3c2aee7bda
Repro: after a reinstall / external VPN-revoke, `filter_enabled` flipped to false but `tamper_armed` stayed true. Result: buildDeviceState reported tamperLock:true purely from `tamper_armed` → UI mapped that to appDeletionLock:true → lockedIn:true → showed the green "protected & locked" card with no toggles → no way to reactivate. (The a11y service didn't block — handleProtectedSettingsBlock checks isProtectionEnabled — but it kept logging every settings-navigation, wasting CPU.) "Armed but disabled" is an invalid state. - RebreakAccessibilityService: top guard is now `if (!isTamperLockArmed() || !isProtectionEnabled()) return` — fully passive (no logging) whenever protection is off, regardless of a stale tamper flag. - RebreakProtectionModule.buildDeviceState: tamperLock = tamper_armed && filter_enabled. - RebreakProtectionModule.isVpnEffectivelyOn (revoke branch) and RebreakVpnService.onRevoke now clear `tamper_armed` together with `filter_enabled` — the two can't desync. Self-heals: opening the blocker page after the update re-fetches state → tamperLock:false → toggles back. Also: the tamper-block toast is now Lyra-voiced instead of a shield emoji (a real avatar image isn't possible — Android 11+ ignores Toast.setView() for app toasts; lyra-persona can refine the wording). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>