@harness-fe/runtime 3.1.0 → 3.3.0

package/dist/wsPatch.js

@@ -1,172 +0,0 @@
-/**
- * WebSocket monkey-patch — captures open / send / recv / close frames so
- * agents can see long-lived push channels (IM, presence, sync, kick-out).
- *
- * Safety contract (mirrors fetchPatch):
- *  1. Identity-preserving: replacement is a constructor with the same name,
- *     prototype, and CONNECTING/OPEN/CLOSING/CLOSED static fields. Existing
- *     `instanceof WebSocket` checks still pass because we extend the original.
- *  2. Error-isolated: capture failures swallowed via safeEmit.
- *  3. No timing or value change: pass-through to native WebSocket; we only
- *     observe events and call sites. The original Promise / data flow is
- *     untouched.
- *  4. Bounded memory: frame payloads capped at BODY_CAP per send/recv. Binary
- *     frames record a `[binary Nb]` marker rather than the bytes.
- *
- * The patch is idempotent. Returns a dispose function that restores
- * `window.WebSocket`.
- */
-import { captureInitiator } from './initiator.js';
-const DEFAULT_BODY_CAP = 256 * 1024;
-const PATCHED_FLAG = '__hfeWsPatched';
-const DEFAULT_DENYLIST = [/\/__hfe\//, /sockjs-node/];
-export function installWsPatch(opts) {
-    if (typeof window === 'undefined' || typeof window.WebSocket !== 'function') {
-        return () => { };
-    }
-    const OriginalWS = window.WebSocket;
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    if (OriginalWS[PATCHED_FLAG])
-        return () => { };
-    const bodyCap = opts.bodyCap ?? DEFAULT_BODY_CAP;
-    const denylist = opts.denylist ?? DEFAULT_DENYLIST;
-    const emit = (entry) => {
-        try {
-            opts.onEntry(entry);
-        }
-        catch {
-            /* swallow */
-        }
-    };
-    const Patched = function PatchedWebSocket(url, protocols) {
-        const urlStr = typeof url === 'string' ? url : url.toString();
-        const ws = protocols !== undefined
-            ? new OriginalWS(url, protocols)
-            : new OriginalWS(url);
-        if (denylist.some((re) => re.test(urlStr)))
-            return ws;
-        const id = generateId();
-        const protoList = Array.isArray(protocols)
-            ? protocols
-            : typeof protocols === 'string'
-                ? [protocols]
-                : undefined;
-        const openInitiator = captureInitiator();
-        emit({
-            ts: Date.now(),
-            id,
-            phase: 'open',
-            url: urlStr,
-            protocols: protoList,
-            initiator: openInitiator,
-        });
-        ws.addEventListener('message', (ev) => {
-            const { payload, truncated } = serializeFrame(ev.data, bodyCap);
-            emit({
-                ts: Date.now(),
-                id,
-                phase: 'recv',
-                url: urlStr,
-                payload,
-                payloadTruncated: truncated || undefined,
-            });
-        });
-        ws.addEventListener('close', (ev) => {
-            emit({
-                ts: Date.now(),
-                id,
-                phase: 'close',
-                url: urlStr,
-                code: ev.code,
-                reason: ev.reason || undefined,
-                wasClean: ev.wasClean,
-            });
-        });
-        // Wrap `send` on this instance so we record outgoing payloads + caller.
-        const origSend = ws.send.bind(ws);
-        ws.send = function patchedSend(data) {
-            const initiator = captureInitiator();
-            const { payload, truncated } = serializeFrame(data, bodyCap);
-            emit({
-                ts: Date.now(),
-                id,
-                phase: 'send',
-                url: urlStr,
-                payload,
-                payloadTruncated: truncated || undefined,
-                initiator,
-            });
-            return origSend(data);
-        };
-        return ws;
-    };
-    // Preserve constructor surface so library detection still works.
