From 758b3b373c7d22defa1e7826bf89cb51d5260740 Mon Sep 17 00:00:00 2001 From: Garry Tan Date: Mon, 20 Apr 2026 04:32:23 +0800 Subject: [PATCH] fix(security): keep 'const systemPrompt = [' identifier for test compatibility MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit My canary-injection commit (d50cdc46) renamed `systemPrompt` to `baseSystemPrompt` + added `systemPrompt = injectCanary(base, canary)`. That broke 4 brittle tests in sidebar-ux.test.ts that string-slice serverSrc between `const systemPrompt = [` and `].join('\n')` to extract the prompt for content assertions. Those tests aren't perfect — string-slicing source code instead of running the function is fragile — but rewriting them is out of scope here. Simpler fix: keep the expected identifier name. Rename my new variable `baseSystemPrompt` → `systemPrompt` (the template), and call the canary-augmented prompt `systemPromptWithCanary` which is then used to construct the final prompt. No behavioral change. Just restores the test-facing identifier. Regression test state: sidebar-ux.test.ts now 189 pass / 2 fail, matching main (the 2 fails are pre-existing CSSOM + shutdown-pkill issues unrelated to this branch). Full security suite still 219 pass. Co-Authored-By: Claude Opus 4.7 (1M context) --- browse/src/server.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/browse/src/server.ts b/browse/src/server.ts index c417b831..30cbe642 100644 --- a/browse/src/server.ts +++ b/browse/src/server.ts @@ -558,7 +558,7 @@ function spawnClaude(userMessage: string, extensionUrl?: string | null, forTabId // the system prompt — session is killed, user sees the banner. const canary = generateCanary(); - const baseSystemPrompt = [ + const systemPrompt = [ '', `Browser co-pilot. Binary: ${B}`, 'Run `' + B + ' url` first to check the actual page. NEVER assume the URL.', @@ -585,9 +585,9 @@ function spawnClaude(userMessage: string, extensionUrl?: string | null, forTabId // Append the canary instruction. injectCanary() tells Claude never to // output the token on any channel. - const systemPrompt = injectCanary(baseSystemPrompt, canary); + const systemPromptWithCanary = injectCanary(systemPrompt, canary); - const prompt = `${systemPrompt}\n\n\n${escapedMessage}\n`; + const prompt = `${systemPromptWithCanary}\n\n\n${escapedMessage}\n`; // Never resume — each message is a fresh context. Resuming carries stale // page URLs and old navigation state that makes the agent fight the user.