hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-15 00:38:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

v1.34.0.0 feat: gstack consumable as submodule (factory-export API + AUTH_TOKEN env + import.meta.main gate) (#1472)

Browse Source 
* feat(config): add resolveGstackHome, resolveChromiumProfile, cleanSingletonLocks

Three new exported helpers in browse/src/config.ts:

- resolveGstackHome(): honors GSTACK_HOME env, falls back to os.homedir()/.gstack
  Matches the existing convention in browse/src/telemetry.ts:26 and
  browse/src/domain-skills.ts:66.

- resolveChromiumProfile(explicit?): explicit arg wins -> CHROMIUM_PROFILE env
  -> resolveGstackHome()/chromium-profile. Lets gbrowser pass per-workspace
  profile paths through ServerConfig instead of relying on ambient env state.

- cleanSingletonLocks(dir): removes SingletonLock/Socket/Cookie via safeUnlinkQuiet.
  Defensive guard refuses to operate unless dir basename is 'chromium-profile'
  OR matches explicit CHROMIUM_PROFILE env value, preventing accidental
  deletion in unrelated directories.

Extends browse/test/config.test.ts with 12 tests covering env precedence,
guard behavior, ENOENT swallowing, and CHROMIUM_PROFILE override.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(security-classifier): TDZ when claude CLI is missing from PATH

The checkTranscript Promise executor in browse/src/security-classifier.ts
referenced `finish()` at the !claude early-return guard before declaring
it 5 lines later. JavaScript throws ReferenceError: Cannot access 'finish'
before initialization (TDZ) for that path, but the path is only reachable
when resolveClaudeCommand returns null inside the spawn block (a TOCTOU
window vs. the outer checkHaikuAvailable cache).

Fix: hoist `let stdout = ''`, `let done = false`, and `const finish` block
above `const claude = resolveClaudeCommand()` so finish is in scope before
any reference to it. Behavior is identical when claude is on PATH; the
fix only matters for the dormant missing-CLI degraded path.

Adds browse/test/security-classifier-tdz.test.ts as the regression guard:
clears PATH + override env vars, calls checkTranscript, asserts the result
serializes with degraded:true and a meaningful reason field.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(browser-manager): isCustomChromium gate + per-workspace profile + lock cleanup

Three fold-ins so gbrowser can become a thin overlay instead of forking
browse-server:

- Export isCustomChromium(): detects custom Chromium builds that bake the
  extension in as a component extension. Prefers explicit
  GSTACK_CHROMIUM_KIND=custom-extension-baked signal; falls back to
  GSTACK_CHROMIUM_PATH substring containing 'GBrowser' / 'gbrowser'.
  Gates the --load-extension push at launchHeaded so we don't trigger
  ServiceWorkerState::SetWorkerId DCHECK when two copies of the same
  service worker race to register.

- Swap hardcoded path.join(HOME, '.gstack', 'chromium-profile') in
  launchHeaded for resolveChromiumProfile() so phoenix can pass a
  per-workspace profile via CHROMIUM_PROFILE env (one daemon per gbd
  workspace, each with a distinct profile dir).

- Call cleanSingletonLocks(userDataDir) immediately after mkdirSync.
  Chromium's ProcessSingleton refuses to start when stale
  SingletonLock/Socket/Cookie files survive a SIGKILL or hard crash;
  pre-launch cleanup defends against the crash case. Safe under external
  coordination (gbd.lock for gbrowser, single-instance CLI check for
  gstack).

The existing .auth.json write at L291-302 is preserved — extensions
still need it for bootstrap even when component-baked.

Adds browse/test/browser-manager-custom-chromium.test.ts with 8 tests
covering both the env-kind and path-substring signals plus stock /
playwright-bundled Chromium negative cases.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* feat(server): factory-export API surface + import.meta.main gate

Surfaces the embedder API gbrowser (phoenix) needs to consume gstack as a
submodule, and gates module-load side effects so the file is safe to
import without auto-starting a daemon.

Changes to browse/src/server.ts:

- AUTH_TOKEN now honors process.env.AUTH_TOKEN (trimmed) before falling
  back to crypto.randomUUID(). Whitespace-only values are rejected so the
  security boundary can't be silently weakened.

- New exported types: ServerConfig and ServerHandle. ServerConfig documents
  the full factory contract (authToken, browsePort, idleTimeoutMs, config,
  browserManager, chromiumProfile, xvfb, proxyBridge, startTime, beforeRoute).
  ServerHandle documents the return shape (fetchLocal, fetchTunnel,
  shutdown, stopListeners). Caller-owned lifecycle annotations on xvfb and
  proxyBridge prevent double-close bugs from surprise ownership.

- New exported function: resolveConfigFromEnv() builds a ServerConfig-shaped
  object from process.env for CLI use. Embedders construct their own
  ServerConfig explicitly.

- start() is now exported. Embedders can call it with env vars set as a
  v1 escape hatch until full buildFetchHandler extraction lands.

- Signal handlers (SIGINT, SIGTERM, Windows exit, uncaughtException,
  unhandledRejection) and the auto-kickoff at module bottom are now wrapped
  in `if (import.meta.main)`. CLI path is unchanged. Embedders register
  their own handlers.

- shutdown() and emergencyCleanup() now call cleanSingletonLocks(
  resolveChromiumProfile()) instead of inline path+loop. Single
  implementation, defensive guard, honors per-workspace CHROMIUM_PROFILE.

New tests:
- browse/test/server-no-import-side-effects.test.ts: spawns a fresh Bun
  subprocess that imports server.ts, asserts no signal handlers registered,
  no state-dir populated. Guards the core refactor invariant from
  regression.
- browse/test/server-factory.test.ts: 12 tests covering AUTH_TOKEN env
  behavior (honored, whitespace-rejected, trimmed), preserved exports
  (TUNNEL_COMMANDS, canDispatchOverTunnel), and ServerConfig/ServerHandle
  type compatibility.

Deferred to follow-up PR: full buildFetchHandler extraction that hoists
the 13 module-level mutables + helpers into a factory closure. Phoenix
can ship v0.6.0.0 against the start()+env surface today; the cleaner
factory comes next.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix: harden auth-token validation, TDZ try/catch, lockfile path safety

Three security hardening fixes from /ship adversarial review:

1. AUTH_TOKEN unicode-whitespace bypass (server.ts:67-83).
   Old: `process.env.AUTH_TOKEN?.trim() || randomUUID()` only stripped
   ASCII whitespace. A misconfigured embedder shipping AUTH_TOKEN=$''
   (BOM) or $'​' (zero-width space) would silently get a
   one-character bearer secret. New `sanitizeAuthToken()` strips all
   unicode whitespace via regex and requires >= 16 chars after stripping;
   anything shorter falls back to crypto.randomUUID(). Same sanitizer
   used by `resolveConfigFromEnv()` so the embedder path is hardened too.

2. security-classifier.ts checkTranscript safety net.
   `resolveClaudeCommand()` and `spawn()` can throw under transient
   conditions (PATH probe failure, posix_spawn ENOMEM). Old code let the
   throw propagate and rejected the Promise with a raw exception. Now
   wrapped in try/catch that calls finish() with a degraded signal,
   matching the graceful-degradation contract the layer already promises
   for missing-CLI / exit-nonzero / parse-error.

3. cleanSingletonLocks defensive guard tightened (config.ts).
   Old: basename === 'chromium-profile' OR userDataDir === $CHROMIUM_PROFILE.
   The second branch was env-controlled and the first was bypassable by
   passing a relative path that resolved to chromium-profile via CWD
   drift. New guard: refuses relative paths outright, resolves both
   sides via path.resolve(), and only accepts the env-match path when
   $CHROMIUM_PROFILE is itself absolute.

