a20372a8b8458ef94acbd9540647e756c1425c98
81 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| a20372a8b8 |
feat(04-05): A34 page-side — cs-injection-world fetch + XHR 404 injection
- Append assertA34 after assertA31 — cs-injection-world skeleton (verbatim from assertA30/A31; ROADMAP SC #2 empirical) - chrome.scripting.executeScript ISOLATED injects TWO 404 triggers into the content-script realm: fetch(404) + XMLHttpRequest(404) - fetch trigger validates Plan 04-01 P1 #11 (Request-narrow URL extraction) end-to-end in a real Chrome page context - XHR trigger covers the distinct XMLHttpRequest.prototype wrapper path that A30 did not exercise - Date.now() uniqueness stamp on both probe URLs (T-04-05-02) - assertA34 registered in Window interface + __mokoshHarness literal - Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12 (rides production window.fetch + XMLHttpRequest.prototype + chrome.scripting/tabs) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
|||
| 4d6c00526e |
feat(04-08): A33 SW state persistence harness assertion — methodology reframe (34/34 GREEN; ROADMAP SC #1 CLOSED)
Task 2 of Plan 04-08 (revive A33 under valid methodology + close ROADMAP SC #1): - Append driveA33(page, browser, extensionId, downloadsDir) at tests/uat/lib/harness-page-driver.ts:2516-2697 per Plan 04-04 Pattern 4 verbatim - 3 checks: A33.1 SAVE_ARCHIVE ack success after 5-min idle + SW kill; A33.2 video size > 0; A33.3 video size > 100 KB sanity floor - Reuses stopServiceWorker helper (Plan 04-04 commit |
|||
| 81d9935b65 |
feat(04-08): video-file MediaStream + sync-install/lazy-first-frame + explicit WAR — methodology reframe per debug session-2 + iter-2 BLOCKER fixes
Task 1 of Plan 04-08 (methodology reframe of ROADMAP SC #1): - Bundle 1.9 MB VP9 WebM fixture at tests/uat/fixtures/synthetic-display-source.webm (copy of internal Plan 01-07 fixture; CC0-equivalent project-owned) - Add globals.d.ts ambient `*.webm?url` module decl (mirrors Plan 01-10 `*.svg?url`) - Add manifest.json web_accessible_resources entry for `assets/*.webm` (iter-2 BLOCKER 1 — pre-decided to avoid executor improvisation; inert in production where dist/ has zero *.webm) - Rewrite installFakeDisplayMedia() at src/test-hooks/offscreen-hooks.ts: * Replace canvas.captureStream(30) with HTMLVideoElement.captureStream(30) — bypasses Chrome bug 653548 invisible-canvas throttling (debug session-2 root cause) * Function signature remains SYNCHRONOUS (`: void`; iter-2 BLOCKER 2 — eager-install contract preserved at lines 528-537) * Video element creation + DOM append + monkey-patch assignment execute synchronously * canplay wait + .play() deferred INTO fakeGetDisplayMedia closure (lazy first-frame pattern) * fakeVideoReadyPromise kicked off at install time so first call observes resolved Promise * WARNING 1 (autoplay reject): explicit error class identifier 'autoplay-blocked or codec-unsupported in headless context' * displaySurface monkey-patch preserved verbatim * A23 lastGetDisplayMediaConstraints capture preserved * uninstallFakeDisplayMedia teardown adapted for videoEl (pauses + removes + nulls) * All 6 bridge ops UNCHANGED in their sync return-false form - Add Tier-2 production-bundle filename-leak gate at tests/background/no-test-hooks-in-prod-bundle.test.ts (iter-2 WARNING 5 — synthetic-display-source string must be 0 hits in dist/) Verification: - npx tsc --noEmit: exit 0 - npm run build: dist/ produced; 0 *.webm files; 0 synthetic-display-source hits - npm run build:test: dist-test/assets/synthetic-display-source-mbtR1t3u.webm emitted (1.9 MB; Vite ?url asset) - Code-only grep (comment-filtered) on offscreen-hooks.ts: 0 canvas refs; 15 video refs - installFakeDisplayMedia signature unchanged: `: void` 2x; `: Promise` 0x; `await installFakeDisplayMedia` 0x - Architectural invariant unchanged: `let segments: Blob[] = []` at recorder.ts:91 (1 hit; grep gate enforces) - Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12 entries - Tier-2 vitest gate PASSES: 14/14 GREEN under SKIP_BUILD=1 (12 Tier-1 + 1 build verify + 1 Tier-2) Per iter-3 checker advisory 1: the wrong-display-surface throw lives at recorder.ts:313-321 (not line 294 as plan text states; off by ~25 lines but unambiguous). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 4ea1bbb7a8 |
docs(debug): SC#1 sw-offscreen-persistence investigation session 2 — REFUTED-architecture (canvas-captureStream issue)
Session-2 (continuation of
|
|||
| 9ac580869d |
fix(debug): race-tolerant offscreen target attach in UAT launch
Plan-04-04 debug session-2 root cause: the offscreen-console capture
in tests/uat/lib/launch.ts:registerOffscreenConsoleAttach matched zero
offscreen targets across 4 spike runs, creating a critical observability
gap that prevented disambiguation of Plan 04-04 Wave 0 spike failure
mode.
Empirical investigation (tests/uat/spike-diagnose-offscreen-target.ts,
NEW): when chrome.offscreen.createDocument fires, Puppeteer's
`targetcreated` event fires with `type='other'` and `url=''` BEFORE the
CDP target metadata stabilizes. The previous filter (whether
`background_page` or `page`) never matched at event time. By the time
the metadata stabilizes (visible via `browser.targets()`), the
target's type is `'background_page'` (not `'page'` — MV2's
background_page type IS still used by Chrome's CDP for invisible
extension documents, despite MV3 abolishing classic background pages).
Fix:
- Match the offscreen target by URL pattern (load-bearing criterion;
type field is intentionally unchecked because it's unreliable at
targetcreated time).
- Bind to BOTH `targetcreated` AND `targetchanged` events (the latter
fires when the URL stabilizes after navigation).
- Add a `browser.targets()` enumeration race-free safety net for
cases where the offscreen target exists at registration time.
Verification: tests/uat/spike-diagnose-offscreen-target.ts now emits
`(launch: offscreen console attached — url=chrome-extension://.../src/offscreen/index.html)`
followed by `[off:log] [OS:Recorder] Recording started ...` (zero such
lines in any prior spike run).
Test-infra correctness fix; ZERO production source changes. FORBIDDEN_HOOK_STRINGS
inventory unchanged at 12 entries. No new test-only `__MOKOSH_UAT__` symbols.
References:
- .planning/debug/sw-offscreen-persistence-investigation-session-2.md
(session-2 debug note documenting empirical root cause)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 3726eee39f |
feat(04-04): Wave 0 spike — stopServiceWorker helper + 5-min SW idle empirical result
SPIKE OUTCOME: FAILED (offscreen DIED across 5-min SW idle + worker.close())
Per Plan 04-04 spike-first contract, Wave 0 empirically investigated whether
the offscreen document's RAM-only `segments: Blob[] = []` at
src/offscreen/recorder.ts:91 survives a 5-min SW idle followed by Puppeteer
CDP-driven `worker.close()`. RESEARCH Q2 hypothesis (MEDIUM confidence): yes,
the offscreen has its own lifecycle anchored by active MediaRecorder. Spike
result REFUTES that hypothesis.
Empirical measurement (HEADLESS=1; one full run; reproducible via the
committed spike script):
- assertA2 priming: PASSED (badge=REC; offscreen + MediaRecorder live)
- 5-min idle: elapsed cleanly (308.7s total wall-clock)
- stopServiceWorker: succeeded (worker.close() returned)
- SAVE_ARCHIVE ack: {success: true} (SW respawned + processed message)
- video/last_30sec.webm size: 8505 bytes (well below 100 KB floor)
- meta.urls: only chrome-extension://* origins; real-page URLs LOST
- rrweb/session.json: []
- logs/events.json: []
- ffprobe on extracted webm: 'End of file' + 'Duplicate element' errors
(corrupt/truncated; not a valid 30s segment cluster sequence)
Interpretation: offscreen-document lifecycle is NOT independent of the SW
under Puppeteer CDP-driven worker.close() conditions. The 8505 bytes are
likely stale/partial header bytes from a re-initialized empty offscreen
context after SW respawn, not a surviving 30s buffer. The plan's Task 2
GATING CONDITION (videoSize > 100_000) is NOT satisfied; Task 2 is BLOCKED.
Per saved memory `feedback-gsd-ceremony-for-fixes.md`: architectural changes
(moving segments from offscreen RAM to IndexedDB per RESEARCH Q2 sub-question
b Option C) MUST route through proper plan-fix ceremony, NOT improvised
inline inside Plan 04-04. Plan 04-04 SUMMARY flags the failure mode + cites
exact remediation path. ROADMAP SC #1 remains OPEN pending the persistence-
layer plan-fix.
Task 1 persisting artifacts (this commit):
- tests/uat/lib/harness-page-driver.ts:
+ Browser type import (puppeteer)
+ stopServiceWorker(browser, extensionId) helper (verbatim from Chrome
devrel canonical pattern — Puppeteer >=22.1.0; project pin ^25 OK)
+ findLatestZip exported (was module-internal) so the spike script can
reuse the canonical mtime-sort selection logic without duplication
- tests/uat/spike-a33-sw-persistence.ts (NEW):
+ One-shot empirical investigation script; reusable for future SW-
lifecycle regression testing (e.g., verifying the eventual IndexedDB
persistence layer actually closes ROADMAP SC #1)
+ Step 1 reuses __mokoshHarness.assertA2 (canonical fresh-recording
prime; not the non-existent dispatchSaveArchive that REVISION iter-2
explicitly forbids)
+ Step 5 dispatches SAVE_ARCHIVE via chrome.runtime.sendMessage inline
from harness-page realm (Option B per plan-checker BLOCKER 2;
matches A5/A11/A12/A13/A26/A28/A29/A30/A31 pattern)
Verification (Task 1 acceptance criteria):
- npx tsc --noEmit: exits 0
- HEADLESS=1 tsx tests/uat/spike-a33-sw-persistence.ts: ran to completion
(no Puppeteer throw); SPIKE RESULT line emitted with explicit
videoSize=8505 bytes; SAVE_ARCHIVE ack received
- grep -c 'dispatchSaveArchive' tests/uat/spike-a33-sw-persistence.ts: 0
- grep -c "type: 'SAVE_ARCHIVE'" tests/uat/spike-a33-sw-persistence.ts: 1
- Total spike wall-clock: 308.7s (~5min idle + ~8s orchestration)
References:
- Plan 04-04 PLAN.md spike contract (lines 64-72)
- 04-RESEARCH.md Q2 sub-question (b) — Chrome MV3 offscreen lifecycle
- https://developer.chrome.com/docs/extensions/how-to/test/test-serviceworker-termination-with-puppeteer
- Saved memory: feedback-gsd-ceremony-for-fixes.md (no inline architectural
fixes; route through plan-fix ceremony)
|
|||
| b341a712c0 |
feat(04-03): A29 host-side strict-sentinel filter + 5/5 PASS stress test
Replace the loose-EventType grep with a strict-sentinel filter pipeline per RESEARCH Q3 Code Example Pattern 3: - Import IncrementalSource from @rrweb/types (new binding alongside the existing EventType import) - Filter events for (e.type === EventType.IncrementalSnapshot && e.data?.source === IncrementalSource.Mutation) - Descend into each filtered event's data.adds[*].node.textContent and search for the page-side-injected 'a29-mutation-sentinel' string - A29.2: assert sentinelEvents.length >= 1 — proves the captured mutation came from OUR injection, not from iana.org leftovers Defense-in-depth preserved: - A29.3: rrweb emitted at least one Meta event (renumbered) - A29.4: rrweb emitted at least one FullSnapshot (renumbered) The previous A29.5 (loose IncrementalSnapshot >=1) is subsumed by the A29.2 strict-sentinel check (which requires IncrementalSnapshot AND Mutation source AND injected sentinel — strictly stronger). Empirical verification (all 33/33 GREEN preserved, A29 flake closed): - npx tsc --noEmit → 0 - npm test → 183/183 GREEN preserved (Plan 04-02 baseline) - npm run test:uat → 33/33 GREEN × 5 consecutive runs - A29 mutationEvents=1 + sentinelEvents=1 in ALL 5 runs (no flake) A29 historical flake rate of ~2/3 (documented Plan 03-02 + 03-03 SUMMARYs) is closed end-to-end: the iana.org leftover DOM mutations no longer satisfy A29 because the strict-sentinel filter requires the EXACT string 'a29-mutation-sentinel' that only the page-side chrome.scripting.executeScript injection produces. Pre-checkpoint bundle gates verified (per feedback-pre-checkpoint- bundle-gates.md): - Gate 1: Tier-1 FORBIDDEN_HOOK_STRINGS — 13/13 sub-tests PASS, count unchanged at 12 - Gate 2: SW CSP-safety — new Function=0, eval=0 (Plan 04-02 baseline) - Gate 3+4: Buffer / window / document counts unchanged from Plan 04-02 (Plan 04-03 modifies tests/ only) - Gate 5: manifest validates clean against locked DEC-011 Amendment 1 |
|||
| 73eb9b654c |
feat(04-03): A29 page-side rewrite — cs-injection-world + sentinel
Replace harness-page-mutation approach with verbatim port of the canonical cs-injection-world pattern from Plan 03-02 (assertA30) + Plan 03-03 (assertA31): - chrome.tabs.create(https://example.com/, active:true) opens probe tab where content script + rrweb's record() attach normally (chrome-extension:// is NOT covered by <all_urls> per Chrome match-pattern spec; was the root flake cause) - 1.5s tab-attach + 11s segment-settle waits (canonical A27/A30/A31) - chrome.scripting.executeScript world: 'ISOLATED' injects a sentinel- bearing <div> (textContent='a29-mutation-sentinel') into document.body — rrweb's MutationObserver lives in the same ISOLATED world so the IncrementalSnapshot's data.adds[*].node.textContent will carry the sentinel - 500ms MutationObserver-enqueue settle - SAVE_ARCHIVE while probe tab is active (SW harvests rrweb/session.json from there) - try/finally chrome.tabs.remove with silent-ignore (T-02-04-04 parity) A29 constants block extended: A29_TAB_NAVIGATION_WAIT_MS, A29_PROBE_TAB_URL, A29_MUTATION_SENTINEL, A29_PROBE_DIV_ID. This closes the documented ~2/3 success-rate flake from Plans 03-02 + 03-03 where A29 "passed" by reading iana.org leftover DOM mutations from A27/A28's probe tabs — a real rrweb regression at src/content/index.ts:284 would have been masked because iana.org's home page emits plenty of mutations during normal rendering. Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12; assertA30 + assertA31 untouched; __mokoshHarness wiring unchanged. Host-side driveA29 strict-sentinel filter lands in Task 2. Verify: - npx tsc --noEmit → 0 - npm run build:test → 0 - grep -c 'A29_MUTATION_SENTINEL' tests/uat/extension-page-harness.ts → 3 - grep -nE "world: 'ISOLATED'" tests/uat/extension-page-harness.ts → 3 call sites (A29 + A30 + A31) — ISOLATED parity per RESEARCH Pitfall 5 |
