cc-haha/src/server/__tests__/computer-use-api.test.ts
程序员阿江(Relakkes) 1cd90dc66a feat: let users opt out of bundled Computer Use
Computer Use is useful when explicitly needed, but exposing its MCP tools by default creates unnecessary desktop-control surface for users who want coding-only sessions. This adds a shared disable path for CLI flags, environment, and desktop settings while keeping preauthorized app state in one config file.

The same change also preserves Windows and WSL shell startup behavior by applying the MSYS argument-conversion guard only on WSL-bound launches.

Constraint: Computer Use MCP must not be exposed to the Coding Agent when disabled

Constraint: Desktop settings and CLI sessions need to read the same persisted Computer Use config

Rejected: Environment-only disable switch | desktop users need a persistent Settings control

Rejected: Remove Computer Use setup entirely | enabled sessions still need the existing built-in MCP path

Confidence: high

Scope-risk: moderate

Directive: Keep every new Computer Use entrypoint wired through loadStoredComputerUseConfig or the CLI disable flag before adding MCP tools

Tested: bun test src/utils/computerUse/gates.test.ts src/utils/computerUse/preauthorizedConfig.test.ts src/server/__tests__/computer-use-api.test.ts src/utils/shell/wslInterop.test.ts desktop/src/pages/ComputerUseSettings.test.tsx

Tested: bun run check:server; bun run check:desktop; bun run check:docs; bun run check:policy; bun run check:native; git diff --check

Tested: SKIP_INSTALL=1 ./desktop/scripts/build-macos-arm64.sh; codesign verify; hdiutil verify; built CLI Computer Use E2E exposure and disable checks

Not-tested: Full screenshot/control action after granting macOS Screen Recording permission on this machine
2026-05-06 11:40:49 +08:00

69 lines
2.1 KiB
TypeScript

import { afterEach, beforeEach, describe, expect, it } from 'bun:test'
import { mkdtemp, readFile, rm } from 'node:fs/promises'
import { tmpdir } from 'node:os'
import { join } from 'node:path'
import { handleComputerUseApi } from '../api/computer-use.js'
const originalClaudeConfigDir = process.env.CLAUDE_CONFIG_DIR
let configDir: string | null = null
function makeRequest(method: string, body?: unknown): Request {
return new Request('http://localhost/api/computer-use/authorized-apps', {
method,
body: body === undefined ? undefined : JSON.stringify(body),
})
}
async function callAuthorizedApps(method: string, body?: unknown): Promise<Response> {
return handleComputerUseApi(
makeRequest(method, body),
new URL('http://localhost/api/computer-use/authorized-apps'),
['api', 'computer-use', 'authorized-apps'],
)
}
beforeEach(async () => {
configDir = await mkdtemp(join(tmpdir(), 'cc-haha-computer-use-api-'))
process.env.CLAUDE_CONFIG_DIR = configDir
})
afterEach(async () => {
if (originalClaudeConfigDir === undefined) {
delete process.env.CLAUDE_CONFIG_DIR
} else {
process.env.CLAUDE_CONFIG_DIR = originalClaudeConfigDir
}
if (configDir) {
await rm(configDir, { recursive: true, force: true })
configDir = null
}
})
describe('Computer Use API authorized app config', () => {
it('defaults Computer Use enabled for existing users without config', async () => {
const res = await callAuthorizedApps('GET')
expect(res.status).toBe(200)
expect(await res.json()).toMatchObject({
enabled: true,
authorizedApps: [],
})
})
it('persists the Computer Use enabled flag independently', async () => {
const putRes = await callAuthorizedApps('PUT', { enabled: false })
expect(putRes.status).toBe(200)
const getRes = await callAuthorizedApps('GET')
expect(await getRes.json()).toMatchObject({ enabled: false })
const raw = await readFile(
join(configDir!, 'cc-haha', 'computer-use-config.json'),
'utf8',
)
expect(JSON.parse(raw)).toMatchObject({ enabled: false })
})
})