mirror of
https://github.com/garrytan/gstack.git
synced 2026-07-02 14:35:40 +02:00
11de390be1
* feat: first-run activation — project-aware scaffold, router front door, onboarding nudges Adds the activation system that drives a new install toward a concrete first move: - bin/gstack-first-task-detect: local-git+filesystem repo classifier emitting one validated enum bucket (greenfield/code_<lang>/branch_ahead/dirty_default/clean_default), portable timeouts, fail-safe empty output. - generate-first-run-guidance.ts: unified preamble section — first-run project-aware scaffold + returning-session plan->review->ship tip, gated on a persistent .activated marker and never run in headless. Detection wired lazily in generate-preamble-bash.ts. - SKILL.md.tmpl: top-level gstack skill is now a pure router (browse body removed; it lives in /browse), routing any request and sending browser/QA work to /browse. - setup: first-move nudge on first install. office-hours: closing handoff that launches the next review via the Skill tool. - telemetry-ingest: accept onboarding/first_task_scaffold_shown/handoff/route event types. * test: cover first-run detection + repoint browse-content assertions to /browse - New unit tests for every detection bucket, the eval-safe enum contract, and the first-run gating (test/preamble-first-task-scaffold.test.ts); periodic E2E that runs the detector through the real harness (test/skill-e2e-first-task-scaffold.test.ts). - Repoint browse-content assertions (gen-skill-docs, audit-compliance, skill-validation, LLM-judge eval) from the root skill to browse/SKILL.md following the router split; add a regression pinning that the router carries no browse body. - Register first-task-scaffold touchfiles + periodic tier; bump parity/carve size caps ~1-2KB per skill for the shared first-run-guidance preamble section. - Refresh ship golden fixtures for the preamble addition. * chore: regenerate SKILL.md + llms.txt for first-run activation * chore: bump version and changelog (v1.58.5.0) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * fix(test): repoint bws skillmd-* setup-block assertions to browse/SKILL.md The skillmd-setup-discovery / -no-local-binary / -outside-git E2E tests extracted the `## SETUP`→`## IMPORTANT` browse binary-discovery block from the root SKILL.md. P2 moved that block to browse/SKILL.md (end anchor is now `## Core QA Patterns`), so the slice came back empty and the `browse/dist/browse` guard failed. Repoint to browse/SKILL.md. Verified: 7/7 e2e-browse pass locally. * fix(test): tolerate skill-discovery race in PTY plan-mode smoke The e2e-pty-plan-smoke suite (office-hours / plan-mode-no-op) failed in CI with `Unknown command: /office-hours` (claude exited ~10s) while passing locally. Root cause: a cold CI container's overlay-FS scan of the symlinked ~/.claude/skills registry finishes AFTER the runner's 8s boot grace, so the first `/skill` send reaches claude before the skill is indexed and is rejected as unknown. The runner gave up on the first "Unknown command:" line. runPlanSkillObservation now re-sends the skill command up to 3x (6s apart), re-marking the buffer each time so stale scrollback can't re-trip the check, before concluding the skill is genuinely unregistered. A real dangling-symlink / missing-skill still surfaces as 'exited' (after retries), preserving the original diagnostic. Pure-helper contract unchanged: 95/95 unit tests pass. This is a pre-existing harness bug (fails identically on #2077's own branch, which introduced the suite) surfaced while shipping the activation feature. * debug(ci): temporarily instrument pty-smoke skill discovery Capture claude version, env, registry tree, and a claude -p discovery probe to pin why /office-hours isn't discovered in CI (retries proved it's not a race). Temporary — revert once the registry fix is identified. * chore: revert pty-smoke harness experiments (race-retry + CI debug step) Diagnosis is conclusive and the experiments aren't the fix, so restore the harness to its original state (net-zero diff vs main for both files). What the CI debug step proved: `claude -p` returns READY — claude v2.1.187 fully DISCOVERS /office-hours from the symlinked registry. Only the interactive PTY TUI rejects it as "Unknown command" (and it received the full command text). So the e2e-pty-plan-smoke failure is a claude 2.1.187 interactive-TUI regression (skills discovered by `claude -p` aren't exposed as TUI slash commands), pre-existing in the #2077 harness and failing identically on its own origin branch — unrelated to this activation PR. The race-retry can't help (the TUI genuinely lacks the command); the debug step also tripped actionlint (shellcheck SC2012). Both reverted. * fix(ci): copy SKILL.md as real files in pty-smoke registry (cross-mount symlink) The e2e-pty-plan-smoke suite failed with "Unknown command: /office-hours" in CI while passing locally. Root cause (proven, not guessed): claude 2.1.187's interactive-TUI skill scanner does not follow the /github/home -> /__w cross-mount symlink the registry used for per-skill SKILL.md. Evidence: a CI debug step showed `claude -p` discovered the skill (printed READY), and a local macOS repro with the identical symlinked registry recognized /office-hours — isolating the failure to the container's cross-mount symlink, not registration content, claude version, duplicate names, or a race. Fix: register the per-skill SKILL.md + sections as REAL copies (same mount as $HOME) so the TUI reads them directly. The gstack root stays a symlink — the preamble's runtime bash resolves bin/* and sections/* through it and bash follows cross-mount symlinks fine. * fix(ci): guard rm expansion in pty-smoke registry (shellcheck SC2115) * fix(ci): also register pty-smoke skills project-scoped (cwd/.claude/skills) The real-file user-dir registration still left the TUI rejecting /office-hours in the container. claude's interactive TUI surfaces /slash commands from the PROJECT dir (<cwd>/.claude/skills); the smokes run with cwd=$REPO whose .claude/skills is gitignored (absent on a fresh CI checkout), so the user-dir registry feeds `claude -p` (READY) but not the TUI. Populate $REPO/.claude/skills with real SKILL.md + sections copies (no gstack symlink there — it would point at its own parent; runtime paths use the user-dir gstack symlink). --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
128 lines
6.1 KiB
TypeScript
128 lines
6.1 KiB
TypeScript
import { describe, test, expect } from 'bun:test';
|
|
import { readFileSync, readdirSync, existsSync } from 'fs';
|
|
import { join } from 'path';
|
|
|
|
const ROOT = join(import.meta.dir, '..');
|
|
|
|
function getAllSkillMds(): Array<{ name: string; content: string }> {
|
|
const results: Array<{ name: string; content: string }> = [];
|
|
const rootPath = join(ROOT, 'SKILL.md');
|
|
if (existsSync(rootPath)) {
|
|
results.push({ name: 'root', content: readFileSync(rootPath, 'utf-8') });
|
|
}
|
|
for (const entry of readdirSync(ROOT, { withFileTypes: true })) {
|
|
if (!entry.isDirectory() || entry.name.startsWith('.') || entry.name === 'node_modules') continue;
|
|
const skillPath = join(ROOT, entry.name, 'SKILL.md');
|
|
if (existsSync(skillPath)) {
|
|
results.push({ name: entry.name, content: readFileSync(skillPath, 'utf-8') });
|
|
}
|
|
}
|
|
return results;
|
|
}
|
|
|
|
describe('Audit compliance', () => {
|
|
// Fix 1: W007 — No hardcoded credentials in documentation
|
|
test('no hardcoded credential patterns in SKILL.md.tmpl', () => {
|
|
// P2 (v1.2.0): the browse QA examples moved from the root router to
|
|
// browse/SKILL.md.tmpl. The security intent is unchanged — the QA form
|
|
// examples must not ship real-looking credentials; generic placeholders
|
|
// ("user@test.com", "password") are fine.
|
|
const tmpl = readFileSync(join(ROOT, 'browse', 'SKILL.md.tmpl'), 'utf-8');
|
|
expect(tmpl).not.toContain('"password123"');
|
|
expect(tmpl).not.toContain('"test@example.com"');
|
|
expect(tmpl).not.toContain('"test@test.com"');
|
|
});
|
|
|
|
// Fix 2: Conditional telemetry — binary calls wrapped with existence check
|
|
test('preamble telemetry calls are conditional on _TEL and binary existence', () => {
|
|
// After the preamble.ts refactor (Item 9), the bash/telemetry logic lives
|
|
// in submodules under scripts/resolvers/preamble/. Concatenate all preamble
|
|
// source (root + submodules) and assert against the combined text so this
|
|
// test tracks the semantic contract, not the file layout.
