Remove DEBUG lock-screen bypass, add DEBUG mode policy
All checks were successful
check / check (push) Successful in 11s
All checks were successful
check / check (push) Successful in 11s
DEBUG mode must behave identically to normal mode except for the red banner and hardcoded mnemonic. No other DEBUG branches without explicit owner approval. Policy documented in README.
This commit is contained in:
parent
88f57263fb
commit
b166a96e87
@ -231,6 +231,15 @@ it is almost certainly a bug. All cryptographic operations must go through
|
||||
Exceptions require explicit authorization in a code comment referencing this
|
||||
policy.
|
||||
|
||||
### DEBUG Mode Policy
|
||||
|
||||
The `DEBUG` constant in the popup JS enables a red "DEBUG / INSECURE" banner and
|
||||
a hardcoded test mnemonic. **DEBUG mode must behave as close to normal mode as
|
||||
possible.** No `if (DEBUG)` branches that skip functionality, bypass security
|
||||
flows, or alter program behavior beyond the banner and the hardcoded mnemonic.
|
||||
Adding new DEBUG-conditional branches requires explicit approval from the
|
||||
project owner.
|
||||
|
||||
### Key Decisions
|
||||
|
||||
- **No framework**: The popup UI is vanilla JS and HTML. The extension is small
|
||||
|
||||
@ -287,11 +287,6 @@ async function init() {
|
||||
|
||||
await loadState();
|
||||
|
||||
// In DEBUG mode, skip the lock screen (no encryption yet)
|
||||
if (DEBUG && state.hasWallet) {
|
||||
state.locked = false;
|
||||
}
|
||||
|
||||
if (!state.hasWallet) {
|
||||
showView("welcome");
|
||||
} else if (state.locked) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user