fix(wasm): stop rejecting legitimate large folder drops

[danielewood]

Summary

• remove the arbitrary 200-file cap from WASM upload and inspect flows
• keep the per-file and total byte limits, and document that file-count caps are intentionally disallowed here
• include the web/package-lock.json refresh produced by the required npm-update hook run

Testing

• pre-commit run --all-files

[Copilot]

Pull request overview

This PR updates the WASM (browser) ingestion/inspection flows to stop rejecting legitimate large folder drops by removing the hard 200-file cap, relying instead on per-file and total byte limits.

Changes:

• Remove the 200-file cap from WASM addFiles upload flow.
• Remove the 200-file cap from WASM inspectFiles inspection flow.
• Update CHANGELOG.md and refresh web/package-lock.json via the npm-update hook.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File	Description
cmd/wasm/main.go	Removes the file-count cap and documents that WASM input should be limited by bytes only.
cmd/wasm/inspect.go	Removes the file-count cap from the inspect path to match upload behavior.
CHANGELOG.md	Documents the behavioral change under Fixed in [Unreleased].
web/package-lock.json	Lockfile refresh (dependency metadata/version update).

Files not reviewed (1)

• web/package-lock.json: Language not supported

[Copilot]

Now that the file-count cap is removed, length may be very large. In addFiles, when readWASMFileData starts returning the total-bytes-limit error, the loop continues and appends an error result for every remaining file. This can create a huge results JSON payload and a lot of work/logging for drops with thousands of files. Consider detecting the total-bytes-limit condition and stopping early (e.g., break/reject with a single error, or mark the remainder skipped without iterating).

[claude]

Code review

1 issue found.

---

CL-4: Missing link definition for [#129] in CHANGELOG.md

The changelog entry added by this PR uses ([#129]) as a reference, but the corresponding link definition is missing from the bottom of the file.

Per CLAUDE.md rule CL-4: "Add the corresponding link definition at the bottom of the file in the reference links section for PR refs (e.g., [#129]: https://github.com/sensiblebit/certkit/pull/129)"

The link definitions section at the bottom of CHANGELOG.md goes up through [#128] with no [#129] entry. Without this definition, the ([#129]) reference renders as plain text rather than a clickable hyperlink.

See the entry:

certkit/CHANGELOG.md

Line 33 in c68b53e

- Remove the arbitrary 200-file cap from WASM upload and inspect flows; rely on byte limits instead. ([#129])

Fix: Add the following line to the link-definitions block at the bottom of CHANGELOG.md:

[#129]: https://github.com/sensiblebit/certkit/pull/129

[claude]

Code review. Issues found: CL-4 (MUST) - Missing link definition for the PR ref. See CLAUDE.md CL-4. The changelog entry uses ([#129]) as a reference on line 33, but the corresponding link definition is not present at the bottom of CHANGELOG.md. Without it, Markdown renderers cannot resolve the reference to the PR URL. Relevant line:

certkit/CHANGELOG.md

Lines 32 to 34 in c68b53e

	- Remove the arbitrary 200-file cap from WASM upload and inspect flows; rely on byte limits instead. ([#129])
	- Make `scan --bundle-path` skip untrusted/verification-failing bundle candidates instead of aborting the full export run. ([#112])

. Fix: add [#129]: #129 to the bottom of CHANGELOG.md after the [#128] entry. No other issues found. Checked for bugs and CLAUDE.md compliance.