Biometric Security & Play Store Readiness
238 commits since v0.8.0. Helm now supports biometric unlock, passes Phase 1 security audit, and is Play Store ready.
Added
- Biometric unlock for PIN screen: fingerprint/face ID via
local_auth; opt-in sheet after PIN setup; auto-trigger with manual fallback button BiometricDataSource,BiometricNotifier,biometricProvider, andunlockViaBiometricsonAuthNotifier— full clean architecture stack- Biometric preference persisted to repository and wired into PIN flow
- Biometric localization strings (en + bn)
- History tab — Paper Ledger reskin:
AuditLogScreenrebuilt with date-grouped event cards, tappable before→after detail sheet (AuditEventDetailSheet), and ledger integrity strip - Chain re-verification:
AuditChainService.verifyChainrecomputes SHA-256 over full event history at read time;ChainVerificationresult surfaced inLedgerIntegrityStrip - Paper Ledger widget system:
HelmLedgerHero,HelmLedgerRow,HelmNextEventCard,LedgerState - Audit presentation utils:
auditIconFor,auditColorFor,auditEntityLabel,auditTitleForcovering all 6 event types and 5 entity types - History grouping: date-bucket grouping (Today / This Week / Earlier) with full unit-test coverage
- Guest mode: skip magic-link identity verification; identity-specific routes blocked for guests
errorInvalidEmaillocalization key (en + bn, 324/324 ARB keys)- Hive cross-validation for magic-link flag against ADB backup spoofing
Fixed
- Security (HIGH): H-11, H-21, H-24, H-26, H-29, H-35, H-37–H-41 resolved (Phase 1 S1 audit)
- Security (MEDIUM): M-13, M-16–M-17, M-26–M-27, M-30–M-33 resolved
- Security (LOW): L-2, L-4–L-12 resolved
- CRITICAL: base64url token regex now accepts
-and_; prior regex rejected all real Supabase OTP tokens, breaking production auth - Onboarding no longer inserts fake "Initial Balance" income entry (C-10)
- Hardcoded English strings replaced with ARB localization keys (C-9)
- Settings and History accessible from all 3 tab AppBars
- Negative amounts (
formatBDT,formatUSD) no longer render as-,36,000.00 box.get() as boolcrash vector replaced with== truelogout()now clearsmagic_link_verifiedfrom Hive andguest_modefrom SharedPrefs
Changed
- Dashboard reskin: Signal Deck replaced by Paper Ledger widgets; ledger state drives safe/tight/atRisk/empty color logic
- Income list screen removed; income managed via pipeline and add-income routes
- Complete UI/UX migration to HelmSpacing, HelmTypography, and HelmColors design tokens (58 hardcoded values replaced)
- Navigation:
BottomNavigationBarreplacingHelmNavBar(3-tab, Material icons) - Build config:
applicationId com.safetospends.helm,minSdk 21,targetSdk 35,v1.0.0+1
Removed
- Signal Deck widget family (
HelmSignalHero,HelmDecisionDeck,HelmFlowRoute,HelmSignalHorizon) and associated tests
Internal
- Phase 2 QA gate: GO verdict — all critical flow widget tests passing
- dart analyze: 0 errors / 0 warnings / 0 infos