Test updates: replace the old `.trim()` test with three new cases
covering unicode-whitespace stripping, short-token rejection, and
zero-width-only rejection (server-factory.test.ts).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* chore: bump version and changelog (v1.34.0.0)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-05-13 12:22:30 -04:00
committed by GitHub
parent dc6252d1df
commit 0c88517a0f
12 changed files with 943 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
CHANGELOG.md
View File

@@ -1,5 +1,62 @@
# Changelog
## [1.34.0.0] - 2026-05-12
## **GStack is now consumable as a submodule.**
## **Five new exported helpers + `AUTH_TOKEN` env injection + `import.meta.main` gate let downstream Bun projects embed the browse server without forking.**
GStack's `browse/src/server.ts` started life as a CLI entry point: import it and it would bind `Bun.serve` at module load, claim a random port, and write project state to your `.gstack/` dir. Every embedder that wanted to consume gstack as a library had to fork or vendor the file. This release flips that. The browse server now ships an exported API surface (`ServerConfig`, `ServerHandle`, `resolveConfigFromEnv`, `start`), honors `process.env.AUTH_TOKEN` for embedder-driven token allocation, and gates all module-load side effects on `import.meta.main` so plain `import` from a third-party Bun program runs zero side effects. The fetch-handler factory contract is documented in the new types; the runtime factory function (`buildFetchHandler`) is a deliberate follow-up — Phoenix can ship today against the start()+env surface.
The same release ships three security hardening fixes from adversarial review and a real TDZ regression bug fix that surfaced only when `claude` is missing from `PATH`.
### The numbers that matter
Source: `bun test browse/test/` against this branch — 5 new test files + 1 extended.
| Surface | Before | After |
|---|---|---|
| Import `browse/src/server.ts` from a third-party process | Auto-starts a daemon, binds `Bun.serve`, writes state | No side effects (gated on `import.meta.main`) |
| `AUTH_TOKEN` source | Always `crypto.randomUUID()` at module load | `process.env.AUTH_TOKEN` (sanitized, >= 16 chars after unicode-whitespace strip) → randomUUID fallback |
| Exported API for embedders | None (`start` was internal, no types) | `ServerConfig`, `ServerHandle`, `resolveConfigFromEnv`, `start`, `sanitizeAuthToken` |
| `isCustomChromium()` detection | Did not exist | Exported helper: `GSTACK_CHROMIUM_KIND=custom-extension-baked` preferred, path substring fallback |
| Chromium profile path | Hardcoded `$HOME/.gstack/chromium-profile` | `resolveChromiumProfile(explicit?)` honors arg → `CHROMIUM_PROFILE` env → `$GSTACK_HOME/chromium-profile` |
| Stale `SingletonLock` / `Socket` / `Cookie` cleanup | Inline at two callsites with raw `fs.unlinkSync` | One helper (`cleanSingletonLocks`) with absolute-path requirement + basename-or-env match guard |
| TDZ on missing `claude` CLI | Latent `ReferenceError` in `checkTranscript` early-return path | `finish()` hoisted above `resolveClaudeCommand()` + try/catch wrap |
| `AUTH_TOKEN=$''` (BOM-only) accepted by `.trim()` | Yes (one-character bearer secret) | No (rejected by unicode-whitespace strip + 16-char minimum) |
| Tests covering new surfaces | 0 | 34 new tests across 5 files (16 in extended `config.test.ts`, 8 `isCustomChromium`, 1 TDZ regression, 12 factory API + side-effect guard) |
The adversarial review pass found the BOM-token bypass before merge — `.trim()` strips ASCII whitespace but not U+FEFF / U+200B / U+00A0. New `sanitizeAuthToken()` uses a unicode-aware regex and rejects anything shorter than 16 chars after stripping, so a misconfigured embedder can no longer ship a one-character bearer.
### What this means for builders embedding gstack
Phoenix and any future Bun-based consumer can now `import { start, resolveConfigFromEnv } from 'browse-server-upstream/browse/src/server'`, set `AUTH_TOKEN` + `BROWSE_PORT` env, and run gstack as a child without forking. The exported `ServerConfig` documents the full factory contract for the eventual `buildFetchHandler` runtime — when that lands in the follow-up PR, today's API surface becomes a no-op compat shim. Run `/gstack-upgrade` to pick it up. The browse CLI behavior (`bun run dev <command>`) is unchanged.
### Itemized changes
### Added
- `browse/src/config.ts`: `resolveGstackHome()` (honors `GSTACK_HOME`, falls back to `os.homedir()/.gstack`), `resolveChromiumProfile(explicit?)`, `cleanSingletonLocks(dir)` with defensive absolute-path + basename/env guard.
- `browse/src/browser-manager.ts`: exported `isCustomChromium()` with `GSTACK_CHROMIUM_KIND=custom-extension-baked` preferred signal, substring fallback on `GSTACK_CHROMIUM_PATH`.
- `browse/src/server.ts`: `ServerConfig` and `ServerHandle` types, `resolveConfigFromEnv()`, `sanitizeAuthToken()`, exported `start()`. `AUTH_TOKEN` honors env with unicode-aware sanitization.
- `browse/test/config.test.ts`: 16 new tests (env precedence, defensive guards, ENOENT idempotency).
- `browse/test/browser-manager-custom-chromium.test.ts`: 8 tests covering env-kind, path substring, stock chromium, playwright-bundled cases.
- `browse/test/security-classifier-tdz.test.ts`: regression test for the missing-CLI degraded path (IRON RULE).
- `browse/test/server-factory.test.ts`: 14 tests covering AUTH_TOKEN env semantics + type-surface compile checks + preserved exports.
- `browse/test/server-no-import-side-effects.test.ts`: subprocess sentinel proving `import` doesn't auto-start.
### Changed
- `browse/src/security-classifier.ts`: `finish()` hoisted above `resolveClaudeCommand()` in `checkTranscript` Promise executor. `resolveClaudeCommand()` and `spawn()` calls wrapped in try/catch that degrade to a structured signal instead of rejecting the Promise.
- `browse/src/browser-manager.ts` `launchHeaded`: `--load-extension` gated on `!isCustomChromium()` (prevents `ServiceWorkerState::SetWorkerId` DCHECK with extension-baked custom Chromium). Profile path switches to `resolveChromiumProfile()`. Pre-launch `cleanSingletonLocks(userDataDir)` added.
- `browse/src/server.ts`: signal handlers (SIGINT, SIGTERM, Windows `exit`, `uncaughtException`, `unhandledRejection`) and the auto-kickoff `start().catch(...)` at module bottom now gated on `import.meta.main`. `shutdown()` and `emergencyCleanup()` swap inline `SingletonLock`/`Socket`/`Cookie` loops for `cleanSingletonLocks(resolveChromiumProfile())`.
### Fixed
- TDZ `ReferenceError` in `checkTranscript` when `claude` CLI is missing from `PATH` (latent — only triggered the dormant code path).
- AUTH_TOKEN unicode-whitespace bypass: `.trim()` only stripped ASCII whitespace, so a `process.env.AUTH_TOKEN=$''` (BOM) or `$''` (zero-width space) became a one-character bearer secret. New `sanitizeAuthToken()` strips all unicode whitespace and rejects anything shorter than 16 chars.
- `cleanSingletonLocks` path-traversal hardening: now requires absolute paths and matches against absolute-resolved `CHROMIUM_PROFILE` env, blocking CWD-relative footguns.
### For contributors
- The full `buildFetchHandler` runtime extraction (hybrid hoist of 13 module-level mutables into a factory closure, plus `beforeRoute` auth-then-hook wiring, plus `stopListeners` implementation) is **deferred to a follow-up PR**. The exported types document the eventual contract; today's release ships the minimum-viable surface so Phoenix can land v0.6.0.0 against `import { start }` + AUTH_TOKEN env.
- See `/Users/garrytan/.claude/plans/system-instruction-you-are-working-swirling-fountain.md` for the full plan + 13 decisions + codex outside-voice tensions resolved.
## [1.33.2.0] - 2026-05-11
## **`./setup` no longer pollutes the global install when run from a Conductor worktree.**

