RomanNum3ral
/
gstack
mirror of https://github.com/garrytan/gstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gstack/browse/test
History
Garry Tan ea51b45e08
v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 
* fix(browse): sanitize lone Unicode surrogates at commandResult chokepoint + /batch envelope (#1440)

Page captures with mixed-script Unicode round-trip cleanly to the Claude API.
Two new utilities in browse/src/sanitize.ts: stripLoneSurrogates for raw UTF-16
strings, stripLoneSurrogateEscapes for \uXXXX JSON escape text. sanitizeBody
picks the right pass based on cr.json.

buildCommandResponse is extracted from handleCommand (now exported) and
applies sanitization before new Response(). /batch was bypassing this
chokepoint via direct JSON.stringify, so it sanitizes each cr.result before
pushing AND wraps the envelope with stripLoneSurrogateEscapes. Defense in
depth wraps at getCleanText, getCleanTextWithStripping, html, accessibility,
and snapshot.ts return points so downstream consumers (datamarking, envelope
wrapping) see sanitized text before the response is built.

25 new unit tests across sanitize.test.ts and build-command-response.test.ts.
content-security.test.ts updated to accept either pre- or post-sanitize form
of the snapshot scoped branch (source-level regression check).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* feat: bug fix wave v1.36.0.0 — Implementation Tasks, allowlist patterns, surrogate-safe page captures (#1440 #1452 #1454)

Three filed issues land together:

#1440 — Page captures from real-world HTML hit 'API Error 400: no low
surrogate in string'. Sanitizers + buildCommandResponse extraction shipped in
the prior commit; this commit adds the migration script that patches existing
brain-allowlist/privacy-map/gitattributes installs and the supporting tests.

#1452 — Federation sync was silently skipping root-level design and test-plan
docs. bin/gstack-artifacts-init adds two patterns to all three managed blocks
(.brain-allowlist, .brain-privacy-map.json, .gitattributes). Idempotent
migration v1.36.0.0.sh repairs existing installs in place via jq (preserves
JSON validity) — no commit + push from the migration.

#1454 — All four review skills (CEO/design/eng/DX) emit an Implementation
Tasks markdown section AND write a jq-built JSONL artifact per phase.
/autoplan reads all four files, scopes by current branch + 5-commit window,
dedupes on exact (component, sorted(files), title), and renders an aggregated
list in the Final Approval Gate.

New tests:
- browse/test/sanitize.test.ts (18 cases)
- browse/test/build-command-response.test.ts (7 cases)
- test/artifacts-init-migration.test.ts (7 cases)

VERSION → 1.36.0.0. Skips the v1.34.x slot taken by 'gstack consumable as
submodule' and the v1.35.0.0 slot taken by /document-generate. #1428 was
shipped separately by v1.34.2.0 with a different approach; follow-up #1503
filed for the bare-path filesystem boundary concern surfaced during our
analysis.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* chore: bump to v1.38.1.0

