diff --git a/extension/src/service-worker/router/popup-only.ts b/extension/src/service-worker/router/popup-only.ts
index 01cfef2..dc7b640 100644
--- a/extension/src/service-worker/router/popup-only.ts
+++ b/extension/src/service-worker/router/popup-only.ts
@@ -218,6 +218,10 @@ export async function handle(
         }
 
         const plaintext = new Uint8Array(msg.bytes);
+        // Cap enforcement layering:
+        // - per_attachment_max_bytes: enforced here via WASM (defense-in-depth)
+        // - per_item_max_count, per_vault_*_cap_bytes: enforced client-side in
+        //   the popup (Task 7's attachments-disclosure component does this).
         const encrypted = state.wasm.attachment_encrypt(handle, plaintext, maxBytes);
         // encrypted: EncryptedAttachment — exposes .aid (string) and .bytes (Uint8Array)
         const aid: string = encrypted.aid;
@@ -266,7 +270,7 @@ export async function handle(
         const ref = item.attachments.find((a) => a.id === msg.attachmentId);
         if (!ref) return { ok: false, error: 'attachment_not_found' };
 
-        const blobPath = `attachments/${msg.attachmentId}.bin`;
+        const blobPath = `attachments/${ref.id}.bin`;
         const encBytes = await state.gitHost.getBlob(blobPath);
         const decrypted = state.wasm.attachment_decrypt(handle, encBytes);