|||
| 630d40c4f8 |
test(04-02): Wave 0 — no-new-function-in-sw-chunk RED + dead-code-grep regression pin
Two new build-gate vitest files at `tests/build/` per Plan 04-02 Wave 0 TDD-strict RED-first contract: - `no-new-function-in-sw-chunk.test.ts`: SW-chunk CSP-hardening grep gate. Narrows the file walk to `dist/assets/index.ts-*.js` (the SW + loader chunks; cf. plan-checker iter-1 BLOCKER 1 fix). RED today: 1 occurrence of `new Function` in the SW chunk (the pre-existing `setimmediate` npm package fallback bundled transitively by vite-plugin-node-polyfills, per .planning/phases/01-stabilize-video-pipeline/deferred-items.md). Flips GREEN after Task 2's setimmediate replacement lands. Build-prep gate (npm run build + dist/assets/ existence + ≥1 SW chunk match) precedes the grep gate so the test is self-bootstrapping under SKIP_BUILD=0 and self-asserting under SKIP_BUILD=1. - `dead-code-grep.test.ts`: ROADMAP SC #4 regression pin against `src/`. Asserts absence of `permissions.request` (removed in Phase 1 Plan 01-05 SW shrink). GREEN-on-arrival today; acts as regression guard so re-introducing the deleted permission-request flow breaks CI. The offscreen-inline-string sub-test is documented as delegated to the vite.config.ts review + tests/build/no-remote-fonts.test.ts (no single literal sentinel pinnable post-Plan-01-06 collapse). Polarity confirmation: - Acceptance grep: `grep -v '^//' tests/build/no-new-function-in-sw-chunk.test.ts | grep -c 'new Function'` returns 3 (≥2 required). - Acceptance grep: `grep -v '^//' tests/build/dead-code-grep.test.ts | grep -c 'permissions.request'` returns 2 (≥2 required). - SKIP_BUILD=1 npm test -- tests/build/no-new-function-in-sw-chunk.test.ts tests/build/dead-code-grep.test.ts --run: 2 passed + 1 failed (the expected RED gate). - Full vitest: 180 passed + 3 failed (1 = this task's expected RED + 2 = pre-existing ffmpeg/ffprobe flakes per 04-01-SUMMARY Issues Encountered — owned by Plan 04-03). References: - .planning/phases/04-harden-clean-up-optional/04-PATTERNS.md §"tests/build/no-new-function-in-sw-chunk.test.ts" + §"tests/build/dead-code-grep.test.ts" - .planning/phases/04-harden-clean-up-optional/04-RESEARCH.md §Q1 - Plan 04-02 threat model T-04-02-01 (Elevation of Privilege) + T-04-02-03 (Information Disclosure regression pin) - tests/build/no-remote-fonts.test.ts (Plan 01-12 analog scaffold) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 3dbc51cdcd |
test(04-01): Wave 0 RED — audit P1 #11/#14/#15 content-script test scaffolds
Three new test files at tests/content/ (NEW directory mirroring src/content/)
pin the canonical Plan 04-01 contracts; 7 of 9 tests are RED today and flip
GREEN once src/content/index.ts gains the three surgical edits in Task 2.
* tests/content/fetch-interception.test.ts (4 tests; A+C pass today via the
identity String(string)===string coincidence, B+D RED — they fetch a
`new Request(url)` and assert target === request.url under the canonical
`args[0] instanceof Request ? args[0].url : String(args[0])` narrow).
* tests/content/navigation-tracking.test.ts (3 tests; all 3 RED — popstate
+ hashchange + history.pushState wrap all read meta.previousUrl which is
permanently 'unknown' under today's `history.state?.url || 'unknown'`
emit; GREEN after module-level `let previousUrl` lands).
* tests/content/rrweb-timestamps.test.ts (2 tests; both RED — Test A asserts
rrweb-emit normalizes timestamps to Date.now()-class >1e12 instead of the
rrweb-internal page-load-relative small int; Test B regresses
cleanupOldEvents arithmetic correctness when both sides are Unix-epoch).
Scaffold mirrors tests/background/start-video-capture-no-tab.test.ts (Plan
01-09): vi.resetModules() in beforeEach, minimal chrome.* + window/document/
history/Request stubs installed on globalThis before
`await import('../../src/content/index')`. rrweb is mocked via vi.mock so the
content-script's `import { record } from 'rrweb'` short-circuits to a no-op
factory (avoids the rrweb-lib ESM-in-CJS transform crash). userEvents and
rrwebEvents are read back through the canonical GET_RRWEB_EVENTS chrome.
runtime.onMessage path the production archive pipeline uses.
Also folds in the .planning/config.json `use_worktrees: false` flip the
orchestrator staged before respawning this executor in foreground mode.
Plan: 04-01 Wave 0
Files:
- tests/content/fetch-interception.test.ts
- tests/content/navigation-tracking.test.ts
- tests/content/rrweb-timestamps.test.ts
- .planning/config.json (worktree mode disabled)
Verification (RED gate):
- npm test -- tests/content/ --run → 7 failed | 2 passed (9)
- grep -c "instanceof Request" tests/content/fetch-interception.test.ts → 5
- grep -c "previousUrl" tests/content/navigation-tracking.test.ts → 24
- grep -cE "Date\.now\(\)" tests/content/rrweb-timestamps.test.ts → 9
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 8c94bd515d |
feat(03-04): Task 1 — driveA32 host-side Page.metrics scaffolding + orchestrator wiring
A32 ships ~90 lines of best-effort RAM scaffolding per D-P3-04 + RESEARCH Open Question 3 (recommended SHIP). Calls puppeteer.Page.metrics() against the harness page and asserts JSHeapUsedSize is below the SPEC §10 #9 50 MB ceiling. Page-realm scope is the load-bearing caveat (RESEARCH Pitfall 2): the MV3 service worker is a separate Puppeteer target with its own V8 isolate, so Page.metrics() under-reports the operator-facing "extension background RAM" measurement that §10 #9 actually requires. The binding §10 #9 gate stays operator-driven (chrome://memory-internals OR chrome://extensions service-worker memory display) and is recorded in Plan 03-05 VERIFICATION.md human_verification block. Mandatory diagnostic line emitted on EVERY run regardless of pass/fail: "NOTE: page-realm only; SW context measurement requires chrome://memory-internals operator verification per D-P3-04." printAssertionResult prints diagnostics to stdout so the operator sees the caveat in the live UAT trace, never confusing automation GREEN with full §10 #9 closure (T-03-04-01 Repudiation mitigation). Host-side only — no page-side assertA32, no setupFreshRecording, no SAVE, no archive parse. driveA32 takes only `page` (no downloadsDir), so the orchestrator pushes it bare in the drivers array without a wrapped const. Tier-1 FORBIDDEN_HOOK_STRINGS inventory unchanged at 12 entries (Page.metrics is host-side puppeteer; not bundled). Empirical: UAT harness 32/32 → 33/33 GREEN; A32.1 PASS (JSHeapUsedSize= 1909924 bytes); A32.2 PASS (1.82 MB << 50 MB). Tier-1 unit-gate 13/13 sub-tests GREEN; 12 strings × 0 hits each in dist/. vitest 171/171 GREEN. Closes: - Plan 03-04 must_have 'puppeteer.Page.metrics() returns a JSHeapUsedSize value (>= 0) for the harness page realm' (A32.1) - Plan 03-04 must_have 'JSHeapUsedSize for the harness page realm is below 50 MB' (A32.2) - Plan 03-04 must_have 'Driver emits an explicit diagnostic line: NOTE: page-realm only' (Pitfall 2 gate — leads diagnostics array) - Plan 03-04 must_have 'UAT harness exits 0 with 32 + 1 = 33/33 assertions GREEN' (empirical 33/33) |
|||
| 34b36fb58b |
feat(03-03): Task 2 — driveA31 + orchestrator wiring (A31 password-filter PARTIAL)
- Append driveA31 to tests/uat/lib/harness-page-driver.ts after driveA30:
- Reuses UserEvent type (Plan 03-02 import already present).
- 3-phase pattern: page.evaluate → findLatestZip → JSZip
logs/events.json parse + filter-pipeline grep for sentinel absence
+ control-sentinel presence.
- 3 host-side checks: A31.2 (eventsContainingSentinel.length === 0),
A31.3 (eventsTargetingPassword.length === 0), A31.4
(eventsContainingControl.length >= 1; defense-in-depth proves
the listener is alive so A31.2/A31.3 absences mean the filter
fired rather than a tautological "no events at all" pass).
- Standard guard checks A31.0 (zip present) + A31.0a (events.json
entry exists) + A31.0b (JSON.parse success) gate before A31.2..A31.4
per Plan 02-04 / Plan 03-01 / Plan 03-02 driveA26/A29/A30 precedent.
- Filter-pipeline form preserved (no `continue`) per CLAUDE.md
Control Flow §.
- Wire orchestrator in tests/uat/harness.test.ts:
- Add `driveA31,` to import block after `driveA30,`.
- Add `driveA31Wrapped` const after `driveA30Wrapped`.
- Add `{ name: 'A31', drive: driveA31Wrapped }` entry to drivers
array after the A30 entry with explanatory banner comment
citing the cs-injection-world precedent + the defense-in-depth
A31.4 control check.
- Append `, A31` to the orchestrator banner string.
Acceptance grep gates (post-commit):
- grep -c 'driveA31' tests/uat/lib/harness-page-driver.ts returns 2
- grep -c 'driveA31' tests/uat/harness.test.ts returns 6
- grep -c 'secret-do-not-log-123' tests/uat/lib/harness-page-driver.ts returns 1
- tsc --noEmit exit 0
A29 flake disclosure (per Plan 03-02 SUMMARY "Issues Encountered"):
- During Plan 03-03 empirical verification of A31, the pre-existing
A29 flakiness documented in 03-02-SUMMARY.md surfaced: A29 chains
off incidental zip-mtime ordering against prior assertions' zips,
so when A29's own (empty chrome-extension:// SAVE) zip mtime ties
with a prior real-content zip, findLatestZip non-deterministically
returns the prior zip with rrweb events from iana.org/example.com.
- 3 base runs (HEAD=de398347, no Plan 03-03 changes): 2/3 PASS,
1/3 FAIL — confirms PRE-EXISTING flake, NOT a Plan 03-03 regression.
- Per CLAUDE.md SCOPE BOUNDARY ("Only auto-fix issues DIRECTLY caused
by the current task's changes") + Plan 03-02 SUMMARY's explicit
recommendation ("Plan 03-05's VERIFICATION.md aggregator + a
Phase 4 hardening pass can pick it up"): A29 flake is OUT OF SCOPE
for Plan 03-03. Documented in SUMMARY as deferred item.
|
|||
| 8db629f2fb |
feat(03-03): Task 1 — assertA31 page-side orchestrator (cs-injection-world password-filter probe)
- Add assertA31 page-side orchestrator after assertA30: opens fresh https://example.com probe tab via chrome.tabs.create, injects a synthetic <input type="password" id="probe-password"> + a control <input type="text" id="probe-control"> into the probe tab DOM via chrome.scripting.executeScript world:'ISOLATED', types A31_PASSWORD_SENTINEL='secret-do-not-log-123' + A31_CONTROL_SENTINEL into each, dispatches input events, settles, SAVEs while the probe tab is active, finally-cleanup with silent-ignore (T-02-04-04 parity). - Add 8 module-local constants: A31_SAVE_ARCHIVE_TIMEOUT_MS=15s, A31_SEGMENT_SETTLE_MS=11s, A31_TRIGGER_SETTLE_MS=1s, A31_TAB_NAVIGATION_WAIT_MS=1.5s, A31_PROBE_TAB_URL, A31_PASSWORD_SENTINEL, A31_CONTROL_SENTINEL, A31_PASSWORD_SELECTOR='#probe-password', A31_PASSWORD_INPUT_ID, A31_CONTROL_INPUT_ID. - Extend declare global Window.__mokoshHarness interface with assertA31 + add assertA31 to window.__mokoshHarness object literal + update statusEl banner + closing console.log to A31. - 1 page-side check: A31.1 (SAVE_ARCHIVE ack). Host-side driveA31 (Task 2) will append A31.2 (sentinel-value-absent) + A31.3 (zero-events-targeting-password-selector) + A31.4 (control event present — defense-in-depth proof the listener is alive, so A31.2 and A31.3 GREEN actually mean the filter fired rather than a tautological pass from no events at all). Rule 3 — Auto-fix blocking (cs-injection-world adaptation): - The plan's <action> drove document.querySelector('#probe-password') on the harness page (chrome-extension://...harness.html). Plan 03-02 empirically established that <all_urls> content_scripts does NOT cover chrome-extension scheme (Chrome match-pattern spec permits http/https/file/ftp/urn only). With no content script on the harness page, A31.2/A31.3 would pass tautologically (no events captured regardless of input type — would not empirically verify the line-82 filter "fires"). - A31 reuses the Plan 03-02 cs-injection-world pattern: probe tab on https://example.com (where the content script attaches normally) + executeScript ISOLATED-world injection so production setupInputLogging at src/content/index.ts:78 actually sees the password input event AND its line-82 filter early-returns. - A31.4 control-event check is added as defense-in-depth per T-03-03-04: proves the listener IS alive, so the absence assertions A31.2/A31.3 are not vacuously satisfied. - Plan's binding contract (sentinel absent from logs/events.json + zero events targeting password selector) preserved verbatim; only the trigger mechanism changes. FORBIDDEN_HOOK_STRINGS impact: NONE. A31 rides production setupInputLogging + line-82 filter + chrome.tabs + chrome.scripting (scripting perm already in manifest) + existing setupFreshRecording/sendMessageWithTimeout helpers. Tier-1 unchanged at 12. |
|||
| 116432a3cd |
feat(03-02): Task 2 — driveA30 + orchestrator wiring (A30 31/31 GREEN; cs-injection-world fix)
- driveA30 host-side (tests/uat/lib/harness-page-driver.ts):
- import type { UserEvent } from '../../../src/shared/types' (5-type tuple grep).
