From 65bf4514b8122e8a8c99c54b65e26ab662790c97 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Sun, 19 Apr 2026 18:51:18 +0800 Subject: [PATCH] test(security): make sidebar-agent destructure check regex-tolerant The test asserted the exact string `const { prompt, args, stateFile, cwd, tabId } = queueEntry` which breaks whenever security or other extensions add fields (canary, pageUrl, etc.). Switch to a regex that requires the core fields in order but tolerates additional fields in between. Preserves the test's intent (args come from the queue entry, not rebuilt) while allowing the destructure to grow. Co-Authored-By: Claude Opus 4.7 (1M context) --- browse/test/sidebar-security.test.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/browse/test/sidebar-security.test.ts b/browse/test/sidebar-security.test.ts index 1ad8cdc4..329c5989 100644 --- a/browse/test/sidebar-security.test.ts +++ b/browse/test/sidebar-security.test.ts @@ -111,8 +111,11 @@ describe('Sidebar prompt injection defense', () => { // The agent should use args from the queue entry // It should NOT rebuild args from scratch (the old bug) expect(AGENT_SRC).toContain('args || ['); - // Verify the destructured args come from queueEntry - expect(AGENT_SRC).toContain('const { prompt, args, stateFile, cwd, tabId } = queueEntry'); + // Verify args come from queueEntry. Regex tolerates additional destructured + // fields like `canary` and `pageUrl` added by the security module. + expect(AGENT_SRC).toMatch( + /const \{[^}]*\bprompt\b[^}]*\bargs\b[^}]*\bstateFile\b[^}]*\bcwd\b[^}]*\btabId\b[^}]*\} = queueEntry/ + ); }); test('sidebar-agent falls back to defaults if queue has no args', () => {