1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
name: ci
on:
push:
branches:
tags:
pull_request:
branches:
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
RUSTFLAGS: -D warnings
jobs:
fmt:
name: cargo fmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
components: rustfmt
- run: cargo fmt --all -- --check
check:
name: cargo check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: cargo check --locked --all-targets
clippy:
name: cargo clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
components: clippy
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: cargo clippy --locked --all-targets -- -D warnings
test:
name: cargo test (${{ matrix.target }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
target:
- x86_64-unknown-linux-gnu
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: cargo test --locked --target ${{ matrix.target }} --no-fail-fast
rustdoc-and-package:
name: rustdoc and cargo package
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: RUSTDOCFLAGS="-D warnings" cargo doc --locked --no-deps --document-private-items
- run: cargo publish --dry-run --locked
supply-chain:
name: cargo audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: cargo install cargo-audit --locked
- run: cargo audit --deny warnings
mcp-safety:
name: MCP safety contract
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: cargo build --locked
- run: scripts/mcp_safety_check.py --binary target/debug/computer-use-linux
agent-config:
name: agnix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 24
- run: npm install -g agnix
- run: agnix .
npm-wrapper:
name: npm wrapper
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: actions/setup-node@v4
with:
node-version: 24
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- name: Check Cargo and npm versions match
run: |
cargo_version="$(grep -m1 '^version = ' Cargo.toml | sed 's/.*"\(.*\)".*/\1/')"
npm_version="$(node -p "require('./package.json').version")"
test "$cargo_version" = "$npm_version"
- run: node --check npm/install.js
- run: node --check npm/bin/computer-use-linux.js
- run: cargo build --locked
- name: Test npm wrapper against local binary
run: |
prefix="$RUNNER_TEMP/npm-prefix"
COMPUTER_USE_LINUX_LOCAL_BINARY="$PWD/target/debug/computer-use-linux" \
COMPUTER_USE_LINUX_LOCAL_COSMIC_HELPER="$PWD/target/debug/computer-use-linux-cosmic" \
npm install --prefix "$prefix" -g .
"$prefix/bin/computer-use-linux" --help
- run: npm pack --dry-run
zod-schema:
name: zod MCP schema
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- uses: actions/setup-node@v4
with:
node-version: 24
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- run: cargo build --locked
- name: Install MCP SDK for the zod check
run: npm ci --prefix scripts/zod-check --ignore-scripts --no-audit --no-fund
- name: Validate tools/list against the MCP SDK zod schema
run: node scripts/zod-check/check.mjs --command target/debug/computer-use-linux
release-binary:
name: release artifact (${{ matrix.target }})
needs:
- fmt
- check
- clippy
- test
- rustdoc-and-package
- supply-chain
- mcp-safety
- agent-config
- npm-wrapper
- zod-schema
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
permissions:
contents: write
strategy:
fail-fast: false
matrix:
include:
- target: x86_64-unknown-linux-gnu
asset: computer-use-linux-x86_64-unknown-linux-gnu
- target: aarch64-unknown-linux-gnu
asset: computer-use-linux-aarch64-unknown-linux-gnu
cross: true
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@42dc69e1aa15d09112580998cf2ef0119e2e91ae # v2
- name: Install host deps
run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- name: Install cross-compile deps
if: matrix.cross
run: sudo apt-get install -y gcc-aarch64-linux-gnu
- name: Configure cross linker
if: matrix.cross
run: |
mkdir -p .cargo
cat >> .cargo/config.toml <<'EOF'
[target.aarch64-unknown-linux-gnu]
linker = "aarch64-linux-gnu-gcc"
EOF
- name: Build release binary
run: cargo build --locked --release --target ${{ matrix.target }}
- name: Stage artifact
run: |
mkdir -p dist
cp target/${{ matrix.target }}/release/computer-use-linux dist/${{ matrix.asset }}
