Skip to content

Commit 4a80e25

Browse files
authored
Merge pull request #14 from freshtechbro/codex/desktop-runtime-sibling-plane
fix: stabilize provider fallback recovery and shopping outputs
2 parents 575f02b + 4c8d7de commit 4a80e25

51 files changed

Lines changed: 7268 additions & 711 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

README.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,7 @@ Use `--output-format json|stream-json` for automation-friendly output.
243243
- Direct browser, `/ops`, and provider fallback paths now share one bounded challenge orchestration plane. It can try auth navigation, legitimate session or cookie reuse, non-secret field fill, and bounded interaction exploration before yielding to a human.
244244
- Workflow and manager callers can set `challengeAutomationMode` to `off`, `browser`, or `browser_with_helper`. Effective precedence is `run > session > config`, and hard gates still apply after resolution.
245245
- The optional helper bridge is browser-scoped, not a desktop agent. `browser` forces it to stand down, and `browser_with_helper` only evaluates it after the existing helper hard gates pass.
246+
- Shipped builds also compose an internal sibling desktop observation runtime under separate `desktop.*` config. It is permission-off by default, does not widen `/ops` or `ChallengeRuntimeHandle`, and its shipped non-public composed path routes desktop observation back through browser-owned review.
246247
- Browser fallback returns explicit transport `disposition` values: `completed`, `challenge_preserved`, `deferred`, or `failed`. When orchestration runs during fallback, decision evidence is recorded under `details.challengeOrchestration`.
247248
- `ProviderRegistry` is the only durable anti-bot pressure authority. Shared runtime and policy own fallback ordering and resume policy; provider modules only contribute extraction logic and `recoveryHints()`.
248249
- In scope: preserved sessions, normal browser controls, bounded interaction experimentation, human yield packets for secret or human-authority boundaries, and owned-environment fixtures that use vendor test keys only.
@@ -258,6 +259,7 @@ Use `--output-format json|stream-json` for automation-friendly output.
258259
- **Canvas token authoring and adapter-plugin validation are now first-class**: the extension token panel edits collections, modes, aliases, and bindings, while `scripts/canvas-competitive-validation.mjs` captures grouped evidence for adapters, token round-trip, inbox delivery, surface parity, and optional live Figma smoke.
259260
- **Canvas surface governance and skill-pack coverage** now include current `/canvas` inventories, handshake/blocker templates, and feedback-evaluation artifacts.
260261
- **Challenge automation override control is now first-class** across workflows and manager metadata via `challengeAutomationMode` (`off|browser|browser_with_helper`) with `run > session > config` precedence and a browser-scoped helper boundary.
262+
- **Desktop observation now ships as an internal sibling runtime** with separate `desktop.*` config, repo-local audit artifacts, a non-public core observation-plus-review path, and no public desktop CLI or `/ops` plane yet.
261263
- **Release packaging/docs were refreshed for v0.0.17**, including current tarball examples, extension version sync, release evidence, and public/private cutover guidance.
262264

263265
### v0.0.16
@@ -618,6 +620,15 @@ Optional config file: `~/.config/opencode/opendevbrowser.jsonc`
618620
}
619621
},
620622

623+
// Internal sibling desktop observation runtime (permission-off by default)
624+
"desktop": {
625+
"permissionLevel": "off",
626+
"commandTimeoutMs": 10000,
627+
"auditArtifactsDir": ".opendevbrowser/desktop-runtime",
628+
"accessibilityMaxDepth": 2,
629+
"accessibilityMaxChildren": 25
630+
},
631+
621632
// Skills configuration
622633
"skills": {
623634
"nudge": {

docs/ARCHITECTURE.md

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -73,13 +73,15 @@ Legitimacy boundary:
7373
- `BrowserManager` and `OpsBrowserManager` remain the only surfaced challenge metadata writers.
7474
- `meta.challengeOrchestration` and fallback `details.challengeOrchestration` can expose `mode`, `source`, `standDownReason`, and helper eligibility so stand-down decisions stay explicit.
7575
- The optional helper bridge is browser-scoped, not a desktop agent. `browser` disables it, while `browser_with_helper` only evaluates it when the existing hard gates pass.
76+
- Shipped builds keep desktop entitlement separate under `desktop.*`; that sibling runtime is never granted by `challengeAutomationMode`.
7677
- Governed advanced lanes stay separately entitlement-gated and are never granted by `challengeAutomationMode`.
7778

