@mochi.js/core 0.3.0 → 0.8.0

package/src/__tests__/init-injector.test.ts

@@ -0,0 +1,248 @@
+/**
+ * Unit tests for the init-injector building blocks.
+ *
+ * Covers:
+ *   - {@link rewriteCsp}: no-nonce / nonce / strict-dynamic / unsafe-inline
+ *     idempotence / multiple directives.
+ *   - {@link rewriteHeaders}: header-name case insensitive, content-length
+ *     stripped, CSP and CSP-Report-Only both rewritten.
+ *   - {@link rewriteMetaCsp}: HTML meta-tag rewriting + entity round-trip.
+ *   - {@link injectIntoHead}: script splice ahead of first non-comment
+ *     `<script>`; script-tag attributes (no defer/async/module).
+ *   - {@link wrapSelfRemovingPayload}: first statement is the self-remove +
+ *     marker; the inner payload is left intact.
+ *
+ */
+
+import { describe, expect, it } from "bun:test";
+import {
+  injectIntoHead,
+  MOCHI_INIT_MARKER,
+  MOCHI_INIT_SCRIPT_CLASS,
+  rewriteCsp,
+  rewriteHeaders,
+  rewriteMetaCsp,
+  wrapSelfRemovingPayload,
+} from "../cdp/init-injector";
+
+describe("rewriteCsp", () => {
+  it("no nonce, no unsafe-inline → adds 'unsafe-inline' to script-src", () => {
+    const out = rewriteCsp("script-src 'self' https://cdn.example.com");
+    expect(out.value).toContain("script-src 'self' https://cdn.example.com 'unsafe-inline'");
+    expect(out.nonce).toBeUndefined();
+  });
+
+  it("with-nonce → leaves directive intact and returns nonce string", () => {
+    const out = rewriteCsp("script-src 'self' 'nonce-abc123XYZ'");
+    expect(out.value).toBe("script-src 'self' 'nonce-abc123XYZ'");
+    expect(out.nonce).toBe("abc123XYZ");
+  });
+
+  it("strict-dynamic + nonce → leaves directive intact and surfaces nonce", () => {
+    const out = rewriteCsp("script-src 'strict-dynamic' 'nonce-XYZ' 'unsafe-eval'");
+    expect(out.value).toBe("script-src 'strict-dynamic' 'nonce-XYZ' 'unsafe-eval'");
+    expect(out.nonce).toBe("XYZ");
+  });
+
+  it("strict-dynamic without nonce → falls through to unsafe-inline (best-effort)", () => {
+    const out = rewriteCsp("script-src 'strict-dynamic'");
+    expect(out.value).toContain("'unsafe-inline'");
+    expect(out.nonce).toBeUndefined();
+  });
+
+  it("already has 'unsafe-inline' → idempotent (does not double-add)", () => {
+    const out = rewriteCsp("script-src 'self' 'unsafe-inline'");
+    expect(out.value).toBe("script-src 'self' 'unsafe-inline'");
+    expect(out.value.match(/'unsafe-inline'/g)?.length).toBe(1);
+  });
+
+  it("multiple directives → only script-src/script-src-elem/default-src mutated", () => {
+    const out = rewriteCsp(
+      "default-src 'self'; img-src https:; script-src 'self'; style-src 'self'",
+    );
+    expect(out.value).toContain("script-src 'self' 'unsafe-inline'");
+    expect(out.value).toContain("default-src 'self' 'unsafe-inline'");
+    expect(out.value).toContain("img-src https:");
+    expect(out.value).toContain("style-src 'self'");
+  });
+
+  it("script-src-elem also gets relaxed", () => {
+    const out = rewriteCsp("script-src-elem 'self'");
+    expect(out.value).toContain("script-src-elem 'self' 'unsafe-inline'");
+  });
+});
+
+describe("rewriteHeaders", () => {
+  it("rewrites Content-Security-Policy and surfaces nonce", () => {
+    const out = rewriteHeaders([
+      { name: "Content-Security-Policy", value: "script-src 'nonce-NN'" },
+      { name: "X-Frame-Options", value: "DENY" },
+    ]);
+    expect(out.scriptNonce).toBe("NN");
+    const csp = out.headers.find((h) => h.name === "Content-Security-Policy");
+    expect(csp?.value).toBe("script-src 'nonce-NN'");
+    expect(out.headers.find((h) => h.name === "X-Frame-Options")?.value).toBe("DENY");
