fix(04): revise plans per checker iter-1 — 2 BLOCKERS + 2 WARNINGS fixed
Plan-checker iter-1 found 2 BLOCKERS + 4 WARNINGS. Iter-2 revision applies
surgical fixes to 4 plans + VALIDATION:
BLOCKER 1 (Plan 04-06 Task 4): wrong SW chunk glob `dist/assets/index*-bg.js`
matched zero files → Gates 2/3/4 silently PASSED. Replaced with canonical
`dist/assets/index.ts-*.js` (verified empirically: index.ts-8LkXuqac.js
on disk; RESEARCH Q1). Added glob-existence pre-gate `ls | wc -l >= 1`
to fail-loudly on future Vite chunk-naming shift.
BLOCKER 2 (Plan 04-04 Task 1): spike called non-existent
__mokoshHarness.dispatchSaveArchive (verified: harness surface is
assertA1..A31 + getManifestVersion only). Applied Option B — spike
+ driveA33 now dispatch SAVE_ARCHIVE via chrome.runtime.sendMessage
inline in page.evaluate (matches 9 existing assertA* methods:
A5/A11/A12/A13/A26/A28/A29/A30/A31). No new harness helper introduced.
WARNING 1 (Plan 04-02 Task 2): verify omitted UAT harness run. Added
`HEADLESS=1 SKIP_PROD_REBUILD=0 npm run test:uat 2>&1 | grep -c 'UAT
harness: 33/33 assertions passed'` to verify command (stdout format
confirmed at tests/uat/harness.test.ts:537).
WARNING 4 (Plan 04-07 Task 1): weak operator-ack gate (placeholder would
pass). Added `grep -cE 'approved|All good|APPROVED|approved by|operator
ack|all good' 04-VERIFICATION.md` to verify command. Covers both
canonical Plan 04-06 resume-signal ("approved" lowercase) AND prior-art
Plan 01-10 cycle-2 ack ("All good" titlecase).
WARNINGS 2 + 3 left as-is (truly advisory: scope-sanity threshold +
conservative dependency without file overlap).
04-VALIDATION.md per-task map rows updated for the 5 revised task entries
(04-02 T2 + 04-04 T1 + 04-04 T2 + 04-06 T4 + 04-07 T1). Frontmatter
adds `revised: 2026-05-21` + iter-2 notes block.
3 plans unchanged on disk (04-01, 04-03, 04-05).
Empirical confirmations used in revision:
- Harness surface: grep extension-page-harness.ts:4018 confirms
__mokoshHarness.{assertA1..A31, getManifestVersion}; no dispatchSaveArchive
- SW chunk filename: ls dist/assets/ shows index.ts-8LkXuqac.js;
no index*-bg.js matches
- SAVE_ARCHIVE precedent count: 9 existing assertA* methods use the
chrome.runtime.sendMessage pattern
- UAT harness stdout format: harness.test.ts:537 emits canonical
"UAT harness: N/N assertions passed"
Ready for plan-checker iter-3 re-verification.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -253,6 +253,9 @@ No change strictly required; the bare class selector matches both `<img class="w
|
||||
From tests/uat/extension-page-harness.ts:2249-2294 (current A17.8 — Plan 01-10 mark-bundling invariant):
|
||||
- Current: asserts welcome chunk JS contains `data:image/svg+xml,...` data URL + canonical viewBox.
|
||||
- Post-Plan-04-06: assert welcome chunk JS contains raw SVG source as string literal with `currentColor` + canonical viewBox. May split into A17.8a (raw bundling) + A17.8b (runtime inline <svg> injection check via DOM query).
|
||||
|
||||
SW chunk canonical glob (REVISION iter-2 — plan-checker BLOCKER 1):
|
||||
The Vite SW chunk is `dist/assets/index.ts-<hash>.js` (verified empirically — `dist/assets/index.ts-8LkXuqac.js` confirmed on disk; also pinned by RESEARCH Q1 finding lines 142/180/196). All Phase 4 bundle gates MUST use the `dist/assets/index.ts-*.js` glob, NOT `dist/assets/index*-bg.js` (which matches no files and would silently return 0 on grep — spurious PASS). Task 4 pre-checkpoint gates use this canonical glob for Gates 2/3/4.
|
||||
</interfaces>
|
||||
</context>
|
||||
|
||||
@@ -396,28 +399,31 @@ From tests/uat/extension-page-harness.ts:2249-2294 (current A17.8 — Plan 01-10
|
||||
<action>
|
||||
Step 1 — Pre-checkpoint bundle gates (orchestrator-driven; per saved memory `feedback-pre-checkpoint-bundle-gates.md`; MUST PASS before surfacing Step 2 to operator):
|
||||
1. `npm run build` -> exit 0; dist/ populated.
