Optimized decryption workflow by caching API response to reduce redundant requests in index.php.

        }

        const decryptBtn = document.getElementById('decryptBtn');

        let secretResponse = null;

        decryptBtn.addEventListener('click', async () => {

            const passphrase = document.getElementById('decryptPassphrase').value.trim();

            try {

                // IMPORTANT: ideally this should be a POST that only "consumes" on purpose.

                let result;

                if (!secretResponse) {

                    const response = await fetch(`/secret-api.php?id=${encodeURIComponent(id)}&retrieve`, {

                        method: 'POST',

                        headers: {'Content-Type': 'application/json'},

                        body: JSON.stringify({passphraseHint: !!passphrase}) // optional, backend can ignore

                    });

                const result = await response.json().catch(() => ({}));

                    result = await response.json().catch(() => ({}));

                } else {

                    result = secretResponse;

                }

                // Generic failure (don’t reveal if id exists)

                if (!response.ok || !result || !result.secret) {