+  });
+
+  it("rewrites Content-Security-Policy-Report-Only too", () => {
+    const out = rewriteHeaders([
+      { name: "content-security-policy-report-only", value: "script-src 'self'" },
+    ]);
+    const csp = out.headers.find(
+      (h) => h.name.toLowerCase() === "content-security-policy-report-only",
+    );
+    expect(csp?.value).toContain("'unsafe-inline'");
+  });
+
+  it("strips Content-Length so fulfillRequest recomputes", () => {
+    const out = rewriteHeaders([
+      { name: "Content-Length", value: "1234" },
+      { name: "Content-Type", value: "text/html" },
+    ]);
+    expect(out.headers.some((h) => h.name.toLowerCase() === "content-length")).toBe(false);
+    expect(out.headers.some((h) => h.name === "Content-Type")).toBe(true);
+  });
+
+  it("adopts the first nonce when multiple CSPs are present", () => {
+    const out = rewriteHeaders([
+      { name: "Content-Security-Policy", value: "script-src 'nonce-aaa'" },
+      { name: "Content-Security-Policy", value: "script-src 'nonce-bbb'" },
+    ]);
+    expect(out.scriptNonce).toBe("aaa");
+  });
+});
+
+describe("rewriteMetaCsp", () => {
+  it("rewrites a meta tag's CSP content attribute (encoded on the wire)", () => {
+    const html = `<head><meta http-equiv="Content-Security-Policy" content="script-src 'self'"></head>`;
+    const out = rewriteMetaCsp(html);
+    // Apostrophes in attribute values round-trip through entity encoding;
+    // assert the encoded form so we capture what Chromium will actually
+    // parse back into the document.
+    expect(out.html).toContain("&#39;unsafe-inline&#39;");
+  });
+
+  it("preserves other attribute order and unrelated meta tags", () => {
+    const html = `<head><meta charset="utf-8"><meta http-equiv="Content-Security-Policy" content="script-src 'self'"><meta name="viewport" content="width=device-width"></head>`;
+    const out = rewriteMetaCsp(html);
+    expect(out.html).toContain('<meta charset="utf-8">');
+    expect(out.html).toContain('<meta name="viewport"');
+    expect(out.html).toContain("&#39;unsafe-inline&#39;");
+  });
+
+  it("extracts nonce from a meta-tag CSP", () => {
+    const html = `<meta http-equiv="Content-Security-Policy" content="script-src 'nonce-MMM'">`;
+    const out = rewriteMetaCsp(html);
+    expect(out.firstNonce).toBe("MMM");
+  });
+
+  it("ignores meta tags that are NOT CSP", () => {
+    const html = `<meta http-equiv="X-UA-Compatible" content="IE=edge">`;
+    const out = rewriteMetaCsp(html);
+    expect(out.html).toBe(html);
+    expect(out.firstNonce).toBeUndefined();
+  });
+
+  it("handles single-quoted attribute values too", () => {
+    const html = `<meta http-equiv='Content-Security-Policy' content='script-src \\'self\\''>`;
+    // Bun's regex is fine with the structure even though we don't decode \'
+    // here — the input shape is contrived; the production path always sees
+    // properly-escaped HTML from Chromium.
+    const out = rewriteMetaCsp(html);
+    expect(out.html).toContain("Content-Security-Policy");
+  });
+});
+
+describe("injectIntoHead", () => {
+  const SCRIPT = "console.log(1)";
+
+  it("inserts BEFORE the first non-comment <script> in head", () => {
+    const html = `<!doctype html><html><head><meta charset="utf-8"><script>window.first=true</script></head><body></body></html>`;
+    const out = injectIntoHead(html, SCRIPT, undefined);
+    const idxOurs = out.indexOf(`class="${MOCHI_INIT_SCRIPT_CLASS}"`);
+    const idxFirst = out.indexOf("window.first=true");
+    expect(idxOurs).toBeGreaterThan(-1);
+    expect(idxFirst).toBeGreaterThan(-1);
+    expect(idxOurs).toBeLessThan(idxFirst);
+  });
+
