
 
 test('realtime agent page is accessible', function () {
+    // Mock API key service to return true (API key exists)
+    $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+    $mockApiKeyService->shouldReceive('hasApiKey')->andReturn(true);
+    $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+    
     $response = $this->get('/realtime-agent');
     $response->assertStatus(200);
 });
diff --git a/tests/Feature/ExampleTest.php b/tests/Feature/ExampleTest.php
index 8b5843f..4e79405 100644
--- a/tests/Feature/ExampleTest.php
+++ b/tests/Feature/ExampleTest.php
@@ -1,6 +1,13 @@
 <?php
 
+use App\Services\ApiKeyService;
+
 it('returns a successful response', function () {
+    // Mock API key service to return true (API key exists)
+    $mockApiKeyService = Mockery::mock(ApiKeyService::class);
+    $mockApiKeyService->shouldReceive('hasApiKey')->andReturn(true);
+    $this->app->instance(ApiKeyService::class, $mockApiKeyService);
+    
     $response = $this->get('/');
 
     $response->assertStatus(200);
diff --git a/tests/Feature/OpenExternalTest.php b/tests/Feature/OpenExternalTest.php
new file mode 100644
index 0000000..5bd076a
--- /dev/null
+++ b/tests/Feature/OpenExternalTest.php
@@ -0,0 +1,179 @@
+<?php
+
+namespace Tests\Feature;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Mockery;
+use Native\Laravel\Facades\Shell;
+use Tests\TestCase;
+
+class OpenExternalTest extends TestCase
+{
+    use RefreshDatabase;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        
+        // Reset Shell facade mock for each test
+        Shell::clearResolvedInstance('Shell');
+    }
+
+    protected function tearDown(): void
+    {
+        Mockery::close();
+        parent::tearDown();
+    }
+
+    public function test_opens_valid_url_successfully(): void
+    {
+        Shell::shouldReceive('openExternal')
+            ->once()
+            ->with('https://github.com/vijaythecoder/clueless');
+
+        $response = $this->postJson('/api/open-external', [
+            'url' => 'https://github.com/vijaythecoder/clueless'
+        ]);
+
+        $response->assertStatus(200)
+                 ->assertJson([
+                     'success' => true
+                 ]);
+    }
+
+    public function test_opens_openai_url_successfully(): void
+    {
+        Shell::shouldReceive('openExternal')
+            ->once()
+            ->with('https://platform.openai.com/api-keys');
+
+        $response = $this->postJson('/api/open-external', [
+            'url' => 'https://platform.openai.com/api-keys'
+        ]);
+
+        $response->assertStatus(200)
+                 ->assertJson([
+                     'success' => true
+                 ]);
+    }
+
+    public function test_rejects_invalid_url(): void
+    {
+        $response = $this->postJson('/api/open-external', [
+            'url' => 'not-a-valid-url'
+        ]);
+
+        $response->assertStatus(400)
+                 ->assertJson([
+                     'error' => 'Invalid URL'
+                 ]);
+    }
+
+    public function test_rejects_malicious_urls(): void
+    {
+        $maliciousUrls = [
+            'javascript:alert("xss")',
+            'data:text/html,<script>alert("xss")</script>',
+            'not-a-url'
+        ];
+
+        foreach ($maliciousUrls as $url) {
+            $response = $this->postJson('/api/open-external', [
+                'url' => $url
+            ]);
+
+            $response->assertStatus(400)
+                     ->assertJson([
+                         'error' => 'Invalid URL'
+                     ]);
+        }
+    }
+
+    public function test_requires_url_parameter(): void
+    {
+        $response = $this->postJson('/api/open-external', []);
+
+        $response->assertStatus(400);
+    }
+
+    public function test_handles_empty_url(): void
+    {
+        $response = $this->postJson('/api/open-external', [
+            'url' => ''
+        ]);
+
+        $response->assertStatus(400)
+                 ->assertJson([
+                     'error' => 'Invalid URL'
+                 ]);
+    }
+
+    public function test_handles_null_url(): void
+    {
+        $response = $this->postJson('/api/open-external', [
+            'url' => null
+        ]);
+
+        $response->assertStatus(400)
+                 ->assertJson([
+                     'error' => 'Invalid URL'
+                 ]);
+    }
+
+    public function test_allows_https_urls(): void
+    {
+        $validUrls = [
+            'https://github.com',
+            'https://platform.openai.com',
+            'https://www.example.com',
+            'https://subdomain.example.com/path?query=value'
+        ];
+
+        foreach ($validUrls as $url) {
+            Shell::shouldReceive('openExternal')
+                ->once()
+                ->with($url);
+
+            $response = $this->postJson('/api/open-external', [
+                'url' => $url
+            ]);
+
+            $response->assertStatus(200)
+                     ->assertJson([
+                         'success' => true
+                     ]);
+        }
+    }
+
+    public function test_allows_http_urls(): void
+    {
+        Shell::shouldReceive('openExternal')
+            ->once()
+            ->with('http://example.com');
+
+        $response = $this->postJson('/api/open-external', [
+            'url' => 'http://example.com'
+        ]);
+
+        $response->assertStatus(200)
+                 ->assertJson([
+                     'success' => true
+                 ]);
