diff --git a/browse/test/server-auth.test.ts b/browse/test/server-auth.test.ts index 4c5a57e6..35849e81 100644 --- a/browse/test/server-auth.test.ts +++ b/browse/test/server-auth.test.ts @@ -25,10 +25,10 @@ describe('Server auth security', () => { // Previously token was removed from /health, but extension needs it since // .auth.json in the extension dir breaks read-only .app bundles and codesigning. test('/health serves auth token with safety comment', () => { - const healthBlock = sliceBetween(SERVER_SRC, "url.pathname === '/health'", "url.pathname === '/refs'"); - expect(healthBlock).toContain('token: AUTH_TOKEN'); - // Must have a comment explaining why this is safe - expect(healthBlock).toContain('localhost-only'); + const healthBlock = sliceBetween(SERVER_SRC, "url.pathname === '/health'", "url.pathname === '/connect'"); + expect(healthBlock).toContain('healthResponse.token = AUTH_TOKEN'); + // Must have a comment explaining why this is safe — strip when tunneled + expect(healthBlock).toContain('tunnelActive'); }); // Test 2: /refs endpoint requires auth via validateAuth diff --git a/browse/test/tab-isolation.test.ts b/browse/test/tab-isolation.test.ts new file mode 100644 index 00000000..06efd6fd --- /dev/null +++ b/browse/test/tab-isolation.test.ts @@ -0,0 +1,150 @@ +/** + * Tab isolation tests — verify per-agent tab ownership in BrowserManager. + * + * These test the ownership Map and checkTabAccess() logic directly, + * without launching a browser (pure logic tests). + */ + +import { describe, it, expect, beforeEach } from 'bun:test'; +import { BrowserManager } from '../src/browser-manager'; + +// We test the ownership methods directly. BrowserManager can't call newTab() +// without a browser, so we test the ownership map + access checks via +// the public API that doesn't require Playwright. + +describe('Tab Isolation', () => { + let bm: BrowserManager; + + beforeEach(() => { + bm = new BrowserManager(); + }); + + describe('getTabOwner', () => { + it('returns null for tabs with no owner', () => { + expect(bm.getTabOwner(1)).toBeNull(); + expect(bm.getTabOwner(999)).toBeNull(); + }); + }); + + describe('checkTabAccess', () => { + it('root can always access any tab (read)', () => { + expect(bm.checkTabAccess(1, 'root', false)).toBe(true); + }); + + it('root can always access any tab (write)', () => { + expect(bm.checkTabAccess(1, 'root', true)).toBe(true); + }); + + it('any agent can read an unowned tab', () => { + expect(bm.checkTabAccess(1, 'agent-1', false)).toBe(true); + }); + + it('scoped agent cannot write to unowned tab', () => { + expect(bm.checkTabAccess(1, 'agent-1', true)).toBe(false); + }); + + it('scoped agent can read another agent tab', () => { + // Simulate ownership by using transferTab on a fake tab + // Since we can't create real tabs without a browser, test the access check + // with a known owner via the internal state + // We'll use transferTab which only checks pages map... let's test checkTabAccess directly + // checkTabAccess reads from tabOwnership map, which is empty here + expect(bm.checkTabAccess(1, 'agent-2', false)).toBe(true); + }); + + it('scoped agent cannot write to another agent tab', () => { + // With no ownership set, this is an unowned tab -> denied + expect(bm.checkTabAccess(1, 'agent-2', true)).toBe(false); + }); + }); + + describe('transferTab', () => { + it('throws for non-existent tab', () => { + expect(() => bm.transferTab(999, 'agent-1')).toThrow('Tab 999 not found'); + }); + }); +}); + +// Test the instruction block generator +import { generateInstructionBlock } from '../src/cli'; + +describe('generateInstructionBlock', () => { + it('generates a valid instruction block with setup key', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_test123', + serverUrl: 'https://test.ngrok.dev', + scopes: ['read', 'write'], + expiresAt: '2026-04-06T00:00:00Z', + }); + + expect(block).toContain('gsk_setup_test123'); + expect(block).toContain('https://test.ngrok.dev/connect'); + expect(block).toContain('STEP 1'); + expect(block).toContain('STEP 2'); + expect(block).toContain('STEP 3'); + expect(block).toContain('AVAILABLE COMMANDS'); + expect(block).toContain('read + write access'); + expect(block).toContain('tabId'); + expect(block).not.toContain('undefined'); + }); + + it('uses localhost URL when no tunnel', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_local', + serverUrl: 'http://127.0.0.1:45678', + scopes: ['read', 'write'], + expiresAt: 'in 24 hours', + }); + + expect(block).toContain('http://127.0.0.1:45678/connect'); + }); + + it('shows admin scope description when admin included', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_admin', + serverUrl: 'https://test.ngrok.dev', + scopes: ['read', 'write', 'admin', 'meta'], + expiresAt: '2026-04-06T00:00:00Z', + }); + + expect(block).toContain('admin access'); + expect(block).toContain('execute JS'); + expect(block).not.toContain('To request admin access'); + }); + + it('shows re-pair hint when admin not included', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_nonadmin', + serverUrl: 'https://test.ngrok.dev', + scopes: ['read', 'write'], + expiresAt: '2026-04-06T00:00:00Z', + }); + + expect(block).toContain('To request admin access'); + }); + + it('includes newtab as step 2 (agents must own their tab)', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_test', + serverUrl: 'https://test.ngrok.dev', + scopes: ['read', 'write'], + expiresAt: '2026-04-06T00:00:00Z', + }); + + expect(block).toContain('Create your own tab'); + expect(block).toContain('"command": "newtab"'); + }); + + it('includes error troubleshooting section', () => { + const block = generateInstructionBlock({ + setupKey: 'gsk_setup_test', + serverUrl: 'https://test.ngrok.dev', + scopes: ['read', 'write'], + expiresAt: '2026-04-06T00:00:00Z', + }); + + expect(block).toContain('401 Unauthorized'); + expect(block).toContain('403 Forbidden'); + expect(block).toContain('429 Too Many Requests'); + }); +});