File: crates/web/src/trust_store.rs:92, 100, 116, 126, crates/web/src/state_bridge.rs:51, 73
Severity: quality
Obvious? no
These spots use .expect("WebTrustStore mutex poisoned") / .expect("cached mutex poisoned") to unwrap Mutex lock results. CLAUDE.md mandates StateActor or documented // state: lock-ok for every lock in lib crates.
trust_store.rs has no rationale comment, and the WASM single-threaded invariant means a Mutex is the wrong primitive — Rc<RefCell<T>> is the documented choice. Both a state-management policy violation and a pointless source of theoretical panics.
Fix: migrate trust_store.rs to Rc<RefCell<T>> (WASM single-threaded). For state_bridge.rs see also F38 — add a // state: lock-ok note duplicating the line-23 doc-comment justification.
Filed by /general-audit @ b901575 (2026-05-02). master: #513.
File:
crates/web/src/trust_store.rs:92, 100, 116, 126,crates/web/src/state_bridge.rs:51, 73Severity: quality
Obvious? no
These spots use
.expect("WebTrustStore mutex poisoned")/.expect("cached mutex poisoned")to unwrapMutexlock results. CLAUDE.md mandatesStateActoror documented// state: lock-okfor every lock in lib crates.trust_store.rshas no rationale comment, and the WASM single-threaded invariant means aMutexis the wrong primitive —Rc<RefCell<T>>is the documented choice. Both a state-management policy violation and a pointless source of theoretical panics.Fix: migrate
trust_store.rstoRc<RefCell<T>>(WASM single-threaded). Forstate_bridge.rssee also F38 — add a// state: lock-oknote duplicating the line-23 doc-comment justification.Filed by
/general-audit@b901575(2026-05-02). master: #513.