@harness-fe/runtime 3.0.1 → 3.2.0

package/src/commandsFilter.test.ts

@@ -0,0 +1,167 @@
+// @vitest-environment happy-dom
+import { describe, expect, it } from 'vitest';
+import { COMMAND, type ConsoleEntry, type NetworkEntry, type WsEntry, type ErrorEntry } from '@harness-fe/protocol';
+import { commandHandlers } from './commands.js';
+import type { CaptureStore } from './capture.js';
+
+/**
+ * Construct a fake CaptureStore wide enough to drive the *_TAIL handlers.
+ * We seed the RingBuffers directly so we don't have to actually patch fetch /
+ * console / WebSocket in this test.
+ */
+function makeCapture(seed: {
+    console?: ConsoleEntry[];
+    network?: NetworkEntry[];
+    errors?: ErrorEntry[];
+    ws?: WsEntry[];
+}): CaptureStore {
+    function ring<T>(items: T[]): { tail: (n: number) => T[] } {
+        return { tail: (n) => items.slice(-n) };
+    }
+    return {
+        console: ring(seed.console ?? []),
+        network: ring(seed.network ?? []),
+        errors: ring(seed.errors ?? []),
+        ws: ring(seed.ws ?? []),
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    } as any;
+}
+
+describe('console.tail filtering', () => {
+    const seed: ConsoleEntry[] = [
+        { ts: 1, level: 'log', args: ['boot complete'] },
+        { ts: 2, level: 'warn', args: ['cache miss'] },
+        { ts: 3, level: 'error', args: ['logout failed', { reason: 'token expired' }] },
+        { ts: 4, level: 'log', args: ['heartbeat'] },
+    ];
+
+    it('filter substring (case-insensitive)', async () => {
+        const out = await commandHandlers[COMMAND.CONSOLE_TAIL](
+            { n: 10, filter: 'LOGOUT' },
+            { capture: makeCapture({ console: seed }) },
+        ) as { entries: ConsoleEntry[] };
+        expect(out.entries.map((e) => e.level)).toEqual(['error']);
+    });
+
+    it('filter regex', async () => {
+        const out = await commandHandlers[COMMAND.CONSOLE_TAIL](
+            { n: 10, filter: 'boot|heart', match: 'regex' },
+            { capture: makeCapture({ console: seed }) },
+        ) as { entries: ConsoleEntry[] };
+        expect(out.entries).toHaveLength(2);
+    });
+
+    it('level narrow', async () => {
+        const out = await commandHandlers[COMMAND.CONSOLE_TAIL](
+            { n: 10, level: 'error' },
+            { capture: makeCapture({ console: seed }) },
+        ) as { entries: ConsoleEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].args[0]).toBe('logout failed');
+    });
+
+    it('invalid regex falls back to substring', async () => {
+        const out = await commandHandlers[COMMAND.CONSOLE_TAIL](
+            { n: 10, filter: '[bad', match: 'regex' },
+            { capture: makeCapture({ console: seed }) },
+        ) as { entries: ConsoleEntry[] };
+        // No entry literally contains "[bad" — fallback returns 0 matches.