- A30_EXPECTED_TYPES = ['click','input','navigation','js_error','network_error']
(canonical CON-event-log-schema 5-tuple).
- 3-phase pattern (page.evaluate stub → findLatestZip → JSZip
logs/events.json) per Plan 02-04 driveA26 analog.
- 6 host-side checks: A30.0a (entry present) + A30.2..A30.6 (5 type
presence). Filter-pipeline form; no `continue`.
- Orchestrator wiring (tests/uat/harness.test.ts):
- driveA30 import + driveA30Wrapped const + drivers-array entry with
Plan 03-02 banner; Architecture banner updated A29 -> A29, A30.
- assertA30 architectural rewrite (deviation Rule 3 — blocking fix):
The plan's original strategy "dispatch synthetic events ON the harness
page (chrome-extension://) so the production listeners on that page
fire" was empirically wrong on two counts:
1. Chrome MV3 `<all_urls>` match-pattern (Chrome match-pattern docs)
permits schemes http/https/file/ftp/urn only — NOT
chrome-extension. The harness page has NO content script attached;
the SW SAVE_ARCHIVE handler reported "Could not establish
connection. Receiving end does not exist." when the active tab was
the harness page (verified empirically 2026-05-20T17:36:25Z trace).
2. Even if (1) had been satisfied, page.evaluate-side fetch() runs in
the MAIN world while the content-script's window.fetch wrapper at
src/content/index.ts:167 patches only the content-script's
ISOLATED-world window. Page-world fetches NEVER reach the
production network_error wrapper.
Fix: A30 now creates a fresh https://example.com probe tab via
chrome.tabs.create (mirrors A27's pattern; DEC-011 Amendment 1 `tabs`
perm; `scripting` perm already in manifest); uses
chrome.scripting.executeScript with default `world: 'ISOLATED'` to
inject all 5 triggers directly in the content-script's realm; SAVEs
while the probe tab is active (SW harvests events.json from a tab
whose content script IS attached); cleans up the probe tab in finally
(T-02-04-04 silent-ignore parity). All 5 UserEvent types now land
empirically: type counts: click=1,input=1,navigation=1,js_error=1,
network_error=1; userEvents.length=5.
- UAT 30 → 31 GREEN; vitest 171/171 preserved; Tier-1 FORBIDDEN_HOOK_STRINGS
unchanged at 12 (A30 rides production chrome.tabs + chrome.scripting +
GET_RRWEB_EVENTS round-trip — no new test-only symbols).
|
|||
| b5181012a8 |
feat(03-02): Task 1 — assertA30 page-side orchestrator (5 event triggers + SAVE)
- Add assertA30 dispatching 5 synthetic browser events on the harness page: click (#probe-submit), input (#probe-email), navigation (history.pushState #a30-probe), js_error (window.dispatchEvent ErrorEvent), network_error (fetch https://example.com/<404-path>). - Module-local timing/url constants: A30_SAVE_ARCHIVE_TIMEOUT_MS=15s, A30_SEGMENT_SETTLE_MS=11s, A30_TRIGGER_SETTLE_MS=500ms, A30_404_PROBE_URL (RFC 2606 reserved example.com). - Wire assertA30 into declare global Window.__mokoshHarness interface + window.__mokoshHarness object literal (preserves assertA29 from Plan 03-01). - Update statusEl banner A29 -> A30 and closing console.log to append "Plan 03-02: A30". - A30 rides production listeners at src/content/index.ts:60-237 + existing setupFreshRecording / sendMessageWithTimeout helpers — Tier-1 FORBIDDEN_HOOK_STRINGS inventory unchanged at 12. |
|||
| cc13f319a1 |
feat(03-01): Task 2 — assertA29 + driveA29 + orchestrator wiring (A29 30/30 GREEN)
Page-side (tests/uat/extension-page-harness.ts):
- assertA29 dispatches probe-page DOM mutation (input value + modal
toggle), settles 500ms for rrweb IncrementalSnapshot to enqueue,
setupFreshRecording, 11s segment-settle, SAVE_ARCHIVE; pushes
A29.1 SAVE ack check. Module-local constants:
A29_SAVE_ARCHIVE_TIMEOUT_MS=15s, A29_SEGMENT_SETTLE_MS=11s,
A29_MUTATION_SETTLE_MS=500ms.
- declare global interface + window.__mokoshHarness object literal
extended with assertA29 (single-method-per-assertion contract).
- statusEl + console banner updated A28 → A29 + cite Plan 03-01.
Host-side (tests/uat/lib/harness-page-driver.ts):
- Add `import { EventType } from '@rrweb/types';`.
- driveA29 — 3-phase orchestration mirroring driveA26:
Phase 1 page.evaluate harness.assertA29(); Phase 2 findLatestZip;
Phase 3 JSZip.loadAsync rrweb/session.json + EventType grep.
Appends A29.0a (rrweb/session.json present) + A29.2..A29.5
(events.length>0 + Meta + FullSnapshot + IncrementalSnapshot).
Orchestrator (tests/uat/harness.test.ts):
- driveA29 imported after driveA28.
- driveA29Wrapped const captures handles.downloadsDir.
- drivers array push A29 entry with banner citing Plan 03-01 + Pitfall 1.
- Architecture banner string updated A28 → A29.
Empirical verification (HEADLESS=1 SKIP_PROD_REBUILD=0 npm run test:uat):
- UAT harness: 30/30 GREEN (29 prior + A29 NEW).
- A29 events.length=4; event types observed: 2, 3, 4 (FullSnapshot,
IncrementalSnapshot, Meta — all three required types present).
- Pitfall 1 mitigation empirically verified — the pre-SAVE DOM
mutation produced the IncrementalSnapshot.
- vitest 171/171 GREEN preserved (full suite).
- Tier-1 FORBIDDEN_HOOK_STRINGS unit gate 13/13 GREEN (12 strings × 0
hits each) — A29 rides production rrweb wiring + GET_RRWEB_EVENTS
bridge + sendMessageWithTimeout helper; NO new __MOKOSH_UAT__
symbols.
- npx tsc --noEmit exit 0.
|
|||
| c02914df86 |
feat(03-01): Task 1 — probe HTML for A29 rrweb DOM verification (SPEC §10 #4)
- Append form (text + email + password + submit) + table (thead + 2 rows) + modal trigger + hidden modal div below existing `<pre id="status">` scaffold; preserves `<head>` block + tokens.css link untouched (A18/A21 invariant). - Modal trigger uses inline onclick to toggle style.display — rrweb records the attribute mutation, satisfying IncrementalSnapshot emission per RESEARCH Pitfall 1 (synthetic probe HTML emits Meta + FullSnapshot but NOT IncrementalSnapshot without a DOM mutation between page load and SAVE). - Per RESEARCH Pitfall 4: the rrweb-alpha.4-leaky multi-line input element (rrweb-io/rrweb#1596) is excluded; only single-line inputs. - Per UI-SPEC §"Test Fixture Conventions": data-test-* attributes only; no data-mokosh-* (production-welcome-page reserved); no tokens.css import on the probe sub-tree (head already imports the canonical tokens for A18/A21). - npm run build exit 0; all 7 acceptance grep gates GREEN. |
|||
| d0ebc807a2 |
fix(02-04): harness A27.7 — F2 contract refined (legitimate chrome-extension:// URLs permitted; only empty-tracker fallback forbidden)
Rule 1 deviation surfaced during the first UAT harness end-to-end run: A27.7 originally forbade ALL chrome-extension:// URLs in meta.urls. Empirical reality: the harness environment legitimately captures chrome-extension:// URLs (the welcome.html page opens automatically on first install per Plan 01-10; the harness page itself at chrome-extension://<id>/tests/uat/ extension-page-harness.html is a real active tab). The production tracker (src/background/tab-url-tracker.ts:79 URL_SCHEME_ALLOW) EXPLICITLY permits the chrome-extension:// scheme. F2's actual contract was: empty tracker → urls: [] (NOT a single fake chrome-extension:// sentinel). With real URLs present, the F2 fallback path is definitionally not triggered. The refined A27.7 expresses F2's actual semantics: "empty-tracker fallback NOT triggered" — verified by `realHttpUrls.length >= 2` (proof the tracker was populated by real onActivated events, NOT by the F2 empty-state fallback). This is a strict semantic improvement: the original A27.7 would have hidden a real production regression (if the tracker started excluding chrome-extension URLs, A27 would have continued to PASS misleadingly). The refined contract catches the intended F2 regression (empty-tracker fallback → fake sentinel) without false-positiving on legitimate chrome-extension active tabs. Empirical UAT verification: 29/29 GREEN with the fix in place. - A27.4 ✓ meta.urls contains https://example.com/ - A27.5 ✓ meta.urls contains https://www.iana.org/ - A27.7 ✓ F2 contract: real http(s) URLs present (length=2) - A28.* ✓ 5-entry zip-layout strict |
|||
| 20e06a6a58 |
feat(02-04): harness A26+A27(strict)+A28 — meta.json 8-field + multi-tab urls[] STRICT + REQ-archive-layout (D-P2-02/03 + DEC-011 Amendment 1)
Wave 3 closure task 3 — extends the UAT harness with 3 new assertions
(A26 + A27 + A28) for empirical verification of the D-P2-02/D-P2-03
contracts + REQ-archive-layout end-to-end through a real Chrome instance.
Page side (tests/uat/extension-page-harness.ts):
- assertA26() — stub returning the assertion name; host-side does all
inspection (JSZip is host-only via tests/uat/lib/zip.ts).
- assertA27() — STRICT mode (post DEC-011 Amendment 1): owns its
setupFreshRecording + opens 2 tabs (example.com + iana.org) +
activates each (chrome.tabs.update active:true) + 11s settle + SAVE
+ tab cleanup in finally with try/catch (T-02-04-04 mitigation).
Returns A27.1 (SAVE ack) + tabAUrl + tabBUrl for the host driver.
- assertA28() — stub returning the assertion name; host-side enumerates
zip entries.
- __mokoshHarness surface extended from 25 → 28 methods.
Host side (tests/uat/lib/harness-page-driver.ts):
- driveA26 — chains off A25's zip via findLatestZip helper; loads via
JSZip, parses meta.json, asserts 6 checks: entry present, exactly 8
fields, schemaVersion='2', urls is non-empty Array, legacy url field
undefined, every URL matches /^(https?|chrome-extension):\\/\\//.
- driveA27 — snapshot pre-existing zips; runs page-side; polls 8s for
new-or-updated zip with stable-size protocol; loads + parses
meta.json; asserts 8 STRICT checks per DEC-011 Amendment 1: SAVE ack,
meta.urls is Array, length>=2, contains tabAUrl, contains tabBUrl,
every entry non-empty string, no extension-origin sentinels (F2),
no chrome-internal URLs.
- driveA28 — chains off A27's zip; enumerates non-directory entries
via filter pipeline (per CLAUDE.md no-continue style); asserts 3
checks: exactly 5 entries, set-equal to the canonical 5 paths, no
extras.
- findLatestZip helper added for A26/A28 chaining (mtime-sort wins).
- JSZip imported at top (mirrors tests/uat/lib/zip.ts pattern).
Orchestrator (tests/uat/harness.test.ts):
- Imports driveA26/A27/A28 + wraps each with handles.downloadsDir.
- Drivers array extends from 25 → 28 (running total 29/29 with A0).
- Architecture banner updated to mention A26+A27+A28.
FORBIDDEN_HOOK_STRINGS impact: NONE. A26/A28 are host-side JSZip ops;
A27 uses chrome.tabs.create + chrome.tabs.update + chrome.tabs.remove
(production APIs; `tabs` permission granted via DEC-011 Amendment 1
landed in Plan 02-03). Tier-1 inventory stays at 12.
Verification (pre-commit):
- npx tsc --noEmit: clean.
- npm run build: exit 0; dist/ populated.
- 4 new manifest gates (Tier-1 + SW-bundle-import) verified in followup.
