@mochi.js/core 0.2.2 → 0.6.0

package/src/__tests__/page-dx-cluster.test.ts

@@ -0,0 +1,292 @@
+/**
+ * Unit tests for the Page DX cluster (task 0257):
+ *   - `Page.localStorage.{get,set}`   → DOMStorage.getDOMStorageItems /
+ *                                       DOMStorage.setDOMStorageItem.
+ *   - `Page.sessionStorage.{get,set}` → same shape, `isLocalStorage: false`.
+ *   - `Page.grantAllPermissions()`    → Browser.grantPermissions with the
+ *                                       full descriptor list.
+ *
+ * Driven against a hand-rolled fake CDP transport — same fixture pattern as
+ * the cookies-jar tests, kept inline here so each test file stands alone.
+ *
+ * @see tasks/0257-dx-cluster-cookies-storage-permissions.md
+ */
+
+import { afterEach, beforeEach, describe, expect, it } from "bun:test";
+import { MessageRouter } from "../cdp/router";
+import type { PipeReader, PipeWriter } from "../cdp/transport";
+import { ALL_BROWSER_PERMISSIONS, Page } from "../page";
+
+interface FakeBrowser {
+  reader: PipeReader;
+  writer: PipeWriter;
+  written: Array<{ id?: number; method?: string; params?: unknown; sessionId?: string }>;
+  push(obj: unknown): void;
+  autoRespond(methodPredicate: (m: string) => boolean, result: unknown): void;
+  close(): void;
+}
+
+function makeFakeBrowser(): FakeBrowser {
+  const written: FakeBrowser["written"] = [];
+  let pumpController: ReadableStreamDefaultController<Uint8Array> | null = null;
+  const stream = new ReadableStream<Uint8Array>({
+    start(c) {
+      pumpController = c;
+    },
+  });
+  const enc = new TextEncoder();
+  const dec = new TextDecoder();
+  const autoResponders: Array<{ pred: (m: string) => boolean; result: unknown }> = [];
+
+  const reader: PipeReader = { getReader: () => stream.getReader() };
+
+  const push = (obj: unknown): void => {
+    const bytes = enc.encode(JSON.stringify(obj));
+    const out = new Uint8Array(bytes.length + 1);
+    out.set(bytes, 0);
+    out[bytes.length] = 0;
+    pumpController?.enqueue(out);
+  };
+
+  const writer: PipeWriter = {
+    write: (chunk) => {
+      const last = chunk[chunk.length - 1] === 0 ? chunk.length - 1 : chunk.length;
+      const json = dec.decode(chunk.subarray(0, last));
+      try {
+        const parsed = JSON.parse(json) as {
+          id?: number;
+          method?: string;
+          params?: unknown;
+          sessionId?: string;
+        };
+        written.push(parsed);
+        if (typeof parsed.method === "string" && typeof parsed.id === "number") {
+          const r = autoResponders.find((a) => a.pred(parsed.method ?? ""));
+          if (r) {
+            queueMicrotask(() => push({ id: parsed.id, result: r.result }));
+          }
+        }
+      } catch {
+        // ignore
+      }
+    },
+    flush: () => undefined,
+    end: () => undefined,
+  };
+
+  return {
+    reader,
+    writer,
+    written,
+    push,
+    autoRespond(pred, result) {
+      autoResponders.push({ pred, result });
+    },
+    close() {
+      try {
+        pumpController?.close();
+      } catch {
+        // ignore
+      }
+    },
+  };
+}
+
+/**
+ * Auto-respond to the DOM-resolution chain `resolveOrigin` triggers. Two CDP
+ * calls fire:
+ *   1. `DOM.getDocument` → returns a synthetic root with a `backendNodeId`.
+ *   2. `DOM.resolveNode({ backendNodeId })` → returns `{ object: { objectId } }`.
+ *   3. `Runtime.callFunctionOn` → returns `{ result: { value: <origin> } }`.
