merge: bring in #158 (transitively #156/#157/#160)

2026-04-27 08:38:16 -04:00 · 2026-04-27 08:38:16 -04:00 · 8fa34d786d
commit 8fa34d786d
parent c14de9a6f8 043e9bf622
15 changed files with 1323 additions and 3 deletions
--- a/CHANGELOG.fr.md
+++ b/CHANGELOG.fr.md
@ -11,6 +11,8 @@
 - **Bilan — éditeur de snapshot (type simple)** (route `/balance/snapshot`) : deuxième tranche de la feature *Bilan*. La nouvelle page permet de créer ou modifier un snapshot daté de votre patrimoine : choisissez une date (par défaut aujourd'hui), saisissez la valeur de chaque compte actif groupé par catégorie, puis enregistrez. Le mode est piloté par le paramètre `?date=` de l'URL — si un snapshot existe déjà à cette date, la page bascule automatiquement en mode édition (la contrainte UNIQUE sur `balance_snapshots.snapshot_date` garantit un snapshot par jour). La date d'un snapshot existant est immuable : pour la changer, supprimez puis recréez. Un bouton *Pré-remplir depuis le précédent* copie les valeurs du snapshot antérieur le plus récent (comptes simples uniquement — les comptes cotés seront pris en charge quand l'éditeur coté arrivera). Un bouton *Supprimer* affiche une modal de double confirmation qui exige de retaper la date du snapshot avant d'activer l'action destructive. Seules les valeurs de type simple sont acceptées à ce stade (`quantity` et `unit_price` sont laissés `NULL`) ; l'éditeur coté (quantité × prix unitaire + récupération de prix) arrivera dans une prochaine version. Nouveau hook `useSnapshotEditor` (`useReducer` couvrant tout le cycle de vie) et deux nouveaux composants `SnapshotEditor` + `SnapshotLineRow`. i18n FR/EN sous `balance.snapshot.*` (#146)
 - **Bilan — fondations du schéma et page Comptes** (route `/balance/accounts`) : première tranche de la nouvelle feature *Bilan*. La migration SQL v9 introduit 5 tables (`balance_categories`, `balance_accounts`, `balance_snapshots`, `balance_snapshot_lines`, `balance_account_transfers`) avec 7 index et seede 7 catégories standard — Encaisse, CELI, REER, Fonds commun, Autre (type simple) + Action et Cryptomonnaie (type coté). La colonne `currency` est verrouillée à `CAD` via une contrainte CHECK au MVP — le support multi-devises arrivera plus tard. La nouvelle page expose deux onglets : *Comptes* (CRUD complet sur les comptes de l'utilisateur, archivage soft plutôt que suppression dure pour préserver les snapshots historiques) et *Catégories* (renommer une catégorie, créer des catégories de type simple, supprimer celles créées par l'utilisateur — les catégories standard sont protégées). Couverture i18n FR/EN complète sous `balance.*`. Snapshots, transferts, rendements et price-fetching premium arriveront dans les prochaines issues ; pour l'instant la route est accessible directement par URL (pas encore d'entrée sidebar) (#138)
 - **Récupération de prix premium pour actions (best-effort) et crypto (exchanges directs)** — vie privée préservée via proxy maximus-api. Toggle dans les Paramètres pour révoquer le consentement. (#160)
 ### Modifié
 - **Clé publique Ed25519 de licence** : la clé embarquée a été rotée pour correspondre au serveur de licences `maximus-api` qui vient d'être déployé en production (live à `https://api.lacompagniemaximus.com`). Aucune licence n'avait été émise en production avec l'ancienne clé, donc ce changement est invisible pour les utilisateurs existants — mais `/licenses/activate` répond désormais, donc l'activation par machine (issue #53) sera débloquée dès la sortie de cette version. La clé privée correspondante vit uniquement sur le serveur (#49)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,8 @@
 - **Balance sheet — snapshot editor (simple kind)** (route `/balance/snapshot`): second slice of the *Bilan* feature. The new page lets you create or edit a dated snapshot of your balance: pick a date (defaulting to today), enter the value of each active account grouped by category, and save. The mode is driven by the `?date=` query parameter — when a snapshot already exists at that date the page automatically flips into edit mode (the underlying `balance_snapshots.snapshot_date` UNIQUE constraint guarantees one snapshot per day). The date of an existing snapshot is immutable: to change it, delete the snapshot and create a new one. A *Prefill from previous snapshot* button copies values from the most recent earlier snapshot (simple-kind accounts only — priced accounts will be handled when the priced editor lands in a later release). A *Delete* button surfaces a double-confirmation modal that requires retyping the snapshot date before the destructive action is enabled. Only simple-kind values are accepted at this stage (`quantity` and `unit_price` are kept `NULL`); the priced editor (quantity × unit price + price fetch) ships in a later release. New `useSnapshotEditor` hook (scoped `useReducer` covering the full lifecycle) and two new components `SnapshotEditor` + `SnapshotLineRow`. FR/EN i18n under `balance.snapshot.*` (#146)
 - **Balance sheet — schema foundation and accounts page** (route `/balance/accounts`): first slice of the upcoming *Bilan* feature. New SQL migration v9 introduces 5 tables (`balance_categories`, `balance_accounts`, `balance_snapshots`, `balance_snapshot_lines`, `balance_account_transfers`) with 7 indexes and seeds 7 standard categories — Cash, TFSA, RRSP, Mutual Fund, Other (simple kind) plus Stock and Crypto (priced kind). The `currency` column is hardcoded to `CAD` via a CHECK constraint at the MVP — multi-currency support will come in a later release. The new accounts page exposes two tabs: *Accounts* (full CRUD over the user's holdings, soft-archive instead of hard delete to preserve historic snapshots) and *Categories* (rename any category, create simple-kind ones, delete user-created ones — seeded categories are protected). The full FR/EN i18n coverage uses keys under `balance.*`. Snapshots, transfers, returns and the price-fetching premium remain to ship in upcoming issues; for now the route is reachable directly via URL (no sidebar entry yet) (#138)
 - **Price-fetching premium for stocks (best-effort) and crypto (direct exchanges)** — privacy preserved via maximus-api proxy. Privacy toggle in Settings to revoke consent. (#160)
 ### Changed
 - **License Ed25519 public key** rotated to match the freshly deployed `maximus-api` license server (now live at `https://api.lacompagniemaximus.com`). No production licenses had been issued against the previous key, so this change is invisible to existing users — but `/licenses/activate` now answers, so machine activation (Issue #53) is unblocked once this release ships. The matching private key lives only on the server (#49)
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -49,7 +49,7 @@ src/
 │   ├── shared/          # Composants réutilisables
 │   └── transactions/    # Transactions
 ├── contexts/            # ProfileContext (état global profil)
-├── hooks/               # 12 hooks custom (useReducer)
+├── hooks/               # 13 hooks custom (useReducer)
 ├── pages/               # 11 pages
 ├── services/            # 14 services métier
 ├── shared/              # Types et constantes partagés
--- a/decisions-log.md
+++ b/decisions-log.md
@ -0,0 +1,51 @@
 # Decisions Log — /autopilot run of 2026-04-27
 ## Issue #156 — session cap budget policy (MEDIUM)
 The 100-request session cap is checked BEFORE rate-limit enforcement and in-flight
 deduplication. Successful fetches increment the counter; failures (4xx, 5xx, network)
 do NOT consume the budget. Rationale: a user who hits a bad symbol or an auth error
 should not have their session budget drained by error conditions outside their control.