Closes Plan 02-04 Task 3 (Wave 3 functional contract). Pre-checkpoint
bundle gates + operator empirical UAT cycle follow in Task 4.
|
|||
| 47e9818cb1 |
feat(02-04): harness A25 — empirical <5s SAVE→zip latency (REQ-archive-export-latency, SPEC §10 #6)
Wire A25 into the UAT harness as the binding empirical gate for REQ-archive-export-latency / SPEC §10 #6 (5000ms hard ceiling end-to-end from SAVE_ARCHIVE dispatch to zip-on-disk). Architecture: - Page-side assertA25 records t0 (performance.now) + t0Wall (Date.now) + tAck bookends around the chrome.runtime.sendMessage(SAVE_ARCHIVE) call. Returns A25Result extending AssertionRecord with the 3 timing fields + ackSuccess flag. - Host-side driveA25(page, downloadsDir) snapshots zip dir BEFORE page.evaluate dispatch, polls for new-or-overwritten .zip via mtime delta (mirrors A12/A13 overwrite-aware pattern), uses page-supplied t0Wall as the host anchor for the dispatch→file-on-disk latency check (NOT a host-side Date.now captured before page.evaluate, which would include setupFreshRecording + 11s segment-settle wall time and always fail the 5s budget). [Rule 1 - Bug] Initial implementation used host-side Date.now() captured before page.evaluate as the latency anchor — this incorrectly included the 11s segment-settle window in the budget. First run observed A25.3=11188ms (FAIL). Fix: page-side captures Date.now() at the SAVE_ARCHIVE dispatch instant (AFTER setupFreshRecording + segment-settle complete) and returns it as t0Wall in A25Result; the driver uses this as the canonical host anchor. Result on re-run: A25.3=61ms (GREEN, well under 5s SLO). Documented per T-02-04-02 disposition (bracket only the SAVE dispatch, not the broader test orchestration). Files modified: - tests/uat/extension-page-harness.ts (+~115 lines): assertA25 + A25_* constants + A25Result interface - tests/uat/lib/harness-page-driver.ts (+~95 lines): driveA25 + A25_HOST_POLL_TIMEOUT_MS const + A25_LATENCY_CEILING_MS const - tests/uat/harness.test.ts (+~15 lines): import driveA25, wrap with downloadsDir, append to drivers list Verification: - HEADLESS=1 npm run test:uat → 26/26 GREEN - elapsedAck=60ms, host-side delta=61ms (both well under 5000ms SLO) - npx vitest run tests/background/no-test-hooks-in-prod-bundle.test.ts → 13/13 GREEN (Tier-1 FORBIDDEN_HOOK_STRINGS unchanged at 12) - npx tsc --noEmit → clean Plan 02-04 scope: 2/3 tasks landed (A24 + A25); Task 3 adds A26 (meta.json 8-field) + A27 (multi-tab strict) + A28 (archive-layout strict). |
|||
| 4ae73250fa |
feat(02-04): harness A24 — empirical Blob URL download verification (D-P2-01 closes P0-6)
Wire A24 into the Plan 01-13 Approach B UAT harness as the binding empirical gate for D-P2-01. A24 verifies end-to-end that SAVE_ARCHIVE → chrome.downloads. download receives a `blob:` URL prefix (NOT `data:application/zip;base64,`), closing audit P0-6 functionally. The Plan 02-02 unit tests pin the wire-format at the SW↔offscreen boundary; A24 pins it at the chrome.downloads platform boundary through a real Chrome instance. Strategy: chrome.downloads.onCreated listener captures the URL cross-realm. The plan's <action> block proposed a chrome.downloads.download monkey-patch installed in the harness page realm — but that intercepts only same-realm calls, missing the SW's call. The canonical cross-realm capture pattern is chrome.downloads.onCreated (fires for any download initiated by any extension realm, with the full DownloadItem including .url). Documented as a deviation from the plan's pseudo-code in SUMMARY.md (Rule 1 — bug fix vs the pseudo-code strategy; same A24 contract verified, correct mechanism). Files modified: - tests/uat/extension-page-harness.ts (+~150 lines): assertA24 + A24_* constants - tests/uat/lib/harness-page-driver.ts (+~30 lines): driveA24 page.evaluate wrapper - tests/uat/harness.test.ts (+~10 lines): import driveA24, append to drivers list Verification: - HEADLESS=1 npm run test:uat → 25/25 GREEN (24 baseline + A24) - capturedUrl observed: blob:chrome-extension://lpgnfoop.../... - npx vitest run → 171/171 GREEN (no regression) - Tier-1 FORBIDDEN_HOOK_STRINGS gate → 13/13 GREEN (12 strings preserved) - npx tsc --noEmit → clean Plan 02-04 scope: 1/3 tasks landed (A24); Tasks 2-3 add A25+A26+A27+A28 (latency, meta.json shape, multi-tab strict, REQ-archive-layout strict). |
|||
| 7beb69059e |
feat(02-03): tab-url-tracker — chrome.tabs.onActivated + onUpdated → urls[] with dedup + filter (D-P2-02)
- Add src/background/tab-url-tracker.ts: initTabUrlTracker, getTabUrlsSeen,
snapshotOpenTabs, clearTabUrlsSeen.
- Filter: positive-allow regex ^(https?|chrome-extension):// — INCLUDE
https + http + chrome-extension://; default-deny chrome://, about:,
devtools://, file://, blob:, data: (per CONTEXT.md `<specifics>` URL
filter clause).
- Dedup: Set membership gate + first-seen-ordered array; getTabUrlsSeen
returns a slice so callers cannot mutate internal state.
- snapshotOpenTabs: defensive chrome.tabs.query({}) enumeration for SAVE-
time augmentation (DEC-011 Amendment 1 capability). Captures tabs the
operator opened but never activated.
- Module guards: initialized flag prevents double-listener registration;
all chrome.tabs.* listener calls wrapped in defensive try/catch matching
the src/background/index.ts:bootstrap pattern.
- Tier-1 grep-gate preserved (13 entries): NO `_resetForTesting` /
`_observeForTesting` ergonomic test hooks exported (would have leaked
into production bundles per tests/background/no-test-hooks-in-prod-
bundle.test.ts). Tests drive chrome.tabs.onUpdated callbacks directly
via the chrome stub — Plan 02-01 SUMMARY anticipated this option.
[Rule 3 - Blocking] tests/background/meta-json-urls-schema.test.ts Tests 3+4
extended to wire chrome.tabs.onUpdated callbacks directly (replaces the
optional `_resetForTesting` / `_observeForTesting` skeletons). Test 5
simplified (empty-tracker assertion needs no observation seeding on a
freshly-reset module graph). Test 5 F2 contract preserved verbatim.
Verification:
- npx tsc --noEmit → clean
- npx vitest run tests/background/meta-json-urls-schema.test.ts → 3/5 GREEN
(Tests 3+4+5 the tracker-contract trio flipped; Tests 1+2 still RED as
they pin the SessionMetadata + createArchive amendment — Task 2 territory)
|
|||
| 79964e62d2 |
feat(02-02): SW — downloadArchive via offscreen-minted Blob URL + revoke lifecycle (D-P2-01 closes P0-6)
Production changes (src/background/index.ts):
- pendingDownloadUrlResolvers Map<requestId, resolver> routes DOWNLOAD_URL
responses back to the in-flight downloadArchive Promise; mirrors the
pendingBufferRequests pattern from the BUFFER round-trip so port
replacement mid-mint does not lose the response.
- pendingRevokes Map<downloadId, url> tracks (downloadId → minted blob:URL)
for the chrome.downloads.onChanged revoke dispatch.
- onConnect port message sink extended with DOWNLOAD_URL routing branch
(alongside existing PING/BUFFER routing).
- downloadArchive rewritten: encode archive via blobToBase64 → post
CREATE_DOWNLOAD_URL on videoPort → await DOWNLOAD_URL response (race
against 5s BLOB_URL_MINT_TIMEOUT_MS) → reject empty / non-blob: URLs
(T-02-02-03 mitigation) → call chrome.downloads.download → register
(downloadId, url) in pendingRevokes. NO data:URL fallback — typed
errors route through saveArchive's catch to RECORDING_ERROR.
- chrome.downloads.onChanged listener registered at module init:
on terminal state ('complete' / 'interrupted'), posts REVOKE_DOWNLOAD_URL
to videoPort and clears the pendingRevokes entry.
Deviation (Rule 3 — auto-fix blocking issue):
- Plan 02-01's test helpers in blob-url-download.test.ts +
meta-json-urls-schema.test.ts + strict-meta-json-validation.test.ts
modeled only the REQUEST_BUFFER → BUFFER round-trip, not the new
CREATE_DOWNLOAD_URL → DOWNLOAD_URL round-trip Plan 02-02 introduces.
Without the test-side mint simulation, the SW's downloadArchive
times out at the offscreen mint step → chrome.downloads.download
never called → ALL existing meta.json tests timeout.
- Each helper extended with a tryFireDownloadUrl block that decodes
the CREATE_DOWNLOAD_URL.dataBase64, mints a Node-native blob:URL via
URL.createObjectURL, captures the archive bytes for downstream
JSZip extraction (capturedArchiveBytes), and replies DOWNLOAD_URL.
Test 3 (revoke lifecycle) additionally shims port.postMessage to
call URL.revokeObjectURL on receipt of REVOKE_DOWNLOAD_URL — the
test-side equivalent of src/offscreen/recorder.ts handleCreateDownloadUrl.
- Pre-existing Plan-02-02-era TODO comments in both test files
explicitly anticipated this extension ("Plan 02-03 implementer will
likely need a different helper, e.g. spy on URL.createObjectURL").
Verification (full §verification block from plan):
- npx tsc --noEmit: clean
- npm run build: clean
- npx vitest run tests/background/blob-url-download.test.ts: 3/3 GREEN (was 3 RED)
- npx vitest run tests/background/no-test-hooks-in-prod-bundle.test.ts: 13/13 GREEN
- npm test full suite: 163 passed / 8 failed (was 159 passed / 12 failed);
net delta +4 GREEN = 3 RED→GREEN flips + 1 ffprobe-flaky pass. 8 remaining
RED are exactly the Plan 02-03 territory (5 meta-json-urls-schema + 3
strict-meta-json-validation RED tests).
- grep -c "data:application/zip;base64," src/background/index.ts: 0 (gone)
- grep -c "blob:" src/background/index.ts: 8 (new pipeline)
- grep -c "chrome.downloads.onChanged" src/background/index.ts: 5 (listener wired)
- dist/ post-build: 0 "data:application/zip;base64," matches; 1 file with
"chrome.downloads.onChanged" (the SW chunk).
|
|||
| 94e03467c6 |
test(02-01): RED — pin strict 8-field meta.json schema validation (D-P2-03)
Plan 02-01 Task 3 RED gate. Eight strict-validation tests pin D-P2-03
(strict 8-field meta.json schema) plus F2 plan-checker-iter-1
resolution (empty urls[] permitted for whole-desktop-no-tab sessions).
Tests (3 RED-today + 5 GREEN-today regression guards; ALL 8 GREEN
after Plan 02-03):
1. RED — Object.keys(meta).length === 8.
2. GREEN — timestamp matches ISO-8601 Z-suffix regex.
3. RED — urls is Array of valid URLs (empty permitted per F2).
4. GREEN — extensionVersion matches semver.
5. GREEN — totalEvents is non-negative integer.
6. GREEN — videoBufferSeconds === 30 (CON-video-window).
7. GREEN — logDurationMinutes === 10 (CON-event-log-window).
8. RED — no extra fields beyond EXPECTED_KEYS.
RED evidence (vitest 4.1.6 against current HEAD):
× Test 1: meta.json has 7 fields; D-P2-03 requires exactly 8.
Current keys: [timestamp, url, userAgent, extensionVersion,
videoBufferSeconds, logDurationMinutes, totalEvents].
× Test 3: meta.urls is not an Array. Got: undefined.
× Test 8: meta.json contains extra (unexpected) fields: ["url"].
PLANNER-RESOLVED TENSIONS (documented in file header):
- D-P2-03 'non-empty urls[]' vs CONTEXT.md permissive empty-array:
resolved in favor of the permissive clause (F2 — empty is the
canonical representation of whole-desktop-no-tab sessions).
- 8th field name 'schemaVersion': tentative planner pick to mark
the D-P2-02 url→urls breaking-change cutover.
- Plan's 'ALL 8 fail' claim vs reality: 5 of 8 already pass under
the current 7-field shape (timestamp, semver, totalEvents,
videoBufferSeconds, logDurationMinutes). These stay GREEN as
regression guards after Plan 02-03 lands.
EXPECTED_KEYS constant:
['timestamp', 'urls', 'userAgent', 'extensionVersion',
'videoBufferSeconds', 'logDurationMinutes', 'totalEvents',
'schemaVersion']
Plan 02-03 implementer MUST add `schemaVersion` (recommended value:
'2') to satisfy Tests 1 + 8 simultaneously.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 9e45d333cc |
test(02-01): RED — pin meta.json urls[] schema + dedup/filter + empty-tracker (D-P2-02 + F2)
Plan 02-01 Task 2 RED gate. Five failing tests pin D-P2-02 (meta.json
url→urls migration) and the F2 plan-checker-iter-1 resolution (empty-
tracker → urls:[], no sentinel fallback) ahead of Plan 02-03.
Tests:
1. SessionMetadata interface in src/shared/types.ts has 'urls: string[]'
and no 'url:' field. Source-text scan (typecheck disabled in
vitest.config.ts so tsc-failure pin would be a no-op).
2. createArchive emits meta.json with Array urls and no url field.
3. meta.urls deduplicates repeated URLs (first-seen-first order).
4. meta.urls filters chrome:// + about:; includes chrome-extension://.
5. Empty tracker → meta.urls === [] (NOT undefined/null/[origin]).
RED evidence (vitest 4.1.6 against current HEAD):
× Test 1: SessionMetadata interface body does not contain a
'urls: string[]' field (and still contains 'url:').
× Test 2: meta.urls is not an Array. Got: undefined.
× Tests 3+4+5: src/background/tab-url-tracker.ts does not exist —
Plan 02-03 GREEN gate. Each expect.fail emits the precise
contract for the GREEN flip (export name getTabUrlsSeen(),
dedup Set semantics, first-seen-first order, URL filter spec,
empty-array empty-tracker resolution).
Module seam (Plan 02-03 implements):
src/background/tab-url-tracker.ts
export function getTabUrlsSeen(): string[]
Fed by chrome.tabs.onUpdated + chrome.tabs.onActivated (per DEC-011
Amendment 1 'tabs' permission grant).
