mirror of
https://github.com/garrytan/gstack.git
synced 2026-06-28 12:39:58 +02:00
Garry Tan
f5c2fee3a9
Four new test files (29 cases total):
browse/test/server-sanitize-surrogates.test.ts:
- 11 unit cases for sanitizeLoneSurrogates (passthrough, valid pair,
lone high/low mid-string, trailing/leading lone, adjacent doubles,
pair-then-lone, lone-then-pair, empty)
- 2 bug-repro tests pinning the regression intent (UTF-8 round-trip,
JSON.parse round-trip with codepoint assertion)
- 4 wiring invariants asserting the architectural choke points stay
intact (handleCommandInternalImpl rename, central sanitization
line, sanitizeReplacer function exists, SSE producers stringify
with replacer)
Function extracted from server.ts via regex + eval'd in test scope
so no production-code export is needed.
test/setup-windows-fallback.test.ts:
- Static invariant (D7): zero raw `ln` calls outside the
_link_or_copy helper body and comments
- Helper-existence assertions
- 4-cell behavior matrix (file/dir × Windows/Unix) via awk-style
helper extraction + bash -c sourcing
- Windows-note printer registration check
Mirrors test/setup-conductor-worktree.test.ts patterns.
test/build-script-shell-compat.test.ts:
- Regex assertion that package.json scripts.* contain no bash brace
groups (Bun-Windows-hostile)
- Subshell-precedence check for `.version` redirects
Strips single-quoted strings before regexing so embedded JS code
inside echo '...' doesn't false-positive.
test/docs-config-keys.test.ts:
- DEPRECATED_KEYS denylist scanned across docs/**/*.md
- Round-trip test for `gstack-config get artifacts_sync_mode`
Defends the v1.27.0.0 rename from doc drift.
Updates to two existing tests:
- test/setup-conductor-worktree.test.ts: expect `_link_or_copy`
instead of `ln -snf` at the Conductor-worktree guard call site
- test/gen-skill-docs.test.ts: same swap at three assertion sites
(Codex section, Claude link_claude_skill_dirs body, Codex
link_codex_skill_dirs body)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
130 lines
5.4 KiB
TypeScript
130 lines
5.4 KiB
TypeScript
import { describe, test, expect } from 'bun:test';
|
|
import * as fs from 'fs';
|
|
import * as path from 'path';
|
|
|
|
// The sanitizer is module-private in server.ts. Rather than refactor it to a
|
|
// separate module just for testing, we extract its source via a regex slice and
|
|
// eval it in a fresh function scope. Keeps the production layout untouched.
|
|
const SERVER_PATH = path.resolve(import.meta.dir, '..', 'src', 'server.ts');
|
|
const SERVER_SRC = fs.readFileSync(SERVER_PATH, 'utf-8');
|
|
|
|
const fnMatch = SERVER_SRC.match(
|
|
/function sanitizeLoneSurrogates\(str: string\): string \{[\s\S]*?\n\}/
|
|
);
|
|
if (!fnMatch) throw new Error('Could not locate sanitizeLoneSurrogates in server.ts');
|
|
|
|
// Strip TS annotations so eval works under plain JS.
|
|
const jsSrc = fnMatch[0].replace('(str: string): string', '(str)');
|
|
const sanitizeLoneSurrogates = new Function(`${jsSrc}\nreturn sanitizeLoneSurrogates;`)() as (
|
|
s: string,
|
|
) => string;
|
|
|
|
describe('sanitizeLoneSurrogates — unit cases', () => {
|
|
test('passthrough ASCII', () => {
|
|
expect(sanitizeLoneSurrogates('hello')).toBe('hello');
|
|
});
|
|
|
|
test('passthrough empty string', () => {
|
|
expect(sanitizeLoneSurrogates('')).toBe('');
|
|
});
|
|
|
|
test('preserves valid surrogate pair (U+1F389 🎉)', () => {
|
|
expect(sanitizeLoneSurrogates('hi 🎉')).toBe('hi 🎉');
|
|
});
|
|
|
|
test('replaces lone high surrogate mid-string', () => {
|
|
expect(sanitizeLoneSurrogates('a\uD800b')).toBe('a�b');
|
|
});
|
|
|
|
test('replaces lone low surrogate mid-string', () => {
|
|
expect(sanitizeLoneSurrogates('a\uDC00b')).toBe('a�b');
|
|
});
|
|
|
|
test('replaces trailing lone high at end of string', () => {
|
|
expect(sanitizeLoneSurrogates('a\uD800')).toBe('a�');
|
|
});
|
|
|
|
test('replaces leading lone low at start of string', () => {
|
|
expect(sanitizeLoneSurrogates('\uDC00b')).toBe('�b');
|
|
});
|
|
|
|
test('replaces two adjacent lone highs', () => {
|
|
expect(sanitizeLoneSurrogates('\uD800\uD800')).toBe('��');
|
|
});
|
|
|
|
test('replaces two adjacent lone lows', () => {
|
|
expect(sanitizeLoneSurrogates('\uDC00\uDC00')).toBe('��');
|
|
});
|
|
|
|
test('preserves valid pair followed by lone low', () => {
|
|
// 𐀀 = U+10000 = 𐀀, then a separate lone low.
