Garry Tan 758b3b373c fix(security): keep 'const systemPrompt = [' identifier for test compatibility ... My canary-injection commit (d50cdc46) renamed `systemPrompt` to `baseSystemPrompt` + added `systemPrompt = injectCanary(base, canary)`. That broke 4 brittle tests in sidebar-ux.test.ts that string-slice serverSrc between `const systemPrompt = [` and `].join('\n')` to extract the prompt for content assertions. Those tests aren't perfect — string-slicing source code instead of running the function is fragile — but rewriting them is out of scope here. Simpler fix: keep the expected identifier name. Rename my new variable `baseSystemPrompt` → `systemPrompt` (the template), and call the canary-augmented prompt `systemPromptWithCanary` which is then used to construct the final prompt. No behavioral change. Just restores the test-facing identifier. Regression test state: sidebar-ux.test.ts now 189 pass / 2 fail, matching main (the 2 fails are pre-existing CSSOM + shutdown-pkill issues unrelated to this branch). Full security suite still 219 pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-04-20 04:32:23 +08:00
..
bin	feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)	2026-03-19 18:20:50 -07:00
scripts	fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024)	2026-04-16 13:49:04 -07:00
src	fix(security): keep 'const systemPrompt = [' identifier for test compatibility	2026-04-20 04:32:23 +08:00
test	test(sidebar-agent): regex-tolerant destructure check	2026-04-20 04:32:23 +08:00
PLAN-snapshot-dropdown-interactive.md	fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)	2026-04-05 22:57:45 -07:00
SKILL.md	feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)	2026-04-18 23:25:33 +08:00
SKILL.md.tmpl	feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)	2026-04-18 23:25:33 +08:00