App Configurable Auto lock

[leofelix077]

Closes #627

Adds a configurable Auto-Lock to Settings → Security, so users decide how quickly the wallet re-locks itself; Immediately, 1 minute, 15 minutes, 30 minutes, 1 hour, 12 hours, 24 hours, or None (default 24h, matching today's behavior). After the chosen time the user is asked for their password (or biometrics) again

It locks on inactive time. either being on background or foreground without any actions. tracking is done via gestures, presses and navigation. for "Immediately" the app locks as soon as it goes to background

The lock itself is a soft lock: the screen you were on stays mounted underneath a lock overlay, so after unlocking you land back exactly where you were instead of getting bounced to a reloaded home screen. The existing 24 hash--key expiry stays as a hard security backstop — if key material ages out, you get a full re-authentication rather than the fast unlock path.

biometric prompt only triggers when coming from background. signing is blocked until unlocked , toasts wait for loading+state to be rehydrated before deciding on showing or not to avoid false positive errors

for Added privacy, on the native layer it also adds a Privacy shield -> When app is in background, only the splash screen is shown, and on the native app switcher carousel menu, it does not show any information. When the app goes to background, it waits for the native JS layer to be ready (auth state and storage hydrated) to show again the lock screen or the home screen, avoiding exposing any info during this in-between state

📱 Tested iOS Build 1.19.26 (1781721439)

Android smoke tests:

Screen.Recording.2026-06-17.at.12.20.45.mov

Screen.Recording.2026-06-17.at.12.24.16.mov

Ios Tests:

Send flow / login with biometric / background / state preservation on reunlock / demonstration with timers

ScreenRecording_06-17-2026.14-07-55_1.mov

no timer / more lock and unlock / privacy shield preservation

ScreenRecording_06-17-2026.16-55-18_1.mov

no biometrics tests with swap and collectible flows

ScreenRecording_06-17-2026.16-59-12_1.MP4

One small addition post last build to reset the default timers on sing up / reimport

Screen.Recording.2026-06-17.at.18.06.29.mov

Checklist

PR structure

• This PR does not mix refactoring changes with feature changes (break it down into smaller PRs if not).
• This PR has reasonably narrow scope (break it down into smaller PRs if not).
• This PR includes relevant before and after screenshots/videos highlighting these changes.
• I took the time to review my own PR.

Testing

• These changes have been tested and confirmed to work as intended on Android.
• These changes have been tested and confirmed to work as intended on iOS.
• I have tried to break these changes while extensively testing them.
• This PR adds tests for the new functionality or fixes.

Release

• This is not a breaking change.
• This PR updates existing JSDocs when applicable.
• This PR adds JSDocs to new functionalities.
• I've checked with the product team if we should add metrics to these changes.
• I've shared relevant before and after screenshots/videos highlighting these changes with the design team and they've approved the changes.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 723206ec5c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[github-actions]

iOS Simulator preview build is ready: https://github.com/stellar/freighter-mobile/releases/tag/untagged-d5fdcb2b109b40ea1426 (SDF collaborators only — install instructions in the release description)

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1b7d43caee

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 996b9a9c67

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 820f7dbbe3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 14fcdc9f42

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: ba81a3c341

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 44f10d969a

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5cf10fd718

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 98de964087

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8281249b68

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e781e130ca

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 9053a4ed5e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 08566bc35b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[piyalbasu]

Code review

Found 2 issues:

1. softLock() does not clear account (private key) from the Zustand store, despite the PR's own code review doc claiming "I2/I4 Fixed — softLock sets authStatus + isSoftLocked (+ account: null) in ONE set()" and the C3 mitigations table stating "account is cleared on soft lock". The actual implementation omits account: null from the set() call, so account.privateKey remains in memory while the wallet is soft-locked. The guard on signing (isWalletUnlocked()) provides partial mitigation, but the inaccuracy in the security tracking doc is worth resolving — either add account: null to softLock's set() (and account re-populates on signIn) or update the doc and C3 to accurately reflect the accepted risk.

