feat: harden enterprise control plane
This commit is contained in:
AI Bot
@@ -24,6 +24,33 @@ function parseTimeoutMs(value) {
|
||||
return Number.isFinite(parsed) && parsed > 0 ? parsed : 45000;
|
||||
}
|
||||
|
||||
function normalizeControlPlatform(value) {
|
||||
const platform = String(value || "").trim().toLowerCase();
|
||||
if (!platform || platform === "macos") return "macos";
|
||||
throw new Error("UNSUPPORTED_CONTROL_PLATFORM");
|
||||
}
|
||||
|
||||
function normalizeComputerUseProvider(value) {
|
||||
const provider = String(value || "").trim();
|
||||
return provider === "boss-native-computer-use" ||
|
||||
provider === "codex-computer-use" ||
|
||||
provider === "cua-driver-computer-use" ||
|
||||
provider === "openai-computer-use"
|
||||
? provider
|
||||
: "codex-computer-use";
|
||||
}
|
||||
|
||||
function normalizeMacDialogGuardPlatformAdapters(value) {
|
||||
const adapters = Array.isArray(value) ? value : [];
|
||||
const macAdapters = adapters
|
||||
.map((item) => String(item).trim())
|
||||
.filter((item) => {
|
||||
const normalized = item.toLowerCase();
|
||||
return normalized === "darwin" || normalized === "macos";
|
||||
});
|
||||
return macAdapters.length > 0 ? macAdapters : ["darwin"];
|
||||
}
|
||||
|
||||
function pickConfigValue(config, key, fallback) {
|
||||
if (config && config[key] !== undefined && config[key] !== null && `${config[key]}`.trim() !== "") {
|
||||
return config[key];
|
||||
@@ -83,12 +110,32 @@ export function getComputerUseTaskRunnerConfig(env = process.env, config = {}) {
|
||||
const dialogGuardMacActionArgs = Array.isArray(config?.dialogGuardMacActionArgs)
|
||||
? config.dialogGuardMacActionArgs.map((item) => String(item)).filter(Boolean)
|
||||
: parseArgs(pickConfigValue(config, "dialogGuardMacActionArgs", env.BOSS_MAC_DIALOG_GUARD_ACTION_ARGS));
|
||||
const dialogGuardWindowsActionCommand = String(
|
||||
pickConfigValue(config, "dialogGuardWindowsActionCommand", env.BOSS_WINDOWS_DIALOG_GUARD_ACTION_COMMAND) || "",
|
||||
const cuaDriverCommand = String(
|
||||
pickConfigValue(config, "cuaDriverCommand", env.BOSS_CUA_DRIVER_COMMAND) || "",
|
||||
).trim();
|
||||
const dialogGuardWindowsActionArgs = Array.isArray(config?.dialogGuardWindowsActionArgs)
|
||||
? config.dialogGuardWindowsActionArgs.map((item) => String(item)).filter(Boolean)
|
||||
: parseArgs(pickConfigValue(config, "dialogGuardWindowsActionArgs", env.BOSS_WINDOWS_DIALOG_GUARD_ACTION_ARGS));
|
||||
const cuaDriverArgs = Array.isArray(config?.cuaDriverArgs)
|
||||
? config.cuaDriverArgs.map((item) => String(item)).filter(Boolean)
|
||||
: parseArgs(pickConfigValue(config, "cuaDriverArgs", env.BOSS_CUA_DRIVER_ARGS));
|
||||
const cuaDriverTimeoutMs = parseTimeoutMs(pickConfigValue(config, "cuaDriverTimeoutMs", env.BOSS_CUA_DRIVER_TIMEOUT_MS));
|
||||
const codexComputerUseEnabled = parseBoolean(
|
||||
pickConfigValue(config, "codexComputerUseEnabled", env.BOSS_CODEX_COMPUTER_USE_ENABLED),
|
||||
);
|
||||
const codexComputerUseCommand = String(
|
||||
pickConfigValue(config, "codexComputerUseCommand", env.BOSS_CODEX_COMPUTER_USE_COMMAND) || "",
|
||||
).trim();
|
||||
const codexComputerUseArgs = Array.isArray(config?.codexComputerUseArgs)
|
||||
? config.codexComputerUseArgs.map((item) => String(item)).filter(Boolean)
|
||||