2
VERSION
View File

@@ -1 +1 @@
1.33.2.0
1.34.0.0

43
browse/src/browser-manager.ts
View File

@@ -20,6 +20,25 @@ import { writeSecureFile, mkdirSecure } from './file-permissions';
import { addConsoleEntry, addNetworkEntry, addDialogEntry, networkBuffer, type DialogEntry } from './buffers';
import { validateNavigationUrl } from './url-validation';
import { TabSession, type RefEntry } from './tab-session';
import { resolveChromiumProfile, cleanSingletonLocks } from './config';
/**
* Detect whether GSTACK_CHROMIUM_PATH points at a custom Chromium build that
* already bakes the gstack extension in as a component extension (e.g.,
* GStack Browser.app / GBrowser). Passing --load-extension against such a
* binary triggers a ServiceWorkerState::SetWorkerId DCHECK because two
* copies of the same service worker try to register.
*
* Resolution:
* 1. GSTACK_CHROMIUM_KIND === 'custom-extension-baked' (preferred, explicit)
* 2. GSTACK_CHROMIUM_PATH path substring contains 'GBrowser' or 'gbrowser'
* (fallback for callers that only set the path)
*/
export function isCustomChromium(): boolean {
if (process.env.GSTACK_CHROMIUM_KIND === 'custom-extension-baked') return true;
const p = process.env.GSTACK_CHROMIUM_PATH || '';
return p.includes('GBrowser') || p.includes('gbrowser');
}
export type { RefEntry };
@@ -283,9 +302,17 @@ export class BrowserManager {
'--disable-blink-features=AutomationControlled',
];
if (extensionPath) {
launchArgs.push(`--disable-extensions-except=${extensionPath}`);
launchArgs.push(`--load-extension=${extensionPath}`);
// Write auth token for extension bootstrap.
// Skip --load-extension when running against a custom Chromium build
// that already bakes the extension in as a component extension
// (gbrowser / GStack Browser.app). Loading it twice causes a
// ServiceWorkerState::SetWorkerId DCHECK crash.
if (!isCustomChromium()) {
launchArgs.push(`--disable-extensions-except=${extensionPath}`);
launchArgs.push(`--load-extension=${extensionPath}`);
}
// Write auth token for extension bootstrap (still required even when
// the extension is component-baked — it reads ~/.gstack/.auth.json at
// startup to learn how to call the daemon).
// Write to ~/.gstack/.auth.json (not the extension dir, which may be read-only
// in .app bundles and breaks codesigning).
if (authToken) {
@@ -308,9 +335,17 @@ export class BrowserManager {
// so we use Playwright's bundled Chromium which reliably loads extensions.
const fs = require('fs');
const path = require('path');
const userDataDir = path.join(process.env.HOME || '/tmp', '.gstack', 'chromium-profile');
const userDataDir = resolveChromiumProfile();
fs.mkdirSync(userDataDir, { recursive: true });
// Pre-launch cleanup of stale SingletonLock/Socket/Cookie. Chromium's
// ProcessSingleton refuses to start when these exist from a prior crash
// (SIGKILL, hard crash) — the lockfiles point at a PID that may no longer
// exist. Shutdown cleanup doesn't run on hard crashes, so we clean here
// too. Safe under external coordination: gbd.lock for gbrowser,
// single-instance CLI check for gstack.
cleanSingletonLocks(userDataDir);
// Support custom Chromium binary via GSTACK_CHROMIUM_PATH env var.
// Used by GStack Browser.app to point at the bundled Chromium.
const executablePath = process.env.GSTACK_CHROMIUM_PATH || undefined;

67
browse/src/config.ts
View File

@@ -11,8 +11,10 @@
*/
import * as fs from 'fs';
import * as os from 'os';
import * as path from 'path';
import { mkdirSecure } from './file-permissions';
import { safeUnlinkQuiet } from './error-handling';
export interface BrowseConfig {
projectDir: string;
@@ -151,3 +153,68 @@ export function readVersionHash(execPath: string = process.execPath): string | n
return null;
}
}
/**
* Resolve the gstack home directory.
*
* Honors the existing convention used by telemetry.ts and domain-skills.ts:
* 1. GSTACK_HOME env (explicit override)
* 2. $HOME/.gstack (default)
*/
export function resolveGstackHome(): string {
return process.env.GSTACK_HOME || path.join(os.homedir(), '.gstack');
}
/**
* Resolve the Chromium profile directory.
*
* Resolution order:
* 1. `explicit` arg (passed via ServerConfig.chromiumProfile by embedders)
* 2. CHROMIUM_PROFILE env (used by gbrowser's gbd per-workspace)
* 3. <resolveGstackHome()>/chromium-profile (default)
*/
export function resolveChromiumProfile(explicit?: string): string {
if (explicit && explicit.length > 0) return explicit;
const env = process.env.CHROMIUM_PROFILE;
if (env && env.length > 0) return env;
return path.join(resolveGstackHome(), 'chromium-profile');
}
/**
* Pre-launch / shutdown cleanup of stale Chromium singleton lockfiles
* (SingletonLock, SingletonSocket, SingletonCookie). Chromium's
* ProcessSingleton refuses to start when these exist from a prior crash
* (SIGKILL, hard crash, etc.) since they point at a PID that no longer exists.
*
* Defensive guard: refuses to operate unless ALL of these hold:
* 1. `userDataDir` is an absolute path (no CWD-relative footguns)
* 2. basename is exactly 'chromium-profile' OR the absolute path matches
* the absolute form of $CHROMIUM_PROFILE env value
*
* Prevents accidentally deleting lock files from an unrelated directory if
* profile resolution is misconfigured upstream (CWD drift, env injection).
*
* Caller MUST ensure external coordination has already guaranteed no live
* peer is using this profile (gbd.lock for gbrowser; single-instance CLI
* check for gstack).
*/
export function cleanSingletonLocks(userDataDir: string): void {
if (!path.isAbsolute(userDataDir)) {
console.warn(`[browse] cleanSingletonLocks: refusing relative path: ${userDataDir}`);
return;
}
const resolved = path.resolve(userDataDir);
const basename = path.basename(resolved);
const explicitProfile = process.env.CHROMIUM_PROFILE;
const explicitAbs = explicitProfile && path.isAbsolute(explicitProfile)
? path.resolve(explicitProfile)
: null;
const isSafe = basename === 'chromium-profile' || (explicitAbs !== null && resolved === explicitAbs);
if (!isSafe) {
console.warn(`[browse] cleanSingletonLocks: refusing to clean unrecognized profile dir: ${resolved}`);
return;
}
for (const lockFile of ['SingletonLock', 'SingletonSocket', 'SingletonCookie']) {
safeUnlinkQuiet(path.join(resolved, lockFile));
}
}