+        expect(out.entries).toHaveLength(0);
+    });
+});
+
+describe('network.tail filtering', () => {
+    const seed: NetworkEntry[] = [
+        { ts: 1, id: 'r1', phase: 'req', method: 'GET', url: 'https://api.test/users' },
+        { ts: 2, id: 'r1', phase: 'res', method: 'GET', url: 'https://api.test/users', status: 200 },
+        { ts: 3, id: 'r2', phase: 'req', method: 'POST', url: 'https://api.test/logout' },
+        { ts: 4, id: 'r2', phase: 'res', method: 'POST', url: 'https://api.test/logout', status: 401 },
+        { ts: 5, id: 'r3', phase: 'req', method: 'GET', url: 'https://cdn.test/assets/app.js' },
+    ];
+
+    it('urlContains narrow', async () => {
+        const out = await commandHandlers[COMMAND.NETWORK_TAIL](
+            { n: 10, urlContains: 'logout' },
+            { capture: makeCapture({ network: seed }) },
+        ) as { entries: NetworkEntry[] };
+        expect(out.entries.every((e) => e.url.includes('logout'))).toBe(true);
+        expect(out.entries).toHaveLength(2);
+    });
+
+    it('method narrow (case-insensitive)', async () => {
+        const out = await commandHandlers[COMMAND.NETWORK_TAIL](
+            { n: 10, method: 'post' },
+            { capture: makeCapture({ network: seed }) },
+        ) as { entries: NetworkEntry[] };
+        expect(out.entries.every((e) => e.method === 'POST')).toBe(true);
+    });
+
+    it('statusCode narrow (drops req entries without status)', async () => {
+        const out = await commandHandlers[COMMAND.NETWORK_TAIL](
+            { n: 10, statusCode: 401 },
+            { capture: makeCapture({ network: seed }) },
+        ) as { entries: NetworkEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].status).toBe(401);
+    });
+
+    it('filter combined with narrow', async () => {
+        const out = await commandHandlers[COMMAND.NETWORK_TAIL](
+            { n: 10, urlContains: 'api.test', filter: 'logout' },
+            { capture: makeCapture({ network: seed }) },
+        ) as { entries: NetworkEntry[] };
+        expect(out.entries.every((e) => e.url.includes('logout'))).toBe(true);
+    });
+});
+
+describe('ws.tail filtering', () => {
+    const seed: WsEntry[] = [
+        { ts: 1, id: 'w1', phase: 'open', url: 'wss://chat.test/' },
+        { ts: 2, id: 'w1', phase: 'send', url: 'wss://chat.test/', payload: { type: 'ping' } },
+        { ts: 3, id: 'w1', phase: 'recv', url: 'wss://chat.test/', payload: { type: 'kick', reason: 'duplicate-login' } },
+        { ts: 4, id: 'w1', phase: 'close', url: 'wss://chat.test/', code: 4001, reason: 'duplicate-login' },
+    ];
+
+    it('phase narrow', async () => {
+        const out = await commandHandlers[COMMAND.WS_TAIL](
+            { n: 10, phase: 'recv' },
+            { capture: makeCapture({ ws: seed }) },
+        ) as { entries: WsEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].phase).toBe('recv');
+    });
+
+    it('filter against payload', async () => {
+        const out = await commandHandlers[COMMAND.WS_TAIL](
+            { n: 10, filter: 'kick' },
+            { capture: makeCapture({ ws: seed }) },
+        ) as { entries: WsEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].phase).toBe('recv');
+    });
+
+    it('filter against close reason', async () => {
+        const out = await commandHandlers[COMMAND.WS_TAIL](
+            { n: 10, filter: 'duplicate-login', phase: 'close' },
+            { capture: makeCapture({ ws: seed }) },
+        ) as { entries: WsEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].code).toBe(4001);
+    });
+});
+
+describe('errors.tail filtering', () => {
+    const seed: ErrorEntry[] = [
+        { ts: 1, message: 'Cannot read property foo of undefined', stack: 'at A.run', source: 'a.js:1:1' },
+        { ts: 2, message: 'NetworkError', stack: 'at fetchX', source: 'net.js:9:9' },
+    ];
+
+    it('filter by message substring', async () => {
+        const out = await commandHandlers[COMMAND.ERRORS_TAIL](
+            { n: 10, filter: 'network' },
+            { capture: makeCapture({ errors: seed }) },
+        ) as { entries: ErrorEntry[] };
+        expect(out.entries).toHaveLength(1);
+        expect(out.entries[0].message).toBe('NetworkError');
+    });
+});

package/src/commandsNetwork.e2e.test.ts

@@ -0,0 +1,146 @@
+// @vitest-environment happy-dom
+/**
+ * End-to-end tests for the runtime-side command handlers added by the new
+ * tooling: `network.wait_for`, `network.wait_for_idle`, `network.get`, and
+ * `ws.get`. These were previously untested at the handler level — the unit
+ * test suite covered tail()-shaped commands but not the async ones.