+  it("ignores HTML comments — does not splice before commented-out <script>", () => {
+    const html = `<head><!-- <script>window.fake=1</script> --><script>window.real=1</script></head>`;
+    const out = injectIntoHead(html, SCRIPT, undefined);
+    const idxOurs = out.indexOf(`class="${MOCHI_INIT_SCRIPT_CLASS}"`);
+    const idxReal = out.indexOf("window.real=1");
+    const idxFake = out.indexOf("window.fake=1");
+    expect(idxOurs).toBeLessThan(idxReal);
+    // Our script must also be after the comment block — splicing in the
+    // middle of a comment would be wrong.
+    expect(idxOurs).toBeGreaterThan(idxFake);
+  });
+
+  it("inserts at end-of-head when no <script> exists in head", () => {
+    const html = `<head><meta charset="utf-8"></head><body><script>window.bodyScript=1</script></body>`;
+    const out = injectIntoHead(html, SCRIPT, undefined);
+    const idxOurs = out.indexOf(`class="${MOCHI_INIT_SCRIPT_CLASS}"`);
+    const idxBody = out.indexOf("window.bodyScript=1");
+    expect(idxOurs).toBeGreaterThan(-1);
+    expect(idxOurs).toBeLessThan(idxBody);
+    // Script lands inside the head — i.e. before </head>.
+    const idxClose = out.indexOf("</head>");
+    expect(idxOurs).toBeLessThan(idxClose);
+  });
+
+  it("creates a <head> when missing", () => {
+    const html = `<html><body><h1>hi</h1></body></html>`;
+    const out = injectIntoHead(html, SCRIPT, undefined);
+    expect(out).toContain("<head>");
+    expect(out).toContain(`class="${MOCHI_INIT_SCRIPT_CLASS}"`);
+  });
+
+  it("does NOT add defer / async / type=module attributes (timing-critical)", () => {
+    const html = `<head></head>`;
+    const out = injectIntoHead(html, SCRIPT, undefined);
+    // The injected tag for timing-critical inject MUST be a parser-blocking
+    // classic script. The patchright finding hinges on this.
+    const tag = out.match(/<script[^>]*class="__mochi_init_script__"[^>]*>/);
+    expect(tag).not.toBeNull();
+    const tagSrc = tag?.[0] ?? "";
+    expect(tagSrc).not.toMatch(/\bdefer\b/);
+    expect(tagSrc).not.toMatch(/\basync\b/);
+    expect(tagSrc).not.toMatch(/type\s*=\s*"module"/);
+    expect(tagSrc).not.toMatch(/type\s*=\s*'module'/);
+  });
+
+  it("attaches nonce attribute when supplied", () => {
+    const html = `<head></head>`;
+    const out = injectIntoHead(html, SCRIPT, "abc123");
+    expect(out).toMatch(/<script[^>]+nonce="abc123"/);
+  });
+});
+
+describe("wrapSelfRemovingPayload", () => {
+  it("first statement removes document.currentScript", () => {
+    const wrapped = wrapSelfRemovingPayload("/* payload */");
+    // Self-remove must come BEFORE the marker assignment AND before the
+    // payload — otherwise a script that throws synchronously could leave a
+    // detectable orphan node in the DOM.
+    const idxSelfRemove = wrapped.indexOf("document.currentScript");
+    const idxMarker = wrapped.indexOf(MOCHI_INIT_MARKER);
+    const idxPayload = wrapped.indexOf("/* payload */");
+    expect(idxSelfRemove).toBeGreaterThan(-1);
+    expect(idxMarker).toBeGreaterThan(-1);
+    expect(idxPayload).toBeGreaterThan(-1);
+    expect(idxSelfRemove).toBeLessThan(idxMarker);
+    expect(idxMarker).toBeLessThan(idxPayload);
+  });
+
+  it("contains the post-load DOM walk (belt-and-suspenders)", () => {
+    const wrapped = wrapSelfRemovingPayload("0");
+    expect(wrapped).toContain(MOCHI_INIT_SCRIPT_CLASS);
+    expect(wrapped).toMatch(/load|complete/);
+  });
+
+  it("preserves the original payload bytes intact", () => {
+    const orig = "(function(){window.x=42;})();";
+    const wrapped = wrapSelfRemovingPayload(orig);
+    expect(wrapped).toContain(orig);
+  });
+});