|
|
const input = '𐀀\uDC00';
|
|
const output = sanitizeLoneSurrogates(input);
|
|
// Valid pair intact, trailing lone low replaced.
|
|
expect(output).toBe('𐀀�');
|
|
});
|
|
|
|
test('preserves valid pair preceded by lone low', () => {
|
|
const input = '\uDC00𐀀';
|
|
const output = sanitizeLoneSurrogates(input);
|
|
expect(output).toBe('�𐀀');
|
|
});
|
|
});
|
|
|
|
describe('sanitizeLoneSurrogates — bug-repro (D5)', () => {
|
|
// Pin the regression intent: a future refactor that drops sanitization
|
|
// must fail this test even if happy-path tests still pass.
|
|
test('unsanitized lone surrogate causes UTF-8 encode to substitute, sanitized version is stable', () => {
|
|
const badPayload = 'page content\uD800more content';
|
|
|
|
// Buffer.from(str, 'utf-8') silently substitutes invalid sequences with
|
|
// EF BF BD (U+FFFD). Round-trip is therefore lossy for lone surrogates.
|
|
const roundTrippedRaw = Buffer.from(badPayload, 'utf-8').toString('utf-8');
|
|
expect(roundTrippedRaw).not.toBe(badPayload); // proves the bug exists pre-sanitize
|
|
|
|
// After sanitization the round-trip is stable.
|
|
const sanitized = sanitizeLoneSurrogates(badPayload);
|
|
const roundTrippedSanitized = Buffer.from(sanitized, 'utf-8').toString('utf-8');
|
|
expect(roundTrippedSanitized).toBe(sanitized);
|
|
});
|
|
|
|
test('JSON.parse(JSON.stringify(...)) round-trip is stable after sanitization', () => {
|
|
// Anthropic's API path wraps the response body in a tool_result JSON
|
|
// object. JSON.stringify CAN encode a lone surrogate (escapes it), but
|
|
// some downstream consumers reject the resulting body.
|
|
const badPayload = 'before\uD800after';
|
|
const sanitized = sanitizeLoneSurrogates(badPayload);
|
|
const wrapped = JSON.stringify({ content: sanitized });
|
|
const reparsed = JSON.parse(wrapped) as { content: string };
|
|
// .toBe(sanitized) already proves the surrogate was replaced; the
|
|
// additional explicit check below documents the specific code points.
|
|
expect(reparsed.content).toBe(sanitized);
|
|
expect(reparsed.content.charCodeAt(6)).toBe(0xfffd); // � not \uD800
|
|
});
|
|
});
|
|
|
|
describe('sanitizeLoneSurrogates — wiring invariants', () => {
|
|
test('server.ts wraps every command result through handleCommandInternal', () => {
|
|
// The architectural choice is to wrap once at handleCommandInternal so
|
|
// both single-command HTTP and the batch loop inherit. If a future
|
|
// refactor moves sanitization back to handleCommand only, this test
|
|
// fails by detecting the missing wrapper.
|
|
expect(SERVER_SRC).toContain('async function handleCommandInternalImpl(');
|
|
expect(SERVER_SRC).toContain('result: sanitizeLoneSurrogates(cr.result)');
|
|
});
|
|
|
|
test('SSE activity feed sanitizes outbound frames via sanitizeReplacer', () => {
|
|
// Replacer must run DURING stringify; post-stringify regex is ineffective
|
|
// because JSON.stringify converts \uD800 → "\\ud800" before our regex sees it.
|
|
expect(SERVER_SRC).toContain('JSON.stringify(entry, sanitizeReplacer)');
|
|
});
|
|
|
|
test('SSE inspector stream sanitizes outbound frames via sanitizeReplacer', () => {
|
|
expect(SERVER_SRC).toContain('JSON.stringify(event, sanitizeReplacer)');
|
|
});
|
|
|
|
test('sanitizeReplacer is a function defined in server.ts', () => {
|
|
expect(SERVER_SRC).toContain('function sanitizeReplacer(');
|
|
});
|
|
});
|