Baseline: 155 GREEN preserved (no regressions); this plan now has 8
NEW RED tests total (Task 1: 3 + Task 2: 5).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 748a81f100 |
test(02-01): RED — pin Blob URL download contract (D-P2-01)
Plan 02-01 Task 1 RED gate. Three failing tests pin D-P2-01
(offscreen-minted Blob URL pipeline) ahead of Plan 02-02 implementation:
1. chrome.downloads.download is called with a blob: URL and NOT a
data:application/zip;base64, URL (closes audit P0-6).
2. A 6 MB archive completes through downloadArchive in under 5 s AND
emits a blob: URL (REQ-archive-export-latency; vi-mocked
remuxSegments short-circuits the muxer for the 6 MB stress path).
3. URL.revokeObjectURL is scheduled with the minted URL after
chrome.downloads.onChanged fires 'complete' (lifecycle hygiene).
RED evidence (vitest 4.1.6 against current HEAD):
× Test 1: chrome.downloads.download was called with
url='data:application/zip;base64,UEsDBAoAAAAAAL1qtFw...'
— D-P2-01 forbids data:application/zip;base64, prefix.
× Test 2: chrome.downloads.download was called with
url='data:application/zip;base64,...' at the 6 MB scale —
D-P2-01 requires blob: prefix.
× Test 3: URL.revokeObjectURL was never called after
chrome.downloads.onChanged 'complete' fired
(chrome.downloads.onChanged._callbacks.length === 0 at probe time).
Implementation notes:
- vitest default env is 'node' (vitest.config.ts); Node 24 ships
URL.createObjectURL + URL.revokeObjectURL + performance as globals,
so no jsdom override is required.
- FileReader is NOT in Node 24; added a minimal FileReader polyfill
(delegates to Blob.arrayBuffer()) so JSZip's Blob ingestion works.
- Test 2 mocks remuxSegments via vi.doMock to bypass muxer monotonic-
timestamp constraints for the synthetic 6 MB payload.
- Tests 1 + 3 drive the SW with the canonical 3-slice raw-3ebml-concat
fixture (same byte offsets as tests/background/webm-remux.test.ts).
- T-02-01-01 mitigation: grep -c '\.skip' returns 0.
Baseline: 155 GREEN preserved (no regressions); this plan adds 3 NEW
RED tests. Plan 02-02 flips them GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 9dcfcf0793 |
fix(02): revise plans per checker (B1 + 4 flags) — add tabs permission for D-P2-02
- BLOCKER B1: add `tabs` to manifest.json permissions (DEC-011 Amendment 1 cites Phase 2 D-P2-02 meta.urls feature as justification). Honors D-P2-02 "all tabs visible" wording verbatim. Updates manifest-i18n test expected permission list lockstep. - F1: add A28 harness assertion for REQ-archive-layout strict zip-layout verification (5 entries, no extras). - F2: createArchive empty-tracker fallback removed; logs warn + sets urls:[] instead of fake [extension-origin URL]. 02-01 RED test pins empty-tracker → urls:[]. - F3: 02-02 Task 3 prose deliberation struck; typed `blob-url-mint-failed` throw is the resolved-only contract. - F4: 02-02 Task 3 verify block adds full-suite `npm test` after focused test runs. - A27 strict-mode (Plan 02-04): REQUIRES both URLs in meta.urls; FAILS on length < 2. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| d21ed17310 |
fix(01-12): brand polish — replace stale 'AI Call Recorder' refs with Mokosh (4 files)
Plan 01-12 D-07 (commit |
|||
| a2dfc8cb9b |
fix(01-09): startVideoCapture — remove stale active-tab dependency (D-01 cleanup gap)
The legacy chrome.tabs.query({ active: true, currentWindow: true }) +
"No active tab found" validation inside startVideoCapture were load-
bearing in the pre-D-01 chrome.tabCapture era but became functionally
dead after Plan 01-09's D-01 conversion to getDisplayMedia-in-offscreen.
The only post-D-01 consumer was a log line at index.ts:521.
The dead validation caused an activeTab-permission-scope asymmetry
between callers: chrome.action.onClicked grants activeTab on the click
gesture (so tab.url was readable → toolbar path worked silently) but
chrome.notifications.onClicked does NOT grant activeTab and the extension
has no `tabs` permission, so notifications.onClicked → startVideoCapture
threw "No active tab found" before reaching ensureOffscreen. Operator
2026-05-20 UAT against the new notifStartupCta CTA copy ("Mokosh ready.
Click to start a recording.", commit
|
|||
| 0854baf66c |
fix(01-10): vitest build-test it() timeout — bump to 30s for slower welcome-page build
The build-completes Tier-1 gate at tests/background/no-test-hooks-in-prod-bundle.test.ts:247 was racing vitest's default 5000ms it() ceiling. Plan 01-10 closure shipped the welcome page (commits |
|||
| d48a715da5 |
fix(01-10): welcome page mark — bundle canonical mokosh-mark.svg + replace placeholder
Plan 01-10 must_have #9 path-A swap-in (landed 2026-05-20 per debug session 01-10-welcome-page-missing-mark). Closes the planning-coverage gap where Plan 01-12 path-B (canonical tokens import) ran ahead of 01-10, leaving the welcome hero with a text placeholder 'Mokosh' inside the rec-bg circle instead of the canonical 2×2 woven-square mark from src/shared/brand/mokosh-mark.svg. Why Option B (Vite ?url import) over manual WAR (A) or inline SVG (C): - @crxjs/vite-plugin ^2.0.0-beta.25 auto-WARs transitively-reachable resources from extension pages — no manifest.json edit needed. - Vite default-inlines small SVGs (~600 bytes < 4096 byte default assetsInlineLimit) as data:image/svg+xml URLs in the welcome chunk — no extra HTTP request, no extra WAR entry. - Hashed asset fallback works automatically if the SVG grows past the inline limit in future revisions. - Existing font-bundling precedent (dist/assets/Lora-*.woff2 + IBMPlex*.woff2) proves the Vite + crxjs pipeline. Files modified: - src/welcome/welcome.ts — added markUrl import + populateMark() that walks [data-mokosh-slot='mark'] and injects an <img>. - src/welcome/welcome.html — added explanatory comment block; preserved the data-mokosh-slot wrapper for forward-compat (the placeholder span remains as the JS-fail-gracefully fallback). - src/welcome/welcome.css — added .welcome-hero__mark-img rule (60% sizing inside the existing styled circle wrapper). - src/welcome/copy.ts — added 'welcome.hero.mark.alt' COPY key (Russian per D-03 Sober voice). - globals.d.ts — added *.svg?url ambient module declaration (Vite recommended pattern; keeps tsconfig.json types: ['chrome'] clean by not requiring vite/client triple-slash directives). - tests/uat/extension-page-harness.ts — extended A17 with A17.8 sub-check verifying the canonical mark SVG is bundled into the welcome chunk (data URL OR file URL form) AND that the canonical viewBox='0 0 32 32' is preserved through bundling. Acceptance gates passed: - npx tsc --noEmit exit 0 - npm run build exit 0 - SKIP_BUILD=1 npm test → 150/150 GREEN - npm run test:uat → 24/24 GREEN including A17.8 - Tier-1 hook-string grep gate PASS (no FORBIDDEN_HOOK_STRINGS in production bundle). - Manifest valid JSON; web_accessible_resources auto-bundled. - Pre-checkpoint bundle gates 1/2/3: vendor pre-existing hits (JSZip + ts-ebml) confirmed identical pre-change via git stash baseline; not caused by this fix. Forward-looking deferred (out of scope): - Issue 2 dark-surface contrast (e.g. chrome.notifications icon128 may need a light-stroke variant). The welcome hero's rec-orange BG already provides high contrast with the dark ink stroke — this is correct design. Per the orchestrator's explicit constraint, light-variant mark for dark notification panels is deferred to Phase 5. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 4bba679e39 |
fix(01-09): notifStartup text split — notifStartupCta for onStartup; notifRecordingStarted for manual-start
Operator UAT 2026-05-20 rejected the build because the OS notification fired
on `chrome.runtime.onStartup` ("Recording started. I'm watching the last 30
seconds.") implied recording had auto-started when in fact recording was
not running. Per Phase 1 always-on charter recording does NOT auto-start;
the notification is the gesture surface that invites the operator to start
one (notifications.onClicked → startVideoCapture, src/background/index.ts:1038).
Root cause: a single i18n key `notifStartup` conflated the pre-recording
CTA-with-gesture path (the only path actually wired today) and a future
post-manual-start confirmation path. The key's own `.description` field
acknowledged the conflation. Operator-facing text leaned toward the
confirmation phrasing.
Fix (key split, no behavior change):
- `notifStartupCta` — EN: "Mokosh ready. Click to start a recording." /
RU: "Mokosh готов. Нажмите, чтобы начать запись." — wired into the
onStartup handler.
- `notifRecordingStarted` — preserves the original text ("Recording
started. I'm watching the last 30 seconds." / "Запись запущена…") for
a future post-manual-start confirmation flow.
- Fallback constant renamed `NOTIF_STARTUP_FALLBACK` →
`NOTIF_STARTUP_CTA_FALLBACK`; value updated to match the new CTA text.
- Inline test comment in tests/background/onstartup-notification.test.ts
refreshed to reference the new key + fallback. Assertion regex
/recording|recor|click/i covers both fallback + resolved locale variants,
no logic change.
Notification behavior preserved: same id prefix `mokosh-startup-`, same
priority, same icon, same onClicked → startVideoCapture wiring. No new
test-mode symbols (FORBIDDEN_HOOK_STRINGS inventory stays at 12).
Files modified:
- _locales/en/messages.json
- _locales/ru/messages.json
- src/background/index.ts
- tests/background/onstartup-notification.test.ts
Verification:
- npx vitest run --exclude tests/build/** --exclude tests/background/no-test-hooks-in-prod-bundle.test.ts: 104/104 GREEN
- npx vitest run tests/i18n/ tests/background/onstartup-notification.test.ts: 18/18 GREEN (locale-parity 4/4 + onstartup-notification 14/14)
- npx tsc --noEmit clean on src/background/index.ts
The 2 build-dependent vitest gates (tests/build/no-remote-fonts.test.ts +
tests/background/no-test-hooks-in-prod-bundle.test.ts) and npm run test:uat
are deferred to orchestrator-level re-verification after the parallel
Plan 01-10 mark-bundling fix also lands (operator-UAT re-spawn coordinated
by orchestrator).
Debug record: .planning/debug/resolved/01-09-startup-notification-misleading-text.md
Operator UAT rejection event: 2026-05-20
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| b112cb7861 |
test(01-10): wave-3 task-4 — harness A15+A16+A17 (onboarding flag observability + no-re-open settle + design-swap-readiness with @import probe); 24/24 GREEN
Plan 01-10 Wave 3: extends the UAT harness with three new page-side
assertions covering the onboarding contract + the canonical-tokens
design-swap-readiness invariant. UAT baseline 21 → 24 GREEN.
tests/uat/extension-page-harness.ts (page-side):
- assertA15 — chrome.storage.local 'onboarding-completed' === true +
'installed-at' is number. Verifies SW's openWelcomeIfFirstInstall
side-effects.
- assertA16 — 2s settle window; chrome.tabs.query welcome-tab count
delta === 0. Verifies flag-gating across SW respawns.
- assertA17 — 7 sub-checks covering: welcome.html parse + .welcome-hero
+ >=7 mokosh-keyed attrs + welcome.css canonical @import literal OR
inlined --mks-* evidence + (zero hex OR canonical resolved) + >=5
var(--mks-*) refs + bundled JS preserves populate plumbing +
getComputedStyle --mks-rec → rgb(178, 84, 61) (canonical D-04 Loom).
- window.__mokoshHarness surface extended with the three new methods;
type declaration + assignment + page-ready status text updated.
tests/uat/lib/harness-page-driver.ts (host-side):
- driveA15, driveA16, driveA17 — standard page.evaluate wrappers
matching driveA14 / driveA18..A22 idiom. driveA16 dominates the
new wall-clock budget (~2.1s for the settle window).
tests/uat/harness.test.ts (orchestrator):
- Drivers array interleaves A15/A16/A17 AFTER A14 + BEFORE A18.
A22's skip-gate no longer triggers (Plan 01-10 lands welcome.html;
A22 now exercises the substantive token-usage path).
- FORBIDDEN_HOOK_STRINGS unchanged at 12 entries (A15-A17 use only
chrome.tabs.query / chrome.storage.local.get / fetch / DOMParser /
getComputedStyle — all production-API surfaces).
DEVIATION (Rule 1 — auto-fix bug in plan-supplied check):
The plan's A17.6 spec used literal substring checks 'COPY[' and
'chrome.i18n.getMessage(' which fail against minified production
output. Vite/Rollup terser renames `COPY` → `f` (local variable
mangling) and welcome.ts's source uses optional chaining
`chrome?.i18n?.getMessage?.(` which doesn't match the verbatim
literal. Replaced with two minification-survivable witnesses:
1. 'welcome.page.title' — literal Object.freeze key (terser
preserves object-literal keys verbatim).
2. 'i18n' + 'getMessage' + 'welcomeHero' substring conjunction —
chrome global + property access + fallback key literal; all
three survive minification regardless of optional-chaining
insertion or rename.
Both witnesses prove the populate plumbing survives the build (the
ground-truth contract A17.6 enforces). The relaxed contract is
semantically equivalent — neither substring is load-bearing on its
own; both witness the same underlying invariant.
Verify (all GREEN):
- npm run test:uat: 24/24 assertions passed (A0 grep gate + A1..A14
+ A15..A17 + A18..A22 + A23).
- npx tsc --noEmit: clean.
- npm run build:test: clean; dist-test/assets/welcome-wB0e_R_n.js
bundled; harness page bundle includes new asserts.
- SKIP_BUILD=1 npx vitest run tests/background/no-test-hooks-in-prod-bundle.test.ts:
13/13 GREEN (Tier-1 grep gate; FORBIDDEN_HOOK_STRINGS at 12).