+ *
+ * Used for the default-origin path; tests passing an explicit `origin` skip
+ * this fixture.
+ */
+function wireOriginResolver(fake: FakeBrowser, origin: string): void {
+  fake.autoRespond((m) => m === "DOM.getDocument", {
+    root: { nodeId: 1, backendNodeId: 100 },
+  });
+  fake.autoRespond((m) => m === "DOM.resolveNode", {
+    object: { objectId: "doc-obj-1" },
+  });
+  fake.autoRespond((m) => m === "Runtime.callFunctionOn", {
+    result: { value: origin },
+  });
+}
+
+describe("Page.localStorage / Page.sessionStorage (task 0257)", () => {
+  let fake: FakeBrowser;
+  let router: MessageRouter;
+  let page: Page;
+
+  beforeEach(() => {
+    fake = makeFakeBrowser();
+    router = new MessageRouter(fake.reader, fake.writer);
+    router.start();
+    page = new Page({
+      router,
+      targetId: "page-target",
+      sessionId: "page-session",
+      initialUrl: "https://example.com/",
+    });
+  });
+
+  afterEach(async () => {
+    await router.close();
+    fake.close();
+  });
+
+  it("localStorage.get() sends DOMStorage.getDOMStorageItems with isLocalStorage:true", async () => {
+    fake.autoRespond((m) => m === "DOMStorage.getDOMStorageItems", {
+      entries: [
+        ["foo", "bar"],
+        ["baz", "qux"],
+      ],
+    });
+
+    const items = await page.localStorage.get({ origin: "https://example.com" });
+    expect(items).toEqual({ foo: "bar", baz: "qux" });
+
+    const call = fake.written.find((w) => w.method === "DOMStorage.getDOMStorageItems");
+    expect(call).toBeDefined();
+    expect(call?.params).toEqual({
+      storageId: { securityOrigin: "https://example.com", isLocalStorage: true },
+    });
+  });
+
+  it("localStorage.get() defaults origin to current page origin", async () => {
+    wireOriginResolver(fake, "https://defaulted.test");
+    fake.autoRespond((m) => m === "DOMStorage.getDOMStorageItems", { entries: [] });
+    await page.localStorage.get();
+    const call = fake.written.find((w) => w.method === "DOMStorage.getDOMStorageItems");
+    expect(call?.params).toEqual({
+      storageId: { securityOrigin: "https://defaulted.test", isLocalStorage: true },
+    });
+  });
+
+  it("localStorage.set() fans out one DOMStorage.setDOMStorageItem per key", async () => {
+    fake.autoRespond((m) => m === "DOMStorage.setDOMStorageItem", {});
+    await page.localStorage.set({ foo: "bar", baz: "qux" }, { origin: "https://example.com" });
+    const calls = fake.written.filter((w) => w.method === "DOMStorage.setDOMStorageItem");
+    expect(calls.length).toBe(2);
+    expect(calls[0]?.params).toEqual({
+      storageId: { securityOrigin: "https://example.com", isLocalStorage: true },
+      key: "foo",
+      value: "bar",
+    });
+    expect(calls[1]?.params).toEqual({
+      storageId: { securityOrigin: "https://example.com", isLocalStorage: true },
+      key: "baz",
+      value: "qux",
+    });
+  });
+
+  it("sessionStorage.get() flips isLocalStorage to false", async () => {
+    fake.autoRespond((m) => m === "DOMStorage.getDOMStorageItems", {
+      entries: [["k", "v"]],
+    });
+    const items = await page.sessionStorage.get({ origin: "https://example.com" });
+    expect(items).toEqual({ k: "v" });
+    const call = fake.written.find((w) => w.method === "DOMStorage.getDOMStorageItems");
+    expect(call?.params).toEqual({
+      storageId: { securityOrigin: "https://example.com", isLocalStorage: false },
+    });
+  });
+
+  it("sessionStorage.set() also flips isLocalStorage to false", async () => {
+    fake.autoRespond((m) => m === "DOMStorage.setDOMStorageItem", {});
+    await page.sessionStorage.set({ a: "1" }, { origin: "https://example.com" });
+    const call = fake.written.find((w) => w.method === "DOMStorage.setDOMStorageItem");
+    expect(call?.params).toEqual({
+      storageId: { securityOrigin: "https://example.com", isLocalStorage: false },
+      key: "a",
+      value: "1",
+    });
+  });
+
+  it("localStorage.get() throws when origin defaults to opaque about:blank", async () => {
+    // resolveOrigin returns "" or "null" for opaque origins. Wire that.
