mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-05 13:15:24 +02:00
Garry Tan
2c21366cf9
When the sidebar-agent fires security_event (canary leak, pre-spawn ML block, tool-result ML block), it POSTs to /sidebar-agent/event which dispatches through processAgentEvent. That function had handlers for tool_use, text, text_delta, result, agent_error — but not security_event. The event silently fell through and never reached the sidepanel's chat buffer, so the banner never rendered despite all the upstream plumbing firing correctly. Caught by the new full-stack E2E test (security-e2e-fullstack.test.ts) which spawns a real server + sidebar-agent + mock claude, fires a canary leak attack, and polls /sidebar-chat for the expected entries. Before this fix, the test timed out waiting for security_event to appear. Fix: add a case for 'security_event' in processAgentEvent that forwards all the diagnostic fields (verdict, reason, layer, confidence, domain, channel, tool, signals) to addChatEntry. Sidepanel.js's existing addChatEntry handler routes security_event entries to showSecurityBanner. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>