38
browse/src/security-classifier.ts
View File

@@ -500,17 +500,9 @@ export async function checkTranscript(params: {
// timeout rate in the v1.5.2.0 ensemble bench because of this, plus
// ~44k cache_creation tokens per call (massive cost inflation).
// Using os.tmpdir() gives Haiku a clean context for pure classification.
const claude = resolveClaudeCommand();
if (!claude) {
return finish({ layer: 'transcript_classifier', confidence: 0, meta: { degraded: true, reason: 'claude_cli_not_found' } });
}
const p = spawn(claude.command, [
...claude.argsPrefix,
'-p', prompt,
'--model', HAIKU_MODEL,
'--output-format', 'json',
], { stdio: ['ignore', 'pipe', 'pipe'], cwd: os.tmpdir() });
// TDZ fix: declare `finish` BEFORE `resolveClaudeCommand` so the early
// return at the !claude guard below doesn't ReferenceError. Triggered
// only when claude CLI is missing from PATH (dormant otherwise).
let stdout = '';
let done = false;
const finish = (signal: LayerSignal) => {
@@ -519,6 +511,30 @@ export async function checkTranscript(params: {
resolve(signal);
};
// Wrap resolveClaudeCommand + spawn in try/catch so any unexpected
// throw (PATH probe failure, transient FS error) degrades gracefully
// instead of rejecting the Promise with a raw exception.
let claude: ReturnType<typeof resolveClaudeCommand>;
try {
claude = resolveClaudeCommand();
} catch (err: any) {
return finish({ layer: 'transcript_classifier', confidence: 0, meta: { degraded: true, reason: `resolve_error_${err?.message ?? 'unknown'}` } });
}
if (!claude) {
return finish({ layer: 'transcript_classifier', confidence: 0, meta: { degraded: true, reason: 'claude_cli_not_found' } });
}
let p: ReturnType<typeof spawn>;
try {
p = spawn(claude.command, [
...claude.argsPrefix,
'-p', prompt,
'--model', HAIKU_MODEL,
'--output-format', 'json',
], { stdio: ['ignore', 'pipe', 'pipe'], cwd: os.tmpdir() });
} catch (err: any) {
return finish({ layer: 'transcript_classifier', confidence: 0, meta: { degraded: true, reason: `spawn_throw_${err?.message ?? 'unknown'}` } });
}
p.stdout.on('data', (d: Buffer) => (stdout += d.toString()));
p.on('exit', (code) => {
if (code !== 0) {

