opengstack 0.13.10 → 0.14.0

package/skills/browse/test/handoff.test.ts

@@ -1,235 +0,0 @@
-/**
- * Tests for handoff/resume commands — headless-to-headed browser switching.
- *
- * Unit tests cover saveState/restoreState, failure tracking, and edge cases.
- * Integration tests cover the full handoff flow with real Playwright browsers.
- */
-
-import { describe, test, expect, beforeAll, afterAll } from 'bun:test';
-import { startTestServer } from './test-server';
-import { BrowserManager, type BrowserState } from '../src/browser-manager';
-import { handleWriteCommand } from '../src/write-commands';
-import { handleMetaCommand } from '../src/meta-commands';
-
-let testServer: ReturnType<typeof startTestServer>;
-let bm: BrowserManager;
-let baseUrl: string;
-
-beforeAll(async () => {
-  testServer = startTestServer(0);
-  baseUrl = testServer.url;
-
-  bm = new BrowserManager();
-  await bm.launch();
-});
-
-afterAll(() => {
-  try { testServer.server.stop(); } catch {}
-  setTimeout(() => process.exit(0), 500);
-});
-
-// ─── Unit Tests: Failure Tracking (no browser needed) ────────────
-
-describe('failure tracking', () => {
-  test('getFailureHint returns null when below threshold', () => {
-    const tracker = new BrowserManager();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    expect(tracker.getFailureHint()).toBeNull();
-  });
-
-  test('getFailureHint returns hint after 3 consecutive failures', () => {
-    const tracker = new BrowserManager();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    const hint = tracker.getFailureHint();
-    expect(hint).not.toBeNull();
-    expect(hint).toContain('handoff');
-    expect(hint).toContain('3');
-  });
-
-  test('hint suppressed when already headed', () => {
-    const tracker = new BrowserManager();
-    (tracker as any).isHeaded = true;
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    expect(tracker.getFailureHint()).toBeNull();
-  });
-
-  test('resetFailures clears the counter', () => {
-    const tracker = new BrowserManager();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    tracker.incrementFailures();
-    expect(tracker.getFailureHint()).not.toBeNull();
-    tracker.resetFailures();
-    expect(tracker.getFailureHint()).toBeNull();
-  });
-
-  test('getIsHeaded returns false by default', () => {
-    const tracker = new BrowserManager();
-    expect(tracker.getIsHeaded()).toBe(false);
-  });
-});
-
-// ─── Unit Tests: State Save/Restore (shared browser) ─────────────
-
-describe('saveState', () => {
-  test('captures cookies and page URLs', async () => {
-    await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
-    await handleWriteCommand('cookie', ['testcookie=testvalue'], bm);
-
-    const state = await bm.saveState();
-
-    expect(state.cookies.length).toBeGreaterThan(0);
-    expect(state.cookies.some(c => c.name === 'testcookie')).toBe(true);
-    expect(state.pages.length).toBeGreaterThanOrEqual(1);
-    expect(state.pages.some(p => p.url.includes('/basic.html'))).toBe(true);
-  }, 15000);
-
-  test('captures localStorage and sessionStorage', async () => {
-    await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
-    const page = bm.getPage();
-    await page.evaluate(() => {
-      localStorage.setItem('lsKey', 'lsValue');
-      sessionStorage.setItem('ssKey', 'ssValue');
-    });
-
-    const state = await bm.saveState();
-    const activePage = state.pages.find(p => p.isActive);
-
-    expect(activePage).toBeDefined();
-    expect(activePage!.storage).not.toBeNull();
-    expect(activePage!.storage!.localStorage).toHaveProperty('lsKey', 'lsValue');
-    expect(activePage!.storage!.sessionStorage).toHaveProperty('ssKey', 'ssValue');
-  }, 15000);
-
-  test('captures multiple tabs', async () => {
-    while (bm.getTabCount() > 1) {
-      await bm.closeTab();
-    }
-    await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
-    await handleMetaCommand('newtab', [baseUrl + '/form.html'], bm, () => {});
-
-    const state = await bm.saveState();
-    expect(state.pages.length).toBe(2);
-    const activePage = state.pages.find(p => p.isActive);
-    expect(activePage).toBeDefined();
-    expect(activePage!.url).toContain('/form.html');
-
-    await bm.closeTab();
-  }, 15000);
-});
-
-describe('restoreState', () => {
-  test('state survives recreateContext round-trip', async () => {
-    await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
