Skip to content

feat(desktop): browser action safety classification (Phase 2E)#7

Merged
gu87 merged 1 commit into
upstream-main-cleanfrom
codex/desktop-browser-action-safety-phase2e
Jun 7, 2026
Merged

feat(desktop): browser action safety classification (Phase 2E)#7
gu87 merged 1 commit into
upstream-main-cleanfrom
codex/desktop-browser-action-safety-phase2e

Conversation

@gu87

@gu87 gu87 commented Jun 7, 2026

Copy link
Copy Markdown
Owner

Summary

Adds action safety classification to the Browser Action Gateway, establishing clear boundaries for what the Desktop executor can and cannot do.

What Changed

  • Action classification system:
    • PERMANENTLY_DENIED_ACTIONS: eval, press_key, scroll — no Allow button, permanently blocked
    • AWAITING_SAFETY_ACTIONS: click, type — Allow button visible but executor returns failed
    • EXECUTABLE_ACTIONS: navigate only — user-approved execution
  • Helper functions: getBlockedActionReason(), isActionExecutable(), isActionPermanentlyBlocked()
  • Safety context: BrowserActionSafetyContext propagated to proposeAction() (originUrl, originTitle, targetDescription, riskLevel, typeText)
  • UI upgrades: RiskBadge component, AlertTriangle with blocked reason, type text confirmation step, improved action log with actionType tags
  • Read-only shortcuts: snapshot/vision/get_images/console auto-resolve as executed
  • Test contract: 147 browser-runtime tests pass, including Phase 2E non-execution contract

Safety Boundary

Action Status
navigate ✅ Executable after user Allow
click, type ⚠️ Approval UI renders, safetyContext shown, but executor returns failed
eval, press_key, scroll ❌ Permanently blocked — no Allow button
snapshot, vision, get_images, console ✅ Read-only — auto-resolved

Validation

  • npm run type-check: PASS
  • npx eslint: PASS (0 errors, 0 warnings)
  • npx vitest run --environment jsdom src/app/browser-runtime/*.test.ts: 147/147 PASS

Scope

  • Desktop browser runtime only.
  • No backend/executor/Kanban changes.
  • No new network or filesystem access.

🤖 Generated with Claude Code

@claude
feat(desktop): add browser action safety classification (Phase 2E)
a959a64 
- Add action classification system:
  - PERMANENTLY_DENIED_ACTIONS: eval, press_key, scroll (no Allow button)
  - AWAITING_SAFETY_ACTIONS: click, type (Allow visible but executor fails)
  - EXECUTABLE_ACTIONS: navigate only (user-approved execution)
- Add helper functions: getBlockedActionReason, isActionExecutable,
  isActionPermanentlyBlocked
- Add BrowserActionSafetyContext to proposeAction (originUrl, originTitle,
  targetDescription, targetRef, riskLevel, typeText)
- Upgrade approval UI: RiskBadge, AlertTriangle for blocked reasons,
  type confirmation step, improved action log with actionType tags
- Read-only actions (snapshot/vision/get_images/console) auto-resolve
- Add Phase 2E contract tests (147 pass)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@gu87 gu87 merged commit 71aad96 into upstream-main-clean Jun 7, 2026
7 checks passed
@gu87 gu87 deleted the codex/desktop-browser-action-safety-phase2e branch June 7, 2026 01:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gu87