7879
### Roadmap-only desktop boundary
7980

80-
This section is roadmap-only and non-shipping.
81+
This section is roadmap-only for any public desktop-agent claim. Shipped builds now include an internal sibling desktop observation runtime plus a top-level automation coordinator, but they remain non-public, observation-only, and permission-off by default.
8182

82-
- A future desktop agent must use a new runtime contract separate from `ChallengeRuntimeHandle`.
83+
- The shipped internal runtime already uses a separate contract from `ChallengeRuntimeHandle`, `BrowserManagerLike`, and `/ops`; any future public desktop agent must preserve that separation.
84+
- Core composition creates `desktopRuntime` beside `BrowserManager` and `OpsBrowserManager`, then exposes a non-public `observeDesktopAndVerify` entrypoint that routes desktop observation back through browser-owned review before surfacing completion.
8385
- Minimum capability bar before any desktop-agent claim is allowed:
8486
- OS-level input actuation outside the browser
8587
- cross-window and cross-app focus management
@@ -88,7 +90,7 @@ This section is roadmap-only and non-shipping.
8890
- bounded workspace and abort controls
8991
- audit artifacts and replay-safe execution logs
9092
- a typed failure taxonomy separate from the current helper bridge
91-
- Until that runtime exists, public docs and surfaces must not describe the current helper bridge as a desktop agent.
93+
- Until a public desktop plane exists, public docs and surfaces must not describe the current helper bridge as a desktop agent or imply that `/ops` is a desktop control channel.
9294

9395
---
9496

@@ -108,7 +110,8 @@ This section is roadmap-only and non-shipping.
108110
▼ ▼ ▼ ▼
109111
┌─────────────────────────────────────────────────────────────────┐
110112
│ Core Runtime (src/core/) │
111-
│ bootstrap.ts → wires managers, injects ToolDeps │
113+
│ bootstrap.ts → wires managers, sibling desktop runtime, │
114+
│ automation coordinator, injects ToolDeps │
112115
└────────┬────────────────────────────────────────────────────────┘
113116
114117
┌────┴────┬─────────────┬──────────────┬──────────┬────────────┬────────────┬────────────┐

docs/CLI.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,6 +163,7 @@ Canonical inventory document: `docs/SURFACE_REFERENCE.md`.
163163
- `ProviderRegistry` is the only durable anti-bot pressure authority used by policy, runtime routing, and workflow summaries. Provider modules only contribute extraction logic and optional `recoveryHints()`.
164164
- Direct browser, `/ops`, and provider fallback flows share one bounded challenge plane. It can try auth navigation, legitimate session or cookie reuse, non-secret field fill, and bounded browser-native interaction experimentation before yielding.
165165
- The optional helper bridge is browser-scoped, not a desktop agent. `browser` keeps it disabled and `browser_with_helper` only evaluates it after the existing hard gates pass.
166+
- Separate `desktop.*` config controls the shipped internal sibling desktop observation runtime. It stays permission-off by default, adds no public CLI command family, is never enabled by `challengeAutomationMode`, and only the internal core entrypoint composes observation with browser review.
166167
- Provider and workflow auto-resume still happen only after manager-owned verification clears the blocker.
167168
- In scope: preserved sessions, visual observation loops, low-level pointer controls, bounded interaction experimentation, reclaimable human yield packets, and owned-environment fixtures that use vendor test keys only.
168169
- Out of scope: hidden bypass paths, CAPTCHA-solving services, challenge token harvesting, or autonomous unsandboxed solving of third-party anti-bot systems.
@@ -1628,6 +1629,13 @@ When using `--with-config`, a `opendevbrowser.jsonc` is created with documented
16281629
"ytdlpTimeoutMs": 10000
16291630
}
16301631
},
1632+
"desktop": {
1633+
"permissionLevel": "off",
1634+
"commandTimeoutMs": 10000,
1635+
"auditArtifactsDir": ".opendevbrowser/desktop-runtime",
1636+
"accessibilityMaxDepth": 2,
1637+
"accessibilityMaxChildren": 25
1638+
},
16311639
"daemonPort": 8788,
16321640
"daemonToken": "auto-generated-on-first-run",
16331641
"flags": [],