freighter-mobile/src/ducks/auth.ts

Lines 2202 to 2226 in 08566bc

	softLock: async (options?: { suppressBiometricPrompt?: boolean }) => {
	Keyboard.dismiss();
	// Atomic update: RootNavigator must never see LOCKED && !isSoftLocked,
	// which would unmount the preserved tree
	set({
	authStatus: AUTH_STATUS.LOCKED,
	isSoftLocked: true,
	// A foreground-idle lock suppresses the lock screen's biometric
	// auto-prompt; background / IMMEDIATELY / cold-start locks still prompt.
	suppressBiometricAutoPrompt: options?.suppressBiometricPrompt ?? false,
	isLoading: false,
	});
	// Persist LOCKED (covers tampering + cold starts). Awaited so an
	// immediate post-background process kill still has the lock on disk.
	try {
	await secureDataStorage.setItem(
	SENSITIVE_STORAGE_KEYS.AUTH_STATUS,
	AUTH_STATUS.LOCKED,
	);
	} catch (error) {
	logger.error("softLock", "Failed to persist LOCKED status", error);
	}
	},

2. AutoLockDevTimers is rendered unconditionally in HomeScreen.tsx with no __DEV__ guard, so the live idle-countdown display ships to all users in production builds. The dev testing controls in AutoLockTimerScreen (timer and TTL override inputs, DEV_BANNER) are similarly rendered without a __DEV__ check. The TODO/FIXME comments call for removal before production, but there is no fallback guard if the removal is missed.

freighter-mobile/src/components/screens/HomeScreen/HomeScreen.tsx

Lines 292 to 298 in 08566bc

	{formattedBalance}
	</Display>
	{/* TODO/FIXME: dev-only auto-lock countdown — remove before prod */}
	<AutoLockDevTimers />
	</View>
	<View className="flex-row gap-[24px] items-center justify-center my-8">

freighter-mobile/src/components/screens/SettingsScreen/SecurityScreen/AutoLockTimerScreen/AutoLockTimerScreen.tsx

Lines 157 to 196 in 08566bc

	{/*
	====================================================================
	TODO / FIXME: TEMPORARY DEV-ONLY testing controls.
	!!! REMOVE THIS ENTIRE BLOCK BEFORE MERGING TO PRODUCTION !!!
	(also remove the dev helpers in services/autoLock.ts, the
	getDevAutoLockTimerMs override in ducks/auth.ts, and revert the
	KeyboardAwareScrollView wrapper above back to a plain <View>)
	Lets QA exercise the lock flows in seconds instead of minutes/hours.
	====================================================================
	*/}
	<View className="flex flex-col gap-3 mt-6">
	<Text sm medium color={themeColors.status.error}>
	{DEV_BANNER}
	</Text>
	<Input
	fieldSize="md"
	label={DEV_TIMER_LABEL}
	placeholder={DEV_TIMER_PLACEHOLDER}
	keyboardType="number-pad"
	value={devTimerSeconds}
	onChangeText={setDevTimerSecondsInput}
	endButton={{ content: DEV_APPLY, onPress: applyDevTimer }}
	/>
	<Input
	fieldSize="md"
	label={DEV_TTL_LABEL}
	placeholder={DEV_TTL_PLACEHOLDER}
	keyboardType="number-pad"
	value={devTtlSeconds}
	onChangeText={setDevTtlSecondsInput}
	endButton={{ content: DEV_APPLY, onPress: applyDevTtl }}
	/>
	</View>
	{/* ================= END TEMPORARY DEV-ONLY BLOCK ================= */}
	</KeyboardAwareScrollView>
	</BaseLayout>
	);
	};
	export default AutoLockTimerScreen;

🤖 Generated with Claude Code

_{- If this code review was useful, please react with 👍. Otherwise, react with 👎.}

[piyalbasu]

Code review (follow-up)

Following up on the prior comment, which surfaced 2 of the 4 must-fix items below. This pass adds 2 more must-fix, 7 should-fix, and 4 optional findings from a deeper recall-mode review against the same commit 08566bc3.

TL;DR

Must-fix (4 total, 2 already raised):

1. softLock() doesn't clear account.privateKey despite the doc claim — see prior comment.
2. AutoLockDevTimers + dev controls ship without __DEV__ gate — see prior comment.
3. NEW: SendCollectibleReview calls signTransaction({secretKey: account.privateKey}) with no isWalletUnlocked() guard — the gating that the other signing paths enforce is missing here.
4. NEW: softLock's persisted setItem(AUTH_STATUS, LOCKED) failure is swallowed by try/catch; a process kill after a failed write leaves the wallet auto-unlockable on next launch.

