feat: harden enterprise control plane

scripts/computer-use-smoke.mjs

@@ -64,6 +64,26 @@ function detectTargetApp(objective) {
   return undefined;
 }
 
+function resolvePlatformAppName(targetApp) {
+  if (process.platform === "darwin" && targetApp === "Chrome") {
+    return "Google Chrome";
+  }
+  return targetApp;
+}
+
+function isBrowserApp(targetApp) {
+  return ["Chrome", "Google Chrome", "Safari"].includes(String(targetApp || ""));
+}
+
+function extractTargetUrl(objective) {
+  const text = String(objective || "");
+  const quotedText = extractQuotedText(text);
+  if (/^https?:\/\//i.test(String(quotedText || ""))) {
+    return quotedText;
+  }
+  return text.match(/https?:\/\/[^\s，。；、)）"”]+/i)?.[0];
+}
+
 function detectDesktopAction(objective) {
   const text = String(objective || "").toLowerCase();
   if (text.includes("系统设置") || text.includes("settings")) {
@@ -342,6 +362,25 @@ async function runAppleScript(targetApp, objective) {
   return `osascript activated ${targetApp}`;
 }
 
+async function runOpenApp(targetApp) {
+  const command = String(process.env.BOSS_COMPUTER_USE_OPEN_APP_COMMAND || "").trim() || "open";
+  const prefixArgs = resolveOpenAppPrefixArgs(command);
+  await runCommand(command, [...prefixArgs, targetApp]);
+  return `open activated ${targetApp}`;
+}
+
+async function runOpenBrowserUrl(targetApp, targetUrl) {
+  const command = String(process.env.BOSS_COMPUTER_USE_OPEN_APP_COMMAND || "").trim() || "open";
+  const prefixArgs = resolveOpenAppPrefixArgs(command);
+  const commandName = path.basename(command || "").toLowerCase();
+  const args =
+    commandName === "open" || prefixArgs.includes("-a")
+      ? [...prefixArgs, targetApp, targetUrl]
+      : [...prefixArgs, targetUrl];
+  await runCommand(command, args);
+  return `open url in ${targetApp}`;
+}
+
 const raw = await readStdin();
 const normalized = normalizePayload(raw);
 
@@ -359,6 +398,8 @@ const objective =
     ? payload.objective.trim()
     : "桌面控制 smoke 链路正常";
 const targetApp = detectTargetApp(objective);
+const automationTargetApp = resolvePlatformAppName(targetApp);
+const targetUrl = extractTargetUrl(objective);
 const desktopAction = detectDesktopAction(objective);
 const riskLevel =
   typeof payload.context?.riskLevel === "string" && payload.context.riskLevel.trim()
@@ -387,13 +428,14 @@ const configuredMode = getDesktopAutomationMode();
 const automationMode =
   configuredMode === "auto" ? (process.platform === "darwin" ? "osascript" : "open") : configuredMode;
 if (targetApp && !dryRun) {
-  if (automationMode === "osascript") {
-    await runAppleScript(targetApp, objective);
+  if (targetUrl && isBrowserApp(automationTargetApp)) {
+    await runOpenBrowserUrl(automationTargetApp, targetUrl);
+    action = `${desktopAction}_url_executed`;
+  } else if (automationMode === "osascript") {
+    await runAppleScript(automationTargetApp, objective);
     action = `${desktopAction}_executed`;
   } else if (automationMode !== "off") {
-    const command = String(process.env.BOSS_COMPUTER_USE_OPEN_APP_COMMAND || "").trim() || "open";
-    const prefixArgs = resolveOpenAppPrefixArgs(command);
-    await runCommand(command, [...prefixArgs, targetApp]);
+    await runOpenApp(automationTargetApp);
     action = `${desktopAction}_executed`;
   }
 }
@@ -404,6 +446,8 @@ const artifacts = await writeArtifact({
   action,
   objective,
   targetApp,
+  automationTargetApp,
+  targetUrl,
   typedText: extractQuotedText(objective),
   dryRun,
   riskLevel,
@@ -420,6 +464,8 @@ writeJson({
     dialogGuardState.decision?.disposition ? `, dialogGuard=${dialogGuardState.decision.disposition}` : ""
   })`,
   targetApp,
+  automationTargetApp,
+  targetUrl,
   typedText: extractQuotedText(objective),
   dialogGuard: dialogGuardState.decision
     ? {