repremium/mokosh
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(04-03): complete harden-clean-up-optional plan 04-03 — A29 flake fix

Browse Source 
A29 (rrweb DOM verification) rewritten in-place via the canonical cs-
injection-world pattern + strict-sentinel filter. Closes ~2/3 flake
documented in Plans 03-02 + 03-03 SUMMARYs (A29 was "passing" by
reading iana.org leftover DOM events from A27/A28's still-open probe
tabs; a real rrweb regression at src/content/index.ts:284 would have
been masked).

Plan 04-03 task commits (atomic; sequential foreground mode):
- 73eb9b6: Task 1 — A29 page-side cs-injection-world skeleton +
  sentinel-bearing <div> injection
- b341a71: Task 2 — A29 host-side strict-sentinel filter (RESEARCH Q3
  Code Example Pattern 3); IncrementalSource added to @rrweb/types
  import binding; A29.2 PASS × 5/5 consecutive UAT runs

Empirical evidence:
- vitest 183/183 GREEN preserved (Plan 04-02 baseline)
- UAT harness 33/33 GREEN × 5 consecutive runs
- A29 strict-sentinel: mutationEvents=1, sentinelEvents=1 in ALL 5 runs
- Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12
- SW chunk: 0 new Function, 0 eval (Plan 04-02 baseline held)
- Pre-checkpoint bundle gates 5/5 PASS

STATE.md + ROADMAP.md updated per sequential workflow:
- Plan counter advanced 3 → 4 of 7
- Progress 83% → 87% (26/30 plans complete)
- Decision log entry added for Plan 04-03
- ROADMAP Phase 4 04-03 row flipped to [x]
This commit is contained in:
Mark
2026-05-21 17:01:58 +02:00
parent b341a712c0
commit 303644f8cc
3 changed files with 226 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
.planning/STATE.md
View File