+ *
+ * We exercise the handler directly with a real CaptureStore, pushing entries
+ * on a real timer the same way the patched fetch / WebSocket would.
+ */
+
+import { describe, expect, it } from 'vitest';
+import { COMMAND, type NetworkEntry, type WsEntry } from '@harness-fe/protocol';
+import { commandHandlers } from './commands.js';
+import { CaptureStore } from './capture.js';
+
+function makeCapture(): CaptureStore {
+    // We don't install patches — we drive the RingBuffer directly so the
+    // tests don't fight happy-dom's fetch.
+    return new CaptureStore();
+}
+
+describe('NETWORK_WAIT_FOR', () => {
+    it('resolves when a matching request arrives after the call', async () => {
+        const cap = makeCapture();
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR](
+            { urlContains: '/logout', timeoutMs: 2000 },
+            { capture: cap },
+        );
+        setTimeout(() => {
+            cap.network.push({ ts: Date.now(), id: 'r1', phase: 'req', method: 'POST', url: 'https://api.test/logout' } satisfies NetworkEntry);
+        }, 100);
+        const result = (await promise) as { ok: boolean; entry: NetworkEntry };
+        expect(result.ok).toBe(true);
+        expect(result.entry.url).toContain('/logout');
+    });
+
+    it('rejects on timeout when no match arrives', async () => {
+        const cap = makeCapture();
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR](
+            { urlContains: '/never', timeoutMs: 200 },
+            { capture: cap },
+        );
+        cap.network.push({ ts: Date.now(), id: 'x', phase: 'req', method: 'GET', url: 'https://api.test/users' });
+        await expect(promise).rejects.toThrow(/no matching request/);
+    });
+
+    it('matches by method + statusCode and ignores pre-baseline matches', async () => {
+        const cap = makeCapture();
+        // Pre-existing entry — should NOT satisfy the wait (baseline anchored on call).
+        cap.network.push({ ts: Date.now() - 1000, id: 'old', phase: 'res', method: 'POST', url: '/x', status: 401 });
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR](
+            { method: 'POST', statusCode: 401, timeoutMs: 2000 },
+            { capture: cap },
+        );
+        setTimeout(() => {
+            cap.network.push({ ts: Date.now(), id: 'new', phase: 'res', method: 'POST', url: '/y', status: 401 });
+        }, 80);
+        const out = (await promise) as { entry: NetworkEntry };
+        expect(out.entry.id).toBe('new');
+    });
+
+    it('matches by urlRegex (case-insensitive)', async () => {
+        const cap = makeCapture();
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR](
+            { urlRegex: 'api\\.test/(login|logout)', timeoutMs: 2000 },
+            { capture: cap },
+        );
+        setTimeout(() => {
+            cap.network.push({ ts: Date.now(), id: 'x', phase: 'req', method: 'POST', url: 'https://API.test/logout' });
+        }, 60);
+        const out = (await promise) as { entry: NetworkEntry };
+        expect(out.entry.url).toContain('logout');
+    });
+});
+
+describe('NETWORK_WAIT_FOR_IDLE', () => {
+    it('resolves once no new entries arrive for idleMs', async () => {
+        const cap = makeCapture();
+        cap.network.push({ ts: Date.now(), id: 'a', phase: 'req', method: 'GET', url: '/a' });
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR_IDLE](
+            { idleMs: 150, timeoutMs: 2000 },
+            { capture: cap },
+        );
+        setTimeout(() => cap.network.push({ ts: Date.now(), id: 'b', phase: 'req', method: 'GET', url: '/b' }), 50);
+        const out = (await promise) as { ok: boolean; idleFor: number };
+        expect(out.ok).toBe(true);
+        expect(out.idleFor).toBeGreaterThanOrEqual(150);
+    });
+
+    it('rejects when the network never quiets within timeoutMs', async () => {
