Auto-lock wallet after 10 minutes in background#102
Conversation
Split account mnemonic storage from the general secure store, migrate legacy macOS mnemonic entries on unlock, and guard locked/migration failure paths.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 216a5fb709
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
Codex Review: Didn't find any major issues. Swish! ℹ️ About Codex in GitHubCodex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback". |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 997b2ce379
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
3 participants
Summary
Adds an auto-lock layer so the wallet locks itself after the UI has been
hidden for 10 minutes, then re-prompts for the password on next activation.
Previously the wallet stayed unlocked indefinitely while the app was in
the background, relying only on manual Sign Out or cold-start memory
wipes for protection.
AutoLockObserverwidget mounts a singleAppLifecycleListenerinside
MaterialApp.builderso the timer survives route transitions.lockWalletSessionhelper centralises the lock sequence(
securityNotifier.lock()+ bothclearSensitiveStateForLockcalls),used by both the sidebar Sign Out and the new observer so the two
paths cannot drift.
onHide/onShowchosen overonPause/onResumeso brief iOSinactivetransitions (Control Center pull-down, incoming-callbanner) do not start the clock.
Stopwatchand
DateTime.now(); the wallet locks if either source exceeds thethreshold. The monotonic clock defeats wall-clock manipulation
attacks (manual system-time change or NTP step), and the wall clock
covers iOS/macOS deep-sleep cases where
mach_absolute_time()pauses while the device is suspended.
kAutoLockBackgroundTimeout = Duration(minutes: 10)