-    Patched.prototype = OriginalWS.prototype;
-    for (const key of ['CONNECTING', 'OPEN', 'CLOSING', 'CLOSED']) {
-        try {
-            Object.defineProperty(Patched, key, {
-                value: OriginalWS[key],
-                writable: false,
-                configurable: true,
-            });
-        }
-        catch {
-            /* readonly already — ignore */
-        }
-    }
-    try {
-        Object.defineProperty(Patched, 'name', { value: 'WebSocket' });
-    }
-    catch {
-        /* ignore */
-    }
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    Patched[PATCHED_FLAG] = true;
-    window.WebSocket = Patched;
-    return () => {
-        if (window.WebSocket === Patched) {
-            window.WebSocket = OriginalWS;
-        }
-    };
-}
-function generateId() {
-    if (typeof crypto !== 'undefined' && 'randomUUID' in crypto) {
-        return crypto.randomUUID();
-    }
-    return `ws_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
-}
-function serializeFrame(data, cap) {
-    if (typeof data === 'string') {
-        if (data.length <= cap) {
-            // Try JSON for structured payloads.
-            const parsed = tryJson(data);
-            return { payload: parsed !== undefined ? parsed : data, truncated: false };
-        }
-        return { payload: data.slice(0, cap), truncated: true };
-    }
-    if (data instanceof ArrayBuffer) {
-        return { payload: `[binary ArrayBuffer ${data.byteLength}B]`, truncated: false };
-    }
-    if (typeof Blob !== 'undefined' && data instanceof Blob) {
-        return { payload: `[binary Blob ${data.size}B]`, truncated: false };
-    }
-    if (ArrayBuffer.isView(data)) {
-        const view = data;
-        return { payload: `[binary ${view.constructor.name} ${view.byteLength}B]`, truncated: false };
-    }
-    return { payload: undefined, truncated: false };
-}
-function tryJson(s) {
-    const trimmed = s.trim();
-    if (!trimmed)
-        return undefined;
-    const first = trimmed[0];
-    if (first !== '{' && first !== '[' && first !== '"')
-        return undefined;
-    try {
-        return JSON.parse(trimmed);
-    }
-    catch {
-        return undefined;
-    }
-}

package/dist/xhrPatch.d.ts

@@ -1,26 +0,0 @@
-/**
- * XMLHttpRequest monkey-patch — captures URL/method/headers/body for
- * request and response WITHOUT replacing the XMLHttpRequest constructor.
- *
- * The previous implementation wrapped `window.XMLHttpRequest` with a new
- * constructor, which broke `xhr instanceof XMLHttpRequest` checks in
- * business code. This patch attaches per-instance metadata via a
- * non-enumerable Symbol key and overrides only prototype methods, leaving
- * the constructor and prototype chain native.
- *
- * Capture rules mirror fetchPatch.ts:
- *  - 256 KB body cap with content-type routing (json / text / binary)
- *  - Sensitive header redaction (Authorization / Cookie / x-api-key / x-auth-*)
- *  - Two events per request keyed by a shared `id` (`phase: 'req' | 'res'`)
- *  - Errors inside capture are swallowed via `safeEmit`
- *  - `__hfeInternal` opt-out via a magic header `x-hfe-internal: 1`
- *    (XHR has no init-style options bag like fetch)
- *  - Idempotent install + dispose() restores original prototype methods
- */
-import type { NetworkEntry } from '@harness-fe/protocol';
-export interface XhrPatchOptions {
-    onEntry: (entry: NetworkEntry) => void;
-    bodyCap?: number;
-    denylist?: RegExp[];
-}
-export declare function installXhrPatch(opts: XhrPatchOptions): () => void;

package/dist/xhrPatch.js

@@ -1,272 +0,0 @@
-/**
- * XMLHttpRequest monkey-patch — captures URL/method/headers/body for
- * request and response WITHOUT replacing the XMLHttpRequest constructor.
- *
- * The previous implementation wrapped `window.XMLHttpRequest` with a new
- * constructor, which broke `xhr instanceof XMLHttpRequest` checks in
- * business code. This patch attaches per-instance metadata via a
- * non-enumerable Symbol key and overrides only prototype methods, leaving
- * the constructor and prototype chain native.
