fix: listener leak, archive path, vault index cache, edge cases

[mishachepi]

• Move statusBarEl click listener to onload() to prevent accumulation
• Use sourcePath for archive instead of recomputing path (subfolder fix)
• Cache vault index and invalidate on file changes (was O(n) per keystroke)
• Extract filterSchemaList() shared helper for search logic
• Normalize paths before traversal check
• Fix empty schemaDir edge case in isSchemaFile
• Vault index: full path first, basename first-wins for duplicates
• Add site/ to gitignore, fix package name in lockfile, emoji validator

[mishachepi]

Junior Code Review

Solid bugfix PR addressing listener leaks, caching, and edge cases. The changes are well-structured and the fixes are appropriate. One minor note on path normalization but nothing blocking.

Findings

Severity	Count
🟢 Low	1

🟢 Low

• [security] src/bridge.ts:145 — The path normalization in assertSafePath uses simple string replacement (replace(/\/\.\//, "/").replace(/\/+/g, "/")) which doesn't fully canonicalize paths. For example, a path like foo/./bar/../../../etc would become foo/bar/../../../etc after the first replace, and the .. check would catch it — so it's safe here. But consider using a proper path normalization (e.g., splitting on / and resolving ./.. segments) for robustness against future bypasses.

---

Reviewed by Junior AI | claudecode | 154,682 tokens