package/src/__tests__/inject.test.ts

@@ -5,132 +5,23 @@
  * browser reports its bare, un-spoofed fingerprint.
  *
  * No real Chromium process is spawned; we drive `Session` against a fake
- * `ChromiumProcess` whose pipe reader/writer let us observe every CDP
- * request sent and inject canned responses. The §8.2 forbidden-method
- * assertions still gate every send through `MessageRouter`, so the test
- * implicitly enforces those too.
+ * `ChromiumProcess` via the shared `tests/helpers/cdp-fixture.ts` helper.
+ * The §8.2 forbidden-method assertions still gate every send through
+ * `MessageRouter`, so the test implicitly enforces those too.
  *
  * @see PLAN.md §12.1 — capture must run against bare Chromium.
- * @see tasks/0040-mochi-capture.md — `bypassInject: true` requirement.
+ * @see tests/helpers/cdp-fixture.ts — shared helper consolidating fake-pipe boilerplate.
  */
 
 import { afterEach, beforeEach, describe, expect, it } from "bun:test";
 import { deriveMatrix, type ProfileV1 } from "@mochi.js/consistency";
-import type { PipeReader, PipeWriter } from "../cdp/transport";
-import type { ChromiumProcess } from "../proc";
+import {
+  type FakePipe,
+  fakeChromiumProcess,
+  makeFakePipe,
+} from "../../../../tests/helpers/cdp-fixture";
 import { Session } from "../session";
 