-    await handleWriteCommand('cookie', ['restored=yes'], bm);
-
-    const stateBefore = await bm.saveState();
-    expect(stateBefore.cookies.some(c => c.name === 'restored')).toBe(true);
-
-    await bm.recreateContext();
-
-    const stateAfter = await bm.saveState();
-    expect(stateAfter.cookies.some(c => c.name === 'restored')).toBe(true);
-    expect(stateAfter.pages.length).toBeGreaterThanOrEqual(1);
-  }, 30000);
-});
-
-// ─── Unit Tests: Handoff Edge Cases ──────────────────────────────
-
-describe('handoff edge cases', () => {
-  test('handoff when already headed returns no-op', async () => {
-    (bm as any).isHeaded = true;
-    const result = await bm.handoff('test');
-    expect(result).toContain('Already in headed mode');
-    (bm as any).isHeaded = false;
-  }, 10000);
-
-  test('resume clears refs and resets failures', () => {
-    bm.incrementFailures();
-    bm.incrementFailures();
-    bm.incrementFailures();
-    bm.resume();
-    expect(bm.getFailureHint()).toBeNull();
-    expect(bm.getRefCount()).toBe(0);
-  });
-
-  test('resume without prior handoff works via meta command', async () => {
-    await handleWriteCommand('goto', [baseUrl + '/basic.html'], bm);
-    const result = await handleMetaCommand('resume', [], bm, () => {});
-    expect(result).toContain('RESUMED');
-  }, 15000);
-});
-
-// ─── Integration Tests: Full Handoff Flow ────────────────────────
-// Each handoff test creates its own BrowserManager since handoff swaps the browser.
-// These tests run sequentially (one browser at a time) to avoid resource issues.
-
-describe('handoff integration', () => {
-  test('full handoff: cookies preserved, headed mode active, commands work', async () => {
-    const hbm = new BrowserManager();
-    await hbm.launch();
-
-    try {
-      // Set up state
-      await handleWriteCommand('goto', [baseUrl + '/basic.html'], hbm);
-      await handleWriteCommand('cookie', ['handoff_test=preserved'], hbm);
-
-      // Handoff
-      const result = await hbm.handoff('Testing handoff');
-      expect(result).toContain('HANDOFF:');
-      expect(result).toContain('Testing handoff');
-      expect(result).toContain('resume');
-      expect(hbm.getIsHeaded()).toBe(true);
-
-      // Verify cookies survived
-      const { handleReadCommand } = await import('../src/read-commands');
-      const cookiesResult = await handleReadCommand('cookies', [], hbm);
-      expect(cookiesResult).toContain('handoff_test');
-
-      // Verify commands still work
-      const text = await handleReadCommand('text', [], hbm);
-      expect(text.length).toBeGreaterThan(0);
-
-      // Resume
-      const resumeResult = await handleMetaCommand('resume', [], hbm, () => {});
-      expect(resumeResult).toContain('RESUMED');
-    } finally {
-      await hbm.close();
-    }
-  }, 45000);
-
-  test('multi-tab handoff preserves all tabs', async () => {
-    const hbm = new BrowserManager();
-    await hbm.launch();
-
-    try {
-      await handleWriteCommand('goto', [baseUrl + '/basic.html'], hbm);
-      await handleMetaCommand('newtab', [baseUrl + '/form.html'], hbm, () => {});
-      expect(hbm.getTabCount()).toBe(2);
-
-      await hbm.handoff('multi-tab test');
-      expect(hbm.getTabCount()).toBe(2);
-      expect(hbm.getIsHeaded()).toBe(true);
-    } finally {
-      await hbm.close();
-    }
-  }, 45000);
-
-  test('handoff meta command joins args as message', async () => {
-    const hbm = new BrowserManager();
-    await hbm.launch();
-
-    try {
-      await handleWriteCommand('goto', [baseUrl + '/basic.html'], hbm);
-      const result = await handleMetaCommand('handoff', ['CAPTCHA', 'stuck'], hbm, () => {});
-      expect(result).toContain('CAPTCHA stuck');
-    } finally {
-      await hbm.close();
-    }
-  }, 45000);
-});

package/skills/browse/test/path-validation.test.ts

@@ -1,91 +0,0 @@
-import { describe, it, expect } from 'bun:test';
-import { validateOutputPath } from '../src/meta-commands';
-import { validateReadPath } from '../src/read-commands';
-import { symlinkSync, unlinkSync, writeFileSync } from 'fs';
-import { tmpdir } from 'os';
-import { join } from 'path';
-
-describe('validateOutputPath', () => {
-  it('allows paths within /tmp', () => {
-    expect(() => validateOutputPath('/tmp/screenshot.png')).not.toThrow();
-  });
-
-  it('allows paths in subdirectories of /tmp', () => {