+    fake.autoRespond((m) => m === "DOM.getDocument", {
+      root: { nodeId: 1, backendNodeId: 100 },
+    });
+    fake.autoRespond((m) => m === "DOM.resolveNode", {
+      object: { objectId: "doc-obj-1" },
+    });
+    fake.autoRespond((m) => m === "Runtime.callFunctionOn", { result: { value: "null" } });
+    let threw = false;
+    try {
+      await page.localStorage.get();
+    } catch (err) {
+      threw = true;
+      expect(String(err)).toContain("opaque");
+    }
+    expect(threw).toBe(true);
+  });
+});
+
+describe("Page.grantAllPermissions (task 0257)", () => {
+  let fake: FakeBrowser;
+  let router: MessageRouter;
+  let page: Page;
+
+  beforeEach(() => {
+    fake = makeFakeBrowser();
+    router = new MessageRouter(fake.reader, fake.writer);
+    router.start();
+    page = new Page({
+      router,
+      targetId: "page-target",
+      sessionId: "page-session",
+      initialUrl: "https://example.com/",
+    });
+  });
+
+  afterEach(async () => {
+    await router.close();
+    fake.close();
+  });
+
+  it("grantAllPermissions({ origin }) sends Browser.grantPermissions with the full list", async () => {
+    fake.autoRespond((m) => m === "Browser.grantPermissions", {});
+    await page.grantAllPermissions({ origin: "https://example.com" });
+    const call = fake.written.find((w) => w.method === "Browser.grantPermissions");
+    expect(call).toBeDefined();
+    expect(call?.params).toEqual({
+      permissions: [...ALL_BROWSER_PERMISSIONS],
+      origin: "https://example.com",
+    });
+  });
+
+  it("grantAllPermissions({ origin }) routes to ROOT browser target (no sessionId)", async () => {
+    fake.autoRespond((m) => m === "Browser.grantPermissions", {});
+    await page.grantAllPermissions({ origin: "https://example.com" });
+    const call = fake.written.find((w) => w.method === "Browser.grantPermissions");
+    // The router omits sessionId when unset → routes to root target. The
+    // fake captures a missing/undefined sessionId.
+    expect(call?.sessionId).toBeUndefined();
+  });
+
+  it("grantAllPermissions() defaults origin to the page's main-frame origin", async () => {
+    wireOriginResolver(fake, "https://granted.test");
+    fake.autoRespond((m) => m === "Browser.grantPermissions", {});
+    await page.grantAllPermissions();
+    const call = fake.written.find((w) => w.method === "Browser.grantPermissions");
+    expect(call?.params).toEqual({
+      permissions: [...ALL_BROWSER_PERMISSIONS],
+      origin: "https://granted.test",
+    });
+  });
+
+  it("ALL_BROWSER_PERMISSIONS contains canonical descriptors", () => {
+    // Sanity check: a couple of well-known permissions must be present so
+    // the conformance test catches a typo if someone hand-edits the list.
+    expect(ALL_BROWSER_PERMISSIONS).toContain("geolocation");
+    expect(ALL_BROWSER_PERMISSIONS).toContain("notifications");
+    expect(ALL_BROWSER_PERMISSIONS).toContain("audioCapture");
+    expect(ALL_BROWSER_PERMISSIONS).toContain("videoCapture");
+    expect(ALL_BROWSER_PERMISSIONS).toContain("clipboardReadWrite");
+    expect(ALL_BROWSER_PERMISSIONS).toContain("midiSysex");
+    // No duplicates.