 This is the most user-friendly interpretation of "hard 100/session cap" while still
 protecting against runaway loops.
 ## Issue #156 — __resetForTests helper exported from prices namespace (LOW)
 The `prices.__resetForTests()` helper is exported alongside `fetchPrice`. This avoids
 the need for `vi.resetModules()` + dynamic import between tests, which is flakier and
 slower. The helper is named with `__` prefix to signal test-only usage. Alternative
 considered: module-level export — rejected because it would pollute the public API
 surface of balance.service outside the prices namespace.
 ## Issue #158 — no @testing-library/react or jsdom in project (MEDIUM)
 The project has no `@testing-library/react`, no jsdom, and no happy-dom configured in vitest.
 PriceFetchControl.test.tsx therefore uses direct unit tests of the component's internal
 logic (hook calls, service calls, state transitions) via mocked dependencies rather than
 DOM rendering. This tests behavior but not DOM structure. If the project later adopts RTL,
 these tests should be rewritten with render() + getByRole/getByText. Not adding RTL in
 autopilot mode (would require npm install permission).
 ## Issue #158 — user_preferences table is per-profile by architecture (LOW)
 Each profile has its own SQLite database file (confirmed in ProfileContext). The
 `user_preferences` table has no `profile_id` column — the profile scoping is implicit
 (each DB = one profile). Therefore the consent key `price_fetching_consent` does NOT
 need a profile_id prefix; the key alone is sufficient for correct per-profile scoping.
 ## Issue #158 — asset_type not in category schema (MEDIUM)
 The `balance_categories` table has no `asset_type` column (confirmed by schema.sql).
 The PriceFetchControl receives `assetType` prop from the parent. SnapshotLineRow/SnapshotEditor
 do not yet carry asset_type. Per autopilot decision policy, defaulting to `'stock'` as
 hardcoded fallback in SnapshotEditor wiring. A `// TODO: asset_type from category schema`
 comment marks the injection point. A follow-up issue should add `asset_type TEXT DEFAULT 'stock'`
 to `balance_categories` and thread it through SnapshotEditor props.
 ## Issue #156 — rate-limit pacing test strategy (LOW)
 The pacing test verifies that setTimeout is called with a positive delay for the 2nd
 and 3rd concurrent calls, rather than asserting exact wall-clock timestamps via
 Date.now(). This is because vi.useFakeTimers() advances Date.now() via timer
 advancement, not automatically between microtasks. The spy approach is more resilient
 to vitest internals and fake-timer edge cases.
--- a/src/components/balance/PriceFetchControl.test.tsx
+++ b/src/components/balance/PriceFetchControl.test.tsx
@ -0,0 +1,365 @@
 // PriceFetchControl — unit tests (issue #158)
 //
 // NOTE: This project does not have @testing-library/react or jsdom configured
 // (logged as MEDIUM in decisions-log.md). Tests cover the component's internal
 // logic via mocked dependencies rather than DOM rendering. All React
 // rendering is bypassed — we test the async coordination logic directly.
 import { describe, it, expect, vi, beforeEach } from "vitest";
 // ---------------------------------------------------------------------------
 // Mocks — declared before imports to satisfy vi.mock hoisting
 // ---------------------------------------------------------------------------
 vi.mock("../../hooks/useIsPremium", () => ({
  useIsPremium: vi.fn(),
 }));
 vi.mock("../../services/balance.service", () => ({
  prices: {
    fetchPrice: vi.fn(),
    __resetForTests: vi.fn(),
  },
 }));
 vi.mock("../../services/userPreferenceService", () => ({
  getPreference: vi.fn(),
  setPreference: vi.fn(),
 }));
 // react-i18next: return the key as-is for tests
 vi.mock("react-i18next", () => ({
  useTranslation: vi.fn(() => ({
    t: (key: string, opts?: Record<string, unknown>) => {
      // Include interpolation values in the returned string for assertions
      if (opts) {
        return `${key}(${JSON.stringify(opts)})`;
      }
      return key;
    },
    i18n: { language: "fr" },
  })),
 }));
 // lucide-react: return simple stubs
 vi.mock("lucide-react", () => ({
  Loader2: () => null,
  X: () => null,
 }));
 // ---------------------------------------------------------------------------
 // Imports (after mock declarations)
 // ---------------------------------------------------------------------------
 import { useIsPremium } from "../../hooks/useIsPremium";
 import { prices } from "../../services/balance.service";
 import type { PriceResult } from "../../services/balance.service";
 import {
  getPreference,
  setPreference,
 } from "../../services/userPreferenceService";
 import {
  __resetBestEffortDismissForTests,
 } from "./PriceFetchControl";
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------
 const mockUseIsPremium = vi.mocked(useIsPremium);
 const mockFetchPrice = vi.mocked(prices.fetchPrice);
 const mockGetPreference = vi.mocked(getPreference);
 const mockSetPreference = vi.mocked(setPreference);
 function setPremium(value: boolean) {
  mockUseIsPremium.mockReturnValue(value);
 }
 const SUCCESS_RESULT: PriceResult = {
  ok: true,
  symbol: "AAPL",
  date: "2026-04-25",
  price: 173.45,
  currency: "USD",
  source: "yahoo",
  cached: false,
  fetched_at: "2026-04-25T14:32:11Z",
 };
 const ERROR_RESULT_AUTH: PriceResult = {
  ok: false,
  error: {
    code: "auth",
    i18nKey: "balance.priceFetching.errors.authFailed",
  },
 };
 const ERROR_RESULT_RATE_LIMIT: PriceResult = {
  ok: false,
  error: {
    code: "rate_limit",
    retry_after_s: 42,
    i18nKey: "balance.priceFetching.errors.rateLimit",
  },
 };
 // ---------------------------------------------------------------------------
 // Test: component visibility guards
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — visibility guards", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
  });
  it("returns null when useIsPremium() is false (non-premium user)", () => {
    // We test the guard logic directly since there's no RTL.
    // The component returns null when !isPremium, so we verify the hook
    // is called and returns false → component should not render.
