RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse/test
History
Garry Tan 25ef24e92e
feat(server): /pty-session 4-tuple + /pty-restart + /pty-dispose + lease-refresh 
Wires the lease + attachToken model end-to-end on the server side. The
client side (extension) lands in the next commit; agent side already
shipped in 449144cd.

Routes:
  * POST /pty-session — mints sessionId (stable, loggable) + lease
    (server-side bookkeeping) + attachToken (short-lived bearer for the
    WS upgrade). Returns the 4-tuple in one round trip. Legacy
    ptySessionToken / expiresAt aliases kept for one minor release so
    extensions on the v1.43 wire shape keep working.
  * POST /pty-session/reattach — validates a sessionId's lease and mints
    a FRESH attachToken bound to the same sessionId. Used by Commit 3's
    re-attach loop; 410 Gone when the lease has expired so the client
    knows to fall back to a brand-new /pty-session.
  * POST /pty-restart — one transaction: dispose the caller's existing
    PtySession on the agent (via /internal/restart, scoped to one
    sessionId — codex T2), revoke the old lease, mint a fresh
    sessionId + lease + attachToken, return the 4-tuple. Zero race
    window between kill and mint (codex T2 + D8 of the eng review).
  * POST /pty-dispose — explicit teardown. sendBeacon-compatible: accepts
    auth token in the body so the extension's pagehide handler (Commit 2C)
    can fire it without setting custom headers (sendBeacon doesn't
    support those). Without this route, every clean browser quit leaves
    a zombie PTY alive for the 60s detach window — codex T3 caught it.
  * POST /internal/lease-refresh — loopback from terminal-agent on its
    25s keepalive cycle (lazy: only when lease is within 5 min of
    expiry). Refreshes the lease AND resets the daemon idle timer. T6
    of the eng review: PTY activity (not arbitrary SSE consumers) is
    what keeps the daemon alive when the sidebar is in use.

Helpers:
  * grantPtyToken now accepts optional sessionId and passes it through
    to the agent's /internal/grant body. The agent binds token → sessionId
    in its validTokens Map so /ws upgrades carry the sessionId for
    /internal/restart and Commit 3 re-attach lookups.
  * restartPtySession() — new loopback helper that POSTs the agent's
    scoped /internal/restart with a sessionId body. Used by /pty-restart
    and /pty-dispose.

Auth contract on /pty-dispose deliberately accepts the auth token in
EITHER the Authorization header OR the request body. The body path is
required for sendBeacon (which can't set custom headers); the header
path stays available for non-beacon callers and tests.

Test (browse/test/server-pty-lease-routes.test.ts):
  * 7 static-grep tripwires pinning the 4-tuple shape, validate-first
    re-attach with 410 fallback, one-transaction restart semantics,
    sendBeacon-compatible dispose auth, and the T6 PTY-only idle reset.
  * Live route exercises (full mint + grant + WS upgrade cycle) belong
    in the e2e tier — they require a real terminal-agent loopback and
    take seconds per assertion.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 		2026-05-23 23:17:42 -07:00
..
