Commit Graph

2 Commits

Author SHA1 Message Date
Garry Tan 6d6aa3be3c test(security): mock-claude scenario for tool-result injection path
Adds MOCK_CLAUDE_SCENARIO=tool_result_injection. Emits a Bash tool_use
followed by a user-role tool_result whose content is a classic
DAN-style prompt-injection string. The warm TestSavantAI classifier
trips at 0.9999 on this text, reliably firing the tool-output BLOCK +
review flow for the full-stack E2E.

Stays alive up to 120s so a test has time to propagate the user's
review decision via /security-decision + the on-disk decision file.
SIGTERM exits 143 on user-confirmed block.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 20:55:25 +08:00
Garry Tan 5765bef8fe test(security): mock claude binary for deterministic E2E stream-json events
Adds browse/test/fixtures/mock-claude/claude — an executable bun script
that parses the --prompt flag, extracts the session canary via regex,
and emits stream-json NDJSON events that exercise specific sidebar-agent
code paths.

Controlled by MOCK_CLAUDE_SCENARIO env var:
  * canary_leak_in_tool_arg — emits a tool_use with CANARY-XXX in a URL
    arg. sidebar-agent's canary detector should fire and SIGTERM the
    mock; the mock handles SIGTERM and exits 143.
  * clean — emits benign tool_use + text response.

Used by security-e2e-fullstack.test.ts. PATH-prepended during the test so
the real sidebar-agent's spawn('claude', ...) picks up the mock without
any source change to sidebar-agent.ts.

Zero LLM cost, fully deterministic, <1s per scenario. Enables gate-tier
full-stack E2E testing of the security pipeline.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 05:40:54 +08:00