blog: 2026-03-24 — security audit 32 closed, studio mobile

saint-Joy · claude · saint-Joy · commit 4e45dc2ac4e1 · 2026-03-24T11:55:46.000Z
Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/blog/2026_03_24.md b/blog/2026_03_24.md
@@ -0,0 +1,14 @@
+[[security]] audit 32 closed all open findings in [[cyb]] wallet. 6 fixes pushed to master:
+
+- mnemonic inputs masked by default (`type="password"`) + eye toggle to reveal — was plaintext on screen (HIGH)
+- [[service worker]] POST cache filtered — `/cosmos/tx/`, `/broadcast`, `/sign`, `/auth/`, `/bank/` excluded. was caching all POST responses including tx broadcast (MEDIUM)
+- long-press protection on secret values — `user-select: none`, `-webkit-touch-callout: none` (MEDIUM)
+- `-webkit-text-security: disc` CSS fallback on password inputs (MEDIUM)
+- clipboard auto-clear 30s after address copy (LOW)
+- removed console.log near mnemonic variable in Tauri bootstrap (LOW)
+
+cumulative audit status: 0 open findings across 108 total (4 critical, 17 high, 35 medium, 52 low — all fixed or accepted).
+
+[[studio]] page responsive on mobile — single column layout, keywords wrap horizontally, particle URL param support for cyberlink from [[commander]].
+
+commit `69209b78`
