Problem
The security.store.ts (37 lines) stores isLocked, failedAttempts, and biometricCheckDone in memory only. After app restart: isLocked is false (app opens unlocked), failedAttempts is 0 (lockout bypassed), biometricCheckDone is false (biometric gate re-runs).
User impact: The auto-lock mechanism is defeated by restarting the app. Security features can be bypassed. After 3 failed biometric attempts → hard logout, but restarting the app resets the counter.
Root Cause
Persistence was not added to the security store because it was deemed "not needed for prototype."
What To Build
- Add Zustand persist middleware to security.store.ts
- Use SecureStore for storage (security-sensitive data)
- Whitelist
isLocked and failedAttempts
- On sign-out: reset persisted security state
- Add loading state during hydration
Files To Touch
src/security/security.store.ts — add persist middleware with SecureStore
Acceptance Criteria
Mandatory Checks
Problem
The
security.store.ts(37 lines) storesisLocked,failedAttempts, andbiometricCheckDonein memory only. After app restart:isLockedisfalse(app opens unlocked),failedAttemptsis 0 (lockout bypassed),biometricCheckDoneis false (biometric gate re-runs).User impact: The auto-lock mechanism is defeated by restarting the app. Security features can be bypassed. After 3 failed biometric attempts → hard logout, but restarting the app resets the counter.
Root Cause
Persistence was not added to the security store because it was deemed "not needed for prototype."
What To Build
isLockedandfailedAttemptsFiles To Touch
src/security/security.store.ts— add persist middleware with SecureStoreAcceptance Criteria
Mandatory Checks