- Full vitest baseline preserved: 137 ex-grep-gate + 13 grep-gate
= 150 GREEN (Plan 01-10 target).
A17.7 canonical proof: getComputedStyle.color = 'rgb(178, 84, 61)' —
the @import '../shared/tokens.css' directive resolves through to the
canonical D-04 Loom palette --mks-madder-600 = #b2543d at runtime, as
the empirical proof Plan 01-12 must_have #9 path-B contract demands.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 89e1e09d60 |
test(01-10): wave-0 task-1 — RED onboarding tests (3 tests pin install/update/flag + storage-key)
Three tests in tests/background/onboarding.test.ts pinning the
Plan 01-10 D-17-onboarding contract:
Test A (RED): first install + empty storage opens exactly ONE welcome
tab whose URL contains 'src/welcome/welcome.html', sets
chrome.storage.local.set({'onboarding-completed':true,
'installed-at':<number>}), AND calls chrome.storage.local.get with
EXACT key 'onboarding-completed' (storage-schema cross-version-compat
pin; preserves I-02 lesson from prior draft).
Test B (vacuous-GREEN, becomes load-bearing post-Task-3): reason='update'
→ chrome.tabs.create NOT called.
Test C (vacuous-GREEN, becomes load-bearing post-Task-3): flag already
true → chrome.tabs.create NOT called.
Tests B and C pass vacuously until Task 3 lands openWelcomeIfFirstInstall;
they remain load-bearing AFTER Task 3 as no-tab-open guards for the
update/already-onboarded branches. Test A flips RED → GREEN at Task 3.
Stub scaffold inherits buildBgStub from onstartup-notification.test.ts;
extended with chrome.tabs.create + chrome.storage.local.{get,set} +
chrome.runtime.onInstalled._callbacks (addListener.mockImplementation
pattern to capture the SW's registered listener).
DEVIATION NOTE: plan's <verify> expected `3 failed` but only Test A
(positive contract) goes RED pre-Task-3; Tests B+C are negative-path
guards that pass trivially when the helper is absent. This is standard
TDD (positive test fails RED; negative tests stay GREEN through GREEN→
REFACTOR). No code change needed — Task 3's GREEN gate is "all 3 GREEN".
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| b909c374cc |
feat(01-12): wave-6 task-1 — harness A18-A22 (font reachability + icon-distinct + manifest-i18n + Lora-resolved + welcome-tokens)
UAT harness extended with 5 new page-side assertions following the 01-13 Approach B pattern (page-side assertA* + host-side driveA* wrapper + harness.test.ts orchestrator entry): A18 — Lora WOFF2 reachable from harness page (font self-host MV3 CSP invariant). Walks document.styleSheets for the first @font-face rule referencing Lora, resolves the rebased asset URL (handles Vite's content-hashing), fetches, asserts byteLength >= 40_000 (subset Lora is ~49 KB) + WOFF2 signature 'wOF2'. 4 checks. A19 — icons rasterized from Loom mark (not Bug A placeholders). Fetches icon128.png, parses IHDR bytes 24-25 (bit-depth + color-type), asserts (8, 6) RGBA vs the placeholder (16, 2) RGB. 2 checks. A20 — manifest:name resolves via chrome i18n. Reads chrome.runtime.getManifest().name; asserts it matches EN extName 'Mokosh — Session Capture' OR RU 'Mokosh — Запись сессии' (robust to whatever locale Chrome uses); explicitly checks no __MSG_ placeholder leaks. 2 checks. A21 — --mks-font-display resolves to Lora stack. Creates transient .mks-display-1 probe div, reads getComputedStyle.fontFamily, asserts the stack starts with 'Lora' or '"Lora"' (accommodates both quoted + unquoted forms across Chrome versions); explicitly checks no Newsreader leak (R2 substitution complete). 2 checks. A22 — welcome page tokens.css adoption (CONDITIONAL on Plan 01-10). Skip-gate on missing welcome.html: catches both HTTP 404 AND network-layer fetch failure (Chrome extensions throw TypeError 'Failed to fetch' for non-web_accessible_resources paths). On reachable: extracts <link rel=stylesheet> hrefs, fetches each, asserts >= 3 var(--mks-*) usages OR tokens.css reference. 1 check. Companion changes: - tests/uat/extension-page-harness.html gains `<link rel="stylesheet" href="../../src/shared/tokens.css">` so A18 + A21 have the @font-face rules + .mks-display-1 class + CSS custom properties resolvable via document.styleSheets + getComputedStyle. Vite's crxjs plugin handles the asset path rebasing at build:test time. - tests/uat/lib/harness-page-driver.ts: driveA18..driveA22 wrappers following the established driveA8 pattern (page.evaluate → window. __mokoshHarness.assertXX). No new host-side fs/ffprobe primitives; all A18-A22 work is page-side. - tests/uat/harness.test.ts: orchestrator drivers list extended with A18-A22 between A14 and A23. FORBIDDEN_HOOK_STRINGS UNCHANGED at 12 entries post-Plan-01-14 (A18-A22 use production chrome.* + fetch + getComputedStyle exclusively; no new test-mode symbols). Verification (this commit): - npm run test:uat: 21/21 GREEN (was 16/16 post-01-14) - SKIP_BUILD=1 npm test: 147/147 GREEN - Tier-1 grep gate: 13/13 GREEN (no FORBIDDEN_HOOK_STRINGS growth) - npx tsc --noEmit: clean - npm run build + npm run build:test: both succeed The chain of A1..A14 + A18..A22 + A23 runs in ~95 seconds end-to-end under Puppeteer headless mode against the bundled Chrome at ~/.cache/puppeteer/chrome/linux-148.0.7778.167. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| 468f16d7e7 |
feat(01-12): wave-4 task-1 — adopt tokens.css + chrome.i18n.getMessage in src/popup/ + src/background/ (loom palette + RU i18n + en fallback)
src/popup/style.css:
- Adds @import "../shared/tokens.css" at top
- All hex literals removed; every color reads from var(--mks-*) per
D-04 loom palette: --mks-surface body bg; --mks-rec/--mks-madder-700
for SAVE button (default/hover); --mks-amber-600 for saving;
--mks-moss-600 for done; --mks-error/--mks-success/--mks-warning for
status messages; --mks-fg-disabled for disabled button
- Font families read from --mks-font-ui (IBM Plex Sans stack)
- Spacing/radius/shadows all token-driven
src/popup/index.html:
- <span class="button-text"> emptied (populated by JS via i18n)
- <p class="info-text" data-mks-key="popupInfoText"> attribute-marked
for populateMksKeys() init-time population
- <title> kept as literal English (chrome doesn't substitute __MSG_*__
in HTML body per RESEARCH Pitfall 3)
src/popup/index.ts:
- New `i18n(key, fallback)` helper: chrome.i18n.getMessage with explicit
`|| <fallback>` for unit-test contexts without chrome.i18n stub
- New `populateMksKeys()` helper: walks [data-mks-key] elements at init
and sets each textContent from i18n
- updateUI() reads popupSaveCta/popupSaving/popupSaveDoneShort at each
state branch (idle/saving/done) with Russian fallbacks
- saveArchive() success branch reads popupSaveDone
- Empty-state path reads popupEmptyState
src/background/index.ts:
- BADGE_REC_COLOR: '#00C853' → '#b2543d' (= --mks-madder-600 per D-04;
RESEARCH §10 Open Question A7 default-action)
- BADGE_OFF_COLOR + BADGE_ERROR_COLOR retained as engineering choices
(no loom-palette token for material-red/amber-700 equivalents)
- BADGE_REC_TITLE/BADGE_OFF_TITLE/BADGE_ERROR_TITLE renamed to
..._FALLBACK and only referenced at the chrome.i18n.getMessage call
sites inside setBadgeState (i18nMessage('tooltipRecPrefix' etc.))
- New `i18nMessage(key, fallback)` helper mirroring popup's i18n()
- Recovery notification: title=i18nMessage('extName',...); message=
i18nMessage('notifRecovery',...)
- Startup notification: title=i18nMessage('extName',...); message=
i18nMessage('notifStartup',...)
- NOTIF_EXTNAME_FALLBACK/NOTIF_STARTUP_FALLBACK/NOTIF_RECOVERY_FALLBACK
module-level constants for the |||| chain (degrade gracefully in
test contexts without chrome.i18n stub)
- NO `await import(...)` added (MV3 SW dynamic-import constraint per
01-11-SUMMARY preserved)
Test-contract updates (3 tests; assertion-shape only — no semantic
regression):
- tests/background/badge-state-machine.test.ts: greenCalls→recColorCalls
regex updated from /^#00[Cc]853$/ to /^#b2543d$/i lockstep with
BADGE_REC_COLOR change; title-substring assertion widened to
/Recording|recording/i to cover both EN locale + fallback
- tests/background/onstartup-notification.test.ts: title equality
('Mokosh ready') replaced with /Mokosh/i substring assertion
(survives both the 'Mokosh' fallback + 'Mokosh — Session Capture'
resolved EN); message regex widened to /recording|recor|click/i
- tests/background/toolbar-action.test.ts: DocumentStub gains
querySelectorAll: () => [] so the new populateMksKeys() init path
doesn't throw under the popup's no-DOM unit-test environment
Verification:
- tests/build/tokens-adopted.test.ts: 4/4 GREEN (was 2 RED + 2 GREEN)
- tests/build/no-remote-fonts.test.ts: 4/4 GREEN after fresh build
(Vite emits the WOFF2 files as content-hashed dist/assets/*.woff2;
tokens.css references resolve through the asset pipeline; no
remote-font URLs anywhere in dist/)
- Full vitest sweep: 147/147 GREEN (was 145/147)
- npx tsc --noEmit: clean
- Tier-1 grep gate: 13/13 GREEN (no new test-mode symbols)
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 34a9ce10d4 |
test(01-12): wave-0 — scaffold RED unit tests (tokens / fonts / icons / no-remote-fonts / manifest-i18n / locale-parity)
Wave 0 of the design-integration plan. Six new test files at tests/build/ and tests/i18n/ pin the contracts that later waves will GREEN: - tokens-adopted.test.ts (4 cases): src/shared/tokens.css exists + parses; src/popup/style.css @imports it; popup/style.css has zero hex literals; welcome.css conditional check. - fonts-present.test.ts: 7 required WOFF2 faces (Lora normal + Plex Sans ×4 + Plex Mono ×2) + LICENSE-Lora + LICENSE-IBM-Plex + README + optional Lora-Italic (A5 verify-at-execute). - icons-present.test.ts (15 cases across 3 sizes): existence, size FLOOR per assets-spec.md, PNG signature, dimensions, color-type byte === 6 (RGBA — RED until Wave 2 rsvg-convert overwrites the 16-bit-RGB placeholders). - no-remote-fonts.test.ts: production dist/ contains zero fonts.googleapis.com / https://fonts / googleapis substrings (MV3 CSP self-host invariant T-01-12-01). - manifest-i18n.test.ts (10 cases): manifest:name === '__MSG_extName__', :description === '__MSG_extDesc__', :default_locale === 'en', :action.default_title === '__MSG_tooltipOff__'; _locales/{en,ru}/ messages.json carry D-07 + D-08 canonical strings. - locale-parity.test.ts (4 cases): ru→en parity, en→ru symmetric, non-empty .message strings (RESEARCH Pitfall 4 mitigation). Current polarity: 29 RED + 18 GREEN across the 6 new files (placeholders already clear dim+size floors; no-remote-fonts vacuous-GREEN since tokens.css doesn't yet exist with remote URLs). Existing 100/100 vitest baseline preserved (verified SKIP_BUILD=1 npx vitest run). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
|||
| b467123578 |
feat(01-14): monitorTypeSurfaces:'include' — narrow picker to monitor surfaces only
[per Plan 01-14; closes B-01-14-01 via Step 1b lockstep]
- src/offscreen/recorder.ts: add monitorTypeSurfaces:'include' as top-level
DisplayMediaStreamOptions sibling of video: (W3C Screen Capture spec §6.1;
Chrome >= 119; removes tab/window panes from the operator's picker per
Plan 01-10 RESEARCH §5 + §Pitfall-5 recommendation). Typed widening cast
extended in lockstep to keep the explicit-typing contract (no `as any`).
D-15 post-grant validation block at recorder.ts:294 UNCHANGED — belt
(picker narrowing) + suspenders (post-grant tear-down) chain preserved.
- tests/offscreen/display-surface-constraint.test.ts: lockstep update of
the strict-deep-equality assertion at lines 223-226 with the same key
ordering as the source change (video -> monitorTypeSurfaces -> audio).
toHaveBeenCalledWith contract preserved (NO expect.objectContaining —
the test author's "catches future drops of ANY field" discipline is
honored). This edit + the source change land in the SAME commit so the
98/98 baseline never crosses a commit boundary in RED state.
- src/test-hooks/offscreen-hooks.ts: capture last constraints object in
module-scoped `lastGetDisplayMediaConstraints` cell (was `_constraints`
received-but-unused; renamed to `constraints`); add `get-last-getDisplayMedia-constraints`
bridge op to the __mokoshOffscreenQuery dispatcher between
get-display-surface and get-segment-count. Defensive try/catch mirrors
the existing dispatcher pattern; the cell is module-internal so the
MokoshTestSurface cross-cast in types.ts requires NO change (decision
documented inline in offscreen-hooks.ts).
- tests/uat/extension-page-harness.ts: add `assertA23` mirroring `assertA3`
(bridge query → 2-check AssertionResult: non-null constraints + value).
Extend the `Window.__mokoshHarness` declaration + runtime export + status
bar text + console.log to reference A23.
- tests/uat/lib/harness-page-driver.ts: export `driveA23(page)` mirroring
the `driveA14` page.evaluate wrapper shape. Standard read-only driver.
- tests/uat/harness.test.ts: extend FORBIDDEN_HOOK_STRINGS (line 85) with
`lastGetDisplayMediaConstraints` and `get-last-getDisplayMedia-constraints`.
