hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-09 22:19:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
da30faae85e415d48c342c7754a5d2c97bbddb12
gstack/browse/test
History
Garry Tan a6e0277fc4 feat: default paired agents to full access, split SCOPE_CONTROL 
The trust boundary for paired agents is the pairing ceremony itself, not
the scope. An agent with write scope can already click anything and navigate
anywhere. Gating js/cookies behind --admin was security theater.

Changes:
- Default pair scopes: read+write+admin+meta (was read+write)
- New SCOPE_CONTROL for browser-wide destructive ops (stop, restart,
  disconnect, state, handoff, resume, connect)
- --admin flag now grants control scope (backward compat)
- New --restrict flag for limited access (e.g., --restrict read)
- Updated hint text: "re-pair with --control" instead of "--admin"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 18:58:56 -10:00
..
fixtures
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
activity.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
adversarial-security.test.ts
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
browser-manager-unit.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
bun-polyfill.test.ts
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
commands.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
compare-board.test.ts
feat: design binary — real UI mockup generation for gstack skills (v0.13.0.0) (#551)
2026-03-27 20:32:59 -06:00
config.test.ts
fix: Windows browse — health-check-first ensureServer, detached startServer, Windows process mgmt (v0.11.11.0) (#431)
2026-03-24 00:38:10 -07:00
content-security.test.ts
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
cookie-import-browser.test.ts
feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359)
2026-03-23 22:15:23 -07:00
cookie-picker-routes.test.ts
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
file-drop.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
find-browse.test.ts
feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)
2026-03-19 18:20:50 -07:00
findport.test.ts
feat: community PRs — faster install, skill namespacing, uninstall, Codex fallback, Windows fix, Python patterns (v0.12.9.0) (#561)
2026-03-27 00:44:37 -06:00
gstack-config.test.ts
feat: composable skills — INVOKE_SKILL resolver + factoring infrastructure (v0.13.7.0) (#644)
2026-03-29 23:35:17 -06:00
gstack-update-check.test.ts
fix: community PRs + security hardening + E2E stability (v0.12.7.0) (#552)
2026-03-26 23:21:27 -06:00
handoff.test.ts
feat: browse handoff — headless-to-headed browser switching (v0.7.4) (#201)
2026-03-19 00:38:58 -05:00
learnings-injection.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
path-validation.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
platform.test.ts
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
security-audit-r2.test.ts
refactor: extract path-security.ts shared module
2026-04-07 18:56:46 -10:00
server-auth.test.ts
fix: pair-agent tunnel drops after 15s (v0.15.15.1) (#868)
2026-04-06 17:21:35 -07:00
sidebar-agent-roundtrip.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-agent.test.ts
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
sidebar-integration.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-security.test.ts
feat: GStack Browser — double-click AI browser with anti-bot stealth (#695)
2026-04-04 10:17:05 -07:00
sidebar-unit.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-ux.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
snapshot.test.ts
fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)
2026-04-05 22:57:45 -07:00
state-ttl.test.ts
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
tab-isolation.test.ts
feat: default paired agents to full access, split SCOPE_CONTROL
2026-04-07 18:58:56 -10:00
test-server.ts
feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29)
2026-03-13 00:31:41 -07:00
token-registry.test.ts
feat: default paired agents to full access, split SCOPE_CONTROL
2026-04-07 18:58:56 -10:00
url-validation.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
watch.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
welcome-page.test.ts
feat: GStack Browser — double-click AI browser with anti-bot stealth (#695)
2026-04-04 10:17:05 -07:00