From 7943dc9c58da59c212a2ead41c1615055366e6d8 Mon Sep 17 00:00:00 2001
From: 0X-SquidSol <david.laszczynski@gmail.com>
Date: Tue, 7 Apr 2026 20:31:32 -0400
Subject: [PATCH] fix: stop returning private key to renderer on export

The export-private-key IPC handler was returning the raw key string
back to the renderer process after copying it to the clipboard. This
unnecessarily exposed private key material across the IPC bridge.

The handler now returns a success flag and the renderer displays a
clipboard confirmation message instead of the plaintext key.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 electron/ipc/wallet.ts                    | 2 +-
 src/panels/WalletPanel/tabs/AgentsTab.tsx | 4 ++--
 src/panels/WalletPanel/tabs/WalletTab.tsx | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/electron/ipc/wallet.ts b/electron/ipc/wallet.ts
index 8a3bb14..07427e7 100644
--- a/electron/ipc/wallet.ts
+++ b/electron/ipc/wallet.ts
@@ -147,6 +147,6 @@ export function registerWalletHandlers() {
     setTimeout(() => {
       if (clipboard.readText() === keyString) clipboard.writeText('')
     }, 30000)
-    return keyString
+    return true
   }))
 }
diff --git a/src/panels/WalletPanel/tabs/AgentsTab.tsx b/src/panels/WalletPanel/tabs/AgentsTab.tsx
index 284dd4b..285f14f 100644
--- a/src/panels/WalletPanel/tabs/AgentsTab.tsx
+++ b/src/panels/WalletPanel/tabs/AgentsTab.tsx
@@ -132,8 +132,8 @@ export function AgentsTab() {
   const handleExportConfirm = useCallback(async () => {
     if (!activeWalletId || exportConfirmText !== 'EXPORT') return
     const res = await window.daemon.wallet.exportPrivateKey(activeWalletId)
-    if (res.ok && res.data) {
-      setRevealedKey(res.data as string)
+    if (res.ok) {
+      setRevealedKey('Copied to clipboard. Auto-clears in 30s.')
       setExportConfirmText('')
       setTimeout(() => { setRevealedKey(null); clearAction() }, 5000)
     } else { setError(res.error ?? 'Export failed') }
diff --git a/src/panels/WalletPanel/tabs/WalletTab.tsx b/src/panels/WalletPanel/tabs/WalletTab.tsx
index 780cccb..761b5c6 100644
--- a/src/panels/WalletPanel/tabs/WalletTab.tsx
+++ b/src/panels/WalletPanel/tabs/WalletTab.tsx
@@ -162,8 +162,8 @@ export function WalletTab({ onRefresh }: Props) {
   const handleExportKeyConfirm = async () => {
     if (!exportConfirmId || exportConfirmText !== 'EXPORT') return
     const res = await window.daemon.wallet.exportPrivateKey(exportConfirmId)
-    if (res.ok && res.data) {
-      setRevealKeyId(exportConfirmId); setRevealedKey(res.data)
+    if (res.ok) {
+      setRevealKeyId(exportConfirmId); setRevealedKey('Copied to clipboard. Auto-clears in 30s.')
       setExportConfirmId(null); setExportConfirmText('')
       setTimeout(() => { setRevealKeyId(null); setRevealedKey(null) }, 5_000)
     } else {