|
|
66678798f1
|
docs(03-02): Plan 02 SUMMARY — A30 event-log verification (31/31 GREEN; cs-injection-world fix)
- 7-check A30 contract empirically verified end-to-end across all 5
UserEvent.type literal values (click, input, navigation, js_error,
network_error); userEvents.length=5; type counts all = 1.
- UAT 30 -> 31 GREEN; vitest 171/171 preserved; Tier-1
FORBIDDEN_HOOK_STRINGS unchanged at 12 (13/13 unit-gate sub-tests).
- 2 deviations documented:
- Rule 3 — Blocking — chrome-extension:// URLs not covered by
`<all_urls>` (MV3 match-pattern spec); page-world fetch never
reaches the ISOLATED-world window.fetch wrapper. Fixed by opening
a fresh https://example.com probe tab + chrome.scripting.execute
Script(world:'ISOLATED'). Rides production surfaces only;
FORBIDDEN_HOOK_STRINGS impact = 0.
- Rule 1 — Bug — history.pushState destroys Puppeteer CDP execution
context. Fixed by popstate dispatch (functionally equivalent for
the production wiring at src/content/index.ts:111).
- One latent A29 issue surfaced (A29 "passed" via iana.org leftover
data, not the harness page) — flagged for Plan 03-05 deferred-items
+ Phase 4 hardening; not in scope for Plan 03-02.
- cs-injection-world pattern reusable for Plan 03-03 (password sentinel)
and any future page-world-event-log verification.
|
2026-05-20 19:59:39 +02:00 |
|
