car-desktop 0.15.1

OS-level screen capture, accessibility inspection, and input synthesis for Common Agent Runtime
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261

//! macOS backend for `car-desktop`.
//!
//! Implementation lands incrementally across CD-02 through CD-06
//! (see docs/CAR_DESKTOP.md). Each subsequent task removes one or
//! more `CarDesktopError::NotYetImplemented` call sites from this
//! module. Once CD-06 merges, no method in this backend returns
//! `NotYetImplemented` and the variant itself goes away.
//!
//! This module is gated on `cfg(target_os = "macos")` and pulls in
//! the required Apple framework bindings (`objc2-*`,
//! `core-graphics`, `core-foundation`, `accessibility-sys`) via the
//! crate's `[target.'cfg(target_os = "macos")'.dependencies]`. On
//! non-macOS targets this module is not compiled and `MacBackend`
//! does not exist. Consumers should check `cfg!(target_os = "macos")`
//! or use `CarDesktopError::PlatformUnsupported` from the non-macOS
//! path.

use async_trait::async_trait;

use crate::backend::DesktopBackend;
use crate::errors::{CarDesktopError, Result};
use crate::models::{
    ClickRequest, DisplayId, Frame, KeyPressRequest, PermissionRequest, PermissionSnapshot,
    TypeRequest, UiMap, WindowFilter, WindowHandle, WindowInfo,
};
use crate::safety::PerWindowRateLimiter;

pub mod accessibility;
pub mod capture;
pub mod input;
pub mod permissions;
pub mod windows;

/// Locate a node in a UiMap by id, returning its bounds + title.
/// Used by `click` to resolve `element_id` into an absolute point
/// and to feed the destructive-label safety gate. O(1) via the
/// `a11y_by_id` lookup that `observe_window` populates.
fn find_element_bounds(map: &UiMap, element_id: &str) -> Option<(crate::models::Bounds, String)> {
    let record = map.a11y_by_id.get(element_id)?;
    let title = record.name.clone().unwrap_or_default();
    Some((record.bounds, title))
}

/// macOS `DesktopBackend` implementation.
///
/// `MacBackend::new()` is inexpensive; no framework initialization
/// happens until a method actually needs it. The per-window rate
/// limiter lives on the backend so it persists across calls.
pub struct MacBackend {
    rate_limiter: PerWindowRateLimiter,
}

impl MacBackend {
    pub fn new() -> Self {
        Self {
            rate_limiter: PerWindowRateLimiter::new(),
        }
    }
}

impl Default for MacBackend {
    fn default() -> Self {
        Self::new()
    }
}

#[async_trait]
impl DesktopBackend for MacBackend {
    async fn list_windows(&self, filter: WindowFilter) -> Result<Vec<WindowInfo>> {
        // CGWindowList is a synchronous, potentially-expensive call
        // (allocates a CFArray, walks each window's IOKit service
        // for bundle info). Run it on the blocking pool so the
        // tokio reactor doesn't stall.
        tokio::task::spawn_blocking(move || windows::list_windows_impl(&filter))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn observe_window(&self, window: WindowHandle) -> Result<UiMap> {
        // Find the window's metadata so we can return a fully-
        // populated UiMap (frame + window info). The AX-tree half
        // lands in CD-04; until then we emit `a11y_empty = true`.
        let pid = window.pid;
        let wid = window.window_id;
        let all_windows = tokio::task::spawn_blocking(move || {
            windows::list_windows_impl(&crate::models::WindowFilter::by_pid(pid))
        })
        .await
        .map_err(|e| CarDesktopError::OsApi {
            detail: format!("spawn_blocking join error: {e}"),
            source: Some(Box::new(e)),
        })??;
        let info = all_windows
            .into_iter()
            .find(|w| w.handle.window_id == wid)
            .ok_or_else(|| CarDesktopError::WindowNotFound {
                detail: format!("window {}:{} not in the on-screen list", pid, wid),
            })?;

        let frame = tokio::task::spawn_blocking(move || capture::capture_window_impl(window))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })??;