: parseArgs(pickConfigValue(config, "codexComputerUseArgs", env.BOSS_CODEX_COMPUTER_USE_ARGS));
|
||||
const codexComputerUseWorkdir = String(
|
||||
pickConfigValue(config, "codexComputerUseWorkdir", env.BOSS_CODEX_COMPUTER_USE_WORKDIR) || "",
|
||||
).trim();
|
||||
const codexComputerUseTimeoutMs = parseTimeoutMs(
|
||||
pickConfigValue(config, "codexComputerUseTimeoutMs", env.BOSS_CODEX_COMPUTER_USE_TIMEOUT_MS),
|
||||
);
|
||||
const codexComputerUseFallbackToCua =
|
||||
pickConfigValue(config, "codexComputerUseFallbackToCua", env.BOSS_CODEX_COMPUTER_USE_FALLBACK_TO_CUA) === undefined
|
||||
? true
|
||||
: parseBoolean(pickConfigValue(config, "codexComputerUseFallbackToCua", env.BOSS_CODEX_COMPUTER_USE_FALLBACK_TO_CUA));
|
||||
return {
|
||||
enabled,
|
||||
command,
|
||||
@@ -97,11 +144,18 @@ export function getComputerUseTaskRunnerConfig(env = process.env, config = {}) {
|
||||
timeoutMs,
|
||||
dialogGuardEnabled,
|
||||
dialogGuardConsentRequired,
|
||||
dialogGuardPlatformAdapters,
|
||||
dialogGuardPlatformAdapters: normalizeMacDialogGuardPlatformAdapters(dialogGuardPlatformAdapters),
|
||||
dialogGuardMacActionCommand,
|
||||
dialogGuardMacActionArgs,
|
||||
dialogGuardWindowsActionCommand,
|
||||
dialogGuardWindowsActionArgs,
|
||||
cuaDriverCommand,
|
||||
cuaDriverArgs,
|
||||
cuaDriverTimeoutMs,
|
||||
codexComputerUseEnabled,
|
||||
codexComputerUseCommand,
|
||||
codexComputerUseArgs,
|
||||
codexComputerUseWorkdir,
|
||||
codexComputerUseTimeoutMs,
|
||||
codexComputerUseFallbackToCua,
|
||||
};
|
||||
}
|
||||
|
||||
@@ -118,6 +172,9 @@ export function buildComputerUseTaskExecution(config, task) {
|
||||
}
|
||||
|
||||
const cwd = config.cwd || process.cwd();
|
||||
const controlPlatform = normalizeControlPlatform(task?.controlPlatform);
|
||||
const computerUseProvider = normalizeComputerUseProvider(task?.computerUseProvider);
|
||||
const dialogGuardPlatformAdapters = normalizeMacDialogGuardPlatformAdapters(config.dialogGuardPlatformAdapters);
|
||||
return {
|
||||
command: config.command,
|
||||
args: resolveCommandArgs(config.command, config.args || [], cwd),
|
||||
@@ -126,18 +183,21 @@ export function buildComputerUseTaskExecution(config, task) {
|
||||
env: {
|
||||
BOSS_DIALOG_GUARD_ENABLED: config.dialogGuardEnabled ? "true" : "false",
|
||||
BOSS_DIALOG_GUARD_CONSENT_REQUIRED: config.dialogGuardConsentRequired ? "true" : "false",
|
||||
BOSS_DIALOG_GUARD_PLATFORM_ADAPTERS: Array.isArray(config.dialogGuardPlatformAdapters)
|
||||
? config.dialogGuardPlatformAdapters.join(",")
|
||||
: "",
|
||||
BOSS_DIALOG_GUARD_PLATFORM_ADAPTERS: dialogGuardPlatformAdapters.join(","),
|
||||
BOSS_MAC_DIALOG_GUARD_ACTION_COMMAND: config.dialogGuardMacActionCommand || "",
|
||||
BOSS_MAC_DIALOG_GUARD_ACTION_ARGS_JSON: JSON.stringify(config.dialogGuardMacActionArgs || []),
|
||||
BOSS_WINDOWS_DIALOG_GUARD_ACTION_COMMAND: config.dialogGuardWindowsActionCommand || "",
|
||||
BOSS_WINDOWS_DIALOG_GUARD_ACTION_ARGS_JSON: JSON.stringify(config.dialogGuardWindowsActionArgs || []),
|
||||
BOSS_CUA_DRIVER_COMMAND: config.cuaDriverCommand || "",
|
||||
BOSS_CUA_DRIVER_ARGS_JSON: JSON.stringify(config.cuaDriverArgs || []),
|
||||
BOSS_CUA_DRIVER_TIMEOUT_MS: String(config.cuaDriverTimeoutMs || 45000),
|
||||
BOSS_CONTROL_PLATFORM: controlPlatform,
|
||||