|
||||
2. SW CSP-safety grep: `grep -rE 'new Function\(|eval\(' dist/assets/index*-bg.js` -> 0 hits (Plan 04-02 effect preserved).
|
||||
3. SW Node-globals grep: `grep -rE 'Buffer\.from|Buffer\.alloc|process\.|require\(' dist/assets/index*-bg.js` -> 0 hits.
|
||||
4. DOM-globals grep: `grep -rE '(window\.|document\.)' dist/assets/index*-bg.js | grep -vE '^//|globalThis|^$'` -> 0 hits in SW chunk.
|
||||
2. SW CSP-safety grep (REVISION iter-2 — canonical SW chunk glob per RESEARCH Q1; was `index*-bg.js` which matches no files): `grep -cE 'new Function\(|eval\(' dist/assets/index.ts-*.js` -> 0 hits (Plan 04-02 effect preserved). The pipe-counted form ensures a SPURIOUS-PASS-PROOF gate — if the glob ever matches zero files, the gate registers as missing rather than silent 0.
|
||||
3. SW Node-globals grep (REVISION iter-2 — canonical SW chunk glob): `grep -cE 'Buffer\.from|Buffer\.alloc|process\.|require\(' dist/assets/index.ts-*.js` -> 0 hits.
|
||||
4. DOM-globals grep (REVISION iter-2 — canonical SW chunk glob): `grep -E '(window\.|document\.)' dist/assets/index.ts-*.js | grep -vE '^//|globalThis|^$' | wc -l` -> 0 hits in SW chunk.
|
||||
5. Tier-1 SW-bundle-import gate: `npx vitest run tests/background/sw-bundle-import.test.ts` -> GREEN.
|
||||
6. Tier-1 FORBIDDEN_HOOK_STRINGS gate: `npx vitest run tests/background/no-test-hooks-in-prod-bundle.test.ts` -> 12 strings, 0 hits each -> GREEN.
|
||||
|
||||
**REVISION iter-2 — Glob existence pre-gate (BLOCKER 1 mitigation):** before running Gates 2/3/4, verify the glob actually matches at least one file: `ls dist/assets/index.ts-*.js 2>/dev/null | wc -l` MUST return >= 1. If 0, the build is broken (SW chunk missing) OR the canonical filename pattern shifted — fail loudly rather than silently 0-grep.
|
||||
|
||||
Step 2 — Operator-driven empirical UAT cycle (manual; ~3-5 min): See `<how-to-verify>` block below for the operator-facing instructions.
|
||||
|
||||
Step 3 — Resume signal handling: orchestrator waits for operator response per `<resume-signal>` block below.
|
||||
</action>
|
||||
<verify>
|
||||
<automated>npm run build && grep -c 'new Function' dist/assets/index*-bg.js | head -1; HEADLESS=1 SKIP_PROD_REBUILD=1 SKIP_LONG_UAT=1 npm run test:uat 2>&1 | tail -3</automated>
|
||||
<automated>npm run build && ls dist/assets/index.ts-*.js | wc -l; grep -cE 'new Function\(|eval\(' dist/assets/index.ts-*.js; HEADLESS=1 SKIP_PROD_REBUILD=1 SKIP_LONG_UAT=1 npm run test:uat 2>&1 | tail -3</automated>
|
||||
</verify>
|
||||
<done>Operator returns "approved" verbatim OR describes a specific issue; if issue, route via `/gsd-debug` per `feedback-gsd-ceremony-for-fixes.md`.</done>
|
||||
<what-built>
|
||||
UI-SPEC dark-logo contrast strategy: SVG stroke recolor + inline-SVG injection + ambient module decl + harness update + cursor-visibility regression pin + docs back-patch. Pre-checkpoint bundle gates 6/6 PASS:
|
||||
- Gate 1: `npm run build` exit 0
|
||||
- Gate 2: `grep -c 'new Function' dist/assets/index.ts-*.js` returns 0 (Plan 04-02 effect preserved)
|
||||
- Gate 3: SW Node-globals grep clean
|
||||
- Gate 4: DOM-globals bundled-lib idiom (typeof-guarded)
|
||||
- Gate 2: `grep -c 'new Function' dist/assets/index.ts-*.js` returns 0 (Plan 04-02 effect preserved; canonical SW chunk glob)
|
||||
- Gate 3: SW Node-globals grep clean against `dist/assets/index.ts-*.js`
|
||||
- Gate 4: DOM-globals bundled-lib idiom (typeof-guarded) against `dist/assets/index.ts-*.js`
|
||||
- Gate 5: Tier-1 SW-bundle-import unit gate GREEN
|
||||
- Gate 6: FORBIDDEN_HOOK_STRINGS at 12 (no change)
|
||||
- Glob-existence pre-gate: `ls dist/assets/index.ts-*.js | wc -l` returns >= 1 (prevents silent 0-hit pass on mis-glob)
|
||||
- Plus pre-checkpoint vitest baseline >=185 GREEN; UAT harness 35/35 GREEN.