- *
- * Capture rules mirror fetchPatch.ts:
- *  - 256 KB body cap with content-type routing (json / text / binary)
- *  - Sensitive header redaction (Authorization / Cookie / x-api-key / x-auth-*)
- *  - Two events per request keyed by a shared `id` (`phase: 'req' | 'res'`)
- *  - Errors inside capture are swallowed via `safeEmit`
- *  - `__hfeInternal` opt-out via a magic header `x-hfe-internal: 1`
- *    (XHR has no init-style options bag like fetch)
- *  - Idempotent install + dispose() restores original prototype methods
- */
-import { captureInitiator } from './initiator.js';
-const DEFAULT_BODY_CAP = 256 * 1024;
-const PATCHED_FLAG = '__hfeXhrPatched';
-const META_KEY = Symbol.for('@harness-fe/xhr-meta');
-const INTERNAL_HEADER = 'x-hfe-internal';
-const SENSITIVE_HEADER = /^(authorization|cookie|x-api-key|x-auth-.+)$/i;
-export function installXhrPatch(opts) {
-    if (typeof XMLHttpRequest === 'undefined')
-        return () => { };
-    const proto = XMLHttpRequest.prototype;
-    if (proto[PATCHED_FLAG])
-        return () => { };
-    const bodyCap = opts.bodyCap ?? DEFAULT_BODY_CAP;
-    const denylist = opts.denylist ?? [];
-    const emit = (entry) => safeEmit(opts.onEntry, entry);
-    const origOpen = proto.open;
-    const origSetHeader = proto.setRequestHeader;
-    const origSend = proto.send;
-    const patchedOpen = function open(method, url, ...rest) {
-        const meta = {
-            id: generateId(),
-            method,
-            url: typeof url === 'string' ? url : url.toString(),
-            headers: {},
-            startedAt: 0,
-            startedTs: 0,
-            bodyCap,
-            internal: false,
-            skipped: denylist.some((re) => re.test(typeof url === 'string' ? url : url.toString())),
-            reqEmitted: false,
-        };
-        this[META_KEY] = meta;
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        return origOpen.call(this, method, url, ...rest);
-    };
-    const patchedSetHeader = function setRequestHeader(name, value) {
-        const meta = this[META_KEY];
-        if (meta) {
-            if (name.toLowerCase() === INTERNAL_HEADER) {
-                meta.internal = true;
-            }
-            else {
-                meta.headers[name] = value;
-            }
-        }
-        // Do NOT forward the internal sentinel to the server.
-        if (name.toLowerCase() === INTERNAL_HEADER)
-            return;
-        return origSetHeader.call(this, name, value);
-    };
-    const patchedSend = function send(body) {
-        const meta = this[META_KEY];
-        if (!meta || meta.internal || meta.skipped) {
-            return origSend.call(this, body ?? null);
-        }
-        meta.startedAt = performance.now();
-        meta.startedTs = Date.now();
-        const initiator = captureInitiator();
-        // Emit req eagerly with headers; body added on second emit after
-        // serialization (mirrors fetchPatch behavior).
-        const reqRecord = {
-            ts: meta.startedTs,
-            id: meta.id,
-            phase: 'req',
-            method: meta.method,
-            url: meta.url,
-            requestHeaders: redactHeaders(meta.headers),
-            initiator,
-        };
-        emit(reqRecord);
-        meta.reqEmitted = true;
-        const serialized = serializeBody(body, meta.bodyCap);
-        if (serialized.body !== undefined || serialized.truncated) {
-            emit({
-                ...reqRecord,
-                requestBody: serialized.body,
-                requestBodyTruncated: serialized.truncated || undefined,
-            });
-        }
-        this.addEventListener('loadend', () => {
-            const status = this.status;
-            const ct = safeGetResponseHeader(this, 'content-type') ?? '';
-            const respHeaders = parseAllResponseHeaders(this);
-            const isErr = status === 0;
-            const baseRes = {
-                ts: Date.now(),
-                id: meta.id,
-                phase: 'res',
-                method: meta.method,
-                url: meta.url,
-                status: isErr ? undefined : status,
-                responseHeaders: respHeaders,
-                durationMs: performance.now() - meta.startedAt,
-            };
-            if (isErr) {
-                emit({ ...baseRes, error: 'xhr error or aborted' });
-                return;
-            }
-            if (isTextLike(ct)) {
-                const text = safeReadResponseText(this);
-                if (text === undefined) {
-                    emit(baseRes);
-                    return;
-                }
-                const capped = capText(text, meta.bodyCap);
-                emit({
-                    ...baseRes,
-                    responseBody: /json/i.test(ct) ? safeParseJson(capped.body) : capped.body,
-                    responseBodyTruncated: capped.truncated || undefined,
-                });
-            }
-            else {
-                // Binary or unknown → don't pull bytes, just record size when available.
