From 18bc6186a04d73bffca1e5fc9fa431ed1a02ba0a Mon Sep 17 00:00:00 2001
From: hariel1985 <ariel.hartung@gmail.com>
Date: Mon, 2 Feb 2026 12:49:04 +0100
Subject: [PATCH] Use private temp directory and auto-cleanup audio files

Security improvements:
- Audio file now stored in user's private NSTemporaryDirectory
- Filename includes process ID to avoid conflicts
- Audio file deleted after transcription (success or failure)
- Audio file deleted when app terminates

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 macos/src/main.swift | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/macos/src/main.swift b/macos/src/main.swift
index 0262937..297c399 100644
--- a/macos/src/main.swift
+++ b/macos/src/main.swift
@@ -63,7 +63,11 @@ class AppDelegate: NSObject, NSApplicationDelegate {
     var isRecording = false
     var settingsWindow: NSWindow?
 
-    let audioFilePath = "/tmp/whisper-dictate.wav"
+    // Use private temp directory with unique filename
+    var audioFilePath: String {
+        let tempDir = NSTemporaryDirectory()
+        return (tempDir as NSString).appendingPathComponent("whisper-dictate-\(ProcessInfo.processInfo.processIdentifier).wav")
+    }
 
     var language: String {
         get { UserDefaults.standard.string(forKey: Defaults.language) ?? "hu" }
@@ -90,6 +94,14 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         NSLog("WhisperDictate started. Press ⌃⌥D to toggle recording.")
     }
 
+    func applicationWillTerminate(_ notification: Notification) {
+        cleanupAudioFile()
+    }
+
+    func cleanupAudioFile() {
+        try? FileManager.default.removeItem(atPath: audioFilePath)
+    }
+
     // MARK: - Status Item
     func setupStatusItem() {
         statusItem = NSStatusBar.system.statusItem(withLength: NSStatusItem.variableLength)
@@ -479,6 +491,9 @@ class AppDelegate: NSObject, NSApplicationDelegate {
             }
             result = result.trimmingCharacters(in: .whitespaces)
 
+            // Cleanup audio file after transcription
+            self.cleanupAudioFile()
+
             DispatchQueue.main.async {
                 if !result.isEmpty {
                     self.pasteText(result)
@@ -490,6 +505,9 @@ class AppDelegate: NSObject, NSApplicationDelegate {
                 }
             }
         } catch {
+            // Cleanup even on error
+            self.cleanupAudioFile()
+
             DispatchQueue.main.async {
                 self.statusItem.button?.title = "🎤"
                 self.updateStatus("Error")