hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-18 10:31:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

test(browse): CDP allowlist + two-tier mutex

Browse Source 
13 tests:
- Allowlist linter: every entry has 4 required fields, no duplicates,
  justification length > 20 chars
- Deny-list verification: dangerous methods (Runtime.evaluate, Page.navigate,
  Network.getResponseBody, Browser.close, Target.attachToTarget, etc.) are
  NOT allowed (Codex T2 categories 4-7)
- Per-tab mutex serializes ops on same tab
- Per-tab mutex allows parallel ops across different tabs
- Global lock blocks tab locks; tab locks block global lock
- Acquire timeout yields CDPMutexAcquireTimeout (no silent hang)
- Timeout error names the tab id and the timeout budget

Also extends Network.disable justification to satisfy linter.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-04-25 13:08:17 -07:00
parent 78c1f5b33c
commit d2a4ea0b6a
3 changed files with 194 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
browse/src/cdp-allowlist.ts
View File

@@ -185,7 +185,7 @@ export const CDP_ALLOWLIST: ReadonlyArray<CdpAllowEntry> = Object.freeze([
method: 'disable',
scope: 'tab',
output: 'trusted',
justification: 'Domain disable.',
justification: 'Domain disable; mirrors Network.enable for cleanup symmetry.',
},
// NOTE: Network.getResponseBody, Network.getCookies, Network.replayXHR,
// Network.loadNetworkResource are INTENTIONALLY NOT allowed (Codex T2 cat 7).