|
||||
|
||||
Auto-confirms:
|
||||
@@ -462,6 +468,7 @@ From tests/uat/extension-page-harness.ts:2249-2294 (current A17.8 — Plan 01-10
|
||||
| T-04-06-01 | Tampering | a future developer might switch DOMParser to innerHTML for "simplicity" — innerHTML in a content script context is unsafe (CSP risk + script-execution surface) | mitigate | Inline code comment + executor-pattern in the action: "NEVER use innerHTML — DOMParser + appendChild only (MV3 CSP discipline)"; A17.8 harness check verifies the inline-SVG DOM shape (defense in depth) |
|
||||
| T-04-06-02 | Information Disclosure | the inline SVG has no PII or secret; it's the canonical Mokosh brand mark | accept | Static brand asset; out-of-tree threat surface |
|
||||
| T-04-06-03 | Spoofing | cursor visibility in captured frames could leak sensitive UI overlay state (e.g., 2FA OTP digit operator was about to type) — but this is a known and intended diagnostic feature per Plan 01-07 obs; out of scope for password masking per D-P3-02 charter | accept | Operator-side responsibility per CONTEXT charter; v2 candidate per CONTEXT Deferred Ideas |
|
||||
| T-04-06-04 | Repudiation (REVISION iter-2 — BLOCKER 1) | A mis-globbed `dist/assets/index*-bg.js` matches no files; `grep -c new Function` returns 0; Gate 2 spuriously PASSES even if the setimmediate polyfill never landed | mitigate | Canonical SW chunk glob `dist/assets/index.ts-*.js` verified empirically (file `index.ts-8LkXuqac.js` exists on disk; pinned by RESEARCH Q1 lines 142/180/196); pre-gate `ls dist/assets/index.ts-*.js \| wc -l >= 1` validates the glob matches BEFORE running the grep gates |
|
||||
</threat_model>
|
||||
|
||||
<verification>
|
||||
@@ -474,7 +481,7 @@ From tests/uat/extension-page-harness.ts:2249-2294 (current A17.8 — Plan 01-10
|
||||
- UAT harness 35/35 GREEN with updated A17.8 (no harness count change; assertion quality changes).
|
||||
- 01-07-SUMMARY.md back-patched.
|
||||
- Operator empirical ack received (Task 4 resume signal "approved").
|
||||
- Pre-checkpoint bundle gates 6/6 PASS.
|
||||
- Pre-checkpoint bundle gates 6/6 PASS (REVISION iter-2 — canonical SW chunk glob `dist/assets/index.ts-*.js` used across Gates 2/3/4; glob-existence pre-gate `ls dist/assets/index.ts-*.js | wc -l >= 1` validates).
|
||||
- PNG toolbar icons byte-identical (no change to scripts/rasterize-icons.sh or icons/*.png).
|
||||
</verification>
|
||||
|
||||
@@ -485,7 +492,7 @@ From tests/uat/extension-page-harness.ts:2249-2294 (current A17.8 — Plan 01-10
|
||||
- ROADMAP cursor visibility item GREEN.
|
||||
- ROADMAP dark-surface logo contrast item GREEN.
|
||||
- Operator empirical ack received on dark-mode visual aesthetic.
|
||||
- Pre-checkpoint bundle gates 6/6 PASS preserved.
|
||||
- Pre-checkpoint bundle gates 6/6 PASS preserved (REVISION iter-2 — canonical glob).
|
||||
- UAT harness 35/35 GREEN preserved.
|
||||
- vitest baseline +4 (Plan 04-05 baseline 181 -> Plan 04-06 baseline >= 185).
|
||||
</success_criteria>
|
||||
@@ -499,10 +506,9 @@ After completion, create `.planning/phases/04-harden-clean-up-optional/04-06-SUM
|
||||
- 01-07-SUMMARY.md back-patch (5 stale Phase-5 lines flipped)
|
||||
- 2 new test files (inline-svg + cursor-visibility) with RED->GREEN cycle commits
|
||||
- Operator empirical UAT verbatim ack (e.g., "approved", "all good", or specific issues)
|
||||
- Pre-checkpoint bundle gates 6/6 PASS evidence (grep outputs)
|
||||
- Pre-checkpoint bundle gates 6/6 PASS evidence (grep outputs against canonical `dist/assets/index.ts-*.js` glob per REVISION iter-2)
|
||||
- vitest before/after (181 -> >=185)
|
||||
- UAT 35/35 GREEN preservation
|
||||
- Commit refs (Tasks 1 + 2 + 3 + 4 ack)
|
||||
</output>
|
||||
</content>
|
||||
</invoke>
|
||||
Reference in New Issue
Block a user