fixtures v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
activity.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
adversarial-security.test.ts fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595) 2026-03-28 08:35:24 -06:00
batch.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
bridge-chromium-e2e.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
browse-client.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
browser-manager-custom-chromium.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
browser-manager-unit.test.ts v1.42.2.0 fix wave: browse launch hardening (2 bug fixes + headed exit-code wiring) (#1629) 2026-05-20 19:30:08 -07:00
browser-skill-commands.test.ts fix(tests): repair 7 pre-existing failures (env pollution + stale markers) 2026-05-23 19:25:06 -07:00
browser-skill-write.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
browser-skills-e2e.test.ts v1.39.0.0 feat: buildFetchHandler factory unblocks gbrowser submodule consumption (#1511) 2026-05-14 21:55:29 -07:00
browser-skills-storage.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
build-command-response.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
build.test.ts fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024) 2026-04-16 13:49:04 -07:00
bun-polyfill.test.ts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
cdp-allowlist.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
cdp-e2e.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
cdp-mutex.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
claude-bin.test.ts v1.24.0.0 feat: cross-platform hardening — curated Windows lane + Bun.which resolver + path-portability helper (#1252) 2026-05-01 07:21:28 -07:00
cli-supervisor.test.ts feat(cli): opt-in outer supervisor — respawn browse server on crash 2026-05-23 23:13:23 -07:00
commands.test.ts feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00
compare-board.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
config.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
content-security.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
cookie-import-browser.test.ts feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359) 2026-03-23 22:15:23 -07:00
cookie-picker-routes.test.ts community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 2026-04-17 00:45:13 -07:00
daemon-mismatch-refuse.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
data-platform.test.ts feat: browser data platform for AI agents (v0.16.0.0) (#907) 2026-04-08 00:41:55 -07:00
domain-skills-e2e.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
domain-skills-storage.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
dual-listener.test.ts v1.39.0.0 feat: buildFetchHandler factory unblocks gbrowser submodule consumption (#1511) 2026-05-14 21:55:29 -07:00
dx-polish.test.ts feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00
error-handling.test.ts refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941) 2026-04-10 17:13:15 -10:00
file-drop.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
file-permissions.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
find-browse.test.ts v1.42.0.0 Daegu wave: 23 community-filed bugs + PTY classifier enforcement (24 bisect commits) (#1594) 2026-05-20 07:35:01 -07:00
findport.test.ts feat: community PRs — faster install, skill namespacing, uninstall, Codex fallback, Windows fix, Python patterns (v0.12.9.0) (#561) 2026-03-27 00:44:37 -06:00
from-file-path-validation.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
gstack-config.test.ts feat: composable skills — INVOKE_SKILL resolver + factoring infrastructure (v0.13.7.0) (#644) 2026-03-29 23:35:17 -06:00
gstack-update-check.test.ts v1.34.1.0 fix: gstack-update-check resists stale GitHub raw CDN + adds semver-order guard (#1475) 2026-05-13 13:37:31 -04:00
handoff.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
learnings-injection.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
pair-agent-e2e.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
pair-agent-tunnel-eval.test.ts v1.16.0.0 feat: tunnel allowlist 17→26 + canDispatchOverTunnel pure function (#1253) 2026-04-28 00:57:28 -07:00
path-validation.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
pdf-flags.test.ts feat(v1.4.0.0): /make-pdf — markdown to publication-quality PDFs (#1086) 2026-04-20 13:20:30 +08:00
platform.test.ts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
proxy-config.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
proxy-redact.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
pty-inject-scan.test.ts v1.42.0.0 Daegu wave: 23 community-filed bugs + PTY classifier enforcement (24 bisect commits) (#1594) 2026-05-20 07:35:01 -07:00
pty-session-lease.test.ts feat(browse): pty-session-lease registry — stable sessionId + lease lifecycle 2026-05-23 23:14:04 -07:00
regression-pr1169-pdf-from-file-invalid-json.test.ts v1.41.1.0 fix wave: 7 HIGH bugs from external audit + regression tests (PR #1169 follow-up) (#1592) 2026-05-20 06:56:41 -07:00
sanitize.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
screenshot-size-guard.test.ts v1.42.0.0 Daegu wave: 23 community-filed bugs + PTY classifier enforcement (24 bisect commits) (#1594) 2026-05-20 07:35:01 -07:00
security-adversarial-fixes.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
