From 92734dd25153f9b0d97e5a53ec88ab192cdf8d42 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 8 Apr 2026 14:36:01 +0000
Subject: [PATCH 1/2] Initial plan


From 73cd5faab039f24ccf13dcbb8b5071a8f9cf1fed Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 8 Apr 2026 14:45:00 +0000
Subject: [PATCH 2/2] Add Brave wrapper script for isolated, ephemeral Hub
 sessions

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/ebc41311-f7da-40dd-b85b-87db3176a69a

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 modules/core/sovran-hub.nix | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/modules/core/sovran-hub.nix b/modules/core/sovran-hub.nix
index c34b363..df157a9 100644
--- a/modules/core/sovran-hub.nix
+++ b/modules/core/sovran-hub.nix
@@ -211,9 +211,22 @@ let
     fi
   '';
 
+  # ── Brave launcher wrapper: isolated temp profile, cleaned up on exit ─
+  hub-brave-wrapper = pkgs.writeShellScript "sovran-hub-brave.sh" ''
+    export PATH="${lib.makeBinPath [ pkgs.brave pkgs.coreutils ]}:$PATH"
+    HUB_DATA="$(mktemp -d -t sovran-hub-brave.XXXXXXXXXX)"
+    trap '[ -n "$HUB_DATA" ] && rm -rf "$HUB_DATA"' EXIT INT TERM
+    brave --app=http://localhost:8937 \
+          --class=sovran-hub \
+          --user-data-dir="$HUB_DATA" \
+          --disable-gpu \
+          --disable-features=WebRtcPipeWireCapturer \
+          --ozone-platform=wayland
+  '';
+
   # ── Hub auto-launch wrapper script ────────────────────────────────
   hub-autolaunch-script = pkgs.writeShellScript "sovran-hub-autolaunch.sh" ''
-    export PATH="${lib.makeBinPath [ pkgs.curl pkgs.brave ]}:$PATH"
+    export PATH="${lib.makeBinPath [ pkgs.curl ]}:$PATH"
 
     DISABLE_FLAG="/var/lib/sovran/hub-autolaunch-disabled"
     BOOT_FLAG="/run/sovran-hub-autolaunch-done"
@@ -232,7 +245,7 @@ let
       sleep 1
     done
 
-    brave --app=http://localhost:8937 --class=sovran-hub --disable-gpu --disable-features=WebRtcPipeWireCapturer --ozone-platform=wayland
+    ${hub-brave-wrapper}
   '';
 
   sovran-hub-web = pkgs.python3Packages.buildPythonApplication {
@@ -278,7 +291,7 @@ let
 Type=Application
 Name=Sovran Hub
 Comment=Open Sovran_SystemsOS Hub dashboard
-Exec=brave --app=http://localhost:8937 --class=sovran-hub --disable-gpu --disable-features=WebRtcPipeWireCapturer --ozone-platform=wayland
+Exec=${hub-brave-wrapper}
 Icon=sovran-hub
 Terminal=false
 Categories=System;