docs/SURFACE_REFERENCE.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -294,6 +294,7 @@ Envelope contract:
294294
- Effective precedence is `run > session > config`.
295295
- Shipped config defaults resolve to helper-capable posture: `mode=browser_with_helper` and `optionalComputerUseBridge.enabled=true`.
296296
- The optional helper bridge stays browser-scoped and is not a desktop agent.
297+
- Separate `desktop.*` config gates the shipped internal sibling desktop observation runtime, but no public desktop CLI, tool, or `/ops` family is exposed and browser review remains the surfaced truth.
297298
- Provider browser fallback uses explicit transport `disposition` values: `completed`, `challenge_preserved`, `deferred`, and `failed`, and may include `details.challengeOrchestration` when the shared challenge plane ran during fallback.
298299
- `ProviderRegistry` is the only durable anti-bot pressure authority. Workflow outputs keep their existing keys while reading registry-backed pressure instead of provider-local durable state.
299300

docs/privacy.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ The extension:
1919
- Does NOT use analytics or telemetry
2020
- May access page URLs, titles, and page content locally when you use automation or annotation features
2121
- May honor a local `challengeAutomationMode` setting (`off`, `browser`, or `browser_with_helper`) so bounded browser challenge handling can stand down or proceed on your machine without sending challenge state to OpenDevBrowser-operated services
22+
- May, if you explicitly enable `desktop.permissionLevel=observe`, capture local desktop or window screenshots plus accessibility snapshots on-device and write repo-local audit artifacts under `.opendevbrowser/desktop-runtime`
2223
- May store relay settings and the last user-triggered annotation payload locally on-device so the popup can reconnect and reopen recent annotation results
2324
- May store screenshot-free annotation payloads in a repo-local shared inbox when you explicitly use popup/canvas/in-page `Send` actions so the active chat for that worktree can consume them, or so the payload can be retrieved later when safe chat scoping is unavailable
2425
- May keep extension-hosted canvas stage annotation selections, region metadata, and optional local crop references on-device only when you explicitly capture or send them during a canvas session
@@ -37,7 +38,7 @@ The extension operates entirely on your local machine:
3738

3839
5. **Local Storage**: The `storage` permission stores your relay configuration (port, pairing token, pairing toggle) and the last annotation payload metadata locally in Chrome. When you explicitly capture or send annotation results, the extension can also persist a local copy of the last annotation payload without screenshots so the popup can reopen it. If you explicitly use a `Send` action, OpenDevBrowser can also write a screenshot-free copy into `.opendevbrowser/annotate/agent-inbox.jsonl` in the current worktree so the intended active chat can consume it, or so the payload can be retrieved later with `annotate --stored` when safe chat scoping is unavailable. This data stays local to your machine and repository.
3940

40-
Challenge automation evaluation also stays local. The optional helper bridge remains browser-scoped and is not a desktop agent.
41+
Challenge automation evaluation and the internal desktop observation runtime also stay local. The optional helper bridge remains browser-scoped and is not a desktop agent.
4142

4243
## Data Flow
4344

0 commit comments

Comments
 (0)