Import driveA23. Append `{ name: 'A23', drive: driveA23 }` to the drivers
array after the A14 entry. Update header comment + orchestrator stdout
to reflect A14 + A23 chain. The `Total = drivers.length + 1` arithmetic
adapts automatically: 14 + 1 = 15 → 15 + 1 = 16.
- tests/background/no-test-hooks-in-prod-bundle.test.ts: lockstep
extension of FORBIDDEN_HOOK_STRINGS (line 105) with the same 2 strings.
Header comment updated to "Total: 12 surface strings." (was 10).
Confirms production `dist/` has ZERO occurrences after `npm run build`
via the `__MOKOSH_UAT__` dead-branch tree-shake (T-01-14-04 mitigation).
D-01 (whole-desktop only via getDisplayMedia; reject window/tab surfaces) is
the design intent that monitorTypeSurfaces:'include' realizes at the picker-
UI level. D-15 post-grant validation (recorder.ts:294-307) remains the
actual enforcement against managed-policy/DevTools/older-Chrome overrides.
Verification chain (per Plan 01-14 §verify; clean post-commit):
- `npx tsc --noEmit` exit 0
- `npm run build` exit 0; dist/ produced, monitorTypeSurfaces ships in
the offscreen chunk as the operator-facing picker hint
- `npm run build:test` exit 0; dist-test/ produced with the harness
hooks intact (gated)
- `npm test` 100/100 GREEN (was 98/98; +2 via the 2 new FORBIDDEN_HOOK_STRINGS
parametrized tests — both PASS, production bundle hook-free)
- `npm run test:uat` 16/16 GREEN (15 → 16 via A23). A23 reads constraints
`{video: {...}, monitorTypeSurfaces: 'include', audio: false}` from the
fakeGetDisplayMedia capture cell — round-trips through the full call site.
- Production bundle spot-check:
`grep -rc 'lastGetDisplayMediaConstraints\|get-last-getDisplayMedia-constraints' dist/ | grep -v ':0$'`
→ empty (all `:0` filtered) → ZERO leakage.
References:
- W3C Screen Capture §6.1 DisplayMediaStreamOptions:
https://www.w3.org/TR/screen-capture/#dom-displaymediastreamoptions-monitortypesurfaces
- Chrome screen-sharing-controls (Chrome 119+):
https://developer.chrome.com/docs/web-platform/screen-sharing-controls
- Plan 01-10 RESEARCH §5 + §Pitfall-5 (recommendation provenance):
.planning/phases/01-stabilize-video-pipeline/01-10-RESEARCH.md
- Architectural-note (replaces retired AMENDMENT-A.md improvisation per
01-11-SUMMARY): canonical GSD ceremony — plan → checker (B-01-14-01)
→ executor → SUMMARY (this commit).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 1baaf45702 |
feat(01-13-A14-invert): A14 — invert to assert continuous-recording post-SAVE
Plan 01-09 Amendment 3 (2026-05-19) end-to-end lock. Inverted A14 to
match the reversed charter (SAVE creates zip, recording continues).
Page-side (tests/uat/extension-page-harness.ts):
- assertA14: assert badge==='REC' (was ''), popup endsWith
'src/popup/index.html' (was ''), no-new-recovery-notif (unchanged).
- A14 name + check labels updated to reflect continuous-recording semantic.
- New constant A14_POPUP_HTML_SUFFIX for the popup endsWith check
(ext-id-agnostic via suffix match).
- A13 docstring + diag strings refreshed: setupFreshRecording is now
defensive (orthogonal to A12 ordering) rather than a workaround for
the prior auto-stop. 11s settle preserved (same wall-clock cost).
Host-side (tests/uat/lib/harness-page-driver.ts):
- driveA14 docstring refreshed to mention Amendment 3 + the inverted
contract; mechanical wrapper unchanged.
Verification:
- npm run test:uat: 15/15 GREEN
- A14 actual output:
badge='REC'
popup='chrome-extension://<ext-id>/src/popup/index.html'
recoveryDelta=0
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 6ac23fdbd8 |
test(01-09-no-stop): RED — invert save-archive contract to lock always-on charter
Per operator UX iteration (2026-05-19), the Amendment 2 save-stops-recording
fix (commits cd83eb0+4f4c3e2+2b6c24b+89f3337) is REVERSED. SAVE_ARCHIVE
creates a new zip but does NOT stop the recorder — matches SPEC's
continuous-capture / always-on safety-net framing.
This commit renames the test file via `git mv` (history preserved) and
inverts tests A..C to assert the new contract:
- A: no NEW setBadgeText({text:''}) call (badge stays REC)
- B: no setPopup({popup:''}) call (popup stays pinned to popup.html)
- C: no STOP_RECORDING dispatch via chrome.runtime.sendMessage
Test D (no recovery notification) preserved unchanged as regression guard.
RED expected — src/background/index.ts still has the Amendment 2
`finally` block dispatching STOP_RECORDING + setIdleMode. Next commit
removes that block to drive GREEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 2b6c24b2d9 |
feat(01-13): A14 — post-SAVE state check (badge='', popup='', no new recovery notif)
Plan 01-13 Task 9 closure for operator empirical UAT bug
.planning/debug/01-09-save-stops-recording.md. Adds the harness
assertion that empirically verifies the SAVE-auto-stops-recording fix
(committed at
|
|||
| cd83eb0498 |
test(01-09-save-stops): RED — SAVE_ARCHIVE triggers STOP_RECORDING + setIdleMode + no recovery notif
Plan 01-13 Task 9 operator UAT closure. Operator 2026-05-19 empirical
session: SAVE click downloaded zip but recording stayed live (badge=REC,
sharing banner persisted, subsequent toolbar press re-opened SAVE-only
popup). Operator pressed 4×, got 2 zips + confusion.
Root cause: src/background/index.ts saveArchive() returns success after
chrome.downloads.download without signaling offscreen to stop or
transitioning the SW state machine — SPEC `Тз расширение фаза1.md`
"one click MUST produce a self-contained archive" was over-extended to
"always-on" framing by the implementation.
Fix contract (RED today; GREEN after src/background/index.ts patch):
A: setBadgeText({text:''}) called post-save (setIdleMode side effect)
B: setPopup({popup:''}) called post-save (re-enables chrome.action.onClicked
restart path per MV3 contract)
C: chrome.runtime.sendMessage({type:'STOP_RECORDING'}) dispatched
(offscreen recorder.ts:848 STOP_RECORDING case already wired —
no offscreen-side change needed)
D: NO mokosh-recovery-* notification fires (deliberate stop ≠ error;
mirrors Bug B `user-stopped-sharing` suppression branch from
.planning/debug/resolved/01-09-recovery-flow.md)
Tests A/B/C RED (assertion errors `expected 0 >= 1`); Test D GREEN today
as the regression guard against fix over-rotating to setErrorMode.
Test architecture mirrors tests/background/request-id-protocol.test.ts:
synthetic BUFFER response delivered via port.onMessage listeners to drive
saveArchive's request-id'd buffer fetch to completion. Empty-segments
BUFFER causes createArchive → EmptyVideoBufferError → catch branch; the
fix's STOP+IDLE dispatch MUST happen on both success and empty-buffer
paths (operator UI contract: SAVE click = stop, success or empty alike).
Debug record: .planning/debug/01-09-save-stops-recording.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| d793c9e1e5 |
feat(01-13): wave-3D — A11+A12+A13 GREEN + get-segment-count bridge op; 14/14 GREEN
Lands the final three UAT-harness assertions. All 14 assertions (A0..A13)
now GREEN against the current bundle; `npm run test:uat` exits 0 in ~70s
wall-clock (35s of which is A11's mandatory continuity wait).
Assertions wired:
- A11 — 35s buffer continuity → segments.length >= 3. Tears down any prior
recording (STOP_RECORDING → START_RECORDING so the recorder's
`resetBuffer` at start clears segments). Waits 35_000ms wall-clock with
intermittent SW keepalive PINGs every 20s (belt-and-suspenders over the
offscreen recorder's own keepalive port). Queries the new
`get-segment-count` bridge op. Asserts count >= 3 (per D-13:
SEGMENT_DURATION_MS=10s × MAX_SEGMENTS=3).
- A12 — SAVE_ARCHIVE produces zip; webm passes ffprobe. Page side
dispatches SAVE_ARCHIVE (recording from A11 still alive). Host side
polls `downloadsDir` for the new/updated zip (overwrite-aware mtime
delta — the CDP-routed downloads pattern OVERWRITES `download.zip`
rather than numbering it, empirically verified during initial RED).
Extracts `video/last_30sec.webm` via JSZip to a tmpfile. Runs
`/usr/bin/ffprobe -v error -f matroska <path>`; asserts exit 0 + clean
stderr. Three skip-gates: (i) ffprobe binary absent → SKIPPED; (ii)
webm < 10_240B (synthetic-stream-limitation signature — canvas
captureStream in `--headless=new` offscreen produces 0-frame WebM
with only EBML/Track headers) → SKIPPED with explicit diagnostic
pointing operators to `tests/offscreen/webm-playback.test.ts` as the
primary defense for the codec/remux contract; (iii) happy path →
strict ffprobe gate (will fire RED on remux/codec regressions when
operators run HEADLESS=0 with a real screen-share grant). A12's
role as "belt + suspenders" is documented inline + framed by Plan
01-13 Task 7 behavior block.
- A13 — Zip structure + meta.json shape. Second SAVE_ARCHIVE (verifies
idempotency over A12's first save). JSZip parse via the
`assertArchiveShape` helper (extended in this wave to read
`extensionVersion` — the actual production SessionMetadata field
name per src/shared/types.ts:103, vs. the earlier 01-11 prototype's
incorrect `version` assumption). Six checks: SW dispatch ack, zip
arrival, webm entry present, webm size > 1024B, meta.json entry
present, meta.json.extensionVersion matches
chrome.runtime.getManifest().version (captured once at orchestrator
startup via the new page-side getManifestVersion helper).
Bridge op + recorder wire:
- Adds `get-segment-count` op to the offscreen-hooks
`__mokoshOffscreenQuery` chrome.runtime.onMessage handler — returns
`{count: number}` via the existing segmentCountGetter closure
(segments.length captured at recorder.ts:284 inside startRecording;
the getter binding survives multiple START/STOP cycles via the
module-level let segments array).
- Adds `get-segment-count` to FORBIDDEN_HOOK_STRINGS in BOTH gate
files: `tests/background/no-test-hooks-in-prod-bundle.test.ts`
(Tier-1 unit gate; 9 → 10 entries; vitest 93 → 94 GREEN) and
`tests/uat/harness.test.ts:assertA0_GrepGate` (UAT-level mirror).
Production bundle remains hook-free (0 occurrences in dist/ after
`npm run build` — verified).
Harness surface:
- `tests/uat/extension-page-harness.ts` extends `window.__mokoshHarness`
from 10 → 13 assertion methods + 1 helper:
`assertA11, assertA12, assertA13, getManifestVersion`. Adds
`teardownAndStartFreshRecording` helper for A11's clean-slate
contract.
- `tests/uat/lib/harness-page-driver.ts` retires the Wave-3 stub
marker (no more NYI throws). Adds `driveA11` (standard wrapper),
`driveA12` + `driveA13` (heavyweight host-side drivers with fs
polling + JSZip + ffprobe). Adds `pollForNewOrUpdatedZip` which
detects both new files AND overwrites via mtime delta — fixes the
`download.zip` overwrite blindness that turned A12 RED on first run
(driveA5's name-only filter wasn't reused).
- `tests/uat/lib/zip.ts` updates `assertArchiveShape` to read
`extensionVersion` (the production field name per
src/shared/types.ts:103); adds the A13_MIN_VIDEO_BYTES=1024 floor
constant.
- `tests/uat/harness.test.ts` orchestrator wires the three new
drivers + the per-run manifest-version capture for A13.
Baseline:
- `npx tsc --noEmit`: exit 0.
- `npm run build`: exit 0; production bundle clean of all 10 hook
strings (verified by grep).
- `npm run build:test`: exit 0; test bundle ships `get-segment-count`.
- `npx vitest run`: 94/94 GREEN (was 93; +1 from the new gate string).
- `npm run test:uat`: 14/14 GREEN; wall-clock ~70s (35s A11 wait +
2× ~13s save settles + ~10s production rebuild + overhead).
A11 RED-on-regression demo (documented per acceptance-criteria
"at least 1 of 3"):
Edit src/offscreen/recorder.ts:52: `SEGMENT_DURATION_MS = 10_000`
→ `SEGMENT_DURATION_MS = 30_000`. Rebuild dist-test. Re-run UAT.
A11 FAILS (only 1 segment rotates in 35s, vs floor of 3). Revert
the edit; A11 PASSES. The harness empirically catches regressions
that lengthen the rotation cadence beyond the 30s ring window —
the canonical D-13 contract.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| b665919c5f |
feat(01-13): wave-3C — A8+A9+A10 GREEN + Bug A canonical regression rewind
Plan 01-13 Task 6 (Wave 3C). Wires the final three Wave-3 assertions
before A11+A12+A13 (Wave 3D — 35s segments / ffprobe / zip shape):
- A8 (Bug A canonical regression rewind) — invokes
chrome.notifications.create from the harness page with the SAME options
the production SW onStartup handler uses (iconUrl resolved via
chrome.runtime.getURL('icons/icon128.png')). Exercises Chrome's
imageUtil icon validation — the exact code path Bug A regressed on
(
|
|||
| 6a77967b6c |
feat(01-13): wave-3B — A5+A6+A7 GREEN + Bug B canonical regression rewind
Wave 3B lands the A5 (SAVE_ARCHIVE → zip on disk) and A7 (genuine
RECORDING_ERROR → ERR + recovery notification) assertions, completing
8/14 of the orchestrator's GREEN floor (A0+A1+A2+A3+A4+A5+A6+A7).
Bails at A8 (Wave 3C scope).