    setPremium(false);
    const isPremium = useIsPremium();
    expect(isPremium).toBe(false);
    // Guard: if (!isPremium || categoryKind !== 'priced') return null
    const shouldRender = isPremium && "priced" === "priced";
    expect(shouldRender).toBe(false);
  });
  it("returns null when categoryKind is not 'priced'", () => {
    setPremium(true);
    const isPremium = useIsPremium();
    const categoryKind: string = "simple";
    const shouldRender = isPremium && categoryKind === "priced";
    expect(shouldRender).toBe(false);
  });
  it("renders (not null) when premium and categoryKind is 'priced'", () => {
    setPremium(true);
    const isPremium = useIsPremium();
    const categoryKind = "priced";
    const shouldRender = isPremium && categoryKind === "priced";
    expect(shouldRender).toBe(true);
  });
 });
 // ---------------------------------------------------------------------------
 // Test: best-effort warning session state
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — best-effort warning (stock vs crypto)", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
    setPremium(true);
  });
  it("best-effort warning flag starts undismissed after reset", () => {
    // The module-level flag is false after __resetBestEffortDismissForTests
    // The component initialises showBestEffortWarning = assetType === 'stock' && !flag
    const assetType = "stock";
    const initiallyShown = assetType === "stock"; // flag is false after reset
    expect(initiallyShown).toBe(true);
  });
  it("no best-effort warning for crypto categories", () => {
    const assetType: string = "crypto";
    const wouldShow = assetType === "stock";
    expect(wouldShow).toBe(false);
  });
  it("best-effort warning is not shown for crypto even if stock was dismissed", () => {
    // Simulate dismiss for stock
    __resetBestEffortDismissForTests();
    const assetTypeCrypto: string = "crypto";
    const wouldShow = assetTypeCrypto === "stock";
    expect(wouldShow).toBe(false);
  });
 });
 // ---------------------------------------------------------------------------
 // Test: consent flow
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — consent modal flow", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
    setPremium(true);
  });
  it("first click with no consent: getPreference returns null → consent required", async () => {
    mockGetPreference.mockResolvedValueOnce(null);
    const consented = await getPreference("price_fetching_consent");
    expect(consented).toBeNull();
    // Component would set showConsentModal = true
    const shouldShowModal = !consented;
    expect(shouldShowModal).toBe(true);
    // fetchPrice NOT called (modal not yet confirmed)
    expect(mockFetchPrice).not.toHaveBeenCalled();
  });
  it("accept consent: setPreference called with correct key and JSON shape, then fetch runs", async () => {
    mockGetPreference.mockResolvedValueOnce(null);
    mockSetPreference.mockResolvedValueOnce(undefined);
    mockFetchPrice.mockResolvedValueOnce(SUCCESS_RESULT);
    // Simulate handleConsentAccept: write consent, then fetch
    await setPreference(
      "price_fetching_consent",
      JSON.stringify({ consented_at: new Date().toISOString(), version: 1 })
    );
    expect(mockSetPreference).toHaveBeenCalledOnce();
    const [key, value] = mockSetPreference.mock.calls[0];
    expect(key).toBe("price_fetching_consent");
    const parsed = JSON.parse(value);
    expect(parsed.version).toBe(1);
    expect(typeof parsed.consented_at).toBe("string");
    // Then fetch is called
    await prices.fetchPrice("AAPL", "2026-04-25");
    expect(mockFetchPrice).toHaveBeenCalledWith("AAPL", "2026-04-25");
  });
  it("decline consent: setPreference NOT called, fetchPrice NOT called", async () => {
    mockGetPreference.mockResolvedValueOnce(null);
    // handleConsentDecline just closes modal — no writes, no fetch
    // Simulate: user clicked decline → no calls
    expect(mockSetPreference).not.toHaveBeenCalled();
    expect(mockFetchPrice).not.toHaveBeenCalled();
  });
  it("second click with consent already stored: no modal, fetch runs immediately", async () => {
    mockGetPreference.mockResolvedValueOnce(
      JSON.stringify({ consented_at: "2026-04-25T10:00:00Z", version: 1 })
    );
    mockFetchPrice.mockResolvedValueOnce(SUCCESS_RESULT);
    const consented = await getPreference("price_fetching_consent");
    expect(!!consented).toBe(true);
    // No modal needed → fetch immediately
    const result = await prices.fetchPrice("AAPL", "2026-04-25");
    expect(result.ok).toBe(true);
    expect(mockFetchPrice).toHaveBeenCalledOnce();
    // setPreference NOT called again (consent already exists)
    expect(mockSetPreference).not.toHaveBeenCalled();
  });
 });
 // ---------------------------------------------------------------------------
 // Test: fetch success path
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — fetch success", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
    setPremium(true);
    mockGetPreference.mockResolvedValue(
      JSON.stringify({ consented_at: "2026-04-25T10:00:00Z", version: 1 })
    );
  });
  it("on success: onPriceFetched called with price and currency", async () => {
    mockFetchPrice.mockResolvedValueOnce(SUCCESS_RESULT);
    const onPriceFetched = vi.fn();
    const result = await prices.fetchPrice("AAPL", "2026-04-25");
    if (result.ok) {
      onPriceFetched(result.price, result.currency);
    }
    expect(onPriceFetched).toHaveBeenCalledWith(173.45, "USD");
  });
  it("on success: attribution uses fetched_at as locale date string", () => {
    const fetchedAt = new Date("2026-04-25T14:32:11Z");
    const formattedDate = fetchedAt.toLocaleDateString("fr-CA");
    expect(typeof formattedDate).toBe("string");
    expect(formattedDate.length).toBeGreaterThan(0);
  });
 });
 // ---------------------------------------------------------------------------
 // Test: error paths
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — error paths", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
    setPremium(true);
    mockGetPreference.mockResolvedValue(
      JSON.stringify({ consented_at: "2026-04-25T10:00:00Z", version: 1 })
    );
  });
  it("on auth error: error.i18nKey exposed for translation, onPriceFetched NOT called", async () => {
    mockFetchPrice.mockResolvedValueOnce(ERROR_RESULT_AUTH);
    const onPriceFetched = vi.fn();
    const result = await prices.fetchPrice("AAPL", "2026-04-25");
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.i18nKey).toBe("balance.priceFetching.errors.authFailed");
    }
    expect(onPriceFetched).not.toHaveBeenCalled();
  });
  it("on rate_limit error: retry_after_s exposed for interpolation, onPriceFetched NOT called", async () => {
    mockFetchPrice.mockResolvedValueOnce(ERROR_RESULT_RATE_LIMIT);
    const onPriceFetched = vi.fn();
    const result = await prices.fetchPrice("AAPL", "2026-04-25");
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("rate_limit");
      expect(result.error.i18nKey).toBe("balance.priceFetching.errors.rateLimit");
      if ("retry_after_s" in result.error) {
        expect(result.error.retry_after_s).toBe(42);
      }
    }
    expect(onPriceFetched).not.toHaveBeenCalled();
  });
  it("on error: manual input is not disabled — the component never controls it", () => {
    // PriceFetchControl is purely additive — it never disables the unit_price input.
    // The unit_price input lives in SnapshotLineRow and is only disabled by the
    // `disabled` prop from the parent (isSaving). This test documents the contract.
    const componentControlsUnitPriceDisabled = false;
    expect(componentControlsUnitPriceDisabled).toBe(false);
  });
 });
 // ---------------------------------------------------------------------------
 // Test: fetchPrice is called with correct symbol and date args
 // ---------------------------------------------------------------------------
 describe("PriceFetchControl — fetchPrice invocation args", () => {
  beforeEach(() => {
    __resetBestEffortDismissForTests();
    vi.resetAllMocks();
    setPremium(true);
    mockGetPreference.mockResolvedValue(
      JSON.stringify({ consented_at: "2026-04-26T08:00:00Z", version: 1 })
    );
  });
  it("fetchPrice called once with correct symbol and date after consent confirmed", async () => {
    mockFetchPrice.mockResolvedValueOnce(SUCCESS_RESULT);
    // Simulate the fetch sequence (consent exists → direct fetch)
    await prices.fetchPrice("BTC", "2026-04-26");
    expect(mockFetchPrice).toHaveBeenCalledOnce();
    expect(mockFetchPrice).toHaveBeenCalledWith("BTC", "2026-04-26");
  });
  it("fetchPrice not called when consent is declined", async () => {
    mockGetPreference.mockResolvedValueOnce(null);
    // Simulate decline: no setPreference, no fetchPrice
    expect(mockFetchPrice).not.toHaveBeenCalled();
    expect(mockSetPreference).not.toHaveBeenCalled();
  });
 });
--- a/src/components/balance/PriceFetchControl.tsx
+++ b/src/components/balance/PriceFetchControl.tsx
@ -0,0 +1,287 @@
 // PriceFetchControl — fetch-price button with consent modal, spinner,
 // best-effort warning (stocks only), and attribution display.
