Release v1.8.86 — keyVariation honours TYPE_NUMBER_VARIATION_PASSWORD

EditorInstance.handleStartInputView previously hard-coded keyVariation to
NORMAL for every Type.NUMBER field. That bypassed every privacy gate
keyed on keyVariation == PASSWORD for TYPE_NUMBER_VARIATION_PASSWORD
fields (numeric PIN / OTP entry) — most importantly the clipboard-history
exclusion in performClipboardCut / performClipboardCopy, so copied PINs
could land in the IME-local clipboard history.

Numeric PIN fields now propagate keyVariation = PASSWORD while still
selecting KeyboardMode.NUMERIC for the layout, so all existing
keyVariation gates fire (clipboard history, glide delete suppression,
long-press popup suppression, suggestion suppression).

FLAG_SECURE on the IME window was already correct via
InputAttributes.Variation.PASSWORD; only the keyVariation-side gate had
the gap.

Follow-up #1 from the v1.8.85 audit.

Author: SysAdminDoc

RELEASE_NOTES_v1.8.86.md

@@ -0,0 +1,63 @@
+# Release v1.8.86 — keyVariation honours TYPE_NUMBER_VARIATION_PASSWORD
+
+Date: 2026-05-17
+
+Follow-up #1 from the v1.8.85 audit pass.
+
+## What changed
+
+[app/src/main/kotlin/dev/patrickgold/florisboard/ime/editor/EditorInstance.kt](app/src/main/kotlin/dev/patrickgold/florisboard/ime/editor/EditorInstance.kt#L75-L120)
+— in `handleStartInputView`, when the focused field reports
+`InputAttributes.Type.NUMBER`, `activeState.keyVariation` was hard-coded to
+`KeyVariation.NORMAL`. That meant `TYPE_NUMBER_VARIATION_PASSWORD` fields
+(numeric PIN / OTP entry — bank PINs, app-lock PINs, TOTP codes) bypassed
+every privacy gate keyed on `keyVariation == KeyVariation.PASSWORD`,
+including the clipboard-history exclusion in
+`performClipboardCut` / `performClipboardCopy`.
+
+Net effect before this fix: a user copying a numeric OTP out of the IME
+selection (rare but possible) wrote the OTP into the IME-local clipboard
+history, where it would surface on the next clipboard-palette open.
+[FlorisImeService.applyFlagSecureForCurrentField](app/src/main/kotlin/dev/patrickgold/florisboard/FlorisImeService.kt#L562)
+already covered the FLAG_SECURE side via `InputAttributes.variation ==
+Variation.PASSWORD` (numeric PIN variation maps cleanly into that enum), so
+the IME window was correctly opaque to screenshots; only the local
+clipboard-history write was unguarded.
+
+After this fix: numeric PIN fields propagate `keyVariation = PASSWORD`
+while still selecting `KeyboardMode.NUMERIC` for the actual layout, so all
+existing `keyVariation == PASSWORD` gates fire — clipboard history, glide
+delete suppression (see TextKeyboardLayout.kt:151 / 646 / 788), long-press
+popup suppression (TextKey.kt:88), and the `isComposingEnabled` /
+suggestion-suppression branch.
+
+## Why this is a separate release
+
+Per [AGENTS.md §6](AGENTS.md) (one logical improvement per release).
+v1.8.85 was an explicit cross-subsystem exception; subsequent follow-ups
+return to per-feature commits.
+
+## Files touched
+
+- `app/src/main/kotlin/dev/patrickgold/florisboard/ime/editor/EditorInstance.kt`
+- `gradle.properties` — versionCode 1886 / versionName 1.8.86
+
+## Verification
+
+```powershell
+./gradlew.bat :app:testDebugUnitTest
+./gradlew.bat :app:lintDebug
+./gradlew.bat :app:assembleDebug
+./gradlew.bat :app:installDebug
+```
+
+Manual QA:
+- Focus a field declared `android:inputType="numberPassword"`. Verify the
+  numeric keyboard appears (mode preserved). Long-press a digit key —
+  popup should be suppressed (now-active PASSWORD gate).
+- Type some digits, select them via the system selection handles, tap the
+  IME's Cut/Copy quick action if shown. Open the clipboard palette and
+  confirm the digits do NOT appear in the history pane. Pre-fix they did.
+- Focus a regular numeric field (no `numberPassword` flag). Verify
+  long-press popups still work and clipboard cut/copy still writes to
+  history.

app/src/main/kotlin/dev/patrickgold/florisboard/ime/editor/EditorInstance.kt

@@ -75,7 +75,22 @@ class EditorInstance(context: Context) : AbstractEditorInstance(context) {
         super.handleStartInputView(editorInfo, isRestart)
         val keyboardMode = when (editorInfo.inputAttributes.type) {
             InputAttributes.Type.NUMBER -> {
-                activeState.keyVariation = KeyVariation.NORMAL
+                // TYPE_NUMBER_VARIATION_PASSWORD (numeric PIN / OTP fields)
+                // collapses to InputAttributes.Variation.PASSWORD. Mirror
+                // that through to keyVariation so the privacy gates that
+                // key off `keyVariation == KeyVariation.PASSWORD`
+                // (clipboard history in EditorInstance.performClipboardCut /
+                // performClipboardCopy, suggestion suppression here, glide /
+                // long-press scaling in TextKeyboardLayout, etc.) all fire
+                // for PIN entry. Without this, a numeric-PIN copy lands in
+                // the IME-local clipboard history.
+                activeState.keyVariation = if (editorInfo.inputAttributes.variation ==
+                    InputAttributes.Variation.PASSWORD
+                ) {
+                    KeyVariation.PASSWORD
+                } else {
+                    KeyVariation.NORMAL
+                }
                 KeyboardMode.NUMERIC
             }
             InputAttributes.Type.PHONE -> {

gradle.properties

@@ -15,5 +15,5 @@ projectMinSdk=26
 projectTargetSdk=36
 projectCompileSdk=36
 
-projectVersionCode=1885
-projectVersionName=1.8.85
+projectVersionCode=1886
+projectVersionName=1.8.86