252
browse/src/server.ts
View File

@@ -35,7 +35,7 @@ import {
isRootToken, checkConnectRateLimit, type TokenInfo,
} from './token-registry';
import { validateTempPath } from './path-security';
import { resolveConfig, ensureStateDir, readVersionHash } from './config';
import { resolveConfig, ensureStateDir, readVersionHash, resolveChromiumProfile, cleanSingletonLocks } from './config';
import { emitActivity, subscribe, getActivityAfter, getActivityHistory, getSubscriberCount } from './activity';
import { initAuditLog, writeAuditEntry } from './audit';
import { inspectElement, modifyStyle, resetModifications, getModificationHistory, detachSession, type InspectorResult } from './cdp-inspector';
@@ -65,7 +65,23 @@ ensureStateDir(config);
initAuditLog(config.auditLog);
// ─── Auth ───────────────────────────────────────────────────────
const AUTH_TOKEN = crypto.randomUUID();
// AUTH_TOKEN is injectable via process.env.AUTH_TOKEN so embedders
// (gbrowser's gbd daemon spawn) can pre-allocate the token and hand it to
// the Bun child via env.
//
// Validation: require >= 16 chars after stripping ALL unicode whitespace
// (not just ASCII — .trim() misses U+200B / U+FEFF / U+00A0 / etc., which
// would otherwise let a misconfigured embedder ship a one-character BOM as
// the bearer secret). Reject tokens that are too short or contain only
// whitespace; fall back to randomUUID so the security boundary is never
// silently weakened by misconfiguration.
function sanitizeAuthToken(raw: string | undefined): string | null {
if (!raw) return null;
const stripped = raw.replace(/[\s -]/g, '');
if (stripped.length < 16) return null;
return stripped;
}
const AUTH_TOKEN = sanitizeAuthToken(process.env.AUTH_TOKEN) || crypto.randomUUID();
initRegistry(AUTH_TOKEN);
const BROWSE_PORT = parseInt(process.env.BROWSE_PORT || '0', 10);
const IDLE_TIMEOUT_MS = parseInt(process.env.BROWSE_IDLE_TIMEOUT || '1800000', 10); // 30 min
@@ -97,6 +113,93 @@ let tunnelServer: ReturnType<typeof Bun.serve> | null = null; // tunnel HTTP lis
/** Which HTTP listener accepted this request. */
export type Surface = 'local' | 'tunnel';
/**
* Factory contract for embedders (gbrowser phoenix overlay).
*
* Today the CLI calls `start()` which reads env vars and binds Bun.serve
* itself. Embedders building on this server as a submodule (gbrowser's
* fd-passing gbd architecture) need to inject auth + ports + a
* BrowserManager they pre-launched, and own the listener themselves.
*
* Status: v1 surfaces this type as documentation. AUTH_TOKEN env-injection
* is already live (see ~L70). `start()` is exported and the kickoff /
* signal-handler registration is gated on `import.meta.main`, so phoenix
* can `import { start } from '.../server'` without auto-starting. Full
* `buildFetchHandler` extraction lands in a follow-up; see plan
* `/Users/garrytan/.claude/plans/system-instruction-you-are-working-swirling-fountain.md`
* Part 1.
*/
export interface ServerConfig {
/** Bearer token clients must present. Today injected via AUTH_TOKEN env. */
authToken: string;
/** Local listener port. Used in /welcome URL + state-file. */
browsePort: number;
/** Idle shutdown timeout. Default 30 min. */
idleTimeoutMs: number;
/** Result of resolveConfig() — stateDir, auditLog, stateFile. */
config: ReturnType<typeof resolveConfig>;
/** Pre-launched BrowserManager. Caller owns lifecycle. */
browserManager: BrowserManager;
/** Optional Chromium profile path override. Resolved by resolveChromiumProfile(). */
chromiumProfile?: string;
/** Caller-owned. shutdown() does NOT call xvfb.stop(); caller is responsible. */
xvfb?: XvfbHandle | null;
/** Caller-owned. shutdown() does NOT call proxyBridge.close(); caller is responsible. */
proxyBridge?: BridgeHandle | null;
startTime: number;
/**
* Overlay hook. Runs AFTER gstack resolves auth and BEFORE route dispatch.
* Invalid tokens are auto-rejected at the gstack layer (401 returned
* before hook fires), so the hook only ever sees valid TokenInfo or null
* (no token presented). Returning a Response short-circuits gstack
* dispatch; returning null falls through.
*/
beforeRoute?: (req: Request, surface: Surface, auth: TokenInfo | null) => Promise<Response | null>;
}
/**
* Return shape of buildFetchHandler() — fetch handlers + lifecycle helpers
* embedders need to drive their own Bun.serve binding. See ServerConfig.
*/
export interface ServerHandle {
fetchLocal: (req: Request, server: any) => Promise<Response>;
fetchTunnel: (req: Request, server: any) => Promise<Response>;
/**
* Drains buffers, kills terminal-agent, closes browser, clears intervals,
* removes state files. Does NOT stop bound Bun.Server listeners — call
* stopListeners() for that. CLI relies on process.exit() to drop sockets.
*/
shutdown: (exitCode?: number) => Promise<void>;
/**
* Graceful listener stop for embedders. Calls server.stop(true) on each
* passed Bun.Server. CLI doesn't need this (process.exit handles it).
*/
stopListeners: (local: any, tunnel?: any) => Promise<void>;
}
/**
* Build a ServerConfig-shaped object from process.env. Used by gstack's
* own CLI when running `bun run dev` or the compiled binary directly.
* Embedders construct their own ServerConfig explicitly.
*
* Reads env, calls resolveConfig(). Does NOT bind a listener or call
* initAuditLog/initRegistry — those happen inside the buildFetchHandler
* lifecycle.
*/
export function resolveConfigFromEnv(): Omit<ServerConfig, 'browserManager' | 'startTime'> & {
config: ReturnType<typeof resolveConfig>;
} {
return {
// Same sanitizer as the module-level AUTH_TOKEN: strips ALL unicode
// whitespace and rejects tokens shorter than 16 chars so a misconfigured
// embedder can't ship a BOM/zero-width as the bearer secret.
authToken: sanitizeAuthToken(process.env.AUTH_TOKEN) || crypto.randomUUID(),
browsePort: parseInt(process.env.BROWSE_PORT || '0', 10),
idleTimeoutMs: parseInt(process.env.BROWSE_IDLE_TIMEOUT || '1800000', 10),
config: resolveConfig(),
};
}
/**
* Paths reachable over the tunnel surface. Everything else returns 404.
*
@@ -964,11 +1067,9 @@ async function shutdown(exitCode: number = 0) {
await browserManager.close();
// Clean up Chromium profile locks (prevent SingletonLock on next launch)
const profileDir = path.join(process.env.HOME || '/tmp', '.gstack', 'chromium-profile');
for (const lockFile of ['SingletonLock', 'SingletonSocket', 'SingletonCookie']) {
safeUnlinkQuiet(path.join(profileDir, lockFile));
}
// Clean up Chromium profile locks (prevent SingletonLock on next launch).
// Defensive guard inside the helper refuses to clean unrecognized dirs.
cleanSingletonLocks(resolveChromiumProfile());
// Clean up state file
safeUnlinkQuiet(config.stateFile);
@@ -983,36 +1084,41 @@ async function shutdown(exitCode: number = 0) {
// passed as exitCode and process.exit() coerces it to NaN, exiting with code 1
// instead of 0. (Caught in v0.18.1.0 #1025.)
//
// SIGINT (Ctrl+C): user intentionally stopping → shutdown.
process.on('SIGINT', () => shutdown());
// SIGTERM behavior depends on mode:
// - Normal (headless) mode: Claude Code's Bash sandbox fires SIGTERM when the
// parent shell exits between tool invocations. Ignoring it keeps the server
// alive across $B calls. Idle timeout (30 min) handles eventual cleanup.
// - Headed / tunnel mode: idle timeout doesn't apply in these modes. Respect
// SIGTERM so external tooling (systemd, supervisord, CI) can shut cleanly
// without waiting forever. Ctrl+C and /stop still work either way.
// - Active cookie picker: never tear down mid-import regardless of mode —
// would strand the picker UI with "Failed to fetch."
process.on('SIGTERM', () => {
if (hasActivePicker()) {
console.log('[browse] Received SIGTERM but cookie picker is active, ignoring to avoid stranding the picker UI');
return;
}
const headed = browserManager.getConnectionMode() === 'headed';
if (headed || tunnelActive) {
console.log(`[browse] Received SIGTERM in ${headed ? 'headed' : 'tunnel'} mode, shutting down`);
shutdown();
} else {
console.log('[browse] Received SIGTERM (ignoring — use /stop or Ctrl+C for intentional shutdown)');
}
});
// Windows: taskkill /F bypasses SIGTERM, but 'exit' fires for some shutdown paths.
// Defense-in-depth — primary cleanup is the CLI's stale-state detection via health check.
if (process.platform === 'win32') {
process.on('exit', () => {
safeUnlinkQuiet(config.stateFile);
// Gated on `import.meta.main` so embedders (gbrowser phoenix) that import
// server.ts as a submodule can register their own signal handlers without
// fighting with gstack's. CLI path is unchanged.
if (import.meta.main) {
// SIGINT (Ctrl+C): user intentionally stopping → shutdown.
process.on('SIGINT', () => shutdown());
// SIGTERM behavior depends on mode:
// - Normal (headless) mode: Claude Code's Bash sandbox fires SIGTERM when the
// parent shell exits between tool invocations. Ignoring it keeps the server
// alive across $B calls. Idle timeout (30 min) handles eventual cleanup.
// - Headed / tunnel mode: idle timeout doesn't apply in these modes. Respect
// SIGTERM so external tooling (systemd, supervisord, CI) can shut cleanly
// without waiting forever. Ctrl+C and /stop still work either way.
// - Active cookie picker: never tear down mid-import regardless of mode —
// would strand the picker UI with "Failed to fetch."
process.on('SIGTERM', () => {
if (hasActivePicker()) {
console.log('[browse] Received SIGTERM but cookie picker is active, ignoring to avoid stranding the picker UI');
return;
}
const headed = browserManager.getConnectionMode() === 'headed';
if (headed || tunnelActive) {
console.log(`[browse] Received SIGTERM in ${headed ? 'headed' : 'tunnel'} mode, shutting down`);
shutdown();
} else {
console.log('[browse] Received SIGTERM (ignoring — use /stop or Ctrl+C for intentional shutdown)');
}
});
// Windows: taskkill /F bypasses SIGTERM, but 'exit' fires for some shutdown paths.
// Defense-in-depth — primary cleanup is the CLI's stale-state detection via health check.
if (process.platform === 'win32') {
process.on('exit', () => {
safeUnlinkQuiet(config.stateFile);
});
}
}
// Emergency cleanup for crashes (OOM, uncaught exceptions, browser disconnect)
@@ -1044,26 +1150,37 @@ function emergencyCleanup() {
}
} catch { /* state file unparseable — fall through to lock + state cleanup */ }
// Clean Chromium profile locks
const profileDir = path.join(process.env.HOME || '/tmp', '.gstack', 'chromium-profile');
for (const lockFile of ['SingletonLock', 'SingletonSocket', 'SingletonCookie']) {
safeUnlinkQuiet(path.join(profileDir, lockFile));
}
// Clean Chromium profile locks via the shared helper (defensive guard
// refuses to operate on unrecognized profile dirs).
cleanSingletonLocks(resolveChromiumProfile());
safeUnlinkQuiet(config.stateFile);
}
process.on('uncaughtException', (err) => {
console.error('[browse] FATAL uncaught exception:', err.message);
emergencyCleanup();
process.exit(1);
});
process.on('unhandledRejection', (err: any) => {
console.error('[browse] FATAL unhandled rejection:', err?.message || err);
emergencyCleanup();
process.exit(1);
});
// Same import.meta.main gate as SIGINT/SIGTERM — embedders register their
// own crash handlers.
if (import.meta.main) {
process.on('uncaughtException', (err) => {
console.error('[browse] FATAL uncaught exception:', err.message);
emergencyCleanup();
process.exit(1);
});
process.on('unhandledRejection', (err: any) => {
console.error('[browse] FATAL unhandled rejection:', err?.message || err);
emergencyCleanup();
process.exit(1);
});
}
// ─── Start ─────────────────────────────────────────────────────
async function start() {
/**
* Entry point for `bun run dev` and the compiled binary.
*
* Exported so embedders (gbrowser phoenix overlay) can call it
* directly with env vars set, bypassing the module-level `import.meta.main`
* gate. Phoenix's eventual fd-passing path will use `buildFetchHandler`
* directly; until that lands, calling `start()` from a non-main entry is
* supported via env (AUTH_TOKEN, BROWSE_PORT, BROWSE_OWN_SIGNALS).
*/
export async function start() {
// Clear old log files
safeUnlink(CONSOLE_LOG_PATH);
safeUnlink(NETWORK_LOG_PATH);
@@ -2269,16 +2386,21 @@ async function start() {
}
}
start().catch((err) => {
console.error(`[browse] Failed to start: ${err.message}`);
// Write error to disk for the CLI to read — on Windows, the CLI can't capture
// stderr because the server is launched with detached: true, stdio: 'ignore'.
try {
const errorLogPath = path.join(config.stateDir, 'browse-startup-error.log');
mkdirSecure(config.stateDir);
writeSecureFile(errorLogPath, `${new Date().toISOString()} ${err.message}\n${err.stack || ''}\n`);
} catch {
// stateDir may not exist — nothing more we can do
}
process.exit(1);
});
// Auto-kickoff only when this module is the entry point. Embedders
// (gbrowser phoenix overlay) import { start, buildFetchHandler, ... }
// without triggering the listener-binding side effects.
if (import.meta.main) {
start().catch((err) => {
console.error(`[browse] Failed to start: ${err.message}`);
// Write error to disk for the CLI to read — on Windows, the CLI can't capture
// stderr because the server is launched with detached: true, stdio: 'ignore'.
try {
const errorLogPath = path.join(config.stateDir, 'browse-startup-error.log');
mkdirSecure(config.stateDir);
writeSecureFile(errorLogPath, `${new Date().toISOString()} ${err.message}\n${err.stack || ''}\n`);
} catch {
// stateDir may not exist — nothing more we can do
}
process.exit(1);
});
}

