Garry Tan 3a5a174e4c test(security): sidepanel review E2E — Playwright drives Allow/Block ...

5 tests, ~13s, gate tier. Loads real extension sidepanel in Playwright
Chromium with stubbed chrome.runtime + fetch, injects a reviewable
security_event, and drives the user path end-to-end:

- banner title flips to "Review suspected injection"
- suspected text excerpt renders inside the auto-expanded details
- Allow + Block buttons are visible
- click Allow → POST /security-decision with decision:"allow"
- click Block → POST /security-decision with decision:"block"
- banner auto-hides after each decision
- non-reviewable events keep the hard-stop framing (regression guard)
- XSS guard: script-tagged suspected_text doesn't execute

Complements security-review-flow.test.ts (unit-level file handshake)
and security-review-fullstack.test.ts (full pipeline with real
classifier).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-20 20:55:16 +08:00

..

bin

feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)

2026-03-19 18:20:50 -07:00

scripts

fix: ngrok Windows build + close CI error-swallowing gap (v0.18.0.1) (#1024)

2026-04-16 13:49:04 -07:00

src

feat(security): wait-for-decision instead of hard-kill on tool-output BLOCK

2026-04-20 20:25:20 +08:00

test

test(security): sidepanel review E2E — Playwright drives Allow/Block

2026-04-20 20:55:16 +08:00

PLAN-snapshot-dropdown-interactive.md

fix: snapshot -i auto-detects dropdown/popover interactive elements (#845)

2026-04-05 22:57:45 -07:00

SKILL.md

feat(v1.4.0.0): /make-pdf — markdown to publication-quality PDFs (#1086)

2026-04-20 13:20:30 +08:00

SKILL.md.tmpl

feat(browse): Puppeteer parity — load-html, screenshot --selector, viewport --scale, file:// (v1.1.0.0) (#1062)

2026-04-18 23:25:33 +08:00