test: sidebar agent test suite (layers 1-2)

Layer 1 (unit): 18 tests for URL sanitization in sidebar-utils.ts — http/https pass, chrome:// rejected, javascript: rejected, control chars stripped, truncation. Layer 2 (integration): 13 tests for server HTTP endpoints — auth, sidebar-command queue writes, activeTabUrl override/fallback, event relay to chat buffer, message queuing, queue overflow (429), chat clear, agent kill. Source changes for testability: - Extract sanitizeExtensionUrl() to browse/src/sidebar-utils.ts - Add BROWSE_HEADLESS_SKIP env var to skip browser launch in HTTP-only tests - Add SIDEBAR_QUEUE_PATH env var to both server.ts and sidebar-agent.ts - Add SIDEBAR_AGENT_TIMEOUT env var to sidebar-agent.ts - Sync package.json version to match VERSION (0.12.2.0) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-18 18:32:28 +08:00 · 2026-03-26 18:46:16 -06:00
parent 84b6f354be
commit ac80abdc34
5 changed files with 443 additions and 5 deletions
--- a/browse/src/sidebar-utils.ts
+++ b/browse/src/sidebar-utils.ts
@@ -0,0 +1,21 @@
+/**
+ * Shared sidebar utilities — extracted for testability.
+ */
+
+/**
+ * Sanitize a URL from the Chrome extension before embedding in a prompt.
+ * Only accepts http/https, strips control characters, truncates to 2048 chars.
+ * Returns null if the URL is invalid or uses a non-http scheme.
+ */
+export function sanitizeExtensionUrl(url: string | null | undefined): string | null {
+  if (!url) return null;
+  try {
+    const u = new URL(url);
+    if (u.protocol === 'http:' || u.protocol === 'https:') {
+      return u.href.replace(/[\x00-\x1f\x7f]/g, '').slice(0, 2048);
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}