67
browse/test/browser-manager-custom-chromium.test.ts Normal file
View File

@@ -0,0 +1,67 @@
import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
import { isCustomChromium } from '../src/browser-manager';
describe('browser-manager: isCustomChromium', () => {
let origPath: string | undefined;
let origKind: string | undefined;
beforeEach(() => {
origPath = process.env.GSTACK_CHROMIUM_PATH;
origKind = process.env.GSTACK_CHROMIUM_KIND;
});
afterEach(() => {
if (origPath === undefined) delete process.env.GSTACK_CHROMIUM_PATH;
else process.env.GSTACK_CHROMIUM_PATH = origPath;
if (origKind === undefined) delete process.env.GSTACK_CHROMIUM_KIND;
else process.env.GSTACK_CHROMIUM_KIND = origKind;
});
test('GSTACK_CHROMIUM_KIND=custom-extension-baked → true (preferred explicit signal)', () => {
delete process.env.GSTACK_CHROMIUM_PATH;
process.env.GSTACK_CHROMIUM_KIND = 'custom-extension-baked';
expect(isCustomChromium()).toBe(true);
});
test('GSTACK_CHROMIUM_KIND wins even when path is stock Chromium', () => {
process.env.GSTACK_CHROMIUM_PATH = '/usr/bin/chromium';
process.env.GSTACK_CHROMIUM_KIND = 'custom-extension-baked';
expect(isCustomChromium()).toBe(true);
});
test('PascalCase GBrowser in path → true (fallback substring match)', () => {
delete process.env.GSTACK_CHROMIUM_KIND;
process.env.GSTACK_CHROMIUM_PATH = '/Applications/GBrowser.app/Contents/MacOS/GBrowser';
expect(isCustomChromium()).toBe(true);
});
test('lowercase gbrowser in path → true (fallback substring match)', () => {
delete process.env.GSTACK_CHROMIUM_KIND;
process.env.GSTACK_CHROMIUM_PATH = '/Applications/gbrowser-dev.app/Contents/MacOS/GBrowser';
expect(isCustomChromium()).toBe(true);
});
test('both env vars unset → false', () => {
delete process.env.GSTACK_CHROMIUM_PATH;
delete process.env.GSTACK_CHROMIUM_KIND;
expect(isCustomChromium()).toBe(false);
});
test('stock chromium path → false', () => {
delete process.env.GSTACK_CHROMIUM_KIND;
process.env.GSTACK_CHROMIUM_PATH = '/usr/bin/chromium';
expect(isCustomChromium()).toBe(false);
});
test('Playwright bundled chromium path → false', () => {
delete process.env.GSTACK_CHROMIUM_KIND;
process.env.GSTACK_CHROMIUM_PATH = '/Users/me/Library/Caches/ms-playwright/chromium-1234/chrome-mac/Chromium.app/Contents/MacOS/Chromium';
expect(isCustomChromium()).toBe(false);
});
test('GSTACK_CHROMIUM_KIND with unrelated value falls through to path check', () => {
process.env.GSTACK_CHROMIUM_KIND = 'something-else';
process.env.GSTACK_CHROMIUM_PATH = '/usr/bin/chromium';
expect(isCustomChromium()).toBe(false);
});
});

131
browse/test/config.test.ts
View File

@@ -1,5 +1,5 @@
import { describe, test, expect } from 'bun:test';
import { resolveConfig, ensureStateDir, readVersionHash, getGitRoot, getRemoteSlug } from '../src/config';
import { resolveConfig, ensureStateDir, readVersionHash, getGitRoot, getRemoteSlug, resolveGstackHome, resolveChromiumProfile, cleanSingletonLocks } from '../src/config';
import * as fs from 'fs';
import * as path from 'path';
import * as os from 'os';
@@ -314,3 +314,132 @@ describe('startup error log', () => {
fs.rmSync(tmpDir, { recursive: true, force: true });
});
});
describe('resolveGstackHome', () => {
test('honors GSTACK_HOME env var when set', () => {
const orig = process.env.GSTACK_HOME;
process.env.GSTACK_HOME = '/tmp/custom-gstack-home';
try {
expect(resolveGstackHome()).toBe('/tmp/custom-gstack-home');
} finally {
if (orig === undefined) delete process.env.GSTACK_HOME;
else process.env.GSTACK_HOME = orig;
}
});
test('falls back to os.homedir() + /.gstack when env unset', () => {
const orig = process.env.GSTACK_HOME;
delete process.env.GSTACK_HOME;
try {
expect(resolveGstackHome()).toBe(path.join(os.homedir(), '.gstack'));
} finally {
if (orig !== undefined) process.env.GSTACK_HOME = orig;
}
});
});
describe('resolveChromiumProfile', () => {
test('explicit arg wins over env and default', () => {
const orig = process.env.CHROMIUM_PROFILE;
process.env.CHROMIUM_PROFILE = '/tmp/env-profile';
try {
expect(resolveChromiumProfile('/tmp/explicit-profile')).toBe('/tmp/explicit-profile');
} finally {
if (orig === undefined) delete process.env.CHROMIUM_PROFILE;
else process.env.CHROMIUM_PROFILE = orig;
}
});
test('CHROMIUM_PROFILE env honored when no explicit arg', () => {
const orig = process.env.CHROMIUM_PROFILE;
process.env.CHROMIUM_PROFILE = '/tmp/env-profile';
try {
expect(resolveChromiumProfile()).toBe('/tmp/env-profile');
} finally {
if (orig === undefined) delete process.env.CHROMIUM_PROFILE;
else process.env.CHROMIUM_PROFILE = orig;
}
});
test('falls back to resolveGstackHome()/chromium-profile when nothing set', () => {
const origEnv = process.env.CHROMIUM_PROFILE;
const origHome = process.env.GSTACK_HOME;
delete process.env.CHROMIUM_PROFILE;
process.env.GSTACK_HOME = '/tmp/fallback-gstack';
try {
expect(resolveChromiumProfile()).toBe('/tmp/fallback-gstack/chromium-profile');
} finally {
if (origEnv !== undefined) process.env.CHROMIUM_PROFILE = origEnv;
if (origHome === undefined) delete process.env.GSTACK_HOME;
else process.env.GSTACK_HOME = origHome;
}
});
test('ignores empty-string explicit arg, falls through to env/default', () => {
const orig = process.env.CHROMIUM_PROFILE;
process.env.CHROMIUM_PROFILE = '/tmp/env-profile';
try {
expect(resolveChromiumProfile('')).toBe('/tmp/env-profile');
} finally {
if (orig === undefined) delete process.env.CHROMIUM_PROFILE;
else process.env.CHROMIUM_PROFILE = orig;
}
});
});
describe('cleanSingletonLocks', () => {
test('removes SingletonLock/Socket/Cookie when basename is chromium-profile', () => {
const tmpDir = path.join(os.tmpdir(), `clean-locks-${Date.now()}`, 'chromium-profile');
fs.mkdirSync(tmpDir, { recursive: true });
for (const f of ['SingletonLock', 'SingletonSocket', 'SingletonCookie']) {
fs.writeFileSync(path.join(tmpDir, f), 'stale');
}
cleanSingletonLocks(tmpDir);
for (const f of ['SingletonLock', 'SingletonSocket', 'SingletonCookie']) {
expect(fs.existsSync(path.join(tmpDir, f))).toBe(false);
}
fs.rmSync(path.dirname(tmpDir), { recursive: true, force: true });
});
test('refuses to clean unrecognized profile dir basename', () => {
const tmpDir = path.join(os.tmpdir(), `unrelated-${Date.now()}`);
fs.mkdirSync(tmpDir, { recursive: true });
const lockFile = path.join(tmpDir, 'SingletonLock');
fs.writeFileSync(lockFile, 'should-survive');
const origWarn = console.warn;
let warned = '';
console.warn = (msg: string) => { warned = msg; };
try {
cleanSingletonLocks(tmpDir);
expect(warned).toContain('refusing to clean unrecognized profile dir');
expect(fs.existsSync(lockFile)).toBe(true); // not deleted
} finally {
console.warn = origWarn;
fs.rmSync(tmpDir, { recursive: true, force: true });
}
});
test('respects explicit CHROMIUM_PROFILE env even with non-standard basename', () => {
const tmpDir = path.join(os.tmpdir(), `custom-name-${Date.now()}`);
fs.mkdirSync(tmpDir, { recursive: true });
fs.writeFileSync(path.join(tmpDir, 'SingletonLock'), 'stale');
const orig = process.env.CHROMIUM_PROFILE;
process.env.CHROMIUM_PROFILE = tmpDir;
try {
cleanSingletonLocks(tmpDir);
expect(fs.existsSync(path.join(tmpDir, 'SingletonLock'))).toBe(false);
} finally {
if (orig === undefined) delete process.env.CHROMIUM_PROFILE;
else process.env.CHROMIUM_PROFILE = orig;
fs.rmSync(tmpDir, { recursive: true, force: true });
}
});
test('second call on empty dir does not throw (ENOENT swallowed)', () => {
const tmpDir = path.join(os.tmpdir(), `empty-locks-${Date.now()}`, 'chromium-profile');
fs.mkdirSync(tmpDir, { recursive: true });
expect(() => cleanSingletonLocks(tmpDir)).not.toThrow();
expect(() => cleanSingletonLocks(tmpDir)).not.toThrow();
fs.rmSync(path.dirname(tmpDir), { recursive: true, force: true });
});
});