BOSS_COMPUTER_USE_PROVIDER: computerUseProvider,
|
||||
},
|
||||
stdinPayload: {
|
||||
requestKind: "desktop_control",
|
||||
requestId: String(task?.taskId || "").trim(),
|
||||
objective: String(task?.requestText || task?.executionPrompt || "").trim(),
|
||||
platform: controlPlatform,
|
||||
provider: computerUseProvider,
|
||||
context: {
|
||||
projectId: String(task?.projectId || "").trim() || undefined,
|
||||
threadId: String(task?.threadId || task?.targetThreadId || "").trim() || undefined,
|
||||
@@ -145,6 +205,47 @@ export function buildComputerUseTaskExecution(config, task) {
|
||||
requestedAt: String(task?.requestedAt || "").trim() || undefined,
|
||||
confirmationScopeKey: String(task?.confirmationScopeKey || "").trim() || undefined,
|
||||
riskLevel: String(task?.riskLevel || "").trim() || undefined,
|
||||
controlPlatform,
|
||||
computerUseProvider,
|
||||
},
|
||||
},
|
||||
};
|
||||
}
|
||||
|
||||
function buildCodexComputerUseTaskExecution(config, task) {
|
||||
if (!config?.codexComputerUseEnabled) {
|
||||
throw new Error("CODEX_COMPUTER_USE_RUNTIME_DISABLED");
|
||||
}
|
||||
if (!config?.codexComputerUseCommand) {
|
||||
throw new Error("CODEX_COMPUTER_USE_COMMAND_REQUIRED");
|
||||
}
|
||||
|
||||
const cwd = config.codexComputerUseWorkdir || config.cwd || process.cwd();
|
||||
const controlPlatform = normalizeControlPlatform(task?.controlPlatform);
|
||||
return {
|
||||
command: config.codexComputerUseCommand,
|
||||
args: resolveCommandArgs(config.codexComputerUseCommand, config.codexComputerUseArgs || [], cwd),
|
||||
cwd,
|
||||
timeoutMs: config.codexComputerUseTimeoutMs || 45000,
|
||||
env: {
|
||||
BOSS_CONTROL_PLATFORM: controlPlatform,
|
||||
BOSS_COMPUTER_USE_PROVIDER: "codex-computer-use",
|
||||
},
|
||||
stdinPayload: {
|
||||
requestKind: "desktop_control",
|
||||
requestId: String(task?.taskId || "").trim(),
|
||||
objective: String(task?.requestText || task?.executionPrompt || "").trim(),
|
||||
platform: controlPlatform,
|
||||
provider: "codex-computer-use",
|
||||
context: {
|
||||
projectId: String(task?.projectId || "").trim() || undefined,
|
||||
threadId: String(task?.threadId || task?.targetThreadId || "").trim() || undefined,
|
||||
requestedBy: String(task?.requestedByAccount || task?.requestedBy || "").trim() || undefined,
|
||||
requestedAt: String(task?.requestedAt || "").trim() || undefined,
|
||||
confirmationScopeKey: String(task?.confirmationScopeKey || "").trim() || undefined,
|
||||
riskLevel: String(task?.riskLevel || "").trim() || undefined,
|
||||
controlPlatform,
|
||||
computerUseProvider: "codex-computer-use",
|
||||
},
|
||||
},
|
||||
};
|
||||
@@ -201,6 +302,13 @@ export function parseComputerUseTaskResult(rawOutput) {
|
||||
status: "completed",
|
||||
requestId: typeof parsed.requestId === "string" ? parsed.requestId.trim() || undefined : undefined,
|
||||
replyBody,
|
||||
computerUseProvider:
|
||||
parsed.computerUseProvider === "boss-native-computer-use" ||
|
||||
parsed.computerUseProvider === "codex-computer-use" ||
|
||||
parsed.computerUseProvider === "cua-driver-computer-use" ||
|
||||
parsed.computerUseProvider === "openai-computer-use"
|
||||
? parsed.computerUseProvider
|
||||
: undefined,
|
||||
targetApp:
|
||||
typeof parsed.targetApp === "string" && parsed.targetApp.trim()
|
||||
? parsed.targetApp.trim()