+    expect(new Set(ALL_BROWSER_PERMISSIONS).size).toBe(ALL_BROWSER_PERMISSIONS.length);
+  });
+});

package/src/__tests__/proc-linux-server.test.ts

@@ -0,0 +1,243 @@
+/**
+ * Unit tests for the Linux-server environment auto-detection that drives
+ * `LaunchOptions.headlessMode` defaulting (task 0258).
+ *
+ * Two layers under test:
+ *
+ *   1. {@link detectLinuxServerEnv} — the pure classifier. Stub
+ *      `(platform, env, uid, container probes)` and assert the
+ *      `LinuxServerEnv` summary it returns.
+ *   2. {@link resolveHeadlessMode} — the resolution table that maps
+ *      `(LaunchOptions, LinuxServerEnv)` → `"new" | "legacy" | "off"`. Order
+ *      of precedence is load-bearing for the docs we ship; tests pin it.
+ *
+ * We DO NOT spawn Chromium here — the goal is to lock the decisions against
+ * regressions without taking the cost of a real launch. The flag-emit
+ * behaviour for the resolved mode is covered separately in
+ * `proc.test.ts` ("appends --headless=new when headless is true" et al.).
+ *
+ * @see packages/core/src/linux-server.ts
+ * @see packages/core/src/launch.ts (resolveHeadlessMode)
+ * @see tasks/0258 (Linux server env auto-detection)
+ */
+
+import { describe, expect, it } from "bun:test";
+import { resolveHeadlessMode } from "../launch";
+import { detectLinuxServerEnv, type LinuxServerProbes } from "../linux-server";
+import { buildChromiumArgs, type SpawnConfig } from "../proc";
+
+const FAKE_BINARY = "/usr/bin/chromium-stub";
+const FAKE_UDD = "/tmp/mochi-test-udd";
+
+function probes(overrides: Partial<LinuxServerProbes> = {}): LinuxServerProbes {
+  return {
+    platform: "linux",
+    display: undefined,
+    waylandDisplay: undefined,
+    uid: 1000,
+    hasDockerEnvFile: false,
+    cgroup: undefined,
+    ...overrides,
+  };
+}
+
+describe("detectLinuxServerEnv — server-no-display classifier (task 0258)", () => {
+  it("flags Linux + no DISPLAY + no WAYLAND_DISPLAY as serverNoDisplay=true", () => {
+    const env = detectLinuxServerEnv(probes());
+    expect(env.serverNoDisplay).toBe(true);
+  });
+
+  it("clears serverNoDisplay when DISPLAY is set (X11 dev workstation)", () => {
+    const env = detectLinuxServerEnv(probes({ display: ":0" }));
+    expect(env.serverNoDisplay).toBe(false);
+  });
+
+  it("clears serverNoDisplay when WAYLAND_DISPLAY is set (Wayland session)", () => {
+    const env = detectLinuxServerEnv(probes({ waylandDisplay: "wayland-0" }));
+    expect(env.serverNoDisplay).toBe(false);
+  });
+
+  it("treats empty-string DISPLAY as 'no display' (matches Chromium)", () => {
+    // An empty DISPLAY value means no usable X server; Chromium itself rejects
+    // the connection. Mirror that — an empty string must not gate us out of
+    // headless defaulting.