+        const cap = makeCapture();
+        const promise = commandHandlers[COMMAND.NETWORK_WAIT_FOR_IDLE](
+            { idleMs: 200, timeoutMs: 300 },
+            { capture: cap },
+        );
+        const handle = setInterval(() => {
+            cap.network.push({ ts: Date.now(), id: `n-${Math.random()}`, phase: 'req', method: 'GET', url: '/spam' });
+        }, 50);
+        await expect(promise).rejects.toThrow(/never quiet/);
+        clearInterval(handle);
+    });
+});
+
+describe('NETWORK_GET', () => {
+    it('returns req + res entries for the given reqId', async () => {
+        const cap = makeCapture();
+        cap.network.push({ ts: 1, id: 'r1', phase: 'req', method: 'GET', url: '/x', requestBody: { q: 1 } });
+        cap.network.push({ ts: 2, id: 'r1', phase: 'res', method: 'GET', url: '/x', status: 200, responseBody: { ok: true } });
+        cap.network.push({ ts: 3, id: 'r2', phase: 'req', method: 'GET', url: '/y' });
+
+        const out = await commandHandlers[COMMAND.NETWORK_GET]({ reqId: 'r1' }, { capture: cap }) as { entries: NetworkEntry[]; found: boolean };
+        expect(out.found).toBe(true);
+        expect(out.entries).toHaveLength(2);
+        expect(out.entries.map((e) => e.phase)).toEqual(['req', 'res']);
+        // Bodies survive untouched.
+        expect((out.entries[0] as NetworkEntry).requestBody).toEqual({ q: 1 });
+        expect((out.entries[1] as NetworkEntry).responseBody).toEqual({ ok: true });
+    });
+
+    it('returns found=false when id is unknown', async () => {
+        const cap = makeCapture();
+        cap.network.push({ ts: 1, id: 'r1', phase: 'req', method: 'GET', url: '/x' });
+        const out = await commandHandlers[COMMAND.NETWORK_GET]({ reqId: 'nope' }, { capture: cap }) as { entries: NetworkEntry[]; found: boolean };
+        expect(out.found).toBe(false);
+        expect(out.entries).toHaveLength(0);
+    });
+});
+
+describe('WS_GET', () => {
+    it('returns all phases (open/send/recv/close) for a single ws id', async () => {
+        const cap = makeCapture();
+        const id = 'w1';
+        cap.ws.push({ ts: 1, id, phase: 'open', url: 'wss://x/' });
+        cap.ws.push({ ts: 2, id, phase: 'send', url: 'wss://x/', payload: { ping: 1 } });
+        cap.ws.push({ ts: 3, id, phase: 'recv', url: 'wss://x/', payload: { pong: 1 } });
+        cap.ws.push({ ts: 4, id, phase: 'close', url: 'wss://x/', code: 1000, wasClean: true });
+        cap.ws.push({ ts: 5, id: 'w-other', phase: 'open', url: 'wss://y/' });
+
+        const out = await commandHandlers[COMMAND.WS_GET]({ wsId: id }, { capture: cap }) as { entries: WsEntry[]; found: boolean };
+        expect(out.found).toBe(true);
+        expect(out.entries).toHaveLength(4);
+        expect(out.entries.map((e) => e.phase)).toEqual(['open', 'send', 'recv', 'close']);
+        expect(out.entries.every((e) => e.id === id)).toBe(true);
+    });
+});

package/src/runtimeClient.e2e.test.ts

@@ -0,0 +1,264 @@
+// @vitest-environment happy-dom
+/**
+ * End-to-end test for the complete runtime-client → bridge → store path on
+ * the capabilities added in this sweep:
+ *
+ *   user code triggers `new WebSocket(...)` / `localStorage.setItem(...)`
+ *     → patched runtime captures + emits via outbox
+ *     → real Bridge over a real WebSocket connection
+ *     → events land in JsonlStore with the right `t` field
+ *
+ * We use a real `RuntimeClient` instance (happy-dom is its environment) and
+ * a real Bridge bound to an ephemeral port on 127.0.0.1.
+ */
+
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+
+// rrweb has CommonJS interop issues under happy-dom + Vite ESM. We never need
+// the actual recorder in this test — it's purely background DOM capture — so
+// stub the module surface used by client.ts before any imports resolve it.
