wip: capability router doc and core capabilities test edits

Shaw · claude · Shaw · commit d186bc3d7168 · 2026-05-19T03:34:40.000-07:00
Co-Authored-By: Claude Opus 4.7 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/packages/agent/docs/capability-router-remote-plugins.md b/packages/agent/docs/capability-router-remote-plugins.md
@@ -367,8 +367,11 @@ GET /v1/capabilities/assets/:moduleId/<asset-path>
 ```
 
 The capability server resolves that request through `plugin.asset.get` and
-returns the decoded asset bytes with the declared content type. Local plugins
-should continue to use `bundlePath`.
+returns the decoded asset bytes with the declared content type. The RPC result
+is decoded before an HTTP response is built: returned asset paths must satisfy
+the same safe asset-path rules as `bundlePath`, `contentType` and `integrity`
+must not contain response-splitting control characters, and `bodyBase64` must
+be valid standard base64. Local plugins should continue to use `bundlePath`.
 
 ## Runtime Integration
 
@@ -649,6 +652,8 @@ Current focused tests cover:
 - remote frontend asset path validation before browser import URL creation and
   before same-origin asset proxy dispatch,
 - remote frontend bundle URL validation before browser import URL exposure,
+- remote asset RPC response validation before decoded bytes and content-type
+  metadata are exposed through the asset proxy,
 - browser-facing view registry and `/api/views` metadata for remote absolute
   bundle URLs,
 - app-shell `DynamicViewLoader` behavior for absolute remote bundle URLs,
diff --git a/packages/core/src/capabilities/index.test.ts b/packages/core/src/capabilities/index.test.ts
@@ -547,6 +547,95 @@ describe("capability router", () => {
 		]);
 	});
 
+	it("routes remote plugin asset reads through the runtime broker", async () => {
+		const router = new RuntimeBrokerCapabilityRouter({
+			invokeRuntime: async () => ({
+				path: "/assets/weather.js",
+				contentType: "text/javascript",
+				bodyBase64: Buffer.from("export const weather = true;").toString(
+					"base64",
+				),
+				integrity: "sha256-weather",
+			}),
+		});
+
+		await expect(
+			router.plugin.getAsset({
+				moduleId: "remote-weather",
+				path: "/assets/weather.js",
+			}),
+		).resolves.toEqual({
+			path: "/assets/weather.js",
+			contentType: "text/javascript",
+			bodyBase64: "ZXhwb3J0IGNvbnN0IHdlYXRoZXIgPSB0cnVlOw==",
+			integrity: "sha256-weather",
+		});
+	});
+
+	it("rejects remote plugin assets with unsafe returned paths", async () => {
+		const router = new RuntimeBrokerCapabilityRouter({
+			invokeRuntime: async () => ({
+				path: "../secret.js",
+				contentType: "text/javascript",
+				bodyBase64: Buffer.from("export default {};").toString("base64"),
+			}),
+		});
+
+		await expect(
+			router.plugin.getAsset({
+				moduleId: "remote-weather",
+				path: "/assets/weather.js",
+			}),
+		).rejects.toMatchObject({
+			code: "CAPABILITY_DECODE_FAILED",
+			method: "plugin.asset.get",
+			message:
+				"path must not contain empty, current-directory, or parent-directory segments.",
+		});
+	});
+
+	it("rejects remote plugin assets with unsafe content types", async () => {
+		const router = new RuntimeBrokerCapabilityRouter({
+			invokeRuntime: async () => ({
+				path: "/assets/weather.js",
+				contentType: "text/javascript\r\nx-injected: yes",
+				bodyBase64: Buffer.from("export default {};").toString("base64"),
+			}),
+		});
+
+		await expect(
+			router.plugin.getAsset({
+				moduleId: "remote-weather",
+				path: "/assets/weather.js",
+			}),
+		).rejects.toMatchObject({
+			code: "CAPABILITY_DECODE_FAILED",
+			method: "plugin.asset.get",
+			message: "contentType must not contain control characters.",
+		});
+	});
+
+	it("rejects remote plugin assets with invalid base64 bodies", async () => {
+		const router = new RuntimeBrokerCapabilityRouter({
+			invokeRuntime: async () => ({
+				path: "/assets/weather.js",
+				contentType: "text/javascript",
+				bodyBase64: "not base64!",
+			}),
+		});
+
+		await expect(
+			router.plugin.getAsset({
+				moduleId: "remote-weather",
+				path: "/assets/weather.js",
+			}),
+		).rejects.toMatchObject({
+			code: "CAPABILITY_DECODE_FAILED",
+			method: "plugin.asset.get",
+			message: "bodyBase64 must be valid base64.",
+		});
+	});
+
 	it("rejects remote plugin manifests with empty module identifiers", async () => {
 		const router = new RuntimeBrokerCapabilityRouter({
 			invokeRuntime: async () => ({