Should-fix (7): UX/correctness bugs that don't compromise the security model but produce visibly broken or wedged states.

Optional (4): Edge-case timing races and theoretical attacks; worth filing as follow-up issues.

Must-fix #3 (new) — SendCollectibleReview missing isWalletUnlocked guard

handleTransactionConfirmation calls the bare signTransaction({secretKey: account.privateKey, network}) with no isWalletUnlocked() guard. Every other signing path in this PR (TransactionAmountScreen, useSwapTransaction, useManageTokens) adds the guard; collectible-send was missed.

freighter-mobile/src/components/screens/SendScreen/screens/SendCollectibleReview.tsx

Lines 361 to 370 in 08566bc

	throw new Error("Missing account or collectible information");
	}
	const { privateKey } = account;
	signTransaction({
	secretKey: privateKey,
	network,
	});

Trigger: user opens the collectible review sheet, taps Confirm; in the same tick an IMMEDIATELY auto-lock fires. The closure already captured privateKey; signTransaction({secretKey}) executes without crossing any barrier, submits on-chain while the overlay is rendering. Every other signing path refuses.

Must-fix #4 (new) — softLock storage write swallowed

softLock awaits secureDataStorage.setItem(AUTH_STATUS, LOCKED) inside a try/catch that only logger.errors on failure. The lock is treated as successful even when the persist failed.

freighter-mobile/src/ducks/auth.ts

Lines 2216 to 2226 in 08566bc

	// Persist LOCKED (covers tampering + cold starts). Awaited so an
	// immediate post-background process kill still has the lock on disk.
	try {
	await secureDataStorage.setItem(
	SENSITIVE_STORAGE_KEYS.AUTH_STATUS,
	AUTH_STATUS.LOCKED,
	);
	} catch (error) {
	logger.error("softLock", "Failed to persist LOCKED status", error);
	}
	},

Trigger: IMMEDIATELY auto-lock fires when the user backgrounds. softLock() sets in-memory LOCKED, then setItem(AUTH_STATUS, LOCKED) throws (transient iOS keychain ENOENT, race with another setItem). Error logged, swallowed. iOS kills the process (memory pressure). Next cold launch: AUTH_STATUS absent, backgroundedAt absent, hashKey still valid → getAuthStatus returns AUTHENTICATED. Silent security regression invisible to telemetry. Either propagate the failure or retry inline.

Should-fix (7)

#	File	Issue
S1	src/ducks/auth.ts#L2323	signIn's fire-and-forget secureDataStorage.remove(AUTH_STATUS) races the new getAuthStatus auto-softLock funnel — a freshly-unlocked wallet can be silently re-locked within ms.
S2	src/ducks/auth.ts#L2299	signIn's getActiveAccount failure path sets {authStatus: LOCKED} without isSoftLocked: true, producing the LOCKED && !isSoftLocked combo the softLock JSDoc says must never be observable. Tears down the authenticated tree the soft-lock model promises to preserve.
S3	src/hooks/useAuthCheck.ts#L72	PanResponder capture-phase observer can't see touches handled by react-native-gesture-handler (bottom-sheet, swipeable rows, GH-backed keypads). User actively tapping the numeric keypad on TransactionAmountScreen can still be foreground-idle-locked mid-input.
S4	src/ducks/auth.ts#L2733	getAuthStatus's stale-read guard only handles AUTHENTICATED. If disk returns NOT_AUTHENTICATED while isSoftLocked === true, the store sets authStatus: NOT_AUTHENTICATED but leaves isSoftLocked: true — wedging the user behind the overlay on top of an accountless app until app kill.
S5	src/config/constants.ts#L127	AUTO_LOCK_TIMER.TWENTY_FOUR_HOURS = 24h is exactly equal to HASH_KEY_EXPIRATION_MS = 24h, so this preset can never trigger the soft-lock fast path — isHashKeyExpired always fires first. The 24h preset is effectively indistinguishable from HASH_KEY_EXPIRED.
S6	src/ducks/preferences.ts#L48	setAutoLockTimer fires persistAutoLockTimer and applyAutoLockTimerToHashKey as parallel promises. On persist-failure the catch reverts the UI/mirror but NOT the hash-key TTL re-anchor — UI says ONE_HOUR while hash key TTL is anchored at NEVER_EXPIRE (or vice-versa). Silently desyncs policy from enforcement.
S7	src/components/Modal.tsx#L2576	New AppState listener unconditionally dismisses ANY visible Modal on background — not gated on isSoftLocked. Every Modal consumer (ForgotPasswordWarningModal, ConfirmationModal, MaintenanceModal) loses dialog state when the user glances at a notification. UX regression on non-lock-related modals.

