Fix 4 P1 and 2 P2 code review findings for FRE-4576

P1 fixes:
- Fix import paths in background/index.ts (./ -> ../lib/)
- Fix Promise-in-string bug in api-client.ts authenticate()
- Add missing background/service_worker key to manifest
- Copy HTML to public/ so Vite places them in dist

P2 fixes:
- Add notifications permission to manifest
- Make showWarningNotification async with proper await

Co-Authored-By: Paperclip <noreply@paperclip.ing>

packages/extension/src/background/index.ts

@@ -1,8 +1,8 @@
-import { UrlCheckResult, UrlVerdict, ThreatInfo, BackgroundMessage, MessageType, SubscriptionTier, PhishingReport } from '../types';
-import { urlCache, CACHE_TTL } from './cache';
-import { phishingDetector } from './phishing-detector';
-import { settingsManager } from './settings';
-import { shieldApiClient } from './api-client';
+import { UrlCheckResult, UrlVerdict, ThreatInfo, BackgroundMessage, MessageType, SubscriptionTier, PhishingReport, ExtensionSettings } from '../types';
+import { urlCache, CACHE_TTL } from '../lib/cache';
+import { phishingDetector } from '../lib/phishing-detector';
+import { settingsManager } from '../lib/settings';
+import { shieldApiClient } from '../lib/api-client';
 
 let threatsBlockedToday = 0;
 let urlsCheckedToday = 0;
@@ -140,17 +140,15 @@ async function showBlockedPage(tabId: number, url: string): Promise<void> {
   await chrome.tabs.update(tabId, { url: blockedUrl });
 }
 
-function showWarningNotification(result: UrlCheckResult): void {
-  const showNotif = settingsManager.get().then(s => s.showNotifications);
-  Promise.resolve(showNotif).then((enabled) => {
-    if (!enabled) return;
-    chrome.notifications.create({
-      type: 'basic',
-      iconUrl: 'icons/icon48.png',
-      title: 'ShieldAI Warning',
-      message: `${result.verdict.toUpperCase()}: ${result.domain}`,
-      priority: result.verdict === UrlVerdict.PHISHING ? 2 : 0,
-    });
+async function showWarningNotification(result: UrlCheckResult): Promise<void> {
+  const settings = await settingsManager.get();
+  if (!settings.showNotifications) return;
+  await chrome.notifications.create({
+    type: 'basic',
+    iconUrl: 'icons/icon48.png',
+    title: 'ShieldAI Warning',
+    message: `${result.verdict.toUpperCase()}: ${result.domain}`,
+    priority: result.verdict === UrlVerdict.PHISHING ? 2 : 0,
   });
 }
 

packages/extension/src/lib/api-client.ts

@@ -88,7 +88,8 @@ export class ShieldApiClient {
 
   async authenticate(apiKey: string): Promise<{ userId: string; tier: SubscriptionTier } | null> {
     try {
-      const response = await fetch(`${settingsManager.get().then(s => s.apiBaseUrl)}/extension/auth`, {
+      const settings = await settingsManager.get();
+      const response = await fetch(`${settings.apiBaseUrl}/extension/auth`, {
         method: 'POST',
         headers: {
           'Content-Type': 'application/json',