+vi.mock('rrweb', () => ({
+    record: () => () => {},
+    EventType: { Custom: 5 },
+}));
+import { mkdtempSync, rmSync } from 'node:fs';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import { Bridge } from '../../mcp-server/src/bridge.js';
+import { JsonlStore } from '../../mcp-server/src/store/index.js';
+import { RuntimeClient } from './client.js';
+import { getCaptureStore } from './capture.js';
+import type { StoreEvent } from '../../mcp-server/src/store/index.js';
+import type { NetworkEntry, StorageEntry, WsEntry } from '@harness-fe/protocol';
+
+interface Env {
+    bridge: Bridge;
+    store: JsonlStore;
+    dir: string;
+    port: number;
+    client: RuntimeClient;
+    sessionId: string;
+}
+
+let env: Env | undefined;
+
+async function rmDirWithRetry(dir: string, attempts = 5): Promise<void> {
+    for (let i = 0; i < attempts; i++) {
+        try {
+            rmSync(dir, { recursive: true, force: true });
+            return;
+        } catch (err) {
+            const code = (err as NodeJS.ErrnoException).code;
+            if (code !== 'ENOTEMPTY' && code !== 'EBUSY' && code !== 'EPERM') throw err;
+            if (i === attempts - 1) throw err;
+            await new Promise((r) => setTimeout(r, 20 * (i + 1)));
+        }
+    }
+}
+
+async function setup(): Promise<Env> {
+    const dir = mkdtempSync(join(tmpdir(), 'harness-rt-e2e-'));
+    const store = new JsonlStore(dir);
+    const bridge = new Bridge({ port: 0, host: '127.0.0.1', store, taskStore: null, autoPurge: { enabled: false } });
+    await bridge.start();
+    const port = bridge.getBoundPort();
+    if (!port) throw new Error('no port');
+
+    // happy-dom keeps singletons across tests — reset the patch state so this
+    // RuntimeClient's onEvent wiring takes hold.
+    getCaptureStore().dispose();
+
+    const client = new RuntimeClient({
+        projectId: 'rt-e2e',
+        mcpUrl: `ws://127.0.0.1:${port}`,
+    });
+    client.start();
+
+    // Wait for hello.ack — bridge logs `peer connected` when the runtime is
+    // registered. We poll the store's session list until ours shows up.
+    const deadline = Date.now() + 2000;
+    while (Date.now() < deadline) {
+        const sessions = store.listSessions({ projectId: 'rt-e2e', limit: 5 });
+        if (sessions.length > 0 && client.getConnectionState() === 'open') {
+            break;
+        }
+        await new Promise((r) => setTimeout(r, 30));
+    }
+    if (client.getConnectionState() !== 'open') {
+        throw new Error('runtime-client never connected');
+    }
+
+    return { bridge, store, dir, port, client, sessionId: client.sessionId };
+}
+
+beforeEach(async () => {
+    env = await setup();
+});
+
+afterEach(async () => {
+    if (!env) return;
+    env.client.stop();
+    await env.bridge.stop();
+    // close() drains the async write queue — must await, else rmSync races
+    // file writes and the dir-recursive-rm trips ENOTEMPTY on Linux CI.
+    await env.store.close();
+    // Even after drain, Node's directory cache can lag by a tick on Linux —
+    // retry-with-backoff handles the residual race deterministically.
+    await rmDirWithRetry(env.dir);
+    // Reset capture singleton so subsequent tests get a clean install.