+    const env = detectLinuxServerEnv(probes({ display: "" }));
+    expect(env.serverNoDisplay).toBe(true);
+  });
+
+  it("never flags serverNoDisplay on darwin / win32 (rule is Linux-only)", () => {
+    expect(detectLinuxServerEnv(probes({ platform: "darwin" })).serverNoDisplay).toBe(false);
+    expect(detectLinuxServerEnv(probes({ platform: "win32" })).serverNoDisplay).toBe(false);
+  });
+
+  it("flags root=true when uid === 0 on Linux (orthogonal axis)", () => {
+    const env = detectLinuxServerEnv(probes({ uid: 0 }));
+    expect(env.root).toBe(true);
+    expect(env.serverNoDisplay).toBe(true);
+  });
+
+  it("clears root when uid !== 0", () => {
+    expect(detectLinuxServerEnv(probes({ uid: 1000 })).root).toBe(false);
+    expect(detectLinuxServerEnv(probes({ uid: undefined })).root).toBe(false);
+  });
+
+  it("never flags root on non-Linux (uid 0 on macOS root shell is not the same axis)", () => {
+    // The auto-`--no-sandbox` fallback in proc.ts is Linux-specific; the
+    // classifier mirrors that.
+    expect(detectLinuxServerEnv(probes({ platform: "darwin", uid: 0 })).root).toBe(false);
+  });
+
+  it("flags container=true when /.dockerenv is present", () => {
+    const env = detectLinuxServerEnv(probes({ hasDockerEnvFile: true }));
+    expect(env.container).toBe(true);
+  });
+
+  it("flags container=true when /proc/1/cgroup mentions docker", () => {
+    const env = detectLinuxServerEnv(
+      probes({ cgroup: "12:devices:/docker/abc123\n11:freezer:/docker/abc123\n" }),
+    );
+    expect(env.container).toBe(true);
+  });
+
+  it("flags container=true when cgroup mentions containerd", () => {
+    const env = detectLinuxServerEnv(probes({ cgroup: "0::/system.slice/containerd.service\n" }));
+    expect(env.container).toBe(true);
+  });
+
+  it("flags container=true when cgroup mentions kubepods (Kubernetes)", () => {
+    const env = detectLinuxServerEnv(
+      probes({ cgroup: "0::/kubepods.slice/kubepods-pod123.slice/\n" }),
+    );
+    expect(env.container).toBe(true);
+  });
+
+  it("clears container when neither indicator hits", () => {
+    expect(
+      detectLinuxServerEnv(probes({ cgroup: "0::/user.slice/user-1000.slice\n" })).container,
+    ).toBe(false);
+    expect(detectLinuxServerEnv(probes()).container).toBe(false);
+  });
+
+  it("rationale string surfaces every probed axis for debug logging", () => {
+    const env = detectLinuxServerEnv(
+      probes({ display: ":0", uid: 0, hasDockerEnvFile: true, waylandDisplay: undefined }),
+    );
+    expect(env.rationale).toContain("platform=linux");
+    expect(env.rationale).toContain("display=:0");
+    expect(env.rationale).toContain("uid=0");
+    expect(env.rationale).toContain("container=true");
+    expect(env.rationale).toContain("serverNoDisplay=false");
+  });
+});
+
+describe("resolveHeadlessMode — precedence table (task 0258)", () => {
+  const SERVER_ENV = detectLinuxServerEnv(probes());
+  const DEV_ENV = detectLinuxServerEnv(probes({ display: ":0" }));
+
+  it("explicit headlessMode='new' wins on a dev workstation", () => {
+    expect(resolveHeadlessMode({ headlessMode: "new" }, DEV_ENV)).toBe("new");
+  });
+
+  it("explicit headlessMode='legacy' wins on a server", () => {
+    expect(resolveHeadlessMode({ headlessMode: "legacy" }, SERVER_ENV)).toBe("legacy");
+  });
+
+  it("explicit headlessMode='off' wins on a server (caller knows what they want)", () => {
+    expect(resolveHeadlessMode({ headlessMode: "off" }, SERVER_ENV)).toBe("off");
+  });
+
+  it("legacy headless: true maps to 'new' regardless of env", () => {
+    expect(resolveHeadlessMode({ headless: true }, DEV_ENV)).toBe("new");
+    expect(resolveHeadlessMode({ headless: true }, SERVER_ENV)).toBe("new");
+  });
+
+  it("legacy headless: false maps to 'off' regardless of env", () => {
+    // Even on a server, an explicit `headless: false` must be honored —
+    // we are not in the business of ignoring user input. The user will
+    // crash, but they asked for it.
