Remove SideShift privateKey from env config

[j0ntz]

CHANGELOG

Does this branch warrant an entry to the CHANGELOG?

• Yes
• No

Dependencies

none

Description

SideShift hack followup. The SideShift affiliate account was compromised, so we
stop sending the affiliate secret. This removes the privateKey field that was
added to SIDESHIFT_INIT in env config by #5369. The SideShift swap plugin
sends that value as the x-sideshift-secret header; with the field gone the
header is omitted. SideShift confirmed the integration works identically without
it (the affiliateId query param is what tracks affiliate commission). Rotating
to a new affiliate account/affiliateId and removing the secret from the
production env are handled operationally, outside this repo.

Asana: https://app.asana.com/0/1215088146871429/1214800712844381

Verification.

• tsc --noEmit and verify-repo (eslint + jest) pass.
• App boots on a bundle built with this change; the sideshift core plugin
  initializes (the modified SIDESHIFT_INIT cleaner validates at startup) and
  the in-app SideShift swap path (BTC -> AVAX) is reachable. See screenshots.
• Direct live-API check of the exact request the plugin now issues (no
  x-sideshift-secret header): GET https://sideshift.ai/api/v2/pair/btc-bitcoin/eth-ethereum
  returns HTTP 200 with a valid rate, confirming SideShift accepts header-less
  requests. Driving the on-chain swap to settlement was skipped (real funds plus
  debug-build keypad instability); the change is behavior-neutral.

Requirements

If you have made any visual changes to the GUI. Make sure you have:

• Tested on iOS device
• Tested on Android device
• Tested on small-screen device (iPod Touch)
• Tested on large-screen device (tablet)

---

Note

Low Risk
Narrow config/schema change aligned with a security incident; swap behavior is intended to be unchanged aside from omitting the secret header.

Overview
Removes the compromised SideShift affiliate secret from app configuration after the affiliate account was compromised.

SIDESHIFT_INIT in envConfig.ts no longer accepts a privateKey field—only optional affiliateId remains. That value was passed into the SideShift swap plugin as the x-sideshift-secret header; without it, requests omit the header while affiliateId still tracks commissions, per SideShift. The unreleased CHANGELOG entry documents the behavior change.

^{Reviewed by Cursor Bugbot for commit e09cc5d. Bugbot is set up for automated code reviews on this repo. Configure here.}

[j0ntz]

📸 Test evidence

agent proof 1214800712844381 01 app running new bundle

agent proof 1214800712844381 02 sideshift swap configured

Captured by the agent's in-app test run (build-and-test).

[j0ntz]

Verification note (testing followup, no code change)

Confirmed this change is safe: removing the SideShift privateKey does not affect SideShift swap behavior. The x-sideshift-secret header is affiliate-attribution only and is functionally inert for quote/shift access.

Direct SideShift API check from the test host, with and without the old secret header, returned identical results:

• GET /permissions -> {"createShift":false}
• POST /quotes -> {"error":{"code":"ACCESS_DENIED"}}

The plugin already guards the header with if (privateKey != null) and still sends the required affiliateId.

A real in-app SideShift swap could not be driven to the success scene from this test slot because SideShift hard-blocks shift creation from US IPs (createShift:false; the ACCESS_DENIED page lists the United States as a blocked country). This is a US geo-restriction independent of this change, not a regression. The app was built from this branch (with privateKey absent from env.json) and drove a live BTC->ETH swap quote with the confirm slider, so the swap flow itself is functional with the change.