krisolo/boss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove nonessential boss agent permission requests

Browse Source
This commit is contained in:
AI Bot
2026-05-13 02:50:59 +08:00
parent a77c70ad0c
commit a2d6dbd012
5 changed files with 68 additions and 353 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
tests/boss-agent-status.test.mjs
View File

@@ -58,19 +58,14 @@ test("boss-agent status exposes unbound QR binding and local permission states",
assert.match(status.permissionReadiness.summary, /基础桌面控制/);
assert.equal(status.permissionSetup.mode, "minimal_computer_use");
assert.equal(status.permissionSetup.silentUseReady, false);
assert.equal(status.permissionSetup.actions.some((action) => action.key === "fullDiskAccess"), true);
assert.deepEqual(
status.permissionSetup.actions.map((action) => action.key),
["accessibility", "screenRecording"],
);
assert.equal(
status.permissionSetup.actions.every((action) => action.settingsUrl.startsWith("x-apple.systempreferences:")),
true,
);
assert.equal(
status.permissionSetup.actions.find((action) => action.key === "localNetwork")?.settingsUrl,
"x-apple.systempreferences:com.apple.settings.PrivacySecurity.extension?privacy-localnetwork",
);
assert.equal(
status.permissionSetup.actions.find((action) => action.key === "inputMonitoring")?.settingsUrl,
"x-apple.systempreferences:com.apple.settings.PrivacySecurity.extension?Privacy_ListenEvent",
);
assert.equal(
status.permissionSetup.actions.find((action) => action.key === "screenRecording")?.settingsUrl,
"x-apple.systempreferences:com.apple.settings.PrivacySecurity.extension?Privacy_ScreenCapture",
@@ -82,12 +77,7 @@ test("boss-agent status exposes unbound QR binding and local permission states",
["screenRecording", "missing"],
],
);
assert.deepEqual(
status.permissions.extendedItems.slice(0, 1).map((item) => [item.key, item.status]),
[
["automation", "unknown"],
],
);
assert.deepEqual(status.permissions.extendedItems, []);
});
test("boss-agent status treats token-backed devices as bound and renders enterprise UI", () => {
@@ -186,10 +176,9 @@ test("boss-agent permission and skill menu entries render as separate tab pages"
assert.match(permissionsHtml, /class="active" href="\/boss-agent\?tab=permissions"/);
assert.match(permissionsHtml, /<h2>基础桌面控制授权<\/h2>/);
assert.match(permissionsHtml, /基础桌面控制已可用/);
assert.match(permissionsHtml, /扩展权限不会阻塞接管/);
assert.match(permissionsHtml, /后续静默使用/);
assert.match(permissionsHtml, /api\/v1\/boss-agent\/permissions\/open\?target=core&amp;returnTab=permissions/);
assert.match(permissionsHtml, /api\/v1\/boss-agent\/permissions\/open\?target=fullDiskAccess&amp;returnTab=permissions/);
assert.doesNotMatch(permissionsHtml, /fullDiskAccess|inputMonitoring|automation|microphone|camera|localNetwork|notifications/);
assert.doesNotMatch(permissionsHtml, /<h2>Skill 部署情况<\/h2>/);
const skillsHtml = renderBossAgentHtml(status, { activeTab: "skills" });
@@ -199,7 +188,7 @@ test("boss-agent permission and skill menu entries render as separate tab pages"
assert.doesNotMatch(skillsHtml, /<h2>基础桌面控制授权<\/h2>/);
});
test("boss-agent treats accessibility and screen recording as the minimal computer-use permission set", () => {
test("boss-agent only exposes accessibility and screen recording permission requests", () => {
const status = buildBossAgentStatus(
{
deviceId: "macbook-air",
@@ -228,16 +217,20 @@ test("boss-agent treats accessibility and screen recording as the minimal comput
assert.equal(status.permissionSetup.silentUseReady, true);
assert.equal(status.permissionSetup.primaryAction.href, "/api/v1/boss-agent/permissions/open?target=core&returnTab=permissions");
assert.match(status.permissionReadiness.summary, /基础桌面控制已可用/);
assert.equal(status.permissionSetup.actions.find((action) => action.key === "automation")?.requiredForSilentControl, false);
assert.equal(status.permissionSetup.actions.find((action) => action.key === "fullDiskAccess")?.requiredForSilentControl, false);
assert.deepEqual(status.permissionSetup.missingRequiredKeys, []);
assert.deepEqual(
status.permissions.items.map((item) => item.key),