+    expect(resolveHeadlessMode({ headless: false }, SERVER_ENV)).toBe("off");
+    expect(resolveHeadlessMode({ headless: false }, DEV_ENV)).toBe("off");
+  });
+
+  it("env default: server-no-display → 'new' (the task 0258 fix)", () => {
+    expect(resolveHeadlessMode({}, SERVER_ENV)).toBe("new");
+  });
+
+  it("env default: dev workstation with DISPLAY → 'off' (run headful)", () => {
+    expect(resolveHeadlessMode({}, DEV_ENV)).toBe("off");
+  });
+
+  it("env default: macOS / Windows → 'off' (no Linux-only fallback)", () => {
+    const macEnv = detectLinuxServerEnv(probes({ platform: "darwin" }));
+    const winEnv = detectLinuxServerEnv(probes({ platform: "win32" }));
+    expect(resolveHeadlessMode({}, macEnv)).toBe("off");
+    expect(resolveHeadlessMode({}, winEnv)).toBe("off");
+  });
+
+  it("headlessMode supersedes a contradicting legacy headless flag", () => {
+    expect(resolveHeadlessMode({ headlessMode: "off", headless: true }, SERVER_ENV)).toBe("off");
+    expect(resolveHeadlessMode({ headlessMode: "new", headless: false }, DEV_ENV)).toBe("new");
+  });
+
+  it("server + root still resolves to 'new' (orthogonal axes — task 0258 §detection)", () => {
+    // The root/no-sandbox auto-flag is owned by proc.ts, not the headless
+    // resolver. This test pins that resolveHeadlessMode does NOT bake root
+    // into its decision — the user could be running the new-headless flow
+    // as root inside a container without that influencing the mode.
+    const rootServer = detectLinuxServerEnv(probes({ uid: 0 }));
+    expect(resolveHeadlessMode({}, rootServer)).toBe("new");
+  });
+
+  it("container + DISPLAY (rare but valid) → 'off' (developer in a devcontainer)", () => {
+    const devcontainer = detectLinuxServerEnv(
+      probes({ display: ":0", hasDockerEnvFile: true, cgroup: "0::/docker/abc\n" }),
+    );
+    expect(devcontainer.container).toBe(true);
+    expect(devcontainer.serverNoDisplay).toBe(false);
+    expect(resolveHeadlessMode({}, devcontainer)).toBe("off");
+  });
+});
+
+describe("buildChromiumArgs — headlessMode dispatch (task 0258)", () => {
+  function baseCfg(overrides: Partial<SpawnConfig> = {}): SpawnConfig {
+    return { binary: FAKE_BINARY, headless: false, ...overrides };
+  }
+
+  it("headlessMode='new' emits --headless=new", () => {
+    const args = buildChromiumArgs(baseCfg({ headlessMode: "new" }), FAKE_UDD, undefined);
+    expect(args).toContain("--headless=new");
+    expect(args).not.toContain("--headless");
+  });
+
+  it("headlessMode='legacy' emits bare --headless", () => {
+    const args = buildChromiumArgs(baseCfg({ headlessMode: "legacy" }), FAKE_UDD, undefined);
+    expect(args).toContain("--headless");
+    expect(args).not.toContain("--headless=new");
+  });
+
+  it("headlessMode='off' emits no headless flag at all", () => {
+    const args = buildChromiumArgs(baseCfg({ headlessMode: "off" }), FAKE_UDD, undefined);
+    expect(args.some((a) => a === "--headless" || a.startsWith("--headless="))).toBe(false);
+  });
+
+  it("headlessMode='new' supersedes headless: false", () => {
+    // The launcher resolves the mode; by the time we reach buildChromiumArgs,
+    // the resolved mode is canonical.
