From 4a6878b77bc7f2044c27b7f3a7477c2a22abf9f4 Mon Sep 17 00:00:00 2001
From: Gemini AI <gemini@google.com>
Date: Mon, 29 Dec 2025 03:35:30 +0400
Subject: [PATCH] fix: isolate guest user data directory to prevent seeing
 other users' data

---
 packages/electron-app/electron/main/ipc.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/packages/electron-app/electron/main/ipc.ts b/packages/electron-app/electron/main/ipc.ts
index eaaac3d..0192cf7 100644
--- a/packages/electron-app/electron/main/ipc.ts
+++ b/packages/electron-app/electron/main/ipc.ts
@@ -68,6 +68,17 @@ export function setupCliIPC(mainWindow: BrowserWindow, cliManager: CliProcessMan
   })
   ipcMain.handle("users:createGuest", async () => {
     const user = createGuestUser()
+    // Set up isolated environment for guest user
+    const root = getUserDataRoot(user.id)
+    cliManager.setUserEnv({
+      CODENOMAD_USER_DIR: root,
+      CLI_CONFIG: path.join(root, "config.json"),
+    })
+    await cliManager.stop()
+    const devMode = process.env.NODE_ENV === "development"
+    await cliManager.start({ dev: devMode })
+    // Set as active user
+    setActiveUser(user.id)
     return user
   })
   ipcMain.handle("users:login", async (_, payload: { id: string; password?: string }) => {