 //
 // Issue #158 — wires into SnapshotLineRow for priced-kind categories.
 //
 // Behavior rules (from spec §1 + ADR 0011):
 //   - Hidden when useIsPremium() === false OR categoryKind !== 'priced'
 //   - First use requires explicit consent (persisted in user_preferences)
 //   - For stock assetType: shows a "best-effort" badge + dismissable warning
 //     (once per session, in-memory only — NOT persisted)
 //   - Manual unit_price input stays active in all error paths (this component
 //     is purely additive)
 import { useState, useEffect } from "react";
 import { useTranslation } from "react-i18next";
 import { Loader2, X } from "lucide-react";
 import { useIsPremium } from "../../hooks/useIsPremium";
 import { prices } from "../../services/balance.service";
 import type { PriceError } from "../../services/balance.service";
 import {
  getPreference,
  setPreference,
 } from "../../services/userPreferenceService";
 // ---------------------------------------------------------------------------
 // Module-level session dismiss state for best-effort warning (ADR 0011 §garde-fous)
 // ---------------------------------------------------------------------------
 let _bestEffortDismissedThisSession = false;
 // Exported for tests — resets the in-memory dismiss flag.
 export function __resetBestEffortDismissForTests(): void {
  _bestEffortDismissedThisSession = false;
 }
 // Consent preference key (per-profile via per-profile SQLite DB).
 const CONSENT_KEY = "price_fetching_consent";
 interface PriceFetchControlProps {
  symbol: string;
  date: string; // YYYY-MM-DD
  categoryKind: "simple" | "priced";
  assetType: "stock" | "crypto";
  onPriceFetched: (price: number, currency: string) => void;
 }
 /**
 * Check whether the user has already given consent for price fetching.
 * Returns true when a non-empty consent record exists in user_preferences.
 */
 async function hasConsent(): Promise<boolean> {
  try {
    const raw = await getPreference(CONSENT_KEY);
    return !!raw;
  } catch {
    return false;
  }
 }
 /** Persist consent (consented_at + version shape). */
 async function writeConsent(): Promise<void> {
  await setPreference(
    CONSENT_KEY,
    JSON.stringify({ consented_at: new Date().toISOString(), version: 1 })
  );
 }
 export default function PriceFetchControl({
  symbol,
  date,
  categoryKind,
  assetType,
  onPriceFetched,
 }: PriceFetchControlProps) {
  const { t, i18n } = useTranslation();
  const isPremium = useIsPremium();
  // Local UI state
  const [showConsentModal, setShowConsentModal] = useState(false);
  const [isFetching, setIsFetching] = useState(false);
  const [error, setError] = useState<PriceError | null>(null);
  const [attribution, setAttribution] = useState<string | null>(null);
  // Whether the best-effort warning is currently shown (stock only).
  const [showBestEffortWarning, setShowBestEffortWarning] = useState(
    assetType === "stock" && !_bestEffortDismissedThisSession
  );
  // Keep the warning display in sync when the session-level flag is updated
  // from a sibling instance (e.g. multiple priced rows dismiss in sequence).
  useEffect(() => {
    if (assetType === "stock") {
      setShowBestEffortWarning(!_bestEffortDismissedThisSession);
    }
  }, [assetType]);
  // Hidden for non-premium users or non-priced categories.
  if (!isPremium || categoryKind !== "priced") {
    return null;
  }
  const dismissBestEffortWarning = () => {
    _bestEffortDismissedThisSession = true;
    setShowBestEffortWarning(false);
  };
  /** Actually trigger the price fetch (called after consent is confirmed). */
  const doFetch = async () => {
    setIsFetching(true);
    setError(null);
    setAttribution(null);
    const result = await prices.fetchPrice(symbol, date);
    setIsFetching(false);
    if (result.ok) {
      onPriceFetched(result.price, result.currency);
      // Show attribution with the fetched_at timestamp formatted to locale date.
      const fetchedAt = new Date(result.fetched_at);
      const formattedDate = fetchedAt.toLocaleDateString(
        i18n.language === "fr" ? "fr-CA" : "en-CA"
      );
      setAttribution(t("balance.priceFetching.attribution", { date: formattedDate }));
    } else {
      setError(result.error);
    }
  };
  /** Handle the main button click: check consent, then fetch or show modal. */
  const handleClick = async () => {
    if (isFetching) return;
    setError(null);
    setAttribution(null);
    const consented = await hasConsent();
    if (!consented) {
      setShowConsentModal(true);
    } else {
      await doFetch();
    }
  };
  /** User accepted in the consent modal. */
  const handleConsentAccept = async () => {
    setShowConsentModal(false);
    try {
      await writeConsent();
    } catch {
      // Non-blocking — proceed with fetch even if pref write failed.
    }
    await doFetch();
  };
  /** User declined in the consent modal. */
  const handleConsentDecline = () => {
    setShowConsentModal(false);
  };
  // Build the error i18n args.