+    const args = buildChromiumArgs(
+      baseCfg({ headless: false, headlessMode: "new" }),
+      FAKE_UDD,
+      undefined,
+    );
+    expect(args).toContain("--headless=new");
+  });
+
+  it("legacy: headless: true with no headlessMode falls back to --headless=new", () => {
+    const args = buildChromiumArgs(baseCfg({ headless: true }), FAKE_UDD, undefined);
+    expect(args).toContain("--headless=new");
+  });
+
+  it("legacy: headless: false with no headlessMode emits no headless flag", () => {
+    const args = buildChromiumArgs(baseCfg({ headless: false }), FAKE_UDD, undefined);
+    expect(args.some((a) => a === "--headless" || a.startsWith("--headless="))).toBe(false);
+  });
+});

package/src/__tests__/proxy-auth.test.ts

@@ -5,7 +5,8 @@
  * with-auth/no-auth × edge cases (missing port, IPv6 host, percent-encoded
  * creds, empty password).
  *
- * `installProxyAuth`: drives a fake CDP router. Verifies:
+ * `installProxyAuth`: drives a fake CDP router via the shared
+ * `tests/helpers/cdp-fixture.ts` helper. Verifies:
  *   - `Fetch.enable` is sent with `handleAuthRequests: true, patterns: [{ urlPattern: "*" }]`.
  *   - `Fetch.authRequired` events trigger `Fetch.continueWithAuth` carrying
  *     the configured creds.
@@ -16,8 +17,8 @@
  */
 
 import { describe, expect, it } from "bun:test";
+import { type FakePipe, makeFakePipe } from "../../../../tests/helpers/cdp-fixture";
 import { MessageRouter } from "../cdp/router";
-import type { PipeReader, PipeWriter } from "../cdp/transport";
 import { installProxyAuth, parseProxyUrl } from "../proxy-auth";
 
 describe("parseProxyUrl", () => {
@@ -131,69 +132,35 @@ describe("parseProxyUrl", () => {
 
 interface FakeRouter {
   router: MessageRouter;
-  written: { method: string; params?: unknown }[];
+  pipe: FakePipe;
   pushEvent(method: string, params: unknown): void;
 }
 
 function makeRouter(): FakeRouter {
-  const written: { method: string; params?: unknown }[] = [];
-  let pumpController: ReadableStreamDefaultController<Uint8Array> | null = null;
-  const stream = new ReadableStream<Uint8Array>({
-    start(c) {
-      pumpController = c;
-    },
-  });
-  const reader: PipeReader = {
-    getReader: () => stream.getReader(),
-  };
-  const writer: PipeWriter = {
-    write: (chunk: Uint8Array) => {
-      const last = chunk[chunk.length - 1] === 0 ? chunk.length - 1 : chunk.length;
-      const json = new TextDecoder().decode(chunk.subarray(0, last));
-      try {
-        const obj = JSON.parse(json) as { id?: number; method: string; params?: unknown };
-        written.push({ method: obj.method, params: obj.params });
-        // Auto-resolve the request immediately so the await in
-        // `installProxyAuth` doesn't hang.
-        if (typeof obj.id === "number") {
-          const reply = JSON.stringify({ id: obj.id, result: {} });
-          const enc = new TextEncoder().encode(reply);
-          const out = new Uint8Array(enc.length + 1);
-          out.set(enc, 0);
-          out[enc.length] = 0;
-          pumpController?.enqueue(out);
-        }
-      } catch {
-        // ignore
-      }
-      return chunk.byteLength;
-    },
-    flush: () => undefined,
-    end: () => undefined,
-  };
-  const router = new MessageRouter(reader, writer);
+  // Default responders auto-answer Fetch.enable / Fetch.disable / etc with
+  // `{}` — that's everything `installProxyAuth` waits on.
