fix: Address deposit flow review feedback

[Copilot]

Several issues in the private deposit implementation: incorrect labels ("Ramp" instead of "Deposit"), wrong fee display on review screen, side effects inside useMemo, ignored method field in the handler, floating-point monetary arithmetic, and a sensitive data leak via console.log.

Backend (deposit.ts)

• Method validation: handler now explicitly rejects non-DIRECT methods with UNSUPPORTED_METHOD instead of silently treating all methods as DIRECT
• BigInt arithmetic: replaced float-based fee/amount math with pure integer arithmetic; getFeeForEntropyLevel now returns stroops as bigint directly, eliminating the float → string → BigInt conversion chain

  // Before
  const feeAmount = getFeeForEntropyLevel(entropyLevel); // number: 0.05
  const totalAmount = fromDecimals(parsedAmount + feeAmount, 7); // float addition
  
  // After
  const feeBigInt = getFeeForEntropyLevel(entropyLevel); // bigint: 500_000n
  const totalAmount = amountBigInt + feeBigInt; // integer addition

• Log removal: removed console.log("operationsMLXDR", ...) that leaked full operation XDR payloads

Frontend

• deposit-review-page.tsx: moved channel-fetching side effect from useMemo to useEffect; fixed displayed fee to match backend fee table (LOW=0.05, MEDIUM=0.25, HIGH=0.5, V_HIGH=0.75 XLM) instead of the incorrect utxoCount × 0.00001 approximation
• deposit-form-template.tsx: subpage title corrected from "Ramp" to "Deposit Funds"
• home-template.tsx: private view action label/key renamed from "Ramp"/"ramp" to "Deposit"/"deposit"

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• jsr.io
  • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[Copilot]

Pull request overview

This PR addresses several issues in the private deposit implementation, focusing on correcting UI labels, fixing fee calculations, eliminating floating-point arithmetic in the backend, removing side effects from React hooks, and addressing a security issue.

Changes:

• Backend: Added explicit method validation, migrated from float-based to BigInt arithmetic for monetary calculations, and removed a console.log that leaked operation XDR payloads
• Frontend: Moved channel-fetching from useMemo to useEffect, corrected fee display values, and updated UI labels from "Ramp" to "Deposit"

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
src/background/handlers/private/deposit.ts	Added method validation, converted fee calculations to return bigint (stroops), replaced floating-point arithmetic with integer arithmetic, removed sensitive data logging
src/popup/pages/deposit-review-page.tsx	Migrated side effect from useMemo to useEffect, fixed fee table to match backend values
src/popup/templates/deposit-form-template.tsx	Updated subpage title from "Ramp" to "Deposit Funds"
src/popup/templates/home-template.tsx	Updated action label and key from "Ramp"/"ramp" to "Deposit"/"deposit"

Comments suppressed due to low confidence (1)

src/popup/pages/deposit-review-page.tsx:91

• The totalAmount calculation still uses floating-point arithmetic (parseFloat and addition), which contradicts the PR's stated goal of eliminating floating-point monetary arithmetic. While this is only used for display purposes and the actual backend calculation now uses BigInt arithmetic correctly, the frontend should ideally use similar integer-based arithmetic for consistency and to avoid potential rounding errors in the display.

Consider using BigInt arithmetic for the display calculation as well, similar to the backend approach, to ensure the displayed total exactly matches what the backend calculates.

  const totalAmount = useMemo(() => {
    if (!formData) return undefined;
    const amount = parseFloat(formData.amount);
    const fee = parseFloat(estimatedFee);
    return (amount + fee).toFixed(7);
  }, [formData, estimatedFee]);

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.