VERSION + package.json + CHANGELOG header + migration filename + test
reference all consistently at v1.38.1.0. Migration renamed:
gstack-upgrade/migrations/v1.38.0.0.sh -> v1.38.1.0.sh.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
 		2026-05-14 21:46:50 -07:00
..
fixtures v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
activity.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
adversarial-security.test.ts fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595) 2026-03-28 08:35:24 -06:00
batch.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
bridge-chromium-e2e.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
browse-client.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
browser-manager-custom-chromium.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
browser-manager-unit.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
browser-skill-commands.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
browser-skill-write.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
browser-skills-e2e.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
browser-skills-storage.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
build-command-response.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
build.test.ts fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024) 2026-04-16 13:49:04 -07:00
bun-polyfill.test.ts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
cdp-allowlist.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
cdp-e2e.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
cdp-mutex.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
claude-bin.test.ts v1.24.0.0 feat: cross-platform hardening — curated Windows lane + Bun.which resolver + path-portability helper (#1252) 2026-05-01 07:21:28 -07:00
commands.test.ts feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00
compare-board.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
config.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
content-security.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
cookie-import-browser.test.ts feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359) 2026-03-23 22:15:23 -07:00
cookie-picker-routes.test.ts community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 2026-04-17 00:45:13 -07:00
daemon-mismatch-refuse.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
data-platform.test.ts feat: browser data platform for AI agents (v0.16.0.0) (#907) 2026-04-08 00:41:55 -07:00
domain-skills-e2e.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
domain-skills-storage.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
dual-listener.test.ts v1.16.0.0 feat: tunnel allowlist 17→26 + canDispatchOverTunnel pure function (#1253) 2026-04-28 00:57:28 -07:00
dx-polish.test.ts feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062) 2026-04-18 23:25:33 +08:00
error-handling.test.ts refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941) 2026-04-10 17:13:15 -10:00
file-drop.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
file-permissions.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
find-browse.test.ts feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226) 2026-03-19 18:20:50 -07:00
findport.test.ts feat: community PRs — faster install, skill namespacing, uninstall, Codex fallback, Windows fix, Python patterns (v0.12.9.0) (#561) 2026-03-27 00:44:37 -06:00
from-file-path-validation.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
gstack-config.test.ts feat: composable skills — INVOKE_SKILL resolver + factoring infrastructure (v0.13.7.0) (#644) 2026-03-29 23:35:17 -06:00
gstack-update-check.test.ts v1.34.1.0 fix: gstack-update-check resists stale GitHub raw CDN + adds semver-order guard (#1475) 2026-05-13 13:37:31 -04:00
handoff.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
learnings-injection.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
pair-agent-e2e.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
pair-agent-tunnel-eval.test.ts v1.16.0.0 feat: tunnel allowlist 17→26 + canDispatchOverTunnel pure function (#1253) 2026-04-28 00:57:28 -07:00
path-validation.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
pdf-flags.test.ts feat(v1.4.0.0): /make-pdf — markdown to publication-quality PDFs (#1086) 2026-04-20 13:20:30 +08:00
platform.test.ts fix: Windows support — Node.js server fallback for Playwright (#255) 2026-03-20 12:22:11 -07:00
proxy-config.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
proxy-redact.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
sanitize.test.ts v1.38.1.0 fix wave: surrogate-safe page captures (#1440), Implementation Tasks across review skills (#1454), root-level artifact patterns (#1452) (#1504) 2026-05-14 21:46:50 -07:00
security-adversarial-fixes.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
security-adversarial.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-audit-r2.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
security-bench-ensemble-live.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bench-ensemble.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bench.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-bunnative.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-classifier-tdz.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
security-classifier.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-integration.test.ts v1.6.4.0: cut Haiku classifier FP from 44% to 23%, gate now enforced (#1135) 2026-04-23 10:23:40 -07:00
security-live-playwright.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-review-flow.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-sidepanel-dom.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security-source-contracts.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
security.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
server-auth.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
server-factory.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
server-flush-trackers.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
server-no-import-side-effects.test.ts v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472) 2026-05-13 12:22:30 -04:00
server-proxy-fail-fast.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
server-sanitize-surrogates.test.ts v1.38.0.0 fix wave: Windows install hardening + Unicode sanitization at server egress (4 community PRs) (#1505) 2026-05-14 21:19:58 -07:00
server-tmp-state-path.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
sidebar-integration.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
sidebar-security.test.ts feat(security): ML prompt injection defense for sidebar (v1.4.0.0) (#1089) 2026-04-20 22:18:37 +08:00
sidebar-tabs.test.ts v1.32.0.0 fix wave: 7 community PRs + 5 gate-eval hardenings (#1431) 2026-05-11 12:16:26 -07:00
sidebar-unit.test.ts fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544) 2026-03-26 22:07:03 -06:00
sidebar-ux.test.ts fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847) 2026-04-06 00:47:04 -07:00
skill-token.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
snapshot.test.ts refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873) 2026-04-07 00:23:36 -07:00
socks-bridge.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
sse-session-cookie.test.ts security: tunnel dual-listener + SSRF + envelope + path wave (v1.6.0.0) (#1137) 2026-04-21 21:58:27 -07:00
state-ttl.test.ts fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595) 2026-03-28 08:35:24 -06:00
stealth-webdriver.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00
tab-each.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
tab-isolation.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
tab-session-frame-detach.test.ts v1.30.0.0 fix wave: 21 community PRs + Windows CI extension + codex flag-semantics smoke (#1391) 2026-05-09 08:06:47 -07:00
telemetry.test.ts v1.20.0.0 feat: browser-skills runtime + gbrain-support carryover (#1233) 2026-04-28 20:08:04 -07:00
terminal-agent-integration.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
terminal-agent.test.ts feat: gstack browser sidebar = interactive Claude Code REPL with live tab awareness (v1.14.0.0) (#1216) 2026-04-25 22:52:15 -07:00
test-server.ts feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29) 2026-03-13 00:31:41 -07:00
token-registry.test.ts v1.32.0.0 fix wave: 7 community PRs + 5 gate-eval hardenings (#1431) 2026-05-11 12:16:26 -07:00
tunnel-gate-unit.test.ts v1.16.0.0 feat: tunnel allowlist 17→26 + canDispatchOverTunnel pure function (#1253) 2026-04-28 00:57:28 -07:00
url-validation.test.ts v1.32.0.0 fix wave: 7 community PRs + 5 gate-eval hardenings (#1431) 2026-05-11 12:16:26 -07:00
watch.test.ts feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517) 2026-03-26 11:15:24 -06:00
watchdog.test.ts community wave: 6 PRs + hardening (v0.18.1.0) (#1028) 2026-04-17 00:45:13 -07:00
welcome-page.test.ts feat: GStack Browser — double-click AI browser with anti-bot stealth (#695) 2026-04-04 10:17:05 -07:00
xvfb.test.ts v1.28.0.0 feat: browse --headed/--proxy/--navigate + gstack/llms.txt + webdriver-only stealth (#1363) 2026-05-07 20:14:59 -07:00