|
||||
@@ -212,16 +320,25 @@ export function parseComputerUseTaskResult(rawOutput) {
|
||||
};
|
||||
}
|
||||
|
||||
export async function executeComputerUseTask(task, config = {}) {
|
||||
const runnerConfig = getComputerUseTaskRunnerConfig(process.env, config);
|
||||
if (!runnerConfig.enabled) {
|
||||
return {
|
||||
status: "failed",
|
||||
errorMessage: "COMPUTER_USE_RUNTIME_DISABLED",
|
||||
};
|
||||
}
|
||||
function shouldTryCodexComputerUse(runnerConfig, task) {
|
||||
const provider = normalizeComputerUseProvider(task?.computerUseProvider);
|
||||
return (
|
||||
runnerConfig.codexComputerUseEnabled === true &&
|
||||
Boolean(runnerConfig.codexComputerUseCommand) &&
|
||||
(provider === "codex-computer-use" || provider === "openai-computer-use")
|
||||
);
|
||||
}
|
||||
|
||||
const execution = buildComputerUseTaskExecution(runnerConfig, task);
|
||||
function withComputerUseProvider(result, provider) {
|
||||
return result && typeof result === "object" && !Array.isArray(result)
|
||||
? {
|
||||
...result,
|
||||
computerUseProvider: result.computerUseProvider || provider,
|
||||
}
|
||||
: result;
|
||||
}
|
||||
|
||||
function executeComputerUseRuntime(execution) {
|
||||
return new Promise((resolve, reject) => {
|
||||
const child = spawn(execution.command, execution.args, {
|
||||
cwd: execution.cwd,
|
||||
@@ -273,3 +390,51 @@ export async function executeComputerUseTask(task, config = {}) {
|
||||
child.stdin.end();
|
||||
});
|
||||
}
|
||||
|
||||
export async function executeComputerUseTask(task, config = {}) {
|
||||
const runnerConfig = getComputerUseTaskRunnerConfig(process.env, config);
|
||||
if (!runnerConfig.enabled && !shouldTryCodexComputerUse(runnerConfig, task)) {
|
||||
return {
|
||||
status: "failed",
|
||||
errorMessage: "COMPUTER_USE_RUNTIME_DISABLED",
|
||||
};
|
||||
}
|
||||
|
||||
if (shouldTryCodexComputerUse(runnerConfig, task)) {
|
||||
try {
|
||||
const codexResult = await executeComputerUseRuntime(buildCodexComputerUseTaskExecution(runnerConfig, task));
|
||||
if (codexResult.status !== "failed") {
|
||||
return withComputerUseProvider(codexResult, "codex-computer-use");
|
||||
}
|
||||
if (!runnerConfig.codexComputerUseFallbackToCua) {
|
||||
return withComputerUseProvider(codexResult, "codex-computer-use");
|
||||
}
|
||||
} catch (error) {
|
||||
if (!runnerConfig.codexComputerUseFallbackToCua) {
|
||||
return {
|
||||
status: "failed",
|
||||
errorMessage: error instanceof Error ? error.message : String(error),
|
||||
computerUseProvider: "codex-computer-use",
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (!runnerConfig.enabled) {
|
||||
return {
|
||||
status: "failed",
|
||||
errorMessage: "COMPUTER_USE_RUNTIME_DISABLED",
|
||||
};
|
||||
}
|
||||
|
||||
const fallbackTask = {
|
||||
...task,
|
||||
computerUseProvider:
|
||||
normalizeComputerUseProvider(task?.computerUseProvider) === "codex-computer-use"
|
||||
? "cua-driver-computer-use"
|
||||
: task?.computerUseProvider,
|
||||
};
|
||||
const execution = buildComputerUseTaskExecution(runnerConfig, fallbackTask);
|
||||
const result = await executeComputerUseRuntime(execution);
|
||||
return withComputerUseProvider(result, normalizeComputerUseProvider(fallbackTask.computerUseProvider));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user