+    const cap = getCaptureStore();
+    cap.dispose();
+    cap.console.clear();
+    cap.network.clear();
+    cap.errors.clear();
+    cap.ws.clear();
+    cap.storage.clear();
+    env = undefined;
+});
+
+/** Read events of a given type from the session timeline, polling for flush. */
+async function readTypedEvents(
+    store: JsonlStore,
+    sessionId: string,
+    type: string,
+    expectedMin: number,
+    timeoutMs = 1500,
+): Promise<StoreEvent[]> {
+    const deadline = Date.now() + timeoutMs;
+    while (Date.now() < deadline) {
+        await store.flush();
+        const rows = store.tail(sessionId, { n: 200, type });
+        if (rows.length >= expectedMin) return rows;
+        await new Promise((r) => setTimeout(r, 30));
+    }
+    await store.flush();
+    return store.tail(sessionId, { n: 200, type });
+}
+
+describe('RuntimeClient E2E — bridge connection sanity', () => {
+    it('connects, sends hello, opens a session in the store', () => {
+        const e = env!;
+        const sessions = e.store.listSessions({ projectId: 'rt-e2e', limit: 5 });
+        expect(sessions.length).toBeGreaterThanOrEqual(1);
+        expect(sessions.find((s) => s.id === e.sessionId)).toBeDefined();
+    });
+
+    it('daemon connection is denylisted from ws capture (no self-loop)', async () => {
+        const e = env!;
+        // No user code touched WebSocket yet, but the runtime opened its own
+        // ws to the daemon. If the patch were intercepting, the buffer would
+        // already have a `phase:'open'` entry for that URL.
+        const cap = getCaptureStore();
+        const selfFrames = cap.ws.tail(50).filter((f) =>
+            f.url.startsWith(`ws://127.0.0.1:${e.port}`),
+        );
+        expect(selfFrames).toHaveLength(0);
+    });
+});
+
+describe('RuntimeClient E2E — patched WebSocket flows to bridge', () => {
+    it('user-issued ws frames land in the store as t=ws', async () => {
+        const e = env!;
+        // happy-dom's WebSocket attempts real network, which we don't want.
+        // Replace the global WebSocket BEFORE we trigger user code, then the
+        // patched constructor wraps our fake instead.
+        const realWs = (window as unknown as { WebSocket: typeof WebSocket }).WebSocket;
+        class FakeWS extends EventTarget {
+            static readonly CONNECTING = 0;
+            static readonly OPEN = 1;
+            static readonly CLOSING = 2;
+            static readonly CLOSED = 3;
+            url: string;
+            readyState = 1;
+            constructor(url: string | URL) {
+                super();
+                this.url = typeof url === 'string' ? url : url.toString();
+            }
+            send(_data: unknown): void { /* swallow */ }
+            close(): void { this.readyState = 3; }
+        }
+        // Patched WebSocket caches the OriginalWS reference inside, but it
+        // was captured at install-time. We must point window.WebSocket to
+        // FakeWS BEFORE that — which means re-installing the patch. Easiest:
+        // tear down + re-install via a fresh dispose + capture install.
+        const cap = getCaptureStore();
+        cap.dispose();
+        (window as unknown as { WebSocket: typeof WebSocket }).WebSocket = FakeWS as unknown as typeof WebSocket;
+        cap.install(
+            (name, payload) => e.client.sendEvent(name, payload),
+            { daemonUrl: `ws://127.0.0.1:${e.port}` },
+        );
+
+        try {
+            const ws = new window.WebSocket('wss://chat.test/v1') as unknown as FakeWS;
+            ws.dispatchEvent(new MessageEvent('message', { data: JSON.stringify({ kind: 'kick' }) }));
+            ws.send(JSON.stringify({ kind: 'ack' }));
+            ws.dispatchEvent(new CloseEvent('close', { code: 4001, reason: 'kicked', wasClean: false }));
+
+            const rows = await readTypedEvents(e.store, e.sessionId, 'ws', 3);
+            const phases = rows.map((r) => (r.d as WsEntry).phase);
+            expect(phases).toContain('open');
+            expect(phases).toContain('recv');
+            expect(phases).toContain('send');
+            expect(phases).toContain('close');
+
+            const close = rows.find((r) => (r.d as WsEntry).phase === 'close')!;
+            expect((close.d as WsEntry).code).toBe(4001);
+            // visitorId stamped on row by bridge ingestion.