-interface FakeBrowser {
-  process: ChromiumProcess;
-  /** All CDP requests written to the pipe, decoded as JSON-RPC objects. */
-  written: Array<{ id?: number; method?: string; params?: unknown; sessionId?: string }>;
-  /** Inject one inbound JSON frame (CDP response or event). */
-  push(obj: unknown): void;
-  /** Auto-respond to any request matching `methodPredicate`. Returns the unsubscribe. */
-  autoRespond(methodPredicate: (m: string) => boolean, result: unknown): void;
-  /** Resolve when the next `n` writes have completed. */
-  waitForWrites(n: number): Promise<void>;
-}
-
-function makeFakeBrowser(): FakeBrowser {
-  const written: FakeBrowser["written"] = [];
-  let pumpController: ReadableStreamDefaultController<Uint8Array> | null = null;
-  const stream = new ReadableStream<Uint8Array>({
-    start(c) {
-      pumpController = c;
-    },
-  });
-  const enc = new TextEncoder();
-  const dec = new TextDecoder();
-  const autoResponders: Array<{ pred: (m: string) => boolean; result: unknown }> = [];
-  const writeListeners: Array<() => void> = [];
-
-  const reader: PipeReader = {
-    getReader: () => stream.getReader(),
-  };
-
-  const push = (obj: unknown): void => {
-    const bytes = enc.encode(JSON.stringify(obj));
-    const out = new Uint8Array(bytes.length + 1);
-    out.set(bytes, 0);
-    out[bytes.length] = 0;
-    pumpController?.enqueue(out);
-  };
-
-  const writer: PipeWriter = {
-    write: (chunk) => {
-      const last = chunk[chunk.length - 1] === 0 ? chunk.length - 1 : chunk.length;
-      const json = dec.decode(chunk.subarray(0, last));
-      try {
-        const parsed = JSON.parse(json) as {
-          id?: number;
-          method?: string;
-          params?: unknown;
-          sessionId?: string;
-        };
-        written.push(parsed);
-        // Notify listeners.
-        const ls = writeListeners.splice(0, writeListeners.length);
-        for (const fn of ls) fn();
-        // Auto-respond if matched.
-        if (typeof parsed.method === "string" && typeof parsed.id === "number") {
-          const r = autoResponders.find((a) => a.pred(parsed.method ?? ""));
-          if (r) {
-            queueMicrotask(() => push({ id: parsed.id, result: r.result }));
-          }
-        }
-      } catch {
-        // ignore malformed
-      }
-    },
-    flush: () => undefined,
-    end: () => undefined,
-  };
-
-  let resolveExit: ((code: number) => void) | undefined;
-  const exited = new Promise<number>((res) => {
-    resolveExit = res;
-  });
-
-  let killed = false;
-  const proc: ChromiumProcess = {
-    userDataDir: "/tmp/fake-mochi-test",
-    pid: 0,
-    exited,
-    reader,
-    writer,
-    close: async () => {
-      if (killed) return;
-      killed = true;
-      try {
-        pumpController?.close();
-      } catch {
-        // ignore
-      }
-      resolveExit?.(0);
-    },
-  };
-
-  return {
-    process: proc,
-    written,
-    push,
-    autoRespond(pred, result) {
-      autoResponders.push({ pred, result });
-    },
-    waitForWrites(n) {
-      if (written.length >= n) return Promise.resolve();
-      return new Promise<void>((resolve) => {
-        const check = (): void => {
-          if (written.length >= n) resolve();
-          else writeListeners.push(check);
-        };
-        writeListeners.push(check);
-      });
-    },
-  };
-}
-
 const TEST_PROFILE: ProfileV1 = {
   id: "bypass-inject-fixture",
   version: "0.0.0-test",
@@ -168,11 +59,18 @@ const TEST_PROFILE: ProfileV1 = {
 };
 
 describe("Session.bypassInject (PLAN.md §12.1, task 0040)", () => {
-  let fake: FakeBrowser;
+  let pipe: FakePipe;
   let session: Session | undefined;
 
   beforeEach(() => {
-    fake = makeFakeBrowser();
+    pipe = makeFakePipe({
+      responders: {
+        // Tests below assert on identifier shape — keep these stable.
+        "Target.createTarget": () => ({ targetId: "page-target-1" }),
+        "Target.attachToTarget": () => ({ sessionId: "session-1" }),
+        "Page.addScriptToEvaluateOnNewDocument": () => ({ identifier: "should-never-fire" }),
+      },
+    });
     session = undefined;
   });
 
@@ -186,47 +84,42 @@ describe("Session.bypassInject (PLAN.md §12.1, task 0040)", () => {
     }
   });
 
-  it("with bypassInject:true — newPage() never sends Page.addScriptToEvaluateOnNewDocument", async () => {
+  it("with bypassInject:true — newPage() never sends Page.addScriptToEvaluateOnNewDocument and no Fetch.enable for inject", async () => {
     const matrix = deriveMatrix(TEST_PROFILE, "bypass-test");
     session = new Session({
-      proc: fake.process,
+      proc: fakeChromiumProcess(pipe, { userDataDir: "/tmp/fake-mochi-test" }),
       matrix,
       seed: "bypass-test",
       bypassInject: true,
     });
 
