fix(ext/shared): correct AttachmentCaps field names to match Rust core

The previous commit (f963ae3) used per_item_max_bytes and per_vault_*_max_bytes which don't match the Rust core's struct (per_item_max_count and per_vault_*_cap_bytes). Also fixes the per-item semantics: it's a COUNT of attachments per item, not a byte sum. Spec and plan docs updated in-place so future Task 7 cap-enforcement implementation uses the correct names + semantics. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 09:42:51 -04:00
parent f963ae33af
commit 71c182af9a
3 changed files with 14 additions and 13 deletions
--- a/docs/superpowers/plans/2026-04-24-relicario-extension-1c-gamma1.md
+++ b/docs/superpowers/plans/2026-04-24-relicario-extension-1c-gamma1.md
@@ -66,12 +66,13 @@ Replace the comment line and add the type definition just above the interface:
 ```ts
 /// Optional per-level caps on attachment plaintext sizes.
 /// All fields optional; if undefined that level is uncapped.
+/// Field names mirror the Rust core's `AttachmentCaps` struct.
 /// γ₁ enforces; γ₂ ships the configuration UI.
 export interface AttachmentCaps {
  per_attachment_max_bytes?: number;
-  per_item_max_bytes?: number;
-  per_vault_soft_max_bytes?: number;
-  per_vault_hard_max_bytes?: number;
+  per_item_max_count?: number;           // count of attachments per item, NOT bytes
+  per_vault_soft_cap_bytes?: number;     // soft cap — warn user but allow
+  per_vault_hard_cap_bytes?: number;     // hard cap — reject
 }

 export interface VaultSettings {
@@ -1107,15 +1108,14 @@ Note: the cap-check TODO is left as a comment. Implementer should add the actual
 Replace the `// TODO: cap-checks` with:

 ```ts
-const settings = (await sendMessage({ type: 'get_vault_settings' }))?.data as { settings: { attachment_caps: { per_attachment_max_bytes?: number; per_item_max_bytes?: number } } } | undefined;
+const settings = (await sendMessage({ type: 'get_vault_settings' }))?.data as { settings: { attachment_caps: { per_attachment_max_bytes?: number; per_item_max_count?: number } } } | undefined;
 const caps = settings?.settings.attachment_caps ?? {};
 if (caps.per_attachment_max_bytes && file.size > caps.per_attachment_max_bytes) {
  alert(`file too large (${formatBytes(file.size)} / cap ${formatBytes(caps.per_attachment_max_bytes)})`);
  return;
 }
-const currentItemBytes = opts.attachments.reduce((s, a) => s + a.size, 0);
-if (caps.per_item_max_bytes && currentItemBytes + file.size > caps.per_item_max_bytes) {
-  alert(`item attachments would exceed per-item cap (${formatBytes(currentItemBytes + file.size)} / ${formatBytes(caps.per_item_max_bytes)})`);
+if (caps.per_item_max_count && opts.attachments.length + 1 > caps.per_item_max_count) {
+  alert(`item attachment count would exceed per-item cap (${opts.attachments.length + 1} / ${caps.per_item_max_count})`);
  return;
 }
 ```
--- a/docs/superpowers/specs/2026-04-24-relicario-extension-1c-gamma1-design.md
+++ b/docs/superpowers/specs/2026-04-24-relicario-extension-1c-gamma1-design.md
@@ -193,9 +193,9 @@ The blob itself (`attachments/<id>.bin`) is written FIRST, so even if the item/m
 Caps live in `VaultSettings.attachment_caps` (β₂ shipped the schema; the UI is γ₂). γ₁ reads the four caps and enforces:

 - `per_attachment_max_bytes`: rejected at popup before sending to SW (cheap; fails fast)
- `per_item_max_bytes`: sum of plaintext sizes of all attachments on the item; rejected at popup
- `per_vault_soft_max_bytes`: sum of plaintext sizes across all items (computed from manifest summaries); shows warning toast but allows upload
- `per_vault_hard_max_bytes`: same sum; hard reject at popup
+- `per_item_max_count`: count of attachments on the item (not bytes); rejected at popup
+- `per_vault_soft_cap_bytes`: sum of plaintext sizes across all items (computed from manifest summaries); shows warning toast but allows upload
+- `per_vault_hard_cap_bytes`: same sum; hard reject at popup

 If any cap is `undefined`, no limit is enforced for that level. γ₂ will surface the configuration UI; in γ₁ users without explicit caps get unlimited attachments (modulo the implementation's practical limits — large blobs work via Git Data API, but uploading a 50 MB file will be slow).

--- a/extension/src/shared/types.ts
+++ b/extension/src/shared/types.ts
@@ -198,12 +198,13 @@ export type HistoryRetention =

 /// Optional per-level caps on attachment plaintext sizes.
 /// All fields optional; if undefined that level is uncapped.
+/// Field names mirror the Rust core's `AttachmentCaps` struct.
 /// γ₁ enforces; γ₂ ships the configuration UI.
 export interface AttachmentCaps {
  per_attachment_max_bytes?: number;
-  per_item_max_bytes?: number;
-  per_vault_soft_max_bytes?: number;
-  per_vault_hard_max_bytes?: number;
+  per_item_max_count?: number;           // count of attachments per item, NOT bytes
+  per_vault_soft_cap_bytes?: number;     // soft cap — warn user but allow
+  per_vault_hard_cap_bytes?: number;     // hard cap — reject
 }

 export interface VaultSettings {