+            expect(close.visitorId).toBe(e.client.visitorId);
+        } finally {
+            (window as unknown as { WebSocket: typeof WebSocket }).WebSocket = realWs;
+        }
+    });
+});
+
+describe('RuntimeClient E2E — patched storage flows to bridge', () => {
+    it('localStorage.setItem / removeItem reaches the store as t=storage', async () => {
+        const e = env!;
+        localStorage.setItem('Tanka_tokenInfo', 'abc');
+        localStorage.removeItem('Tanka_tokenInfo');
+
+        const rows = await readTypedEvents(e.store, e.sessionId, 'storage', 2);
+        const ops = rows.map((r) => (r.d as StorageEntry).op);
+        expect(ops).toContain('set');
+        expect(ops).toContain('remove');
+        const removeRow = rows.find((r) => (r.d as StorageEntry).op === 'remove')!;
+        expect((removeRow.d as StorageEntry).key).toBe('Tanka_tokenInfo');
+        // initiator stack survives the round-trip.
+        expect((removeRow.d as StorageEntry).initiator?.stack).toBeDefined();
+    });
+});
+
+describe('RuntimeClient E2E — patched fetch initiator round-trip', () => {
+    it('fetch() carries an initiator.stack into the store', async () => {
+        const e = env!;
+        // Stub fetch with a minimal mock — happy-dom's fetch would try real
+        // network, which we don't want.
+        const origFetch = window.fetch;
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        (window as any).fetch = async () => new Response('{}', {
+            status: 200,
+            headers: { 'content-type': 'application/json' },
+        });
+        const cap = getCaptureStore();
+        // Re-install so fetch patch wraps the new stub.
+        cap.dispose();
+        cap.install(
+            (name, payload) => e.client.sendEvent(name, payload),
+            { daemonUrl: `ws://127.0.0.1:${e.port}` },
+        );
+
+        try {
+            await window.fetch('http://api.test/users');
+            await new Promise((r) => setTimeout(r, 20));
+
+            const rows = await readTypedEvents(e.store, e.sessionId, 'network', 1);
+            const req = rows.find((r) => (r.d as NetworkEntry).phase === 'req')!;
+            expect(req).toBeDefined();
+            expect((req.d as NetworkEntry).initiator?.stack).toBeDefined();
+        } finally {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            (window as any).fetch = origFetch;
+        }
+    });
+});

package/dist/fetchPatch.d.ts

@@ -1,39 +0,0 @@
-/**
- * fetch monkey-patch — captures URL/method/headers/body for request and
- * response, including streaming SSE responses, without changing
- * business-observable fetch behavior.
- *
- * Safety contract (do not weaken without updating the spec):
- *  1. Identity-preserving: replacement is a named `fetch`, with
- *     defineProperty'd name/length/toString so library fingerprint checks
- *     still pass. Response / Request instances are NOT wrapped.
- *  2. Error-isolated: capture failures are swallowed via `safeEmit`; they
- *     NEVER propagate to business code.
- *  3. No timing or value change: the original Promise is returned to the
- *     caller unchanged. body capture reads `response.clone()` on a side
- *     branch — the business path retains an untouched stream.
- *  4. Self-traffic guard: requests carrying `init.__hfeInternal === true`
- *     short-circuit to the original fetch. A URL denylist also skips HMR /
- *     dev-server traffic to prevent capture feedback loops.
- *  5. Bounded memory: bodies are capped at BODY_CAP per request. SSE
- *     streams stop accumulating and `cancel()` the cloned reader once
- *     the cap is hit.
- *
- * The patch is idempotent (re-install is a no-op) and returns a dispose
- * function that restores the original `window.fetch`.
- */
-import type { NetworkEntry } from '@harness-fe/protocol';
-export interface FetchPatchOptions {
-    /** Called once for each emitted record (request and response are separate calls). */
-    onEntry: (entry: NetworkEntry) => void;
-    /** Per-body byte cap. Default 256 KB. */
-    bodyCap?: number;
-    /** URL patterns to skip capture entirely. */
-    denylist?: RegExp[];
-}
-/**
- * Install the fetch patch. Returns a dispose function that restores the
- * original window.fetch. Safe to call multiple times (subsequent calls
- * are no-ops while a patch is active).
- */
-export declare function installFetchPatch(opts: FetchPatchOptions): () => void;