1e858e1d1f
Closes the P1.1 defense-in-depth gap: wasm-bindgen's auto-generated .free() previously dropped the SessionHandle wrapper (a u32) without removing the SESSIONS HashMap entry, leaving the master key and image_secret in WASM linear memory until JS explicitly called lock(handle). Drop now wires .free() to session::remove, and the new native test pins the contract. Refs: docs/superpowers/specs/2026-05-04-security-polish-design.md (Phase 1) Refs: docs/superpowers/reviews/2026-05-04-architecture-review.md (P1.1) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
582 B
582 B