@@ -4,14 +4,14 @@ milestone: v2.0.0
milestone_name: milestone
status: executing
stopped_at: Completed 04-02-PLAN.md (setimmediate polyfill replaced via layered 4-mechanism mitigation; SW new Function polarity 1→0; UAT 33/33 GREEN preserved)
last_updated: "2026-05-21T13:36:35.894Z"
last_updated: "2026-05-21T14:56:45.914Z"
last_activity: 2026-05-21
progress:
total_phases: 4
completed_phases: 3
total_plans: 30
completed_plans: 25
percent: 83
completed_plans: 26
percent: 87
---
# Project State
@@ -29,11 +29,11 @@ no server, no password leaks.
Phase: 04 (harden-clean-up-optional) — EXECUTING
Phase 4 of 4 (Hardening — optional) — Plan 04-01 closed (audit P1 polish 3/3); 6 plans remain (04-02 build hygiene queued NEXT in Wave 1)
Plan: 3 of 7
Plan: 4 of 7
Status: Ready to execute
Last activity: 2026-05-21
Progress: [████████░] 83%
Progress: [████████░] 87%
### Plan 01-10 closure (2026-05-20)
@@ -149,6 +149,7 @@ Progress: [████████░░] 83%
| Phase 01 P10 | ~5h cumulative (4 waves; 5 plan tasks + 5 inter-cycle debug sessions + cycle-2 follow-up brand-rename ack) | 5 tasks (Wave 0 RED + Wave 1 bundle + Wave 2 SW wiring + Wave 3 harness + Wave 4 operator UAT cycle-2) | 14 files (4 new src/welcome/* + globals.d.ts + 2 unit-test files + 3 harness files + src/background/index.ts + manifest + 2 Vite configs + closure-cycle debug touches: _locales + README + package.json + onstartup-notification.test.ts + onboarding-tests + manifest-i18n.test.ts) |
| Phase 04 P01 | 30m | 2 tasks | 5 files |
| Phase 04 P02 | 41min | 2 tasks | 5 files |
| Phase 04 P03 | 46min | 2 tasks | 2 files |
## Accumulated Context
@@ -199,6 +200,7 @@ current work:
- [Phase ?]: [Phase 04-01]: Audit P1 polish landed end-to-end via TDD pair (3dbc51c RED + 7da30af GREEN). Three surgical edits in src/content/index.ts: (1) module-level let previousUrl tracker initialized at module load with typeof-window node-env guard, swapped-and-emitted in handleNavigation so meta.previousUrl carries the operator's actual prior URL (was always 'unknown'); (2) instanceof Request type-narrow inlined at both fetch-wrapper sites (ok-branch line ~190 + catch-branch line ~210), replacing args[0]?.toString() that resolved to literal '[object Request]' for fetch(new Request(url)); (3) event.timestamp = Date.now() prepended in rrweb record() emit callback at line 315, normalizing rrweb-internal page-load-relative timestamps to Unix-epoch ms so cleanupOldEvents (now - event.timestamp) arithmetic at line 33 is meaningful. 9 new vitest tests under tests/content/ (NEW directory) pin all three contracts; baseline 171 -> 180/180 GREEN; tsc-clean preserved; Tier-1 FORBIDDEN_HOOK_STRINGS inventory unchanged at 12. Audit P1 polish backlog CLOSED 3/3.
- [Phase ?]: [Phase 04-02]: Layered 4-mechanism CSP-hardening for transitive-polyfill pre-bundled-distribution interception (runtime queueMicrotask polyfill prelude + nodePolyfills exclude + resolve.alias.setimmediate + stripSetimmediateNewFunction Rollup post-transform plugin). Option α (force JSZip unbundled lib/index.js) attempted + reverted because it broke readable-stream-browser browser-field propagation causing UAT A30+ regressions. Option β preserves JSZip pre-bundled distribution verbatim while excising the offending literal post-bundle.
- [Phase ?]: [Phase 04-02]: ROADMAP SC #3 (generate-icons ESM/CJS) closed via git mv generate-icons.js generate-icons.cjs — Node 14+ treats .cjs as CJS regardless of package.json type:module per nodejs.org/api/packages.html#determining-module-system. No code change. ROADMAP SC #4 (dead-code grep permissions.request) GREEN regression-pinned via tests/build/dead-code-grep.test.ts. Plan 01-12 Wave 7 setimmediate deferred-items entry CLOSED end-to-end. SW chunk new Function count polarity flipped 1 → 0. UAT 33/33 GREEN preserved.
- [Phase 04-03]: A29 rewrite — cs-injection-world pattern (verbatim port of Plan 03-02 assertA30 / 03-03 assertA31 skeleton) + strict-sentinel filter (RESEARCH Q3 Code Example Pattern 3) closes the documented iana.org-leftover flake. assertA29 page-side: chrome.tabs.create(https://example.com) + chrome.scripting.executeScript world:'ISOLATED' injects sentinel-bearing <div> into document.body. driveA29 host-side: filter events by EventType.IncrementalSnapshot + IncrementalSource.Mutation, then descend into data.adds[*].node.textContent for 'a29-mutation-sentinel'. A29.2 strict-sentinel is THE primary check; A29.3 + A29.4 (Meta + FullSnapshot) preserved as defense-in-depth; pre-rewrite A29.5 (loose IncrementalSnapshot >=1) retired (subsumed). Empirical: 5/5 PASS across consecutive UAT runs (was ~2/3 historical). vitest 183/183 GREEN preserved. Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12 (rides production chrome.tabs.create + chrome.scripting.executeScript per DEC-011 Amendment 1 grant + manifest scripting permission).
### Pending Todos
@@ -221,7 +223,7 @@ Items acknowledged and carried forward from previous milestone close:
## Session Continuity
Last session: 2026-05-21T13:36:35.869Z
Last session: 2026-05-21T14:56:45.870Z
Stopped at: Completed 04-02-PLAN.md (setimmediate polyfill replaced via layered 4-mechanism mitigation; SW new Function polarity 1→0; UAT 33/33 GREEN preserved)
Resume file: None