security-adversarial.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-audit-r2.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
security-bench-ensemble-live.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bench-ensemble.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bench.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bunnative.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-classifier-download-cleanup.test.ts v1.41.1.0 fix wave: 7 HIGH bugs from external audit + regression tests (PR #1169 follow-up) (#1592) 2026-05-20 06:56:41 -07:00
security-classifier-tdz.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
security-classifier.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-integration.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-live-playwright.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-review-flow.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-sidecar-client.test.ts v1.42.0.0 Daegu wave: 23 community-filed bugs + PTY classifier enforcement (24 bisect commits) (#1594) 2026-05-20 07:35:01 -07:00
security-sidepanel-dom.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-source-contracts.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
server-auth.test.ts fix(tests): repair 7 pre-existing failures (env pollution + stale markers) 2026-05-23 19:25:06 -07:00
server-embedder-terminal-port.test.ts fix(browse): identity-based terminal-agent kill replaces pkill regex 2026-05-23 18:29:33 -07:00
server-factory.test.ts v1.39.0.0 feat: buildFetchHandler factory unblocks gbrowser submodule consumption (#1511) 2026-05-14 21:55:29 -07:00
server-flush-trackers.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
server-no-import-side-effects.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
server-proxy-fail-fast.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
server-pty-lease-routes.test.ts feat(server): /pty-session 4-tuple + /pty-restart + /pty-dispose + lease-refresh 2026-05-23 23:17:42 -07:00
server-sanitize-surrogates.test.ts v1.38.0.0 fix wave: Windows install hardening + Unicode sanitization at server egress (4 community PRs) (#1505) 2026-05-14 21:19:58 -07:00
server-tmp-state-path.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
sidebar-integration.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
sidebar-security.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
sidebar-tabs.test.ts v1.32.0.0 fix wave: 7 community PRs + 5 gate-eval hardenings (#1431) 2026-05-11 12:16:26 -07:00
sidebar-unit.test.ts fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544) 2026-03-26 22:07:03 -06:00
sidebar-ux.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
sidepanel-patient-autoconnect.test.ts feat(sidebar): patient tryAutoConnect — poll forever with ascending status, abort only on 401 2026-05-23 23:10:17 -07:00
skill-token.test.ts v1.39.0.0 feat: buildFetchHandler factory unblocks gbrowser submodule consumption (#1511) 2026-05-14 21:55:29 -07:00
snapshot.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
socks-bridge.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
sse-session-cookie.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
state-ttl.test.ts fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595) 2026-03-28 08:35:24 -06:00
stealth-extended.test.ts v1.42.0.0 Daegu wave: 23 community-filed bugs + PTY classifier enforcement (24 bisect commits) (#1594) 2026-05-20 07:35:01 -07:00
stealth-webdriver.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
tab-each.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
tab-isolation.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
tab-session-frame-detach.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
telemetry.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
terminal-agent-integration.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
terminal-agent-internal-handler.test.ts refactor(terminal-agent): extract internalHandler<T> helper for /internal/* routes 2026-05-23 23:08:01 -07:00
terminal-agent-keepalive.test.ts feat(terminal-agent): 25s WS keepalive ping/pong + client keepalive frames 2026-05-23 23:09:23 -07:00
terminal-agent-pid-identity.test.ts fix(browse): identity-based terminal-agent kill replaces pkill regex 2026-05-23 18:29:33 -07:00
terminal-agent-session-routing.test.ts feat(terminal-agent): sessionId-aware grant + scoped restart + eager spawn 2026-05-23 23:15:49 -07:00
terminal-agent-watchdog.test.ts feat(browse): terminal-agent watchdog with PID liveness + crash-loop guard 2026-05-23 23:11:54 -07:00
terminal-agent.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
test-server.ts feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29) 2026-03-13 00:31:41 -07:00
token-registry.test.ts v1.39.0.0 feat: buildFetchHandler factory unblocks gbrowser submodule consumption (#1511) 2026-05-14 21:55:29 -07:00
tunnel-gate-unit.test.ts v1.16.0.0 feat: tunnel allowlist 17→26 + canDispatchOverTunnel pure function (#1253) 2026-04-28 00:57:28 -07:00
url-validation.test.ts v1.32.0.0 fix wave: 7 community PRs + 5 gate-eval hardenings (#1431) 2026-05-11 12:16:26 -07:00
watch.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
watchdog.test.ts community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 2026-04-17 00:45:13 -07:00
welcome-page.test.ts feat: GStack Browser — double-click AI browser with anti-bot stealth (#695) 2026-04-04 10:17:05 -07:00
xvfb.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00