        // CD-04: AX-tree walk. On Accessibility-permission denial
        // we fall back to returning a frame-only UiMap instead of
        // erroring — the capture still succeeded and the caller can
        // use screenshot-diff on the pixel frame.
        let window_for_ax = window;
        let ax_result =
            tokio::task::spawn_blocking(move || accessibility::walk_window_ax(window_for_ax))
                .await
                .map_err(|e| CarDesktopError::OsApi {
                    detail: format!("spawn_blocking join error: {e}"),
                    source: Some(Box::new(e)),
                })?;
        let mut map = crate::perception::empty_a11y_uimap(info);
        map.frame = Some(frame);
        match ax_result {
            Ok(out) => {
                map.a11y_root = Some(out.root);
                map.a11y_index = out.index;
                map.a11y_by_id = out.by_id;
                map.a11y_truncated = out.truncated;
                map.a11y_empty = false;
            }
            Err(CarDesktopError::PermissionDenied { .. }) => {
                // Accessibility denied → return frame-only UiMap
                // with a11y_empty = true. Callers (notably the
                // self-QA harness) fall back to screenshot-diff.
            }
            Err(other) => return Err(other),
        }
        Ok(map)
    }

    async fn capture_display(&self, display: DisplayId) -> Result<Frame> {
        tokio::task::spawn_blocking(move || capture::capture_display_impl(display))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn focus_window(&self, window: WindowHandle) -> Result<()> {
        tokio::task::spawn_blocking(move || windows::focus_window_impl(window))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn click(&self, request: ClickRequest) -> Result<()> {
        self.rate_limiter.acquire(request.window)?;
        // Resolve element_id → absolute point by re-observing the
        // window so we have a current AX tree. When the caller
        // supplied `point` directly, skip the observation entirely.
        let (point, ax_title) = if let Some(eid) = request.element_id.clone() {
            let map = self.observe_window(request.window).await?;
            let (bounds, title) =
                find_element_bounds(&map, &eid).ok_or(CarDesktopError::UnknownElement {
                    element_id: eid.clone(),
                })?;
            (bounds.center(), Some(title))
        } else if let Some(p) = request.point {
            (p, None)
        } else {
            return Err(CarDesktopError::OsApi {
                detail: "ClickRequest must carry either element_id or point".into(),
                source: None,
            });
        };
        // Frame clamp: the resolved point must lie inside the
        // target window's current frame.
        let pid_for_frame = request.window.pid;
        let wid_for_frame = request.window.window_id;
        let window_info = tokio::task::spawn_blocking(move || {
            windows::list_windows_impl(&crate::models::WindowFilter::by_pid(pid_for_frame))
        })
        .await
        .map_err(|e| CarDesktopError::OsApi {
            detail: format!("spawn_blocking join error: {e}"),
            source: Some(Box::new(e)),
        })??
        .into_iter()
        .find(|w| w.handle.window_id == wid_for_frame)
        .ok_or_else(|| CarDesktopError::WindowNotFound {
            detail: format!(
                "window {}:{} disappeared before click",
                pid_for_frame, wid_for_frame
            ),
        })?;
        if !window_info.frame.contains_point(point.0, point.1) {
            return Err(CarDesktopError::OutOfTargetWindow {
                x: point.0,
                y: point.1,
                frame: window_info.frame,
            });
        }
        // Activate the owning app so the click lands in the right
        // process's event queue.
        self.focus_window(request.window).await.ok();
        let cg_point = core_graphics::geometry::CGPoint::new(point.0, point.1);
        let ax_title_for_safety = ax_title.clone();
        tokio::task::spawn_blocking(move || {
            input::click_impl(request, cg_point, ax_title_for_safety)
        })
        .await
        .map_err(|e| CarDesktopError::OsApi {
            detail: format!("spawn_blocking join error: {e}"),
            source: Some(Box::new(e)),
        })?
    }

    async fn type_text(&self, request: TypeRequest) -> Result<()> {
        self.rate_limiter.acquire(request.window)?;
        self.focus_window(request.window).await.ok();
        tokio::task::spawn_blocking(move || input::type_text_impl(request))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn keypress(&self, request: KeyPressRequest) -> Result<()> {
        self.rate_limiter.acquire(request.window)?;
        self.focus_window(request.window).await.ok();
        tokio::task::spawn_blocking(move || input::keypress_impl(request))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn permissions(&self) -> Result<PermissionSnapshot> {
        tokio::task::spawn_blocking(permissions::permissions_impl)
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }

    async fn request_permissions(&self, needs: PermissionRequest) -> Result<PermissionSnapshot> {
        tokio::task::spawn_blocking(move || permissions::request_permissions_impl(needs))
            .await
            .map_err(|e| CarDesktopError::OsApi {
                detail: format!("spawn_blocking join error: {e}"),
                source: Some(Box::new(e)),
            })?
    }
}