+    }
+
+    public function test_handles_shell_exception(): void
+    {
+        Shell::shouldReceive('openExternal')
+            ->once()
+            ->with('https://github.com')
+            ->andThrow(new \Exception('Shell error'));
+
+        $response = $this->postJson('/api/open-external', [
+            'url' => 'https://github.com'
+        ]);
+
+        // The route doesn't handle exceptions explicitly, so it would return 500
+        // In a real implementation, you might want to catch and handle this
+        $response->assertStatus(500);
+    }
+}
\ No newline at end of file
diff --git a/tests/Unit/Middleware/CheckOnboardingTest.php b/tests/Unit/Middleware/CheckOnboardingTest.php
new file mode 100644
index 0000000..6663dd5
--- /dev/null
+++ b/tests/Unit/Middleware/CheckOnboardingTest.php
@@ -0,0 +1,144 @@
+<?php
+
+namespace Tests\Unit\Middleware;
+
+use App\Http\Middleware\CheckOnboarding;
+use App\Services\ApiKeyService;
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Routing\Route;
+use Mockery;
+use Tests\TestCase;
+
+class CheckOnboardingTest extends TestCase
+{
+    private CheckOnboarding $middleware;
+    private ApiKeyService $mockApiKeyService;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->mockApiKeyService = Mockery::mock(ApiKeyService::class);
+        $this->middleware = new CheckOnboarding($this->mockApiKeyService);
+    }
+
+    protected function tearDown(): void
+    {
+        Mockery::close();
+        parent::tearDown();
+    }
+
+    public function test_allows_onboarding_route_without_api_key(): void
+    {
+        $request = Request::create('/onboarding', 'GET');
+        $route = new Route(['GET'], '/onboarding', []);
+        $route->name('onboarding');
+        $request->setRouteResolver(fn() => $route);
+
+        $this->mockApiKeyService->shouldNotReceive('hasApiKey');
+
+        $response = $this->middleware->handle($request, function ($req) {
+            return new Response('OK');
+        });
+
+        $this->assertEquals('OK', $response->getContent());
+    }
+
+    public function test_allows_api_key_settings_routes_without_api_key(): void
+    {
+        $excludedRoutes = [
+            'api-keys.edit',
+            'api-keys.update', 
+            'api-keys.destroy',
+            'api.openai.status',
+            'api.openai.api-key.store',
+            'appearance'
+        ];
+
+        foreach ($excludedRoutes as $routeName) {
+            $request = Request::create('/test', 'GET');
+            $route = new Route(['GET'], '/test', []);
+            $route->name($routeName);
+            $request->setRouteResolver(fn() => $route);
+
+            $this->mockApiKeyService->shouldNotReceive('hasApiKey');
+
+            $response = $this->middleware->handle($request, function ($req) {
+                return new Response('OK');
+            });
+
+            $this->assertEquals('OK', $response->getContent(), "Route {$routeName} should be excluded");
+        }
+    }
+
+    public function test_allows_api_routes_without_api_key(): void
+    {
+        $request = Request::create('/api/some-endpoint', 'POST');
+        $route = new Route(['POST'], '/api/some-endpoint', []);
+        $route->name('api.some-endpoint');
+        $request->setRouteResolver(fn() => $route);
+
+        $this->mockApiKeyService->shouldNotReceive('hasApiKey');
+
+        $response = $this->middleware->handle($request, function ($req) {
+            return new Response('OK');
+        });
+
+        $this->assertEquals('OK', $response->getContent());
+    }
+
+    public function test_redirects_to_onboarding_when_no_api_key(): void
+    {
+        $request = Request::create('/dashboard', 'GET');
+        $route = new Route(['GET'], '/dashboard', []);
+        $route->name('dashboard');
+        $request->setRouteResolver(fn() => $route);
+
+        $this->mockApiKeyService->shouldReceive('hasApiKey')
+            ->once()
+            ->andReturn(false);
+
+        $response = $this->middleware->handle($request, function ($req) {
+            return new Response('Should not reach here');
+        });
+
+        $this->assertEquals(302, $response->getStatusCode());
+        $this->assertTrue(str_contains($response->headers->get('Location'), '/onboarding'));
+    }
+
+    public function test_allows_access_when_api_key_exists(): void
+    {
+        $request = Request::create('/dashboard', 'GET');
+        $route = new Route(['GET'], '/dashboard', []);
+        $route->name('dashboard');
+        $request->setRouteResolver(fn() => $route);
+
+        $this->mockApiKeyService->shouldReceive('hasApiKey')
+            ->once()
+            ->andReturn(true);
+
+        $response = $this->middleware->handle($request, function ($req) {
+            return new Response('Dashboard content');
+        });
+
+        $this->assertEquals('Dashboard content', $response->getContent());
+    }
+
+    public function test_handles_request_without_route(): void
+    {
+        $request = Request::create('/some-path', 'GET');
+        // No route set - route() returns null
+
+        $this->mockApiKeyService->shouldReceive('hasApiKey')
+            ->once()
+            ->andReturn(false);
+
+        $response = $this->middleware->handle($request, function ($req) {
+            return new Response('OK');
+        });
+
+        // Without a route, middleware allows the request to continue
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals('OK', $response->getContent());
+    }
+}
\ No newline at end of file
