security: remove internal Tailscale IP from APK binary (v1.0.34)

secrets.dart: change AI_PROXY_URL defaultValue from 'http://100.76.7.3:8080'
to empty string. Consumer APKs use useProxy=false and never reach this code
path, so there is zero functional impact. Internal network topology is no
longer embedded in distributed binaries.

Made-with: Cursor

lib/secrets.dart

@@ -14,20 +14,21 @@ import 'secrets.local.dart' as local;
 class Secrets {
   /// AI Proxy サーバーのベースURL
   ///
-  /// デフォルト: Synology NAS上のAI Proxyサーバー (Tailscale IP)
+  /// useProxy=true 時のみ使用（consumer APK では useProxy=false のため到達しない）
-  /// ビルド時の上書き: --dart-define=AI_PROXY_URL=...
+  /// ビルド時に必ず --dart-define=AI_PROXY_URL=... で指定すること
   static const String aiProxyBaseUrl = String.fromEnvironment(
     'AI_PROXY_URL',
-    defaultValue: 'http://100.76.7.3:8080',
+    defaultValue: '', // 内部ネットワーク情報をバイナリに含めない
   );
 
   /// AI Mode: Proxy(Home) vs Direct(Cloud)
-  /// If false, connects directly to Google Gemini API (Works anywhere).
+  ///
-  /// Development (with Tailscale): --dart-define=USE_PROXY=true
+  /// false: Gemini API に直接接続（consumer APK デフォルト）
-  /// General distribution: false (each user provides their own Gemini API key)
+  ///        API キーは --dart-define=GEMINI_API_KEY=... でビルド時に埋め込む
+  /// true:  内部プロキシ経由（開発・検証用、--dart-define=USE_PROXY=true）
   static const bool useProxy = bool.fromEnvironment(
     'USE_PROXY',
-    defaultValue: false,  // ← 一般配布用: Direct API（各自がAPIキー設定）
+    defaultValue: false,
   );
 
 

pubspec.yaml

@@ -16,7 +16,7 @@ publish_to: 'none' # Remove this line if you wish to publish to pub.dev
 # https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CoreFoundationKeys.html
 # In Windows, build-name is used as the major, minor, and patch parts
 # of the product and file versions while build-number is used as the build suffix.
-version: 1.0.33+40
+version: 1.0.34+41
 
 environment:
   sdk: ^3.10.1