fix: harden computer tool helper

- remove the unimplemented accessibility observe mode from the public contract - refuse unmatched app_open requests instead of shelling out - add direct helper tests for both review findings Co-authored-by: Codex <noreply@openai.com>
2026-04-15 09:01:13 +00:00 · 2026-03-11 14:26:18 -04:00 · 2026-03-11 14:26:18 -04:00 · a4250bad30
commit a4250bad30
parent e1bba1c1a5
2 changed files with 65 additions and 3 deletions
--- a/packages/coding-agent/test/computer-tool.test.ts
+++ b/packages/coding-agent/test/computer-tool.test.ts
@ -1,6 +1,7 @@
-import { mkdtempSync, rmSync } from "node:fs";
+import { spawnSync } from "node:child_process";
+import { existsSync, mkdtempSync, rmSync } from "node:fs";
 import { tmpdir } from "node:os";
-import { join } from "node:path";
+import { join, resolve } from "node:path";
 import { afterEach, describe, expect, it } from "vitest";
 import { parseArgs } from "../src/cli/args.js";
 import { buildSystemPrompt } from "../src/core/system-prompt.js";
@ -68,6 +69,13 @@ function createMockComputerOperations(
  };
 }

+function getAgentComputerScriptPath(): string {
+  return resolve(
+    process.cwd(),
+    "../../../../docker/companion/agent-computer.js",
+  );
+}
+
 describe("computer tool", () => {
  const tempDirs: string[] = [];

@ -172,4 +180,58 @@ describe("computer tool", () => {
      "Prefer browser for websites and DOM-aware tasks. Switch to computer",
    );
  });
+
+  it("rejects accessibility observe mode until a non-screenshot backend exists", () => {
+    const stateDir = createTempDir(
+      "coding-agent-computer-helper-accessibility-",
+    );
+    const result = spawnSync(
+      process.execPath,
+      [
+        "--no-warnings",
+        getAgentComputerScriptPath(),
+        "--state-dir",
+        stateDir,
+        "--input",
+        JSON.stringify({
+          action: "observe",
+          mode: "accessibility",
+        }),
+      ],
+      {
+        encoding: "utf8",
+      },
+    );
+
+    expect(result.status).not.toBe(0);
+    expect(result.stderr).toContain(
+      "backend_unavailable: accessibility observe mode is not implemented",
+    );
+  });
+
+  it("refuses to shell out when app_open cannot match an installed app", () => {
+    const stateDir = createTempDir("coding-agent-computer-helper-app-open-");
+    const markerPath = join(stateDir, "should-not-exist");
+    const result = spawnSync(
+      process.execPath,
+      [
+        "--no-warnings",
+        getAgentComputerScriptPath(),
+        "--state-dir",
+        stateDir,
+        "--input",
+        JSON.stringify({
+          action: "app_open",
+          app: `definitely-not-an-installed-app && touch ${markerPath}`,
+        }),
+      ],
+      {
+        encoding: "utf8",
+      },
+    );
+
+    expect(result.status).not.toBe(0);
+    expect(result.stderr).toContain("app_not_found:");
+    expect(existsSync(markerPath)).toBe(false);
+  });
 });