-    expect(() => validateOutputPath('/tmp/browse/output.png')).not.toThrow();
-  });
-
-  it('allows paths within cwd', () => {
-    expect(() => validateOutputPath(`${process.cwd()}/output.png`)).not.toThrow();
-  });
-
-  it('blocks paths outside safe directories', () => {
-    expect(() => validateOutputPath('/etc/cron.d/backdoor.png')).toThrow(/Path must be within/);
-  });
-
-  it('blocks /tmpevil prefix collision', () => {
-    expect(() => validateOutputPath('/tmpevil/file.png')).toThrow(/Path must be within/);
-  });
-
-  it('blocks home directory paths', () => {
-    expect(() => validateOutputPath('/Users/someone/file.png')).toThrow(/Path must be within/);
-  });
-
-  it('blocks path traversal via ..', () => {
-    expect(() => validateOutputPath('/tmp/../etc/passwd')).toThrow(/Path must be within/);
-  });
-});
-
-describe('validateReadPath', () => {
-  it('allows absolute paths within /tmp', () => {
-    expect(() => validateReadPath('/tmp/script.js')).not.toThrow();
-  });
-
-  it('allows absolute paths within cwd', () => {
-    expect(() => validateReadPath(`${process.cwd()}/test.js`)).not.toThrow();
-  });
-
-  it('allows relative paths without traversal', () => {
-    expect(() => validateReadPath('src/index.js')).not.toThrow();
-  });
-
-  it('blocks absolute paths outside safe directories', () => {
-    expect(() => validateReadPath('/etc/passwd')).toThrow(/Path must be within/);
-  });
-
-  it('blocks /tmpevil prefix collision', () => {
-    expect(() => validateReadPath('/tmpevil/file.js')).toThrow(/Path must be within/);
-  });
-
-  it('blocks path traversal sequences', () => {
-    expect(() => validateReadPath('../../../etc/passwd')).toThrow(/Path must be within/);
-  });
-
-  it('blocks nested path traversal', () => {
-    expect(() => validateReadPath('src/../../etc/passwd')).toThrow(/Path must be within/);
-  });
-
-  it('blocks symlink inside safe dir pointing outside', () => {
-    const linkPath = join(tmpdir(), 'test-symlink-bypass-' + Date.now());
-    try {
-      symlinkSync('/etc/passwd', linkPath);
-      expect(() => validateReadPath(linkPath)).toThrow(/Path must be within/);
-    } finally {
-      try { unlinkSync(linkPath); } catch {}
-    }
-  });
-
-  it('throws clear error on non-ENOENT realpathSync failure', () => {
-    // Attempting to resolve a path through a non-directory should throw
-    // a descriptive error (ENOTDIR), not silently pass through.
-    // Create a regular file, then try to resolve a path through it as if it were a directory.
-    const filePath = join(tmpdir(), 'test-notdir-' + Date.now());
-    try {
-      writeFileSync(filePath, 'not a directory');
-      // filePath is a file, so filePath + '/subpath' triggers ENOTDIR
-      const invalidPath = join(filePath, 'subpath');
-      expect(() => validateReadPath(invalidPath)).toThrow(/Cannot resolve real path|Path must be within/);
-    } finally {
-      try { unlinkSync(filePath); } catch {}
-    }
-  });
-});

package/skills/browse/test/platform.test.ts

@@ -1,37 +0,0 @@
-import { describe, test, expect } from 'bun:test';
-import { TEMP_DIR, isPathWithin, IS_WINDOWS } from '../src/platform';
-
-describe('platform constants', () => {
-  test('TEMP_DIR is /tmp on non-Windows', () => {
-    if (!IS_WINDOWS) {
-      expect(TEMP_DIR).toBe('/tmp');
-    }
-  });
-
-  test('IS_WINDOWS reflects process.platform', () => {
-    expect(IS_WINDOWS).toBe(process.platform === 'win32');
-  });
-});
-
-describe('isPathWithin', () => {
-  test('path inside directory returns true', () => {
-    expect(isPathWithin('/tmp/foo', '/tmp')).toBe(true);
-  });
-
-  test('path outside directory returns false', () => {
-    expect(isPathWithin('/etc/foo', '/tmp')).toBe(false);
-  });
-
-  test('exact match returns true', () => {
-    expect(isPathWithin('/tmp', '/tmp')).toBe(true);
-  });
-
-  test('partial prefix does not match (path traversal)', () => {
-    // /tmp-evil should NOT match /tmp
-    expect(isPathWithin('/tmp-evil/foo', '/tmp')).toBe(false);
-  });
-
-  test('nested path returns true', () => {
-    expect(isPathWithin('/tmp/a/b/c', '/tmp')).toBe(true);
-  });
-});

package/skills/browse/test/server-auth.test.ts

@@ -1,65 +0,0 @@
-/**
- * Server auth security tests — verify security remediation in server.ts
- *
- * Tests are source-level: they read server.ts and verify that auth checks,
- * CORS restrictions, and token removal are correctly in place.