|
|
const preambleDir = join(ROOT, 'scripts/resolvers/preamble');
|
|
const submoduleFiles = existsSync(preambleDir)
|
|
? readdirSync(preambleDir).filter(f => f.endsWith('.ts')).map(f => readFileSync(join(preambleDir, f), 'utf-8'))
|
|
: [];
|
|
const rootPreamble = readFileSync(join(ROOT, 'scripts/resolvers/preamble.ts'), 'utf-8');
|
|
const preamble = [rootPreamble, ...submoduleFiles].join('\n');
|
|
// Pending finalization must check _TEL and binary existence
|
|
expect(preamble).toContain('_TEL" != "off"');
|
|
expect(preamble).toContain('-x ');
|
|
expect(preamble).toContain('gstack-telemetry-log');
|
|
// End-of-skill telemetry must also be conditional
|
|
const completionIdx = preamble.indexOf('Telemetry (run last)');
|
|
expect(completionIdx).toBeGreaterThan(-1);
|
|
const completionSection = preamble.slice(completionIdx);
|
|
expect(completionSection).toContain('_TEL" != "off"');
|
|
});
|
|
|
|
// Round 2 Fix 1: W012 — Bun install uses checksum verification
|
|
test('bun install uses checksum-verified method', () => {
|
|
const browseResolver = readFileSync(join(ROOT, 'scripts/resolvers/browse.ts'), 'utf-8');
|
|
expect(browseResolver).toContain('shasum -a 256');
|
|
expect(browseResolver).toContain('BUN_INSTALL_SHA');
|
|
const setup = readFileSync(join(ROOT, 'setup'), 'utf-8');
|
|
// Setup error message should not have unverified curl|bash
|
|
const lines = setup.split('\n');
|
|
for (const line of lines) {
|
|
if (line.includes('bun.sh/install') && line.includes('| bash') && !line.includes('shasum')) {
|
|
throw new Error(`Unverified bun install found: ${line.trim()}`);
|
|
}
|
|
}
|
|
});
|
|
|
|
// Fix 4: W011 — Untrusted content warning in command reference
|
|
test('command reference includes untrusted content warning after Navigation', () => {
|
|
// P2 (v1.2.0): the command reference moved from the root router to browse/SKILL.md.
|
|
const rootSkill = readFileSync(join(ROOT, 'browse', 'SKILL.md'), 'utf-8');
|
|
const navIdx = rootSkill.indexOf('### Navigation');
|
|
const readingIdx = rootSkill.indexOf('### Reading');
|
|
expect(navIdx).toBeGreaterThan(-1);
|
|
expect(readingIdx).toBeGreaterThan(navIdx);
|
|
const between = rootSkill.slice(navIdx, readingIdx);
|
|
expect(between.toLowerCase()).toContain('untrusted');
|
|
});
|
|
|
|
// Round 2 Fix 2: Trust boundary markers + helper + wrapping in all paths
|
|
test('browse wraps untrusted content with trust boundary markers', () => {
|
|
const commands = readFileSync(join(ROOT, 'browse/src/commands.ts'), 'utf-8');
|
|
expect(commands).toContain('PAGE_CONTENT_COMMANDS');
|
|
expect(commands).toContain('wrapUntrustedContent');
|
|
const server = readFileSync(join(ROOT, 'browse/src/server.ts'), 'utf-8');
|
|
expect(server).toContain('wrapUntrustedContent');
|
|
const meta = readFileSync(join(ROOT, 'browse/src/meta-commands.ts'), 'utf-8');
|
|
expect(meta).toContain('wrapUntrustedContent');
|
|
});
|
|
|
|
// Fix 5: Data flow documentation in review.ts
|
|
test('review.ts has data flow documentation', () => {
|
|
const review = readFileSync(join(ROOT, 'scripts/resolvers/review.ts'), 'utf-8');
|
|
expect(review).toContain('Data sent');
|
|
expect(review).toContain('Data NOT sent');
|
|
});
|
|
|
|
// Round 2 Fix 3: Extension sender validation + message type allowlist
|
|
test('extension background.js validates message sender', () => {
|
|
const bg = readFileSync(join(ROOT, 'extension/background.js'), 'utf-8');
|
|
expect(bg).toContain('sender.id !== chrome.runtime.id');
|
|
expect(bg).toContain('ALLOWED_TYPES');
|
|
});
|
|
|
|
// Round 2 Fix 4: Chrome CDP binds to localhost only
|
|
test('chrome-cdp binds to localhost only', () => {
|
|
const cdp = readFileSync(join(ROOT, 'bin/chrome-cdp'), 'utf-8');
|
|
expect(cdp).toContain('--remote-debugging-address=127.0.0.1');
|
|
expect(cdp).toContain('--remote-allow-origins=');
|
|
});
|
|
|
|
// Fix 2+6: All generated SKILL.md files with telemetry are conditional
|
|
test('all generated SKILL.md files with telemetry calls use conditional pattern', () => {
|
|
const skills = getAllSkillMds();
|
|
for (const { name, content } of skills) {
|
|
if (content.includes('gstack-telemetry-log')) {
|
|
expect(content).toContain('_TEL" != "off"');
|
|
}
|
|
}
|
|
});
|
|
});
|