fix: v3.5.7 translator + bridge hardening (6 issues from deep audit)#94
Merged
fix: v3.5.7 translator + bridge hardening (6 issues from deep audit)#94
Conversation
A second-pass audit on translator.js (778 lines) and the page-bridge protocol surfaced six real issues. None of these would have been caught by the previous content.js-focused audit. Three are correctness bugs visible to users at the current scale; the rest add resilience as external dependencies (Puter.js, model names, Anthropic deprecation windows) shift under us. CRITICAL — Verify-queue tail-item race Items pushed between `_runVerifyQueue`'s while-loop exit and the `.finally()` clearing `_verifyLock` got queued but no new run was scheduled — on a quiet page they sat un-verified forever. Extracted `_kickVerifyQueue()` and made `.finally()` self-restart if items arrived during teardown. Also unified the two duplicate lock-create sites (queueGeminiVerify and BRIDGE_READY handler) onto the helper. HIGH — IndexedDB cache poisoning `_cacheTranslation` wrote whatever GT/Gemini returned to disk and served it for 30 days. A single corrupted response or transient proxy error page poisoned the cache. Added `_isValidTranslation` that rejects HTML tags, length ratios over 10×, and >95% ASCII for non-Latin target languages (typical refusal/error string). Skipped payloads silently retry on the next page load. HIGH — Bridge-injection retry `script.onerror` and bridge timeout used to kill AI features for the whole tab session — one CDN hiccup, one CSP transient, dead tutor until reload. New `_injectPageBridgeWithRetry` does up to 2 retries with exponential backoff (500/1000/2000 ms). The `skillbridge:bridgeunavailable` banner now only fires after the retry budget is exhausted, not on the first failure. HIGH — Model-name fallback chain All `puter.ai.chat` calls in page-bridge now route through `_puterChat`, which catches model-not-found errors and retries once with a fallback (`claude-sonnet-4-6` → `4-5`, `claude-opus-4-7` → `4-6`, `gemini-2.0-flash` → `1.5-flash`). When Anthropic deprecates Sonnet 4.6 (likely within months) the tutor falls back instead of 500-erroring at the user. MEDIUM — Stale-language verify writes Verify items now stamp `_langGeneration` at queue time. `_runVerifyQueue` filters stale batches, and `_verifySingle` re-checks after the Gemini await fence (which can be seconds long) before calling `_notifyUpdate`. Without this, a user switching language mid-page saw old-language text overwrite their new translation. content.js calls `translator.bumpLangGeneration()` from `switchLanguage`. MEDIUM — `_cacheTranslation` actually awaits Was declared async but returned the moment `store.put()` was queued — callers' `await` was a no-op. Now resolves on `tx.oncomplete`. Caller timing assumptions (e.g. eviction-then-retry flows from the v3.5.6 fix) now hold. Tests 309/309 pass; lint, format, selector-health, dicts, bg-sync, glossary, translate-validate, firefox build, bundle build all green. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Second-pass deep audit on the bridge layer (
translator.js778 lines +page-bridge.js251 lines +puter.js) found six real issues. The previous content.js-focused audit (#92) didn't cover this surface. Three are correctness bugs at current scale; the rest add resilience as external deps shift._kickVerifyQueue+ self-restart from.finally_isValidTranslationrejects HTML / length>10× / >95% ASCII for non-Latin_injectPageBridgeWithRetry— 2 retries, exp backoffclaude-sonnet-4-6no fallback_puterChatwraps all calls with deprecation chain_langGenerationstamp + re-check after Gemini await_cacheTranslationreturned beforestore.putcommittedtx.oncompleteWhy now
The user's concern was: AI/Skilljar/Anthropic are all moving fast and we have no production telemetry. Issues #2, #3, #4 are specifically resilience plays:
Verification (local)
Test plan
Known follow-ups (NOT in this PR)
🤖 Generated with Claude Code