+  const pipe = makeFakePipe();
+  const router = new MessageRouter(pipe.reader, pipe.writer);
   router.start();
-  const enc = new TextEncoder();
   return {
     router,
-    written,
+    pipe,
     pushEvent(method: string, params: unknown): void {
-      const bytes = enc.encode(JSON.stringify({ method, params }));
-      const out = new Uint8Array(bytes.length + 1);
-      out.set(bytes, 0);
-      out[bytes.length] = 0;
-      pumpController?.enqueue(out);
+      pipe.inject({ method, params });
     },
   };
 }
 
 describe("installProxyAuth", () => {
-  it("sends Fetch.enable with handleAuthRequests:true and empty patterns", async () => {
+  it("sends Fetch.enable with handleAuthRequests:true and Document-first patterns (task 0266)", async () => {
     const f = makeRouter();
     const handle = await installProxyAuth(f.router, { username: "u", password: "p" });
-    const enable = f.written.find((c) => c.method === "Fetch.enable");
+    const enable = f.pipe.written.find((c) => c.parsed.method === "Fetch.enable");
     expect(enable).toBeDefined();
-    expect(enable?.params).toEqual({ handleAuthRequests: true, patterns: [{ urlPattern: "*" }] });
+    expect(enable?.parsed.params).toEqual({
+      handleAuthRequests: true,
+      patterns: [{ urlPattern: "*", resourceType: "Document" }, { urlPattern: "*" }],
+    });
     await handle.dispose();
     await f.router.close();
   });
@@ -204,9 +171,9 @@ describe("installProxyAuth", () => {
     f.pushEvent("Fetch.authRequired", { requestId: "req-42", authChallenge: { source: "Proxy" } });
     // Allow microtasks + the writer push to flush.
     await new Promise((r) => setTimeout(r, 10));
-    const reply = f.written.find((c) => c.method === "Fetch.continueWithAuth");
+    const reply = f.pipe.written.find((c) => c.parsed.method === "Fetch.continueWithAuth");
     expect(reply).toBeDefined();
-    expect(reply?.params).toEqual({
+    expect(reply?.parsed.params).toEqual({
       requestId: "req-42",
       authChallengeResponse: {
         response: "ProvideCredentials",
@@ -223,9 +190,9 @@ describe("installProxyAuth", () => {
     const handle = await installProxyAuth(f.router, { username: "u", password: "p" });
     f.pushEvent("Fetch.requestPaused", { requestId: "rp-1" });
     await new Promise((r) => setTimeout(r, 10));
-    const reply = f.written.find((c) => c.method === "Fetch.continueRequest");
+    const reply = f.pipe.written.find((c) => c.parsed.method === "Fetch.continueRequest");
     expect(reply).toBeDefined();
-    expect(reply?.params).toEqual({ requestId: "rp-1" });
+    expect(reply?.parsed.params).toEqual({ requestId: "rp-1" });
     await handle.dispose();
     await f.router.close();
   });
@@ -235,7 +202,7 @@ describe("installProxyAuth", () => {
     const handle = await installProxyAuth(f.router, { username: "u", password: "p" });
     await handle.dispose();
     await handle.dispose();
-    const disables = f.written.filter((c) => c.method === "Fetch.disable");
+    const disables = f.pipe.written.filter((c) => c.parsed.method === "Fetch.disable");
     expect(disables.length).toBe(1);
     await f.router.close();
   });
@@ -246,7 +213,7 @@ describe("installProxyAuth", () => {
     await handle.dispose();
     f.pushEvent("Fetch.authRequired", { requestId: "late" });
     await new Promise((r) => setTimeout(r, 10));
-    const replies = f.written.filter((c) => c.method === "Fetch.continueWithAuth");
+    const replies = f.pipe.written.filter((c) => c.parsed.method === "Fetch.continueWithAuth");
     expect(replies.length).toBe(0);
     await f.router.close();
   });