From 35444e02be1afe7e8fb0b2f02134a919b501ba25 Mon Sep 17 00:00:00 2001
From: adlee-was-taken <aaron.daniel.lee@gmail.com>
Date: Sat, 30 May 2026 21:43:50 -0400
Subject: [PATCH] fix(ext/sw): clear state.gitHost on session expiry (Plan C
 Phase 5)

DEV-C P2: expiry cleared manifest but left the cached git-host client.
The initializer rebuilds gitHost on demand, so clearing here is safe.

No new test: index.ts has top-level chrome.* side effects that make it
expensive to import in a unit test, and the change is a one-liner state
mutation in an inline callback. Manually verified by tracing call sites.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 extension/src/service-worker/index.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/extension/src/service-worker/index.ts b/extension/src/service-worker/index.ts
index cab9a83..2c68a3e 100644
--- a/extension/src/service-worker/index.ts
+++ b/extension/src/service-worker/index.ts
@@ -53,6 +53,9 @@ sessionTimer.onExpired(() => {
   console.log('[relicario sw] session expired — locking vault');
   clearCurrent();
   state.manifest = null;
+  // Plan C Phase 5: don't leak the cached git-host client across a lock.
+  // The initializer rebuilds gitHost on demand, so clearing here is safe.
+  state.gitHost = null;
   // Best-effort broadcast — receiver may not exist yet.
   chrome.runtime.sendMessage({ type: 'session_expired' }).catch(() => {});
 });