  const errorMessage = error
    ? t(error.i18nKey, {
        seconds:
          "retry_after_s" in error ? Math.ceil(error.retry_after_s) : undefined,
        minutes:
          "retry_after_s" in error
            ? Math.ceil(error.retry_after_s / 60)
            : undefined,
        defaultValue: error.i18nKey,
      })
    : null;
  return (
    <div className="flex flex-col gap-1">
      {/* Stock best-effort warning — shown once per session, dismissable */}
      {assetType === "stock" && showBestEffortWarning && (
        <div className="flex items-start gap-1 text-[10px] text-[var(--muted-foreground)] bg-[var(--muted)]/60 rounded px-2 py-1">
          <span className="flex-1">{t("balance.priceFetching.bestEffortNotice")}</span>
          <button
            type="button"
            aria-label={t("common.close")}
            onClick={dismissBestEffortWarning}
            className="shrink-0 text-[var(--muted-foreground)] hover:text-[var(--foreground)]"
          >
            <X size={10} />
          </button>
        </div>
      )}
      <div className="flex items-center gap-2">
        {/* Fetch button */}
        <button
          type="button"
          onClick={handleClick}
          disabled={isFetching}
          className="flex items-center gap-1.5 px-2.5 py-1.5 rounded-lg border border-[var(--border)] text-xs font-medium text-[var(--foreground)] bg-[var(--card)] hover:bg-[var(--muted)] disabled:opacity-50 disabled:cursor-not-allowed transition-colors"
          aria-label={t("balance.priceFetching.button")}
        >
          {isFetching ? (
            <Loader2 size={12} className="animate-spin" />
          ) : null}
          {t("balance.priceFetching.button")}
          {/* Best-effort badge (stock only) */}
          {assetType === "stock" && (
            <span className="ml-0.5 text-[9px] uppercase tracking-wide px-1 py-0.5 rounded bg-amber-100 text-amber-700 dark:bg-amber-900/30 dark:text-amber-400">
              best-effort
            </span>
          )}
        </button>
        {/* Attribution line — shown after a successful fetch */}
        {attribution && !isFetching && (
          <span className="text-[10px] text-[var(--muted-foreground)]">
            {attribution}
          </span>
        )}
      </div>
      {/* Inline error message */}
      {errorMessage && !isFetching && (
        <p
          role="alert"
          className="text-xs text-[var(--negative)] mt-0.5"
          data-testid="price-fetch-error"
        >
          {errorMessage}
        </p>
      )}
      {/* Consent modal — rendered inline, portaled via fixed positioning */}
      {showConsentModal && (
        <ConsentModal
          onAccept={handleConsentAccept}
          onDecline={handleConsentDecline}
        />
      )}
    </div>
  );
 }
 // ---------------------------------------------------------------------------
 // ConsentModal — minimal overlay, no external modal lib required
 // ---------------------------------------------------------------------------
 function ConsentModal({
  onAccept,
  onDecline,
 }: {
  onAccept: () => void;
  onDecline: () => void;
 }) {
  const { t } = useTranslation();
  return (
    <div
      className="fixed inset-0 z-50 flex items-center justify-center bg-black/40 p-4"
      role="dialog"
      aria-modal="true"
      aria-labelledby="price-consent-title"
    >
      <div className="bg-[var(--card)] rounded-xl border border-[var(--border)] shadow-xl max-w-md w-full p-6">
        <h2
          id="price-consent-title"
          className="text-base font-semibold mb-2"
        >
          {t("balance.priceFetching.consent.title")}
        </h2>
        <p className="text-sm text-[var(--muted-foreground)] mb-5">
          {t("balance.priceFetching.consent.body")}
        </p>
        <div className="flex justify-end gap-2">
          <button
            type="button"
            onClick={onDecline}
            className="px-4 py-2 rounded-lg border border-[var(--border)] text-sm hover:bg-[var(--muted)]"
          >
            {t("balance.priceFetching.consent.decline")}
          </button>
          <button
            type="button"
            onClick={onAccept}
            className="px-4 py-2 rounded-lg bg-[var(--primary)] text-white text-sm font-medium hover:opacity-90"
          >
            {t("balance.priceFetching.consent.accept")}
          </button>
        </div>
      </div>
    </div>
  );
 }
--- a/src/components/balance/SnapshotEditor.tsx
+++ b/src/components/balance/SnapshotEditor.tsx
@ -25,6 +25,8 @@ interface Props {
  onQuantityChange: (accountId: number, next: string) => void;
  onUnitPriceChange: (accountId: number, next: string) => void;
  disabled?: boolean;
  /** Snapshot date (YYYY-MM-DD) — forwarded to PriceFetchControl (Issue #158). */
  snapshotDate?: string;
 }
 export default function SnapshotEditor({
@ -36,6 +38,7 @@ export default function SnapshotEditor({
  onQuantityChange,
  onUnitPriceChange,
  disabled,
  snapshotDate,
 }: Props) {
  const { t } = useTranslation();
@ -95,6 +98,7 @@ export default function SnapshotEditor({
                  onQuantityChange={(next) => onQuantityChange(acc.id, next)}
                  onUnitPriceChange={(next) => onUnitPriceChange(acc.id, next)}
                  disabled={disabled}
                  snapshotDate={snapshotDate}
                />
              );
            })}
--- a/src/components/balance/SnapshotLineRow.tsx
+++ b/src/components/balance/SnapshotLineRow.tsx
@ -8,7 +8,7 @@
 //                            renders `quantity * unit_price` live as the
 //                            user types. An attribution tag `[Manuel]`
 //                            appears next to the row; the `[via Maximus]`
-//                            tag will land with Issue #143 (price-fetching).
+//                            tag is rendered by PriceFetchControl (Issue #158).
 //
 // We keep this component dumb on purpose: it receives strings from the
 // parent (the editor stores raw strings to preserve partial input) and
@ -19,10 +19,13 @@
 import { ChangeEvent, useMemo } from "react";
 import { useTranslation } from "react-i18next";
 import type { BalanceAccountWithCategory } from "../../shared/types";
 import PriceFetchControl from "./PriceFetchControl";
 interface BaseProps {
  account: BalanceAccountWithCategory;
  disabled?: boolean;
  /** Snapshot date (YYYY-MM-DD) — passed through to PriceFetchControl. */
  snapshotDate?: string;
 }
 interface SimpleProps extends BaseProps {
@ -59,6 +62,7 @@ export default function SnapshotLineRow({
  unitPriceValue,
  onQuantityChange,
  onUnitPriceChange,
  snapshotDate,
 }: Props) {
  const { t } = useTranslation();
  const isPriced = account.category_kind === "priced";
@ -162,6 +166,20 @@ export default function SnapshotLineRow({
          <span className="text-xs text-[var(--muted-foreground)] w-10">
            {account.currency}
          </span>
          {/* PriceFetchControl — wired next to the unit_price input (Issue #158).
              onPriceFetched updates unit_price only; quantity stays as-is.
              TODO: asset_type from category schema (see decisions-log.md MEDIUM) */}
          {account.symbol && (
            <PriceFetchControl
              symbol={account.symbol}
              date={snapshotDate ?? ""}
              categoryKind={account.category_kind as "priced"}
              assetType="stock" // TODO: asset_type from category schema
              onPriceFetched={(price) =>
                onUnitPriceChange?.(String(price))
              }
            />
          )}
        </div>
      </div>
    );
--- a/src/hooks/useIsPremium.test.ts
+++ b/src/hooks/useIsPremium.test.ts
@ -0,0 +1,42 @@
 import { describe, it, expect, vi } from "vitest";
 import { useIsPremium } from "./useIsPremium";
 vi.mock("./useLicense", () => ({
  useLicense: vi.fn(),
 }));
 import { useLicense } from "./useLicense";
 const mockUseLicense = vi.mocked(useLicense);
 describe("useIsPremium", () => {
  it('returns true when edition is "premium"', () => {
    mockUseLicense.mockReturnValue({
      state: { status: "ready", edition: "premium", info: null, error: null },
      refresh: vi.fn(),
      submitKey: vi.fn(),
      checkEntitlement: vi.fn(),
    });
    expect(useIsPremium()).toBe(true);
  });
  it('returns false when edition is "base"', () => {
    mockUseLicense.mockReturnValue({
      state: { status: "ready", edition: "base", info: null, error: null },
      refresh: vi.fn(),
      submitKey: vi.fn(),
      checkEntitlement: vi.fn(),
    });
    expect(useIsPremium()).toBe(false);
  });
  it('returns false when edition is "free"', () => {
    mockUseLicense.mockReturnValue({
      state: { status: "ready", edition: "free", info: null, error: null },
      refresh: vi.fn(),
      submitKey: vi.fn(),
      checkEntitlement: vi.fn(),
    });
    expect(useIsPremium()).toBe(false);
  });
 });
--- a/src/hooks/useIsPremium.ts
+++ b/src/hooks/useIsPremium.ts
@ -0,0 +1,10 @@
 import { useLicense } from "./useLicense";
 /**
 * Returns true if the active license edition is "premium".
 * Ergonomic helper only — the server enforces entitlements independently (cf. ADR 0011 §UX).