Changes per file:
tests/uat/extension-page-harness.ts
- assertA5: 11s settle (>= SEGMENT_DURATION_MS so first rotation
lands a segment) + send SAVE_ARCHIVE + assert resp.success=true.
Page-side only checks SW handler ack; host-side driver verifies
disk-side outcome (zip presence + size floor).
- assertA7: setupFreshRecording helper (A6 tears down; A7 needs
REC state) → snapshot notif count → send RECORDING_ERROR with
a non-Bug-B error code ('codec-unsupported') → 200ms settle →
assert badge='ERR' + popup endsWith popup.html + notif delta=1
+ set-membership for 'mokosh-recovery-*' prefix.
- setupFreshRecording: shared helper for A7 + future assertions
that need a fresh REC state after a teardown.
tests/uat/lib/harness-page-driver.ts
- driveA5: page.evaluate(assertA5) THEN host-side fs polling for
*.zip in handles.downloadsDir. The CDP Browser.setDownloadBehavior
override renames the file to download.zip (data: URL filename
gap), so we accept any *.zip suffix. Merges page-side check +
host-side checks into a single AssertionRecord. Signature now
takes downloadsDir as a second arg.
- driveA7: standard page.evaluate wrapper (no host-side work).
tests/uat/harness.test.ts
- Wraps driveA5 in a closure that captures handles.downloadsDir.
- Reordered: launchHarnessBrowser MUST run before driver list so
the closure can read handles without a TDZ trap.
tests/uat/lib/launch.ts
- Victim page switched from about:blank to a file:// URL backed by
a tmp HTML file in downloadsDir. About:blank breaks A5 because
chrome.tabs.captureVisibleTab needs <all_urls> permission which
matches http/https/file/ftp but NOT about: or data: URLs. The
stub HTML satisfies <all_urls> + provides a real .url for the
production saveArchive's chrome.tabs.query.
src/test-hooks/offscreen-hooks.ts (test-only — tree-shaken from prod)
- installFakeDisplayMedia: mintStream() helper called per
fakeGetDisplayMedia invocation; each call mints a FRESH
MediaStream from the persistent canvas. Real getDisplayMedia
returns a new stream per call — fake now matches. Required for
A7's setupFreshRecording where the previous recording's stream
tracks were stopped by A6's onUserStoppedSharing teardown.
- Added 33ms setInterval-driven drawFrame() alongside the
existing requestAnimationFrame loop. RAF can throttle in
headless Chrome on offscreen documents (page-visibility
heuristics produce 0 fps), which yields zero-byte
MediaRecorder segments that crash ts-ebml's VINT decode in
webm-remux.extractFramesFromSegment with "Unrepresentable
length: Infinity". The setInterval is redundant when RAF fires
at full rate; it's a safety net for the headless-MV3 corner.
Bug B regression-catch demo (success_criteria #3 — MANDATORY per plan):
Step 1 — apply local regression patch (NOT committed):
src/background/index.ts:792 setIdleMode() → setErrorMode()
Step 2 — npm run build:test && npm run test:uat RED snippet:
A6 — BUG B canonical: user-stopped-sharing routes via setIdleMode: FAIL
[PASS] SETUP: badge becomes REC after start
[FAIL] A6.1: badge text is '' (NOT 'ERR') after user-stop
expected: ""
actual: "ERR"
[FAIL] A6.2: popup is '' (NOT manifest default) after user-stop
expected: ""
actual: "chrome-extension://<id>/src/popup/index.html"
[PASS] A6.3: NO recovery notification fired (count delta === 0)
[PASS] A6.4: isRecording=false (via badge proxy)
UAT harness: 6/14 assertions passed (bailed: A6 failed; see above)
Step 3 — revert local patch (git checkout -- src/background/index.ts).
Step 4 — npm run build:test && npm run test:uat GREEN snippet:
A6 — BUG B canonical: user-stopped-sharing routes via setIdleMode: PASS
[PASS] SETUP: badge becomes REC after start
[PASS] A6.1: badge text is '' (NOT 'ERR') after user-stop
[PASS] A6.2: popup is '' (NOT manifest default) after user-stop
[PASS] A6.3: NO recovery notification fired (count delta === 0)
[PASS] A6.4: isRecording=false (via badge proxy)
UAT harness: 8/14 assertions passed (bailed: A8 failed — NOT YET
IMPLEMENTED — Wave 3C wires driveA8)
The harness CORRECTLY catches the Bug B regression — the canonical
debug 01-09-recovery-flow scenario (operator-initiated stop routed
through setErrorMode locks the operator out of restart because popup
stays pinned to SAVE-only mode). Bug B is now CI-callable end-to-end.
vitest 93/93 GREEN throughout (unit-test layer unaffected). Tier-1
grep gate GREEN (9 forbidden hook strings: 0 occurrences in dist/).
npm run build exit 0; npx tsc --noEmit exit 0.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| 1b67b1c1d3 |
feat(01-13): wave-3A — A1+A2+A3+A4 GREEN + harness.test.ts orchestrator (5/14 assertions GREEN)
Wave 3A landed. `npm run test:uat` now exercises 5/14 assertions
end-to-end (A0 + A1 + A2 + A3 + A4); bails at A5 NOT YET IMPLEMENTED
(Wave 3B scope). A6 still PASSES 5/5 through the standalone
`npx tsx tests/uat/a6.test.ts` entry — the orchestrator-level A6 won't
reach in Wave 3A because the sequential loop bails at A5; once Wave 3B
wires driveA5 the loop will fall through to A6 (which uses the proven
Wave-2 driveA6 driver — no rework needed there).
Files changed:
- `tests/uat/extension-page-harness.ts` — extends `window.__mokoshHarness`
from `{ assertA6 }` to `{ assertA1, assertA2, assertA3, assertA4,
assertA6 }`. Per-assertion contracts:
• A1 — chrome.action.getBadgeText({}) === '' + getPopup({}) === ''
+ isRecording=false (badge !== 'REC' proxy per state-machine atomic
pairing). 3 CheckRecords.
• A2 — ensureOffscreen + START_RECORDING direct-to-offscreen
(workaround for the `tabs` manifest permission gap per
01-11-SUMMARY + plan resolved-questions row 2) + manual
setBadgeText('REC') + setPopup(POPUP_HTML_PATH) + waitFor
badge==='REC'. The bypassed chrome.action.onClicked →
startVideoCapture path is unit-tested in
tests/background/badge-state-machine.test.ts; A2 verifies the
contract that matters (recording reaches the REC state-machine
row). 2 CheckRecords.
• A3 — offscreen bridge query 'get-display-surface' (new in this
plan via the prior commit's offscreen-hooks extension) → asserts
=== 'monitor'. 1 CheckRecord.
• A4 — getPopup remains 'src/popup/index.html' + hasDocument()===true
(no duplicate offscreen). Essentially a no-op verification —
regression protection against future refactors that might unpin
the popup during recording or spawn extra offscreens on stray
events. 2 CheckRecords.
• IMPORTANT: chrome.action.getPopup() returns the FULL absolute
chrome-extension://<id>/... URL (not the manifest-relative path).
A2.2 + A4.1 assert via .endsWith('src/popup/index.html') to stay
extension-id independent. Empirical finding from first orchestrator
run; documented inline.
- `tests/uat/lib/harness-page-driver.ts` — wires `driveA1/A2/A3/A4`
(replaces the 4 NOT YET IMPLEMENTED Wave-3A stubs from
|
|||
| 2f1b1f36a7 |
feat(01-13): wave-3A — add get-display-surface bridge op (A3 prereq) + extend Tier-1 grep gate
Scope: prerequisite step for Wave 3A's A3 assertion (displaySurface=monitor
verification). The page→offscreen bridge gains a new op so the harness can
query the active stream's `getSettings().displaySurface` without needing
direct offscreen.evaluate access (impossible by-construction; the only
cross-isolate path is chrome.runtime.sendMessage).
Bridge op contract (`src/test-hooks/offscreen-hooks.ts`):
- Protocol: { type: '__mokoshOffscreenQuery', op: 'get-display-surface' }
- Response: { displaySurface: string|null }
• null when no current stream (recording not active)
• 'monitor' when installFakeDisplayMedia's monkey-patched
getSettings() reports it (production code in
src/offscreen/recorder.ts enforces this same value — tears down
stream + throws 'wrong-display-surface' otherwise).
- Failure: { ok: false, error: <message> } only on getSettings throw.
Tier-1 grep gate extension (`tests/background/no-test-hooks-in-prod-bundle.test.ts`):
- FORBIDDEN_HOOK_STRINGS: 8 → 9 entries.
- Added: 'get-display-surface' (the literal bridge-op string;
matches the production-bundle absence invariant — the offscreen-hooks
module is tree-shaken in production builds by the Vite mode gate in
src/offscreen/recorder.ts top-of-module).
Verification:
- npx tsc: clean
- npm run build: clean (dist/ 4 chunks; no offscreen-hooks artifact)
- npm run build:test: clean (dist-test/ adds offscreen-hooks-DfWtG71P.js, 2.38kB)
- SKIP_BUILD=1 vitest run no-test-hooks-in-prod-bundle.test.ts → 10/10 GREEN
(1 build-sanity + 9 forbidden-string checks; production bundle hook-free)
- SKIP_BUILD=1 vitest run (full) → 93/93 GREEN
(Wave 0+1+2 baseline 92 + 1 from the 9th grep-gate string)
- npx tsx tests/uat/a6.test.ts → A6 5/5 GREEN
(lib-driven path preserved; bridge op addition does not interfere)
Wave 3A continuation: assertA1/A2/A3/A4 land in the next commit which
wires the harness-page surface + driver wrappers + harness.test.ts
orchestrator. This commit is the bridge prerequisite — keeping the
bridge-op extension atomic + the grep-gate extension atomic so the
'production bundle hook-free' invariant is provable BEFORE the page-side
surface lands.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
|
|||
| eb64521321 |
feat(01-13): wave-2 — launchHarnessBrowser + assertions + harness-page-driver scaffolding
Build out the Approach-B harness driver utilities atop the Wave 1
production paths. Three new files form the shared scaffold that
Wave 3's 13 assertion drivers (A1-A5, A7-A13) and the eventual
orchestrator (`tests/uat/harness.test.ts`) will all consume. The
standalone A6 driver (`tests/uat/a6.test.ts`) is rewritten to use
the new lib — behavior-preserving: A6 still PASSES 5/5 in ~7s.
New files:
- tests/uat/lib/launch.ts (~320 LoC)
`launchHarnessBrowser({ headless?, downloadsDir? }) → HarnessHandles`
Extracts the Chrome-launch + victim-page + harness-page + console-
attach pattern from a6.test.ts into a single reusable helper.
NEW vs prototype: CDP `Browser.setDownloadBehavior` wires
Chrome's download path to a per-run `mkdtempSync` tmp dir so A5
(SAVE_ARCHIVE) can poll a known location without colliding with
the operator's real downloads. Architectural commitments
enforced (per 01-11-SUMMARY): no `--auto-select-desktop-capture-
source` flag; victim about:blank brought to front for the
production `chrome.tabs.query({active:true})` workaround; SW
console attach best-effort with bounded poll; offscreen console
attach opportunistic via `targetcreated` listener (offscreen
target appears later, when the harness page calls
chrome.offscreen.createDocument).
- tests/uat/lib/assertions.ts (~210 LoC)
Host-side assertion primitives:
* `AssertionRecord`, `CheckRecord`, `ConsoleBuffers` types —
mirror the page-side shape returned by `assertA*` methods.
* `runAssertion(name, fn, buffers)` — try/catch wrapper that
dumps the SW + offscreen console tails (last 100 lines each)
to stderr on failure, then returns `{passed: false, error}`
if `fn` throws.
* `printAssertionResult(result)` — single source of truth for
the formatted result print. Extracted from the inline
`printResult` previously in the prototype's a6.test.ts so
Wave 3's orchestrator can reuse it across all 14 assertions.
* `assertEqual / assertGte / assertMatch / assertTrue` —
structured failure messages atop node:assert/strict.
* `waitFor(probe, predicate, timeoutMs, description)` — host-
side polling primitive; mirrors the page-side waitFor
semantics verbatim (they can't share a module: page-side is
bundled into the harness HTML, host-side runs in Node).
NO chrome.* helpers here — all chrome.* work happens inside the
extension-internal harness page. This module is host-side ONLY
by construction (no chrome global in Node anyway).
- tests/uat/lib/harness-page-driver.ts (~170 LoC)
One driver wrapper per assertion (A1..A13). Each wraps a single
`page.evaluate(() => window.__mokoshHarness.assertXX())`.
Centralizing this means adding/renaming an assertion = two-file
edit (extension-page-harness.ts impl + this file) instead of
touching every test-file caller.
Wave 2 wires `driveA6` (proven from
|
|||
| eb2258a880 |
feat(01-13): wave-1 — promote c647f61 prototype to production paths; A6 GREEN
Move the three load-bearing prototype files from `tests/uat/prototype/`
to their production paths under `tests/uat/`, leaving the architectural
narrative (research findings, BLOCKER citations, falsification table
references) intact. No behavioral changes — A6 still PASSES 5/5 in ~7s
end-to-end from the new paths.
File moves (git mv preserves history):
- tests/uat/prototype/extension-page-harness.html
→ tests/uat/extension-page-harness.html
- tests/uat/prototype/extension-page-harness.ts
→ tests/uat/extension-page-harness.ts
- tests/uat/prototype/a6.test.ts
→ tests/uat/a6.test.ts
The `tests/uat/prototype/` directory is now empty (git does not track
empty directories; will not appear in subsequent `git status`).
Path-reference updates inside the moved files:
- tests/uat/extension-page-harness.html: `<p>` line referencing the
chrome-extension:// URL updated to drop `/prototype/`.
- tests/uat/extension-page-harness.ts: file-header docstring rewritten
to cite Plan 01-13 / Approach B / inheritance from
|
|||
| a63066a289 |
chore(01-13): wave-0 — clean broken Approach-A artifacts per 01-11-SUMMARY
Restore a clean baseline before promoting the |