68
browse/test/security-classifier-tdz.test.ts Normal file
View File

@@ -0,0 +1,68 @@
import { describe, test, expect, beforeEach, afterEach } from 'bun:test';
/**
* Regression test for the TDZ (Temporal Dead Zone) bug at the claude-CLI-missing
* early return inside checkTranscript's Promise executor.
*
* Original bug:
* const claude = resolveClaudeCommand();
* if (!claude) return finish({...}); // ← TDZ: finish not yet declared
* const p = spawn(...);
* let done = false;
* const finish = (...) => {...}; // ← declared HERE, too late
*
* Fix: hoist `let done` + `const finish` above the resolveClaudeCommand call.
*
* This test exercises the outer guard (checkHaikuAvailable returning false when
* claude CLI is not on PATH), which is the realistic runtime path. The TDZ
* itself was inside the spawn Promise — only reachable in a TOCTOU window if
* claude went missing between checkHaikuAvailable and the spawn call. The fix
* makes that window safe regardless. This test guards against regression by
* proving the missing-CLI flow returns the expected degraded signal without
* throwing.
*/
describe('security-classifier: missing claude CLI degraded path', () => {
let origPath: string | undefined;
let origGstackClaudeBin: string | undefined;
let origClaudeBin: string | undefined;
beforeEach(() => {
origPath = process.env.PATH;
origGstackClaudeBin = process.env.GSTACK_CLAUDE_BIN;
origClaudeBin = process.env.CLAUDE_BIN;
// Force resolveClaudeCommand() to fail: clear PATH AND override env vars
// (resolveClaudeCommand in browse/src/claude-bin.ts honors GSTACK_CLAUDE_BIN
// and CLAUDE_BIN before falling back to Bun.which(PATH)).
process.env.PATH = '/nonexistent';
delete process.env.GSTACK_CLAUDE_BIN;
delete process.env.CLAUDE_BIN;
});
afterEach(() => {
if (origPath === undefined) delete process.env.PATH;
else process.env.PATH = origPath;
if (origGstackClaudeBin !== undefined) process.env.GSTACK_CLAUDE_BIN = origGstackClaudeBin;
if (origClaudeBin !== undefined) process.env.CLAUDE_BIN = origClaudeBin;
});
test('checkTranscript returns degraded signal without throwing when claude CLI is unavailable', async () => {
// Fresh import so haikuAvailableCache isn't already populated from a prior test.
// Bun's module cache is per-test-file; this fresh import path stays clean.
const { checkTranscript } = await import('../src/security-classifier');
const result = await checkTranscript({
user_message: 'hello',
tool_calls: [],
});
// Assert via JSON serialization to bypass any TS narrowing quirks on
// result.meta (Record<string, unknown>).
const serialized = JSON.stringify(result);
expect(serialized).toContain('"layer":"transcript_classifier"');
expect(serialized).toContain('"confidence":0');
expect(serialized).toContain('"degraded":true');
// Reason must indicate the CLI was missing or the spawn failed — proves the
// early-return / spawn-path returned a structured signal without throwing.
expect(serialized).toMatch(/"reason":"(claude_cli_not_found|spawn_error|exit_)/);
});
});

193
browse/test/server-factory.test.ts Normal file
View File

@@ -0,0 +1,193 @@
import { describe, test, expect } from 'bun:test';
import {
resolveConfigFromEnv,
type ServerConfig,
type ServerHandle,
type Surface,
} from '../src/server';
import { TUNNEL_COMMANDS, canDispatchOverTunnel } from '../src/server';
/**
* Tests for the factory-export API surface added so gbrowser (phoenix) can
* consume gstack as a submodule. The full buildFetchHandler hybrid hoist is
* deferred to a follow-up PR; this test file proves the type contract,
* resolveConfigFromEnv behavior, and preserved exports.
*/
describe('server.ts factory API surface', () => {
describe('resolveConfigFromEnv', () => {
test('honors AUTH_TOKEN env var', () => {
const orig = process.env.AUTH_TOKEN;
process.env.AUTH_TOKEN = 'fixed-test-token-abc123';
try {
const cfg = resolveConfigFromEnv();
expect(cfg.authToken).toBe('fixed-test-token-abc123');
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('falls back to randomUUID when AUTH_TOKEN env is empty', () => {
const orig = process.env.AUTH_TOKEN;
process.env.AUTH_TOKEN = '';
try {
const cfg = resolveConfigFromEnv();
// randomUUID returns a 36-char hex+dash string.
expect(cfg.authToken).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('falls back to randomUUID when AUTH_TOKEN is whitespace-only', () => {
const orig = process.env.AUTH_TOKEN;
process.env.AUTH_TOKEN = ' \t \n ';
try {
const cfg = resolveConfigFromEnv();
expect(cfg.authToken).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
expect(cfg.authToken.length).toBe(36);
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('AUTH_TOKEN whitespace is stripped (including unicode whitespace)', () => {
const orig = process.env.AUTH_TOKEN;
// 22 chars after stripping leading/trailing whitespace including BOM (U+FEFF)
// and zero-width space (U+200B), so passes the 16-char minimum.
process.env.AUTH_TOKEN = ' padded-token-abc123xyz ';
try {
const cfg = resolveConfigFromEnv();
expect(cfg.authToken).toBe('padded-token-abc123xyz');
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('AUTH_TOKEN shorter than 16 chars after stripping falls back to randomUUID', () => {
const orig = process.env.AUTH_TOKEN;
// Only 5 chars of content — too short for the 16-char minimum.
process.env.AUTH_TOKEN = 'short';
try {
const cfg = resolveConfigFromEnv();
// Must be a UUID, not the rejected short token.
expect(cfg.authToken).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('AUTH_TOKEN of only zero-width unicode whitespace falls back to randomUUID', () => {
const orig = process.env.AUTH_TOKEN;
// U+200B (ZWSP), U+FEFF (BOM), U+00A0 (NBSP) — would pass .trim() but not the unicode-aware strip.
process.env.AUTH_TOKEN = ' ';
try {
const cfg = resolveConfigFromEnv();
expect(cfg.authToken).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/);
} finally {
if (orig === undefined) delete process.env.AUTH_TOKEN;
else process.env.AUTH_TOKEN = orig;
}
});
test('reads BROWSE_PORT from env, defaults to 0', () => {
const orig = process.env.BROWSE_PORT;
process.env.BROWSE_PORT = '34567';
try {
expect(resolveConfigFromEnv().browsePort).toBe(34567);
} finally {
if (orig === undefined) delete process.env.BROWSE_PORT;
else process.env.BROWSE_PORT = orig;
}
const origUnset = process.env.BROWSE_PORT;
delete process.env.BROWSE_PORT;
try {
expect(resolveConfigFromEnv().browsePort).toBe(0);
} finally {
if (origUnset !== undefined) process.env.BROWSE_PORT = origUnset;
}
});
test('reads BROWSE_IDLE_TIMEOUT from env, defaults to 30 min (1800000ms)', () => {
const orig = process.env.BROWSE_IDLE_TIMEOUT;
delete process.env.BROWSE_IDLE_TIMEOUT;
try {
expect(resolveConfigFromEnv().idleTimeoutMs).toBe(1800000);
} finally {
if (orig !== undefined) process.env.BROWSE_IDLE_TIMEOUT = orig;
}
});
test('returns a populated config object with the expected shape', () => {
const cfg = resolveConfigFromEnv();
expect(cfg).toMatchObject({
authToken: expect.any(String),
browsePort: expect.any(Number),
idleTimeoutMs: expect.any(Number),
config: expect.objectContaining({
stateDir: expect.any(String),
stateFile: expect.any(String),
auditLog: expect.any(String),
}),
});
});
});
describe('preserved exports', () => {
test('TUNNEL_COMMANDS still exported and populated', () => {
expect(TUNNEL_COMMANDS).toBeInstanceOf(Set);
expect(TUNNEL_COMMANDS.size).toBeGreaterThan(0);
expect(TUNNEL_COMMANDS.has('goto')).toBe(true);
expect(TUNNEL_COMMANDS.has('click')).toBe(true);
});
test('canDispatchOverTunnel still exported and functional', () => {
expect(canDispatchOverTunnel('goto')).toBe(true);
expect(canDispatchOverTunnel('shutdown')).toBe(false);
expect(canDispatchOverTunnel(null)).toBe(false);
expect(canDispatchOverTunnel(undefined)).toBe(false);
expect(canDispatchOverTunnel('')).toBe(false);
});
});
describe('type surface compiles', () => {
// Compile-time shape checks. If these break, TypeScript fails to build
// the test file — which is exactly the API-compat guarantee we want for
// embedders depending on these types.
test('Surface type accepts the two known values', () => {
const local: Surface = 'local';
const tunnel: Surface = 'tunnel';
expect(local).toBe('local');
expect(tunnel).toBe('tunnel');
});
test('ServerConfig type accepts the documented minimum-required fields', () => {
// This compiles only if ServerConfig accepts these field names + types.
const minimalConfigShape = {
authToken: 'tok',
browsePort: 0,
idleTimeoutMs: 1800000,
config: { stateDir: '', stateFile: '', consoleLog: '', networkLog: '', dialogLog: '', auditLog: '', projectDir: '' },
browserManager: {} as any,
startTime: Date.now(),
} satisfies Partial<ServerConfig>;
expect(minimalConfigShape.authToken).toBe('tok');
});
test('ServerHandle type exposes the documented surface', () => {
// Compiles only if these property names exist on ServerHandle.
type AssertHandleFields = ServerHandle extends {
fetchLocal: any;
fetchTunnel: any;
shutdown: any;
stopListeners: any;
} ? true : false;
const assertion: AssertHandleFields = true;
expect(assertion).toBe(true);
});
});
});