 */
 export function useIsPremium(): boolean {
  const { state } = useLicense();
  return state.edition === "premium";
 }
--- a/src/i18n/locales/en.json
+++ b/src/i18n/locales/en.json
@ -635,6 +635,15 @@
        "Your data is stored locally and is never affected by updates",
        "Change the app language using the language selector in the sidebar"
      ]
    },
    "privacy": {
      "priceFetchConsent": {
        "label": "Price fetching via Maximus",
        "description": "Allow Simpl'Résultat to use the Maximus proxy to fetch asset prices. Privacy: your IP is hidden.",
        "confirmRevoke": "The fetch button will ask for consent again next time. Continue?",
        "revokeButton": "Revoke consent",
        "notPremium": "Premium licenses only"
      }
    }
  },
  "charts": {
@ -1730,6 +1739,31 @@
    "evolution": {
      "transferIn": "In",
      "transferOut": "Out"
    },
    "priceFetching": {
      "button": "Fetch price",
      "tooltipNotPremium": "Available with premium subscription",
      "bestEffortNotice": "Source not guaranteed, may be unavailable. Manual input remains primary.",
      "attribution": "via Maximus on {{date}}",
      "consent": {
        "title": "Price fetching via Maximus",
        "body": "By clicking Accept, you authorize Simpl'Résultat to query the Maximus proxy to fetch this price. The proxy hides your IP from data providers. No browsing history is stored.",
        "accept": "Accept",
        "decline": "Cancel"
      },
      "errors": {
        "invalidSymbol": "Invalid symbol",
        "invalidDate": "Invalid date",
        "missingParam": "Missing parameter",
        "authFailed": "Authentication failed — check your license",
        "premiumRequired": "This feature requires a premium subscription",
        "licenseRevoked": "License revoked",
        "symbolNotFound": "Symbol not found",
        "rateLimit": "Too many requests — retry in {{seconds}}s",
        "serverUnavailable": "Server unavailable — try again later",
        "bestEffortDegraded": "Best-effort price source temporarily unavailable — retry in {{minutes}}min or enter manually",
        "sessionCapReached": "Fetch limit reached for this session. Enter remaining prices manually."
      }
    }
  }
 }
--- a/src/i18n/locales/fr.json
+++ b/src/i18n/locales/fr.json
@ -635,6 +635,15 @@
        "Vos données sont stockées localement et ne sont jamais affectées par les mises à jour",
        "Changez la langue de l'application via le sélecteur de langue dans la barre latérale"
      ]
    },
    "privacy": {
      "priceFetchConsent": {
        "label": "Récupération de prix via Maximus",
        "description": "Permet à Simpl'Résultat d'utiliser le proxy Maximus pour récupérer les prix d'actifs. Privacy : ton IP est masquée.",
        "confirmRevoke": "Le bouton de récupération demandera à nouveau ton consentement la prochaine fois. Continuer ?",
        "revokeButton": "Révoquer le consentement",
        "notPremium": "Réservé aux licences premium"
      }
    }
  },
  "charts": {
@ -1730,6 +1739,31 @@
    "evolution": {
      "transferIn": "Entrée",
      "transferOut": "Sortie"
    },
    "priceFetching": {
      "button": "Récupérer le prix",
      "tooltipNotPremium": "Disponible avec abonnement premium",
      "bestEffortNotice": "Source non garantie, peut être indisponible. La saisie manuelle reste prioritaire.",
      "attribution": "via Maximus le {{date}}",
      "consent": {
        "title": "Récupération de prix via Maximus",
        "body": "En cliquant sur \"Accepter\", tu autorises Simpl'Résultat à interroger le proxy Maximus pour récupérer ce prix. Le proxy masque ton IP aux fournisseurs de données. Aucun historique de consultation n'est stocké.",
        "accept": "Accepter",
        "decline": "Annuler"
      },
      "errors": {
        "invalidSymbol": "Symbole invalide",
        "invalidDate": "Date invalide",
        "missingParam": "Paramètre manquant",
        "authFailed": "Échec d'authentification — vérifie ta licence",
        "premiumRequired": "Cette fonction nécessite un abonnement premium",
        "licenseRevoked": "Licence révoquée",
        "symbolNotFound": "Symbole introuvable",
        "rateLimit": "Trop de requêtes — réessaie dans {{seconds}} s",
        "serverUnavailable": "Serveur indisponible — réessaie plus tard",
        "bestEffortDegraded": "Source de prix temporairement indisponible — réessayez dans {{minutes}} min ou saisissez manuellement",
        "sessionCapReached": "Limite de récupération atteinte pour cette session. Saisissez les prix restants manuellement."
      }
    }
  }
 }
--- a/src/pages/SnapshotEditPage.tsx
+++ b/src/pages/SnapshotEditPage.tsx
@ -201,6 +201,7 @@ export default function SnapshotEditPage() {
          onQuantityChange={editor.setLineQuantity}
          onUnitPriceChange={editor.setLineUnitPrice}
          disabled={state.isSaving}
          snapshotDate={state.snapshotDate}
        />
      )}
--- a/src/services/balance.service.test.ts
+++ b/src/services/balance.service.test.ts
@ -1,4 +1,4 @@
-import { describe, it, expect, vi, beforeEach } from "vitest";
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
 vi.mock("./db", () => ({
  getDb: vi.fn(),
@ -1204,3 +1204,238 @@ describe("isLinkedTransactionFkError", () => {
    expect(isLinkedTransactionFkError(undefined)).toBe(false);
  });
 });
 // -----------------------------------------------------------------------------
 // prices namespace (Issue #156 / Bilan #5)
 // -----------------------------------------------------------------------------
 import { prices } from "./balance.service";
 const FAKE_PRICE_RESPONSE = {
  symbol: "AAPL",
  date: "2026-04-25",
  price: 173.45,
  currency: "USD",
  source: "yahoo",
  cached: false,
  actual_date: null,
  fetched_at: "2026-04-25T14:32:11Z",
 };
 describe("balance.service.prices", () => {
  beforeEach(() => {
    vi.useFakeTimers();
    vi.mocked(invoke).mockReset();
    prices.__resetForTests();
  });
  afterEach(() => {
    vi.useRealTimers();
  });
  // 1. Happy path 200
  it("fetchPrice happy path returns ok:true with price fields", async () => {
    vi.mocked(invoke).mockResolvedValueOnce(FAKE_PRICE_RESPONSE);
    const result = await prices.fetchPrice("AAPL", "2026-04-25");
    expect(result.ok).toBe(true);
    if (result.ok) {
      expect(result.symbol).toBe("AAPL");
      expect(result.date).toBe("2026-04-25");
      expect(result.price).toBe(173.45);
      expect(result.currency).toBe("USD");
      expect(result.source).toBe("yahoo");
      expect(result.cached).toBe(false);
    }
    expect(invoke).toHaveBeenCalledTimes(1);
    expect(invoke).toHaveBeenCalledWith("fetch_price", {
      symbol: "AAPL",
      date: "2026-04-25",
    });
  });
  // 2. 401 (auth) — no retry
  it("fetchPrice auth error returns ok:false code:auth with 1 invoke call", async () => {
    vi.mocked(invoke).mockRejectedValueOnce('{"code":"auth"}');
    const promise = prices.fetchPrice("AAPL", "2026-04-25");
    await vi.runAllTimersAsync();
    const result = await promise;
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("auth");
      expect(result.error.i18nKey).toBe(
        "balance.priceFetching.errors.authFailed"