-                const len = Number(safeGetResponseHeader(this, 'content-length') ?? '0') || 0;
-                emit({
-                    ...baseRes,
-                    responseBody: len ? `[binary ${len}B]` : '[binary]',
-                });
-            }
-        });
-        return origSend.call(this, body ?? null);
-    };
-    proto.open = patchedOpen;
-    proto.setRequestHeader = patchedSetHeader;
-    proto.send = patchedSend;
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    proto[PATCHED_FLAG] = true;
-    return () => {
-        // Only restore if we still own the patch — don't clobber a later patch.
-        if (proto.open !== patchedOpen)
-            return;
-        proto.open = origOpen;
-        proto.setRequestHeader = origSetHeader;
-        proto.send = origSend;
-        // eslint-disable-next-line @typescript-eslint/no-explicit-any
-        delete proto[PATCHED_FLAG];
-    };
-}
-// ─── helpers ────────────────────────────────────────────────────────────────
-function generateId() {
-    try {
-        return crypto.randomUUID();
-    }
-    catch {
-        return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 10)}`;
-    }
-}
-function redactHeaders(h) {
-    const out = {};
-    for (const [k, v] of Object.entries(h)) {
-        out[k] = SENSITIVE_HEADER.test(k) ? `[redacted ${String(v).length}]` : v;
-    }
-    return out;
-}
-function serializeBody(body, cap) {
-    if (body === undefined || body === null)
-        return { truncated: false };
-    if (typeof body === 'string')
-        return capText(body, cap);
-    if (typeof FormData !== 'undefined' && body instanceof FormData) {
-        const obj = {};
-        body.forEach((v, k) => {
-            obj[k] = typeof v === 'string'
-                ? v
-                : `[File ${v.name} ${v.size}B]`;
-        });
-        return { body: obj, truncated: false };
-    }
-    if (typeof URLSearchParams !== 'undefined' && body instanceof URLSearchParams) {
-        return { body: body.toString(), truncated: false };
-    }
-    if (typeof Blob !== 'undefined' && body instanceof Blob) {
-        return { body: `[Blob ${body.size}B]`, truncated: false };
-    }
-    if (body instanceof ArrayBuffer) {
-        return { body: `[ArrayBuffer ${body.byteLength}B]`, truncated: false };
-    }
-    if (ArrayBuffer.isView(body)) {
-        return {
-            body: `[${body.constructor.name} ${body.byteLength}B]`,
-            truncated: false,
-        };
-    }
-    if (typeof Document !== 'undefined' && body instanceof Document) {
-        return { body: '[Document]', truncated: false };
-    }
-    return { body: '[unknown body]', truncated: false };
-}
-function capText(text, cap) {
-    if (text.length > cap)
-        return { body: text.slice(0, cap), truncated: true };
-    return { body: text, truncated: false };
-}
-function safeGetResponseHeader(xhr, name) {
-    try {
-        return xhr.getResponseHeader(name);
-    }
-    catch {
-        return null;
-    }
-}
-function parseAllResponseHeaders(xhr) {
-    let raw;
-    try {
-        raw = xhr.getAllResponseHeaders();
-    }
-    catch {
-        return undefined;
-    }
-    if (!raw)
-        return undefined;
-    const out = {};
-    for (const line of raw.split('\r\n')) {
-        const idx = line.indexOf(':');
-        if (idx < 0)
-            continue;
-        const k = line.slice(0, idx).trim();
-        const v = line.slice(idx + 1).trim();
-        if (k)
-            out[k] = v;
-    }
-    return Object.keys(out).length ? redactHeaders(out) : undefined;
-}
-function safeReadResponseText(xhr) {
-    try {
-        // responseType must be '' or 'text' to access responseText.