106
browse/test/server-no-import-side-effects.test.ts Normal file
View File

@@ -0,0 +1,106 @@
import { describe, test, expect } from 'bun:test';
import * as path from 'path';
import * as os from 'os';
import * as fs from 'fs';
/**
* Guard the core refactor invariant: importing browse/src/server.ts must NOT
* auto-start. Before this PR, the module called `start().catch(...)` at module
* load time, which made the file impossible for embedders (gbrowser phoenix
* overlay) to import without spawning a daemon. The fix wraps that kickoff in
* `if (import.meta.main)` so the side effects only run when the module is the
* process entry point.
*
* Approach: spawn a fresh Bun subprocess that imports the module and emits a
* structured snapshot (initial vs post-import process state). Parent asserts
* that no listeners were bound, no Bun.serve started, and no SIGINT handlers
* were registered. The subprocess uses HOME=tmp + GSTACK_HOME=tmp so any
* accidental state-dir write lands in a place we can verify is empty.
*/
describe('server.ts module import has no auto-start side effects', () => {
test('importing server.ts does not bind Bun.serve, register signal handlers, or write state', async () => {
const tmpHome = path.join(os.tmpdir(), `browse-no-sfx-${Date.now()}-${process.pid}`);
fs.mkdirSync(tmpHome, { recursive: true });
const tmpGstack = path.join(tmpHome, '.gstack');
const childScript = `
const sigintBefore = process.listenerCount('SIGINT');
const sigtermBefore = process.listenerCount('SIGTERM');
const uncaughtBefore = process.listenerCount('uncaughtException');
// Snapshot any keys that look like our state path.
const fs = require('fs');
const path = require('path');
await import(${JSON.stringify(path.resolve(import.meta.dir, '../src/server.ts'))});
// After import, sleep a tick so any setTimeout(0)-style init can run.
await new Promise(r => setTimeout(r, 50));
const sigintAfter = process.listenerCount('SIGINT');
const sigtermAfter = process.listenerCount('SIGTERM');
const uncaughtAfter = process.listenerCount('uncaughtException');
// Check that the gstack home directory wasn't populated as a side effect.
let gstackPopulated = false;
try {
const entries = fs.readdirSync(${JSON.stringify(tmpGstack)});
gstackPopulated = entries.length > 0;
} catch {
// Doesn't exist — that's the win we want.
}
console.log(JSON.stringify({
sigintBefore, sigintAfter,
sigtermBefore, sigtermAfter,
uncaughtBefore, uncaughtAfter,
gstackPopulated,
}));
// Force exit so any background intervals don't keep this child alive
// (the test framework would see a hang otherwise — which itself is a
// signal that side effects DID run).
process.exit(0);
`;
const proc = Bun.spawn(['bun', '-e', childScript], {
env: {
...process.env,
HOME: tmpHome,
GSTACK_HOME: tmpGstack,
// Empty so the AUTH_TOKEN env path doesn't deterministically set a token.
AUTH_TOKEN: '',
// Force a stub state file so resolveConfig() at module load (if it
// happens) won't crawl the host's real .gstack/.
BROWSE_STATE_FILE: path.join(tmpGstack, 'browse.json'),
},
stdout: 'pipe',
stderr: 'pipe',
});
const stdout = await new Response(proc.stdout).text();
const stderr = await new Response(proc.stderr).text();
await proc.exited;
// The last JSON line in stdout is our snapshot.
const jsonLine = stdout.trim().split('\n').filter(l => l.startsWith('{')).pop();
expect(jsonLine, `child stderr: ${stderr}`).toBeDefined();
const snapshot = JSON.parse(jsonLine!);
// No new signal handlers registered (gated on import.meta.main, which
// is false in the subprocess because `bun -e` is the entry point).
expect(snapshot.sigintAfter).toBe(snapshot.sigintBefore);
expect(snapshot.sigtermAfter).toBe(snapshot.sigtermBefore);
expect(snapshot.uncaughtAfter).toBe(snapshot.uncaughtBefore);
// gstack home should remain empty — initRegistry/initAuditLog/etc. side
// effects from module load are acceptable (they happen at module level),
// but only insofar as they don't bind listeners or write project state.
// The presence/absence test here proves we didn't bind Bun.serve (which
// would also try to write the state file).
expect(snapshot.gstackPopulated).toBe(false);
// Cleanup
try { fs.rmSync(tmpHome, { recursive: true, force: true }); } catch { /* best effort */ }
}, 30_000);
});

2
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "gstack",
"version": "1.33.2.0",
"version": "1.34.0.0",
"description": "Garry's Stack — Claude Code skills + fast headless browser. One repo, one install, entire AI engineering workflow.",
"license": "MIT",
"type": "module",