-    // Auto-respond to the small set of CDP calls Session/newPage drives:
-    // Target.setAutoAttach (constructor), Target.createTarget, Target.attachToTarget,
-    // and Page.enable. These are the *only* writes we expect.
-    fake.autoRespond((m) => m === "Target.setAutoAttach", {});
-    fake.autoRespond((m) => m === "Target.createTarget", { targetId: "page-target-1" });
-    fake.autoRespond((m) => m === "Target.attachToTarget", { sessionId: "session-1" });
-    fake.autoRespond((m) => m === "Page.enable", {});
-    fake.autoRespond((m) => m === "Target.closeTarget", { success: true });
-    fake.autoRespond((m) => m === "Page.removeScriptToEvaluateOnNewDocument", {});
-    fake.autoRespond((m) => m === "Page.addScriptToEvaluateOnNewDocument", {
-      identifier: "should-never-fire",
-    });
-
     const page = await session.newPage();
     expect(page).toBeDefined();
+    // Allow the constructor's deferred init-injector promise to settle (it's
+    // a no-op in this case but the rejection-handler microtasks still queue).
+    await new Promise((r) => setTimeout(r, 5));
 
-    const methods = fake.written
-      .map((w) => w.method)
+    const methods = pipe.written
+      .map((w) => w.parsed.method)
       .filter((m): m is string => typeof m === "string");
     expect(methods).toContain("Target.createTarget");
     expect(methods).toContain("Target.attachToTarget");
     expect(methods).toContain("Page.enable");
-    // The contract: ZERO addScriptToEvaluateOnNewDocument sends.
+    // Task 0266 contract: no Page.addScriptToEvaluateOnNewDocument under
+    // bypassInject — the session-level injector is also short-circuited.
     expect(methods).not.toContain("Page.addScriptToEvaluateOnNewDocument");
-    // And no Runtime.evaluate either (worker injection is also bypassed).
+    // No Runtime.evaluate — worker injection is also bypassed.
     expect(methods).not.toContain("Runtime.evaluate");
+    // No proxy creds, no payload to deliver — the unified injector
+    // short-circuits and does NOT send Fetch.enable. Capture flow keeps a
+    // zero-extra-protocol-surface posture.
+    expect(methods).not.toContain("Fetch.enable");
   });
 
   it("with bypassInject:true — _internalPayload() is null", () => {
     const matrix = deriveMatrix(TEST_PROFILE, "null-payload");
     session = new Session({
-      proc: fake.process,
+      proc: fakeChromiumProcess(pipe, { userDataDir: "/tmp/fake-mochi-test" }),
       matrix,
       seed: "null-payload",
       bypassInject: true,
@@ -235,10 +128,20 @@ describe("Session.bypassInject (PLAN.md §12.1, task 0040)", () => {
     expect(session._internalBypassInject()).toBe(true);
   });
 
-  it("with bypassInject omitted — _internalPayload() is non-null and newPage installs the inject script", async () => {
+  it("with bypassInject omitted — Session installs the unified Fetch-domain injector instead of Page.addScriptToEvaluateOnNewDocument", async () => {
+    // Override the script identifier for this test — it asserts that the
+    // dual-mechanism `addScriptToEvaluateOnNewDocument` call (commit 2 of
+    // 0266) carries the wrapped matrix payload.
+    const localPipe = makeFakePipe({
+      responders: {
+        "Target.createTarget": () => ({ targetId: "page-target-2" }),
+        "Target.attachToTarget": () => ({ sessionId: "session-2" }),
+        "Page.addScriptToEvaluateOnNewDocument": () => ({ identifier: "inj-1" }),
+      },
+    });
     const matrix = deriveMatrix(TEST_PROFILE, "default-inject");
     session = new Session({
-      proc: fake.process,
+      proc: fakeChromiumProcess(localPipe, { userDataDir: "/tmp/fake-mochi-test" }),
       matrix,
       seed: "default-inject",
     });
@@ -247,34 +150,46 @@ describe("Session.bypassInject (PLAN.md §12.1, task 0040)", () => {
     expect(payload).not.toBeNull();
     expect(payload?.code.length ?? 0).toBeGreaterThan(0);
 
