fix(ext): allow rate_passphrase + is_unlocked from setup tab; add diagnostic logging

Bug: setup tab's zxcvbn meter silently stayed at score=-1 because the router's isSetup exception only allowed save_setup, so rate_passphrase got unauthorized_sender. Result: the "create vault" button stayed disabled forever even with a strong passphrase. Fix: add a narrow SETUP_ALLOWED set containing save_setup, rate_passphrase, and is_unlocked (step-4 extension detection). Reject everything else from the setup tab. Also clean up setup.ts's unlock call — it was passing the raw 32-byte imageSecret where JPEG bytes with embedded secret are required; the Rust-side unlock calls imgsecret:: extract internally. Diagnostic logging across the message path so the next silent failure speaks up: - [relicario setup] staged logs through vault-init; console.error with the failure stage name in the UI banner. - [relicario setup] rate_passphrase lastError / rejected / threw branches each log their own warning. - [relicario router] console.warn on unauthorized_sender (with sender classification) and unknown_message_type. - [relicario sw] first-message wasm init announced; per-message non-ok result logged; thrown errors console.error'd. Tests: +3 setup-allowlist tests (rate_passphrase accepted, is_unlocked accepted, fill_credentials + unlock rejected). 55/55 green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-22 19:32:00 -04:00
parent 3238ef4dd4
commit 4341124d38
5 changed files with 369 additions and 27 deletions
--- a/extension/src/service-worker/index.ts
+++ b/extension/src/service-worker/index.ts
@@ -46,11 +46,25 @@ const state: RouterState = {
 chrome.runtime.onMessage.addListener(
  (request: Request, sender: chrome.runtime.MessageSender, sendResponse: (r: Response) => void) => {
    (async () => {
-      if (!state.wasm) state.wasm = await initWasm();
+      if (!state.wasm) {
+        // eslint-disable-next-line no-console
+        console.log('[relicario sw] initializing WASM on first message');
+        state.wasm = await initWasm();
+      }
      return route(request, state, sender);
    })()
-      .then(sendResponse)
-      .catch((err: Error) => sendResponse({ ok: false, error: err.message }));
+      .then((r) => {
+        if (!r.ok) {
+          // eslint-disable-next-line no-console
+          console.warn(`[relicario sw] ${request.type} -> error:`, r.error);
+        }
+        sendResponse(r);
+      })
+      .catch((err: Error) => {
+        // eslint-disable-next-line no-console
+        console.error(`[relicario sw] ${request.type} threw:`, err);
+        sendResponse({ ok: false, error: err.message });
+      });
    return true; // async response
  },
 );