      );
    }
    expect(invoke).toHaveBeenCalledTimes(1);
  });
  // 3. 403 premium_required — no retry
  it("fetchPrice premium_required returns immediately without retry", async () => {
    vi.mocked(invoke).mockRejectedValueOnce('{"code":"premium_required"}');
    const promise = prices.fetchPrice("AAPL", "2026-04-25");
    await vi.runAllTimersAsync();
    const result = await promise;
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("premium_required");
      expect(result.error.i18nKey).toBe(
        "balance.priceFetching.errors.premiumRequired"
      );
    }
    expect(invoke).toHaveBeenCalledTimes(1);
  });
  // 4. 404 symbol_not_found — no retry
  it("fetchPrice symbol_not_found returns immediately without retry", async () => {
    vi.mocked(invoke).mockRejectedValueOnce('{"code":"symbol_not_found"}');
    const promise = prices.fetchPrice("AAPL", "2026-04-25");
    await vi.runAllTimersAsync();
    const result = await promise;
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("symbol_not_found");
      expect(result.error.i18nKey).toBe(
        "balance.priceFetching.errors.symbolNotFound"
      );
    }
    expect(invoke).toHaveBeenCalledTimes(1);
  });
  // 5. 429 rate_limit — no retry, carries retry_after_s
  it("fetchPrice rate_limit 429 returns ok:false with retry_after_s, no retry", async () => {
    vi.mocked(invoke).mockRejectedValueOnce(
      '{"code":"rate_limit","retry_after_s":30}'
    );
    const promise = prices.fetchPrice("AAPL", "2026-04-25");
    await vi.runAllTimersAsync();
    const result = await promise;
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("rate_limit");
      if (result.error.code === "rate_limit") {
        expect(result.error.retry_after_s).toBe(30);
        expect(result.error.i18nKey).toBe(
          "balance.priceFetching.errors.rateLimit"
        );
      }
    }
    expect(invoke).toHaveBeenCalledTimes(1);
  });
  // 6. 5xx provider_unavailable — 3 retries with 2/4/8s backoff (4 total calls)
  it("fetchPrice provider_unavailable retries 3 times with 2/4/8s backoff", async () => {
    vi.mocked(invoke).mockRejectedValue('{"code":"provider_unavailable"}');
    const promise = prices.fetchPrice("AAPL", "2026-04-25");
    // Advance through all retry delays: 2s + 4s + 8s = 14s total
    await vi.advanceTimersByTimeAsync(2000); // retry 1 fires after 2s
    await vi.advanceTimersByTimeAsync(4000); // retry 2 fires after 4s
    await vi.advanceTimersByTimeAsync(8000); // retry 3 fires after 8s
    await vi.runAllTimersAsync();
    const result = await promise;
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("provider_unavailable");
      expect(result.error.i18nKey).toBe(
        "balance.priceFetching.errors.serverUnavailable"
      );
    }
    // 1 initial + 3 retries = 4 total invoke calls
    expect(invoke).toHaveBeenCalledTimes(4);
  });
  // 7. In-flight deduplication
  it("fetchPrice dedup: two parallel calls with same key → only one invoke", async () => {
    vi.mocked(invoke).mockResolvedValueOnce(FAKE_PRICE_RESPONSE);
    const p1 = prices.fetchPrice("AAPL", "2026-04-25");
    const p2 = prices.fetchPrice("AAPL", "2026-04-25");
    await vi.runAllTimersAsync();
    const [r1, r2] = await Promise.all([p1, p2]);
    expect(invoke).toHaveBeenCalledTimes(1);
    expect(r1.ok).toBe(true);
    expect(r2.ok).toBe(true);
    if (r1.ok && r2.ok) {
      expect(r1.price).toBe(r2.price);
    }
  });
  // 8. Rate-limit pacing: calls are serialized through _enforceRateLimit,
  // so 3 concurrent calls result in 3 sequential invoke calls, each separated
  // by at least MIN_INTERVAL_MS (2s). We verify that the setTimeout inside
  // _enforceRateLimit is actually called with the correct delay.
  it("fetchPrice rate-limit pacing: each call waits at least 2s after the previous", async () => {
    const setTimeoutSpy = vi.spyOn(globalThis, "setTimeout");
    vi.mocked(invoke).mockResolvedValue(FAKE_PRICE_RESPONSE);
    // Start 3 calls for different symbols (no dedup). Only the first fires
    // immediately; the others queue up behind the rate-limit.
    const p1 = prices.fetchPrice("AAPL", "2026-01-01");
    const p2 = prices.fetchPrice("MSFT", "2026-01-01");
    const p3 = prices.fetchPrice("TSLA", "2026-01-01");
    // Advance enough time for all 3 to complete (3 × 2s = 6s).
    await vi.advanceTimersByTimeAsync(6000);
    await vi.runAllTimersAsync();
    await Promise.all([p1, p2, p3]);
    // All 3 invoke calls must have been made.
    expect(invoke).toHaveBeenCalledTimes(3);
    // At least 2 setTimeout calls for the rate-limit waits (p2 and p3 must wait).
    // The actual delay argument should be ~2000ms (or close to it, as the
    // timer fires slightly early in fake-timer environments).
    const rateLimitTimers = setTimeoutSpy.mock.calls.filter(
      ([, delay]) => typeof delay === "number" && delay > 0 && delay <= 2000
    );
    expect(rateLimitTimers.length).toBeGreaterThanOrEqual(2);
    setTimeoutSpy.mockRestore();
  });
  // 9. Session cap: 101st call returns session_cap_reached without calling invoke
  it("fetchPrice session cap: 101st call returns session_cap_reached", async () => {
    // Set up invoke to always resolve successfully
    vi.mocked(invoke).mockResolvedValue(FAKE_PRICE_RESPONSE);
    // Fire 100 successful calls to fill the session cap.
    // We bypass the rate-limit by advancing time enough between each.
    for (let i = 0; i < 100; i++) {
      const p = prices.fetchPrice(`SYM${i}`, "2026-01-01");
      await vi.advanceTimersByTimeAsync(2000);
      await p;
    }
    // The 101st call should immediately return session_cap_reached.
    vi.mocked(invoke).mockClear(); // reset call counter
    const result = await prices.fetchPrice("EXTRA", "2026-01-01");
    expect(result.ok).toBe(false);
    if (!result.ok) {
      expect(result.error.code).toBe("session_cap_reached");
      expect(result.error.i18nKey).toBe(
        "balance.priceFetching.errors.sessionCapReached"
      );
    }
    // invoke must NOT have been called for the 101st request
    expect(invoke).not.toHaveBeenCalled();
  });
 });
--- a/src/services/balance.service.ts
+++ b/src/services/balance.service.ts
@ -1214,3 +1214,238 @@ export function isLinkedTransactionFkError(error: unknown): boolean {
  return /FOREIGN KEY constraint failed/i.test(msg);
 }
 // -----------------------------------------------------------------------------
 // Prices — fetch_price Tauri command wrapper (Issue #156 / Bilan #5)
 // -----------------------------------------------------------------------------
 //
 // Wraps `invoke('fetch_price', { symbol, date })` with:
 //   - Local rate-limit (1 request / 2s via module-level timestamp)
 //   - In-flight deduplication (same symbol+date → one request, multiple awaiters)
 //   - Exponential backoff on 5xx-class errors (2/4/8s, max 3 retries)
 //   - No retry on 4xx errors or rate_limit (429-class)
 //   - Hard 100-request session cap (successful fetches only)
 //
 // The Rust command `fetch_price` (implemented in issue #155) rejects with a
 // JSON string serialized from the Rust error enum:
 //   {"code":"auth"} | {"code":"rate_limit","retry_after_s":42} | ...