-        if (xhr.responseType !== '' && xhr.responseType !== 'text')
-            return undefined;
-        return xhr.responseText;
-    }
-    catch {
-        return undefined;
-    }
-}
-function safeParseJson(text) {
-    try {
-        return JSON.parse(text);
-    }
-    catch {
-        return text;
-    }
-}
-function isTextLike(ct) {
-    return /json|text|xml|javascript|x-www-form-urlencoded/i.test(ct);
-}
-function safeEmit(fn, entry) {
-    try {
-        fn(entry);
-    }
-    catch {
-        /* swallow */
-    }
-}

package/src/fetchPatch.test.ts

@@ -1,217 +0,0 @@
-// @vitest-environment happy-dom
-import { afterEach, beforeEach, describe, expect, it } from 'vitest';
-import { installFetchPatch } from './fetchPatch.js';
-import type { NetworkEntry } from '@harness-fe/protocol';
-
-// happy-dom installs `window.fetch` via Node's undici. We override with a
-// controllable mock per test so we can shape the Response exactly.
-
-let originalFetch: typeof globalThis.fetch;
-let entries: NetworkEntry[];
-let dispose: () => void;
-
-function setMockFetch(impl: typeof globalThis.fetch): void {
-    window.fetch = impl as typeof window.fetch;
-}
-
-function jsonResponse(body: unknown, init: ResponseInit = {}): Response {
-    return new Response(JSON.stringify(body), {
-        status: 200,
-        headers: { 'content-type': 'application/json', ...(init.headers ?? {}) },
-        ...init,
-    });
-}
-
-function sseStream(chunks: string[]): ReadableStream<Uint8Array> {
-    const enc = new TextEncoder();
-    let i = 0;
-    return new ReadableStream({
-        pull(controller) {
-            if (i < chunks.length) {
-                controller.enqueue(enc.encode(chunks[i++]));
-            } else {
-                controller.close();
-            }
-        },
-    });
-}
-
-beforeEach(() => {
-    originalFetch = window.fetch;
-    entries = [];
-});
-
-afterEach(() => {
-    dispose?.();
-    window.fetch = originalFetch;
-});
-
-describe('installFetchPatch — identity', () => {
-    it('keeps fetch.name === "fetch"', () => {
-        setMockFetch(() => Promise.resolve(new Response('ok')));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        expect(window.fetch.name).toBe('fetch');
-    });
-
-    it('returns the original Response without wrapping', async () => {
-        const original = new Response('hello', { status: 201 });
-        setMockFetch(() => Promise.resolve(original));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        const got = await window.fetch('http://x/');
-        // business reads the body — capture must not have stolen it
-        await expect(got.text()).resolves.toBe('hello');
-        expect(got.status).toBe(201);
-    });
-
-    it('dispose restores window.fetch', () => {
-        const mock: typeof globalThis.fetch = () => Promise.resolve(new Response());
-        setMockFetch(mock);
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        expect(window.fetch).not.toBe(mock);
-        dispose();
-        dispose = () => {};
-        expect(window.fetch).toBe(mock);
-    });
-
-    it('re-install while patched is a no-op', () => {
-        setMockFetch(() => Promise.resolve(new Response()));
-        const d1 = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        const first = window.fetch;
-        const d2 = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        expect(window.fetch).toBe(first);
-        d2(); // no-op
-        d1();
-    });
-});
-
-describe('installFetchPatch — emission', () => {
-    it('emits a req event eagerly and a res event after completion', async () => {
-        setMockFetch(() => Promise.resolve(jsonResponse({ ok: true })));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        await window.fetch('http://x/', { method: 'POST', body: '{"k":1}' });
-        // give the body-clone branch a chance to flush
-        await new Promise((r) => setTimeout(r, 10));
-        const ids = new Set(entries.map((e) => e.id));
-        expect(ids.size).toBe(1);
-        const phases = entries.map((e) => e.phase);
-        expect(phases).toContain('req');
-        expect(phases).toContain('res');
-        const res = entries.find((e) => e.phase === 'res')!;
-        expect(res.status).toBe(200);
-        expect(res.responseBody).toEqual({ ok: true });
-    });
-
-    it('stamps initiator.stack on req entries', async () => {
-        setMockFetch(() => Promise.resolve(jsonResponse({ ok: true })));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        await window.fetch('http://x/');
-        await new Promise((r) => setTimeout(r, 10));
-        const req = entries.find((e) => e.phase === 'req')!;
-        expect(req.initiator).toBeDefined();
-        // Stack should be a non-empty string when V8 produced one.