- */
-
-import { describe, test, expect } from 'bun:test';
-import * as fs from 'fs';
-import * as path from 'path';
-
-const SERVER_SRC = fs.readFileSync(path.join(import.meta.dir, '../src/server.ts'), 'utf-8');
-
-// Helper: extract a block of source between two markers
-function sliceBetween(source: string, startMarker: string, endMarker: string): string {
-  const startIdx = source.indexOf(startMarker);
-  if (startIdx === -1) throw new Error(`Marker not found: ${startMarker}`);
-  const endIdx = source.indexOf(endMarker, startIdx + startMarker.length);
-  if (endIdx === -1) throw new Error(`End marker not found: ${endMarker}`);
-  return source.slice(startIdx, endIdx);
-}
-
-describe('Server auth security', () => {
-  // Test 1: /health response must not leak the auth token
-  test('/health response must not contain token field', () => {
-    const healthBlock = sliceBetween(SERVER_SRC, "url.pathname === '/health'", "url.pathname === '/refs'");
-    // The old pattern was: token: AUTH_TOKEN
-    // The new pattern should have a comment indicating token was removed
-    expect(healthBlock).not.toContain('token: AUTH_TOKEN');
-    expect(healthBlock).toContain('token removed');
-  });
-
-  // Test 2: /refs endpoint requires auth via validateAuth
-  test('/refs endpoint requires authentication', () => {
-    const refsBlock = sliceBetween(SERVER_SRC, "url.pathname === '/refs'", "url.pathname === '/activity/stream'");
-    expect(refsBlock).toContain('validateAuth');
-  });
-
-  // Test 3: /refs has no wildcard CORS header
-  test('/refs has no wildcard CORS header', () => {
-    const refsBlock = sliceBetween(SERVER_SRC, "url.pathname === '/refs'", "url.pathname === '/activity/stream'");
-    expect(refsBlock).not.toContain("'*'");
-  });
-
-  // Test 4: /activity/history requires auth via validateAuth
-  test('/activity/history requires authentication', () => {
-    const historyBlock = sliceBetween(SERVER_SRC, "url.pathname === '/activity/history'", 'Sidebar endpoints');
-    expect(historyBlock).toContain('validateAuth');
-  });
-
-  // Test 5: /activity/history has no wildcard CORS header
-  test('/activity/history has no wildcard CORS header', () => {
-    const historyBlock = sliceBetween(SERVER_SRC, "url.pathname === '/activity/history'", 'Sidebar endpoints');
-    expect(historyBlock).not.toContain("'*'");
-  });
-
-  // Test 6: /activity/stream requires auth (inline Bearer or ?token= check)
-  test('/activity/stream requires authentication with inline token check', () => {
-    const streamBlock = sliceBetween(SERVER_SRC, "url.pathname === '/activity/stream'", "url.pathname === '/activity/history'");
-    expect(streamBlock).toContain('validateAuth');
-    expect(streamBlock).toContain('AUTH_TOKEN');
-    // Should not have wildcard CORS for the SSE stream
-    expect(streamBlock).not.toContain("Access-Control-Allow-Origin': '*'");
-  });
-});

package/skills/browse/test/sidebar-agent-roundtrip.test.ts

@@ -1,226 +0,0 @@
-/**
- * Layer 3: Sidebar agent round-trip tests.