-    fake.autoRespond((m) => m === "Target.setAutoAttach", {});
-    fake.autoRespond((m) => m === "Target.createTarget", { targetId: "page-target-2" });
-    fake.autoRespond((m) => m === "Target.attachToTarget", { sessionId: "session-2" });
-    fake.autoRespond((m) => m === "Page.enable", {});
-    // Task 0262: Session sends Emulation.setTimezoneOverride per page.
-    fake.autoRespond((m) => m === "Emulation.setTimezoneOverride", {});
-    // Task 0255: Session now sends Network.setUserAgentOverride per page.
-    fake.autoRespond((m) => m === "Network.setUserAgentOverride", {});
-    fake.autoRespond((m) => m === "Target.closeTarget", { success: true });
-    fake.autoRespond((m) => m === "Page.removeScriptToEvaluateOnNewDocument", {});
-    fake.autoRespond((m) => m === "Page.addScriptToEvaluateOnNewDocument", {
-      identifier: "inj-1",
-    });
-
     const page = await session.newPage();
     expect(page).toBeDefined();
+    // Yield once so the deferred installInitInjector promise settles.
+    await new Promise((r) => setTimeout(r, 10));
 
-    const methods = fake.written
-      .map((w) => w.method)
+    const methods = localPipe.written
+      .map((w) => w.parsed.method)
       .filter((m): m is string => typeof m === "string");
-    // Default behavior: the inject script IS installed.
+    // Task 0266 dual-mechanism: Session uses BOTH Fetch.fulfillRequest body
+    // splice (HTTP/HTTPS Document responses — closes source-attribution
+    // leak) AND Page.addScriptToEvaluateOnNewDocument (per-page fallback for
+    // about:blank / data: / blob: where Fetch domain can't intercept). The
+    // wrapped payload's `__mochi_inject_marker` early-return prevents
+    // double-execution when both fire on the same realm.
     expect(methods).toContain("Page.addScriptToEvaluateOnNewDocument");
-    // And the params carry the compiled payload code.
-    const installCall = fake.written.find(
-      (w) => w.method === "Page.addScriptToEvaluateOnNewDocument",
+    const addScriptCall = localPipe.written.find(
+      (w) => w.parsed.method === "Page.addScriptToEvaluateOnNewDocument",
     );
-    const params = installCall?.params as { source?: string; runImmediately?: boolean } | undefined;
-    expect(params?.source).toBe(payload?.code);
-    expect(params?.runImmediately).toBe(true);
+    const addScriptParams = addScriptCall?.parsed.params as
+      | { source?: string; runImmediately?: boolean; worldName?: string }
+      | undefined;
+    expect(addScriptParams?.runImmediately).toBe(true);
+    expect(addScriptParams?.worldName).toBe(""); // PLAN.md §8.4 — main world
+    expect(addScriptParams?.source).toContain("__mochi_inject_marker"); // idempotency guard
+    // Fetch.enable is sent ONCE on session construction with the
+    // Document-first patterns. Auth is off because no proxyAuth was set.
+    expect(methods).toContain("Fetch.enable");
+    const enableCall = localPipe.written.find((w) => w.parsed.method === "Fetch.enable");
+    const enableParams = enableCall?.parsed.params as
+      | {
+          handleAuthRequests?: boolean;
+          patterns?: { urlPattern?: string; resourceType?: string }[];
+        }
+      | undefined;
+    expect(enableParams?.handleAuthRequests).toBe(false);
+    expect(enableParams?.patterns).toBeDefined();
+    expect(enableParams?.patterns?.[0]).toEqual({
+      urlPattern: "*",
+      resourceType: "Document",
+    });
+    expect(enableParams?.patterns?.[1]).toEqual({ urlPattern: "*" });
   });
 });