cp target/${{ matrix.target }}/release/computer-use-linux-cosmic dist/computer-use-linux-cosmic-${{ matrix.target }}
(
cd dist
sha256sum ${{ matrix.asset }} > ${{ matrix.asset }}.sha256
sha256sum computer-use-linux-cosmic-${{ matrix.target }} > computer-use-linux-cosmic-${{ matrix.target }}.sha256
)
- uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
with:
files: |
dist/${{ matrix.asset }}
dist/${{ matrix.asset }}.sha256
dist/computer-use-linux-cosmic-${{ matrix.target }}
dist/computer-use-linux-cosmic-${{ matrix.target }}.sha256
generate_release_notes: true
publish-crate:
name: publish crate
needs:
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
env:
CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- name: Publish to crates.io
run: |
test -n "$CARGO_REGISTRY_TOKEN"
crate="$(grep -m1 '^name = ' Cargo.toml | sed 's/.*"\(.*\)".*/\1/')"
version="$(grep -m1 '^version = ' Cargo.toml | sed 's/.*"\(.*\)".*/\1/')"
test "v$version" = "$GITHUB_REF_NAME"
if curl -fsS "https://crates.io/api/v1/crates/${crate}/${version}" >/dev/null; then
echo "${crate} ${version} is already on crates.io; skipping"
else
cargo publish --locked
fi
publish-npm:
name: publish npm
needs:
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 24
registry-url: https://registry.npmjs.org
- name: Publish to npm
run: |
test -n "$NODE_AUTH_TOKEN"
name="$(node -p "require('./package.json').name")"
version="$(node -p "require('./package.json').version")"
test "v$version" = "$GITHUB_REF_NAME"
base="https://github.com/agent-sh/computer-use-linux/releases/download/v${version}"
for asset in \
computer-use-linux-x86_64-unknown-linux-gnu \
computer-use-linux-aarch64-unknown-linux-gnu \
computer-use-linux-cosmic-x86_64-unknown-linux-gnu \
computer-use-linux-cosmic-aarch64-unknown-linux-gnu
do
for suffix in "" ".sha256"; do
for attempt in {1..30}; do
if curl -fsSIL "${base}/${asset}${suffix}" >/dev/null; then
break
fi
if [[ "$attempt" -eq 30 ]]; then
echo "release asset not available: ${asset}${suffix}" >&2
exit 1
fi
sleep 5
done
done
done
if npm view "${name}@${version}" version >/dev/null 2>&1; then
echo "${name} ${version} is already on npm; skipping"
else
npm publish --access public
fi
validate-published:
name: zod schema (published npm)
needs:
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 24
- run: sudo apt-get update && sudo apt-get install -y libdbus-1-dev pkg-config
- name: Install the published package
run: |
name="$(node -p "require('./package.json').name")"
version="$(node -p "require('./package.json').version")"
test "v$version" = "$GITHUB_REF_NAME"
npm install --prefix "$RUNNER_TEMP/published" -g "${name}@${version}"
- name: Install MCP SDK for the zod check
run: npm ci --prefix scripts/zod-check --ignore-scripts --no-audit --no-fund
- name: Validate the published tools/list against the MCP SDK zod schema
run: node scripts/zod-check/check.mjs --command "$RUNNER_TEMP/published/bin/computer-use-linux"
notify-codex-desktop:
name: open codex-desktop update reminder
needs:
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
permissions:
contents: read
issues: write
steps:
- uses: actions/checkout@v4
- name: Open reminder issue to sync codex-desktop-linux
env:
GH_TOKEN: ${{ github.token }}
VERSION: ${{ github.ref_name }}
run: |
title="Sync codex-desktop-linux with ${VERSION} release content"
existing="$(gh issue list --state all --search "in:title $title" --json title,number \
--jq ".[] | select(.title == \"$title\") | .number" | head -n1)"
if [ -n "$existing" ]; then
echo "reminder issue #$existing already exists; skipping"
exit 0
fi
notes="$(awk -v ver="${VERSION#v}" '
$0 ~ "^## \\[" ver "\\]" { capture = 1; next }
capture && /^## \[/ { exit }
capture { print }
' CHANGELOG.md)"
[ -z "$notes" ] && notes="(no CHANGELOG section found for ${VERSION})"
body="$(printf '%s released. Update [codex-desktop-linux](https://github.com/avifenesh/codex-desktop-linux) to pin/ship this version and mirror the relevant changes.\n\n## %s changelog\n%s\n\n---\n_Opened automatically by the release workflow._' "${VERSION}" "${VERSION}" "${notes}")"
gh issue create --title "$title" --body "$body"