- * Starts server + sidebar-agent together. Mocks the `claude` binary with a shell
- * script that outputs canned stream-json. Verifies events flow end-to-end:
- * POST /sidebar-command → queue → sidebar-agent → mock claude → events → /sidebar-chat
- */
-
-import { describe, test, expect, beforeAll, afterAll } from 'bun:test';
-import { spawn, type Subprocess } from 'bun';
-import * as fs from 'fs';
-import * as os from 'os';
-import * as path from 'path';
-
-let serverProc: Subprocess | null = null;
-let agentProc: Subprocess | null = null;
-let serverPort: number = 0;
-let authToken: string = '';
-let tmpDir: string = '';
-let stateFile: string = '';
-let queueFile: string = '';
-let mockBinDir: string = '';
-
-async function api(pathname: string, opts: RequestInit = {}): Promise<Response> {
-  const headers: Record<string, string> = {
-    'Content-Type': 'application/json',
-    ...(opts.headers as Record<string, string> || {}),
-  };
-  if (!headers['Authorization'] && authToken) {
-    headers['Authorization'] = `Bearer ${authToken}`;
-  }
-  return fetch(`http://127.0.0.1:${serverPort}${pathname}`, { ...opts, headers });
-}
-
-async function resetState() {
-  await api('/sidebar-session/new', { method: 'POST' });
-  fs.writeFileSync(queueFile, '');
-}
-
-async function pollChatUntil(
-  predicate: (entries: any[]) => boolean,
-  timeoutMs = 10000,
-): Promise<any[]> {
-  const deadline = Date.now() + timeoutMs;
-  while (Date.now() < deadline) {
-    const resp = await api('/sidebar-chat?after=0');
-    const data = await resp.json();
-    if (predicate(data.entries)) return data.entries;
-    await new Promise(r => setTimeout(r, 300));
-  }
-  // Return whatever we have on timeout
-  const resp = await api('/sidebar-chat?after=0');
-  return (await resp.json()).entries;
-}
-
-function writeMockClaude(script: string) {
-  const mockPath = path.join(mockBinDir, 'claude');
-  fs.writeFileSync(mockPath, script, { mode: 0o755 });
-}
-
-beforeAll(async () => {
-  tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'sidebar-roundtrip-'));
-  stateFile = path.join(tmpDir, 'browse.json');
-  queueFile = path.join(tmpDir, 'sidebar-queue.jsonl');
-  mockBinDir = path.join(tmpDir, 'bin');
-  fs.mkdirSync(mockBinDir, { recursive: true });
-  fs.mkdirSync(path.dirname(queueFile), { recursive: true });
-
-  // Write default mock claude that outputs canned events
-  writeMockClaude(`#!/bin/bash
-echo '{"type":"system","session_id":"mock-session-123"}'
-echo '{"type":"assistant","message":{"content":[{"type":"text","text":"I can see the page. It looks like a test fixture."}]}}'
-echo '{"type":"result","result":"Done."}'
-`);
-
-  // Start server (no browser)
-  const serverScript = path.resolve(__dirname, '..', 'src', 'server.ts');
-  serverProc = spawn(['bun', 'run', serverScript], {
-    env: {
-      ...process.env,
-      BROWSE_STATE_FILE: stateFile,
-      BROWSE_HEADLESS_SKIP: '1',
-      BROWSE_PORT: '0',
-      SIDEBAR_QUEUE_PATH: queueFile,
-      BROWSE_IDLE_TIMEOUT: '300',
-    },
-    stdio: ['ignore', 'pipe', 'pipe'],
-  });
-
-  // Wait for server
-  const deadline = Date.now() + 15000;
-  while (Date.now() < deadline) {
-    if (fs.existsSync(stateFile)) {
-      try {
-        const state = JSON.parse(fs.readFileSync(stateFile, 'utf-8'));
-        if (state.port && state.token) {
-          serverPort = state.port;
-          authToken = state.token;
-          break;
-        }
-      } catch {}
-    }
-    await new Promise(r => setTimeout(r, 100));
-  }
-  if (!serverPort) throw new Error('Server did not start in time');
-
-  // Start sidebar-agent with mock claude on PATH
-  const agentScript = path.resolve(__dirname, '..', 'src', 'sidebar-agent.ts');
-  agentProc = spawn(['bun', 'run', agentScript], {
-    env: {
-      ...process.env,
-      PATH: `${mockBinDir}:${process.env.PATH}`,
-      BROWSE_SERVER_PORT: String(serverPort),