["accessibility", "screenRecording"],
);
assert.deepEqual(status.permissions.extendedItems, []);
assert.deepEqual(
status.permissionSetup.actions.map((action) => action.key),
["accessibility", "screenRecording"],
);
assert.deepEqual(status.permissionSetup.optionalMissingKeys, []);
});
test("boss-agent native permission overrides update app-owned camera and microphone state", () => {
test("boss-agent native permission overrides only update core desktop-control permissions", () => {
const merged = mergeBossAgentNativePermissionOverrides(
{
accessibility: "missing",
@@ -258,10 +251,6 @@ test("boss-agent native permission overrides update app-owned camera and microph
assert.deepEqual(merged, {
accessibility: "granted",
screenRecording: "granted",
automation: "granted",
camera: "granted",
microphone: "missing",
inputMonitoring: "granted",
});
});
@@ -303,41 +292,18 @@ test("boss-agent mac app intercepts permission links and triggers native app per
assert.match(swiftSource, /lastPermissionRequestTarget/);
assert.match(swiftSource, /AXIsProcessTrustedWithOptions/);
assert.match(swiftSource, /CGRequestScreenCaptureAccess/);
assert.match(swiftSource, /AVCaptureDevice\.requestAccess\(for: \.audio/);
assert.match(swiftSource, /AVCaptureDevice\.requestAccess\(for: \.video/);
assert.match(swiftSource, /UNUserNotificationCenter\.current\(\)\.requestAuthorization/);
assert.match(swiftSource, /import IOKit\.hid/);
assert.match(swiftSource, /CGRequestListenEventAccess\(\)/);
assert.match(swiftSource, /CGPreflightListenEventAccess\(\)/);
assert.match(swiftSource, /NSEvent\.addGlobalMonitorForEvents\(matching: \[\.keyDown\]\)/);
assert.match(swiftSource, /CGEventSource\.keyState\(\.combinedSessionState/);
assert.match(swiftSource, /IOHIDManagerOpen\(manager/);
assert.match(swiftSource, /kHIDUsage_GD_Keyboard/);
assert.match(swiftSource, /IOHIDRequestAccess\(kIOHIDRequestTypeListenEvent\)/);
assert.match(swiftSource, /IOHIDCheckAccess\(kIOHIDRequestTypeListenEvent\)/);
assert.match(swiftSource, /CGEvent\.tapCreate/);
assert.doesNotMatch(swiftSource, /AVCaptureDevice\.requestAccess|UNUserNotificationCenter|import IOKit\.hid|CGRequestListenEventAccess|IOHIDRequestAccess|CGEvent\.tapCreate|NWBrowser/);
assert.match(swiftSource, /NSWorkspace\.shared\.open/);
assert.match(swiftSource, /deadline: \.now\(\) \+ 0\.45/);
assert.match(swiftSource, /loadAgentPanel\(tab:/);
assert.match(swiftSource, /returnTab/);
assert.match(swiftSource, /nativePermissionQueryItems/);
assert.match(swiftSource, /nativeCamera/);
assert.match(swiftSource, /nativeMicrophone/);
assert.match(swiftSource, /nativeInputMonitoring/);
assert.match(swiftSource, /privacy-localnetwork/);
assert.match(swiftSource, /com\.apple\.settings\.PrivacySecurity\.extension\?Privacy_ListenEvent/);
assert.doesNotMatch(swiftSource, /nativeCamera|nativeMicrophone|nativeInputMonitoring|privacy-localnetwork|Privacy_ListenEvent/);
assert.doesNotMatch(swiftSource, /com\.apple\.preference\.security\?Privacy_ListenEvent/);
assert.match(swiftSource, /func application\(_ application: NSApplication, open urls: \[URL\]\)/);
assert.match(swiftSource, /isBossAgentDeepLink/);
assert.match(swiftSource, /AVCaptureDevice\.authorizationStatus\(for: \.video/);
assert.match(swiftSource, /AVCaptureDevice\.authorizationStatus\(for: \.audio/);
assert.match(swiftSource, /NSApplication\.didBecomeActiveNotification/);
assert.match(buildScript, /NSMicrophoneUsageDescription/);
assert.match(buildScript, /NSCameraUsageDescription/);
assert.match(buildScript, /NSAppleEventsUsageDescription/);
assert.match(buildScript, /NSLocalNetworkUsageDescription/);
assert.match(buildScript, /NSInputMonitoringUsageDescription/);
assert.match(buildScript, /framework IOKit/);
assert.doesNotMatch(buildScript, /NSMicrophoneUsageDescription|NSCameraUsageDescription|NSAppleEventsUsageDescription|NSLocalNetworkUsageDescription|NSInputMonitoringUsageDescription|framework IOKit|framework Network|framework UserNotifications|framework AVFoundation/);
assert.match(buildScript, /CFBundleURLTypes/);
assert.match(buildScript, /boss-agent/);
assert.match(buildScript, /CFBundleIconFile/);