Optional (4) — file as follow-up issues

#	File	Issue
O1	src/services/autoLock.ts#L115	getBackgroundedAt silently clears future-dated timestamps. A device clock that jumps backward (manual setting, NTP correction, DST glitch, attacker-controlled) makes the saved timestamp look future-dated → deleted → no auto-lock fires that background period.
O2	src/ducks/preferences.ts#L66	autoLockTimer is dual-written to unencrypted zustand preferences-storage AND the secure mirror. The secure mirror was added to close the AsyncStorage-tampering hole, but the AsyncStorage copy wasn't removed — UI reader can show a different value than the enforcement reader.
O3	ios/freighter-mobile/AppDelegate.swift#L45	handlePrivacyShieldHideRequest dispatches main_async without re-checking the app is still active when the closure runs. A foreground→background bounce between JS hide() and the dispatch can tear down a freshly-raised shield mid-snapshot.
O4	android/.../PrivacyShieldModule.kt#L22	Symmetric to O3 — hide() posts to UI thread without verifying the activity is still resumed. FLAG_SECURE protects the recents thumbnail but not on-screen reveal during foreground bounce.

🤖 Generated with Claude Code

[piyalbasu]

Cross-platform default consistency

Worth flagging before this lands: extension PR stellar/freighter#2802 shipped DEFAULT_AUTO_LOCK_TIMEOUT_MINUTES = 720 (12 hours). This PR currently ships DEFAULT_AUTO_LOCK_TIMER = AUTO_LOCK_TIMER.TWENTY_FOUR_HOURS (24 hours).

We've already discussed and settled on 12h as the default. Mobile should match — change DEFAULT_AUTO_LOCK_TIMER to AUTO_LOCK_TIMER.TWELVE_HOURS before merge so both platforms ship with the same cadence.

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c80f6024c7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5a5e9e21c3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[leofelix077]

@piyalbasu thanks for posting the review

Applied some extra security checks and data handling there. Mostly was edge cases (e.g. going to background -> foreground -> background -> foreground in quick succession) and checks to actively block signing if the app is locked

The DEV flags were intentional to have them enabled on the TestFlight build. but ran one more build and removed them afterwards

also adjusted the default timers from the extension to keep it more in line. hadnt changed it due to regression

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d6d05add9e

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[CassioMG]

@leofelix077 nice improvement with this Privacy Shield, would you mind exposing it on the PR description?

[leofelix077]

Added there a short description as well

for Added privacy, on the native layer it also adds a Privacy shield -> When app is in background, only the splash screen is shown, and on the native app switcher carousel menu, it does not show any information. When the app goes to background, it waits for the native JS layer to be ready (auth state and storage hydrated) to show again the lock screen or the home screen, avoiding exposing any info during this in-between state

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2e0f538828

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5fa28e85d0

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Allow lock-screen auth errors through the filter

When a soft-locked user unlocks and signIn sets a non-inline auth error (for example failedToLoadAccount after the password is accepted), AuthErrorToastListener emits AUTH_ERROR_TOAST_ID (auth-error) and clears the store error, but this new filter drops it because the allow-list only contains unlock-wallet-error. Fresh evidence: the biometric path now uses the allowed id, but the app-wide auth listener still emits auth-error for lock-screen/account-load failures, so the overlay shows neither an inline error nor a toast; route these lock-screen errors through an allowed id before clearing them.

Useful? React with 👍 / 👎.