-      BROWSE_STATE_FILE: stateFile,
-      SIDEBAR_QUEUE_PATH: queueFile,
-      SIDEBAR_AGENT_TIMEOUT: '10000',
-      BROWSE_BIN: 'browse',  // doesn't matter, mock claude doesn't use it
-    },
-    stdio: ['ignore', 'pipe', 'pipe'],
-  });
-
-  // Give sidebar-agent time to start polling
-  await new Promise(r => setTimeout(r, 1000));
-}, 20000);
-
-afterAll(() => {
-  if (agentProc) { try { agentProc.kill(); } catch {} }
-  if (serverProc) { try { serverProc.kill(); } catch {} }
-  try { fs.rmSync(tmpDir, { recursive: true, force: true }); } catch {}
-});
-
-describe('sidebar-agent round-trip', () => {
-  test('full message round-trip with mock claude', async () => {
-    await resetState();
-
-    // Send a command
-    const resp = await api('/sidebar-command', {
-      method: 'POST',
-      body: JSON.stringify({
-        message: 'what is on this page?',
-        activeTabUrl: 'https://example.com/test',
-      }),
-    });
-    expect(resp.status).toBe(200);
-
-    // Wait for mock claude to process and events to arrive
-    const entries = await pollChatUntil(
-      (entries) => entries.some((e: any) => e.type === 'agent_done'),
-      15000,
-    );
-
-    // Verify the flow: user message → agent_start → text → agent_done
-    const userEntry = entries.find((e: any) => e.role === 'user');
-    expect(userEntry).toBeDefined();
-    expect(userEntry.message).toBe('what is on this page?');
-
-    // The mock claude outputs text — check for any agent text entry
-    const textEntries = entries.filter((e: any) => e.role === 'agent' && (e.type === 'text' || e.type === 'result'));
-    expect(textEntries.length).toBeGreaterThan(0);
-
-    const doneEntry = entries.find((e: any) => e.type === 'agent_done');
-    expect(doneEntry).toBeDefined();
-
-    // Agent should be back to idle
-    const session = await (await api('/sidebar-session')).json();
-    expect(session.agent.status).toBe('idle');
-  }, 20000);
-
-  test('claude crash produces agent_error', async () => {
-    await resetState();
-
-    // Replace mock claude with one that crashes
-    writeMockClaude(`#!/bin/bash
-echo '{"type":"system","session_id":"crash-test"}' >&2
-exit 1
-`);
-
-    await api('/sidebar-command', {
-      method: 'POST',
-      body: JSON.stringify({ message: 'crash test' }),
-    });
-
-    // Wait for agent_done (sidebar-agent sends agent_done even on crash via proc.on('close'))
-    const entries = await pollChatUntil(
-      (entries) => entries.some((e: any) => e.type === 'agent_done' || e.type === 'agent_error'),
-      15000,
-    );
-
-    // Agent should recover to idle
-    const session = await (await api('/sidebar-session')).json();
-    expect(session.agent.status).toBe('idle');
-
-    // Restore working mock
-    writeMockClaude(`#!/bin/bash
-echo '{"type":"assistant","message":{"content":[{"type":"text","text":"recovered"}]}}'
-`);
-  }, 20000);
-
-  test('sequential queue drain', async () => {
-    await resetState();
-
-    // Restore working mock
-    writeMockClaude(`#!/bin/bash
-echo '{"type":"assistant","message":{"content":[{"type":"text","text":"response to: '"'"'$*'"'"'"}]}}'
-`);
-
-    // Send two messages rapidly — first processes, second queues
-    await api('/sidebar-command', {
-      method: 'POST',
-      body: JSON.stringify({ message: 'first message' }),
-    });
-    await api('/sidebar-command', {
-      method: 'POST',
-      body: JSON.stringify({ message: 'second message' }),
-    });
-
-    // Wait for both to complete (two agent_done events)
-    const entries = await pollChatUntil(
-      (entries) => entries.filter((e: any) => e.type === 'agent_done').length >= 2,
-      20000,
-    );
-
-    // Both user messages should be in chat
-    const userEntries = entries.filter((e: any) => e.role === 'user');
-    expect(userEntries.length).toBeGreaterThanOrEqual(2);
-  }, 25000);
-});