-        if (req.initiator?.stack !== undefined) {
-            expect(typeof req.initiator.stack).toBe('string');
-            expect(req.initiator.stack.length).toBeGreaterThan(0);
-        }
-    });
-
-    it('captures and caps a large JSON response body', async () => {
-        const huge = 'x'.repeat(2000);
-        setMockFetch(() => Promise.resolve(jsonResponse({ s: huge })));
-        dispose = installFetchPatch({
-            onEntry: (e) => entries.push(e),
-            bodyCap: 500,
-        });
-        await window.fetch('http://x/');
-        await new Promise((r) => setTimeout(r, 10));
-        const res = entries.find((e) => e.phase === 'res')!;
-        expect(res.responseBodyTruncated).toBe(true);
-        // body is the raw truncated text when JSON.parse fails
-        expect(typeof res.responseBody).toBe('string');
-    });
-
-    it('redacts sensitive request headers', async () => {
-        setMockFetch(() => Promise.resolve(new Response('ok')));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        await window.fetch('http://x/', {
-            method: 'POST',
-            headers: {
-                Authorization: 'Bearer abc.def.ghi',
-                'X-Api-Key': 'sk-12345',
-                'content-type': 'text/plain',
-            },
-            body: 'hi',
-        });
-        await new Promise((r) => setTimeout(r, 10));
-        const req = entries.find((e) => e.phase === 'req' && e.requestHeaders)!;
-        expect(req.requestHeaders!.Authorization).toMatch(/^\[redacted \d+\]$/);
-        expect(req.requestHeaders!['X-Api-Key']).toMatch(/^\[redacted \d+\]$/);
-        // non-sensitive header is preserved
-        expect(req.requestHeaders!['content-type']).toBe('text/plain');
-    });
-
-    it('emits res with error field when underlying fetch rejects', async () => {
-        setMockFetch(() => Promise.reject(new Error('network down')));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        await expect(window.fetch('http://x/')).rejects.toThrow('network down');
-        await new Promise((r) => setTimeout(r, 10));
-        const res = entries.find((e) => e.phase === 'res')!;
-        expect(res.error).toBe('network down');
-        expect(res.status).toBeUndefined();
-    });
-
-    it('caps an SSE stream and cancels the cloned reader', async () => {
-        const longChunk = 'data: ' + 'x'.repeat(2000) + '\n\n';
-        setMockFetch(() =>
-            Promise.resolve(
-                new Response(sseStream([longChunk, longChunk, longChunk]), {
-                    status: 200,
-                    headers: { 'content-type': 'text/event-stream' },
-                }),
-            ),
-        );
-        dispose = installFetchPatch({
-            onEntry: (e) => entries.push(e),
-            bodyCap: 500,
-        });
-        const res = await window.fetch('http://x/');
-        // business can still read its own stream
-        await res.text();
-        await new Promise((r) => setTimeout(r, 30));
-        const captured = entries.find((e) => e.phase === 'res')!;
-        expect(captured.responseBodyTruncated).toBe(true);
-        expect((captured.responseBody as string).length).toBe(500);
-    });
-
-    it('skips internal traffic when __hfeInternal flag is set', async () => {
-        setMockFetch(() => Promise.resolve(new Response('ok')));
-        dispose = installFetchPatch({ onEntry: (e) => entries.push(e) });
-        await window.fetch('http://x/', {
-            // eslint-disable-next-line @typescript-eslint/no-explicit-any
-            ...({ __hfeInternal: true } as any),
-        });
-        await new Promise((r) => setTimeout(r, 10));
-        expect(entries).toHaveLength(0);
-    });
-
-    it('skips denylisted URLs', async () => {
-        setMockFetch(() => Promise.resolve(new Response('ok')));
-        dispose = installFetchPatch({
-            onEntry: (e) => entries.push(e),
-            denylist: [/example/],
-        });
-        await window.fetch('http://example.com/__hfe__');
-        await new Promise((r) => setTimeout(r, 10));
-        expect(entries).toHaveLength(0);
-    });
-
-    it('does not let an onEntry throw crash business fetch', async () => {
-        setMockFetch(() => Promise.resolve(new Response('ok')));
-        dispose = installFetchPatch({
-            onEntry: () => {
-                throw new Error('boom');
-            },
-        });
-        await expect(window.fetch('http://x/')).resolves.toBeInstanceOf(Response);
-    });
-});