RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse
History
Garry Tan 0098d574e6
test(security): assert tool-result ML scan surface (Read/Glob/Grep ingress) 
4 new assertions in sidebar-security.test.ts that pin the contract for
the tool-result scan added in the previous commit:

  * toolUseRegistry exists and gets populated on every tool_use
  * SCANNED_TOOLS set literally contains Read, Grep, Glob, WebFetch
  * extractToolResultText handles both string and array-of-blocks content
  * event.type === 'user' + block.type === 'tool_result' paths are wired

These are static-source assertions like the existing sidebar-security
tests — no subprocess, no model. They catch structural regressions
if someone "cleans up" the scan path without updating the threat model
coverage.

sidebar-security.test.ts now 16 tests / 42 expect calls.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 		2026-04-20 04:42:20 +08:00
..
bin feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226) 2026-03-19 18:20:50 -07:00
scripts fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024) 2026-04-16 13:49:04 -07:00
src feat(security): ML scan on Read/Glob/Grep/WebFetch tool outputs 2026-04-20 04:42:20 +08:00
test test(security): assert tool-result ML scan surface (Read/Glob/Grep ingress) 2026-04-20 04:42:20 +08:00
PLAN-snapshot-dropdown-interactive.md fix: snapshot -i auto-detects dropdown/popover interactive elements (#845) 2026-04-05 22:57:45 -07:00
SKILL.md feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00
SKILL.md.tmpl feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00