From 0caf37030283e104dc281b8427efea5eca09e9c3 Mon Sep 17 00:00:00 2001
From: Ponshu Developer <dev@ponshu.room>
Date: Sun, 12 Apr 2026 11:47:35 +0900
Subject: [PATCH] security: remove internal Tailscale IP from APK binary
 (v1.0.34)

secrets.dart: change AI_PROXY_URL defaultValue from 'http://100.76.7.3:8080'
to empty string. Consumer APKs use useProxy=false and never reach this code
path, so there is zero functional impact. Internal network topology is no
longer embedded in distributed binaries.

Made-with: Cursor
---
 lib/secrets.dart | 15 ++++++++-------
 pubspec.yaml     |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/lib/secrets.dart b/lib/secrets.dart
index 033de05..5236b34 100644
--- a/lib/secrets.dart
+++ b/lib/secrets.dart
@@ -14,20 +14,21 @@ import 'secrets.local.dart' as local;
 class Secrets {
   /// AI Proxy サーバーのベースURL
   ///
-  /// デフォルト: Synology NAS上のAI Proxyサーバー (Tailscale IP)
-  /// ビルド時の上書き: --dart-define=AI_PROXY_URL=...
+  /// useProxy=true 時のみ使用（consumer APK では useProxy=false のため到達しない）
+  /// ビルド時に必ず --dart-define=AI_PROXY_URL=... で指定すること
   static const String aiProxyBaseUrl = String.fromEnvironment(
     'AI_PROXY_URL',
-    defaultValue: 'http://100.76.7.3:8080',
+    defaultValue: '', // 内部ネットワーク情報をバイナリに含めない
   );
 
   /// AI Mode: Proxy(Home) vs Direct(Cloud)
-  /// If false, connects directly to Google Gemini API (Works anywhere).
-  /// Development (with Tailscale): --dart-define=USE_PROXY=true
-  /// General distribution: false (each user provides their own Gemini API key)
+  ///
+  /// false: Gemini API に直接接続（consumer APK デフォルト）
+  ///        API キーは --dart-define=GEMINI_API_KEY=... でビルド時に埋め込む
+  /// true:  内部プロキシ経由（開発・検証用、--dart-define=USE_PROXY=true）
   static const bool useProxy = bool.fromEnvironment(
     'USE_PROXY',
-    defaultValue: false,  // ← 一般配布用: Direct API（各自がAPIキー設定）
+    defaultValue: false,
   );
 
 
diff --git a/pubspec.yaml b/pubspec.yaml
index 911ad7e..5a470a2 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -16,7 +16,7 @@ publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
 # In Windows, build-name is used as the major, minor, and patch parts
 # of the product and file versions while build-number is used as the build suffix.
-version: 1.0.33+40
+version: 1.0.34+41
 
 environment:
   sdk: ^3.10.1