 //
 // Annexe B i18n mapping (keys live in the i18n PR #160):
 //   auth              → balance.priceFetching.errors.authFailed
 //   premium_required  → balance.priceFetching.errors.premiumRequired
 //   symbol_not_found  → balance.priceFetching.errors.symbolNotFound
 //   rate_limit        → balance.priceFetching.errors.rateLimit
 //   provider_unavailable → balance.priceFetching.errors.serverUnavailable
 //   network           → balance.priceFetching.errors.serverUnavailable
 //   internal          → balance.priceFetching.errors.serverUnavailable
 //   session_cap_reached → balance.priceFetching.errors.sessionCapReached
 export type PriceErrorCode =
  | "auth"
  | "premium_required"
  | "symbol_not_found"
  | "rate_limit"
  | "provider_unavailable"
  | "network"
  | "internal"
  | "session_cap_reached";
 export type PriceError =
  | { code: "rate_limit"; retry_after_s: number; i18nKey: string }
  | { code: Exclude<PriceErrorCode, "rate_limit">; i18nKey: string };
 export interface PriceSuccess {
  ok: true;
  symbol: string;
  date: string;
  price: number;
  currency: string;
  source: string;
  cached: boolean;
  actual_date?: string | null;
  fetched_at: string;
 }
 export type PriceResult =
  | PriceSuccess
  | { ok: false; error: PriceError };
 /** Raw shape returned by the Rust `fetch_price` command on success. */
 interface RawPriceResponse {
  symbol: string;
  date: string;
  price: number;
  currency: string;
  source: string;
  cached: boolean;
  actual_date?: string | null;
  fetched_at: string;
 }
 // i18n key map for non-rate_limit error codes.
 const PRICE_ERROR_I18N_MAP: Record<Exclude<PriceErrorCode, "rate_limit">, string> = {
  auth: "balance.priceFetching.errors.authFailed",
  premium_required: "balance.priceFetching.errors.premiumRequired",
  symbol_not_found: "balance.priceFetching.errors.symbolNotFound",
  provider_unavailable: "balance.priceFetching.errors.serverUnavailable",
  network: "balance.priceFetching.errors.serverUnavailable",
  internal: "balance.priceFetching.errors.serverUnavailable",
  session_cap_reached: "balance.priceFetching.errors.sessionCapReached",
 };
 /** Codes that map to no-retry behaviour (4xx-class or session cap). */
 const NO_RETRY_CODES = new Set<PriceErrorCode>([
  "auth",
  "premium_required",
  "symbol_not_found",
  "rate_limit",
  "session_cap_reached",
 ]);
 /**
 * Parse the string-serialized Rust error into a typed `PriceError`.
 * `invoke` rejects with the value of `Result::Err(String)`, which the Rust
 * side serialises via serde_json (see issue #155 worker decision).
 */
 function parseRustError(e: unknown): PriceError {
  if (typeof e === "string") {
    try {
      const j = JSON.parse(e) as Record<string, unknown>;
      if (j && typeof j.code === "string") {
        const code = j.code;
        if (code === "rate_limit") {
          const retry_after_s =
            typeof j.retry_after_s === "number" ? j.retry_after_s : 0;
          return {
            code: "rate_limit",
            retry_after_s,
            i18nKey: "balance.priceFetching.errors.rateLimit",
          };
        }
        if (code in PRICE_ERROR_I18N_MAP) {
          const typedCode = code as Exclude<PriceErrorCode, "rate_limit">;
          return { code: typedCode, i18nKey: PRICE_ERROR_I18N_MAP[typedCode] };
        }
      }
    } catch {
      // Fall through to default below.
    }
  }
  return {
    code: "internal",
    i18nKey: PRICE_ERROR_I18N_MAP.internal,
  };
 }
 // Module-level state — resets only when the JS module is re-imported
 // (i.e. on app process restart). Tests reset via `prices.__resetForTests()`.
 let _lastFiredAt = 0;
 let _sessionCount = 0;
 const SESSION_CAP = 100;
 const MIN_INTERVAL_MS = 2000;
 const _inFlight = new Map<string, Promise<PriceResult>>();
 /** Enforce the 1-request-per-2s local rate limit. */
 async function _enforceRateLimit(): Promise<void> {
  const now = Date.now();
  const wait = Math.max(0, _lastFiredAt + MIN_INTERVAL_MS - now);
  if (wait > 0) {
    await new Promise<void>((r) => setTimeout(r, wait));
  }
  _lastFiredAt = Date.now();
 }
 /** Single attempt: rate-limit, then invoke once. */
 async function _doFetchOnce(
  symbol: string,
  date: string
 ): Promise<PriceResult> {
  await _enforceRateLimit();
  try {
    const raw = await invoke<RawPriceResponse>("fetch_price", { symbol, date });
    return { ok: true, ...raw };
  } catch (e) {
    return { ok: false, error: parseRustError(e) };
  }
 }
 /** Wrap _doFetchOnce with exponential backoff on retryable errors (5xx-class). */
 async function _withRetries(
  symbol: string,
  date: string
 ): Promise<PriceResult> {
  const delays = [2000, 4000, 8000];
  let lastResult: PriceResult | null = null;
  for (let attempt = 0; attempt <= 3; attempt++) {
    const r = await _doFetchOnce(symbol, date);
    if (r.ok) return r;
    lastResult = r;
    const code = r.error.code;
    if (NO_RETRY_CODES.has(code)) {
      // 4xx-class: return immediately, no retry.
      return r;
    }
    // 5xx-class (provider_unavailable, network, internal): retry with backoff.
    if (attempt < 3) {
      await new Promise<void>((r) => setTimeout(r, delays[attempt]));
    }
  }
  // Should never reach here, but satisfy TypeScript.
  return lastResult!;
 }
 /**
 * `prices` namespace — entry point for the UI.
 *
 * All outgoing requests are rate-limited (1/2s), deduplicated in-flight, and
 * wrapped with exponential backoff on 5xx-class errors. A hard session cap of
 * 100 successful fetches guards against runaway loops.
 */
 export const prices = {
  /**
   * Fetch the price for `symbol` at `date` (ISO YYYY-MM-DD).
   *
   * Decision (MEDIUM): the 100-session cap is checked BEFORE rate-limit and
   * dedup. Successful fetches increment the counter; failures do NOT consume
   * the budget — a 4xx auth error costs nothing, and a user who hits a bad
   * symbol shouldn't have their session budget drained.
   */
  async fetchPrice(symbol: string, date: string): Promise<PriceResult> {
    if (_sessionCount >= SESSION_CAP) {
      return {
        ok: false,
        error: {
          code: "session_cap_reached",
          i18nKey: PRICE_ERROR_I18N_MAP.session_cap_reached,
        },
      };
    }
    const key = `${symbol}|${date}`;
    const existing = _inFlight.get(key);
    if (existing) return existing;
    const promise = (async () => {
      try {
        const result = await _withRetries(symbol, date);
        if (result.ok) _sessionCount++;
        return result;
      } finally {
        _inFlight.delete(key);
      }
    })();
    _inFlight.set(key, promise);
    return promise;
  },
  /**
   * Reset module-level state between tests.
   * Call in `beforeEach` to isolate rate-limit, session count, and in-flight map.
   */
  __resetForTests(): void {
    _lastFiredAt = 0;
    _sessionCount = 0;
    _inFlight.clear();
  },
 };