Files
wehub-resource-sync 426e9eeabd
Benchmark Bridge Tests / benchmark (bunx @biomejs/biome check packages/lifeops-bench/src, benchmark-lint) (push) Waiting to run
Benchmark Bridge Tests / benchmark (bunx vitest run --config packages/lifeops-bench/vitest.config.ts --root packages/lifeops-bench --passWithNoTests, benchmark-tests) (push) Waiting to run
Build Agent Image / build-and-push (push) Waiting to run
Chat shell gestures / Chat shell gesture + parity e2e (push) Waiting to run
ci / test (push) Waiting to run
ci / lint-and-format (push) Waiting to run
ci / build (push) Waiting to run
ci / dev-startup (push) Waiting to run
Cloud Gateway Discord / Test (push) Waiting to run
Cloud Gateway Webhook / Test (push) Waiting to run
Cloud Tests / lint-and-types (push) Waiting to run
Cloud Tests / unit-tests (push) Waiting to run
Cloud Tests / integration-tests (push) Waiting to run
Cloud Tests / e2e-tests (push) Blocked by required conditions
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Deploy Apps Worker (Product 2) / Determine environment (push) Waiting to run
Deploy Apps Worker (Product 2) / Deploy apps worker to apps-control host (${{ needs.determine-env.outputs.environment }}) (push) Blocked by required conditions
Deploy Eliza Provisioning Worker / Determine environment (push) Waiting to run
Deploy Eliza Provisioning Worker / Deploy worker to Hetzner host (${{ needs.determine-env.outputs.environment }} @ ${{ needs.determine-env.outputs.deployment_sha }}) (push) Blocked by required conditions
Dev Smoke / Classify changed paths (push) Waiting to run
Dev Smoke / bun run dev onboarding chat (push) Blocked by required conditions
Dev Smoke / Vite HMR dependency-level smoke (push) Blocked by required conditions
Electrobun Submodule Guard / electrobun gitlink is fetchable (push) Waiting to run
gitleaks / gitleaks (push) Waiting to run
Markdown Links / Relative Markdown Links (push) Waiting to run
Publish @elizaos/example-code / check_npm (push) Waiting to run
Publish @elizaos/example-code / publish_npm (push) Blocked by required conditions
Publish @elizaos/plugin-elizacloud / verify_version (push) Waiting to run
Publish @elizaos/plugin-elizacloud / publish_npm (push) Blocked by required conditions
Quality (Extended) / Homepage Build (PR smoke) (push) Waiting to run
Quality (Extended) / Comment-only diff guard (push) Waiting to run
Quality (Extended) / Format + Type Safety Ratchet (push) Waiting to run
Quality (Extended) / Develop Gate (secret scan + UI determinism) (push) Waiting to run
Quality (Extended) / Develop Gate (lint) (push) Waiting to run
Sandbox Live Smoke / Sandbox live smoke (push) Waiting to run
Snap Build & Test / Build Snap (amd64) (push) Waiting to run
Snap Build & Test / Build Snap (arm64) (push) Waiting to run
supply-chain / sbom (push) Waiting to run
supply-chain / vulnerability-scan (push) Waiting to run
Build, Push & Deploy to Phala Cloud / build-and-push (push) Waiting to run
Test Packaging / Validate Packaging Configs (push) Waiting to run
Test Packaging / PyPI on Python ${{ matrix.python }} (push) Waiting to run
Test Packaging / Pack & Test JS Tarballs (push) Waiting to run
Test Packaging / elizaos CLI global-install smoke (node + bun) (push) Waiting to run
UI Fixture E2E / ui-fixture-e2e (push) Waiting to run
UI Fixture E2E / fixture-e2e (push) Waiting to run
UI Story Gate / story-gate (push) Waiting to run
vault-ci / test (macos-latest) (push) Waiting to run
vault-ci / test (ubuntu-latest) (push) Waiting to run
vault-ci / test (windows-latest) (push) Waiting to run
vault-ci / app-core wiring tests (push) Waiting to run
verify-patches / verify patches/CHECKSUMS.sha256 (push) Waiting to run
Voice Benchmark Smoke / voice-emotion fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voiceagentbench fixture smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench-quality unit smoke (push) Waiting to run
Voice Benchmark Smoke / voicebench TypeScript unit (no audio) (push) Waiting to run
Voice Benchmark Smoke / voice bench smoke summary (push) Blocked by required conditions
Windows CI / windows ([bun run --cwd packages/app-core test bun run --cwd packages/elizaos test bun run --cwd packages/cloud/shared test], app-and-cli) (push) Waiting to run
Windows CI / windows ([bun run --cwd packages/scenario-runner test bun run --cwd packages/vault test bun run --cwd packages/security test bun run --cwd plugins/plugin-coding-tools test], framework-packages) (push) Waiting to run
Windows CI / windows ([bun run --cwd plugins/plugin-elizacloud test bun run --cwd plugins/plugin-discord test bun run --cwd plugins/plugin-anthropic test bun run --cwd plugins/plugin-openai test bun run --cwd plugins/plugin-app-control test bun run --cwd plugins/pl… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run build --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/agent --concurrency=4 node packages/scripts/run-bash-linux-only.mjs scripts/verify-riscv64-buildpaths.sh node packages/scripts/run… (push) Waiting to run
Windows CI / windows ([node packages/scripts/run-turbo.mjs run typecheck --filter=@elizaos/core --filter=@elizaos/shared --filter=@elizaos/cloud-shared --concurrency=4 bun run --cwd packages/core test bun run --cwd packages/shared test], core-runtime, 75) (push) Waiting to run
Test Packaging / Build & Test PyPI Package (push) Waiting to run
Voice Workbench / headless workbench (mocked backends) (push) Has been cancelled
Voice Workbench / real acoustic lane (nightly, provisioned only) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 12:43:05 +08:00

5.8 KiB

AOSP system-app deployment (computer-use on the Eliza AOSP fork)

Status: design + contract. The desktop CUA surface (capture, input, scene, Brain→Cascade→dispatch) is production; the AOSP path is partially built — createAospInputActor() returns null in consumer builds today (src/actor/aosp-input-actor.ts), and the privileged bridge below is the remaining work. This doc is the contract that wiring must satisfy. See ANDROID_CONSTRAINTS.md for the honest scope on stock (non-system) Android, and docs/android-aosp-validation.json for the release evidence manifest this path is gated on.

Why a system app

On stock Android an app cannot freely read the framebuffer of other apps or inject input into them — those are signature|privileged permissions. The Eliza AOSP fork ships the agent as a platform-signed system app (or a privileged companion service), which unlocks the two capabilities a computer-use agent needs:

Capability Stock Android AOSP system app
Full-screen capture MediaProjection (per-session user consent, own-app-biased) SurfaceControl.captureDisplay / READ_FRAME_BUFFER (no prompt, any display)
Global input injection none (only own UI / a11y gestures) InputManager.injectInputEvent with INJECT_EVENTS
Element grounding AccessibilityService tree (opt-in) AccessibilityService tree + OCR, always available

Manifest / signing

<!-- Platform-signed; placed on the system image (priv-app). -->
<uses-permission android:name="android.permission.READ_FRAME_BUFFER" />
<uses-permission android:name="android.permission.INJECT_EVENTS" />
<uses-permission android:name="android.permission.ACCESS_SURFACE_FLINGER" />
<application android:sharedUserId="android.uid.system" ... />
  • Sign with the platform key; install under /system/priv-app (or /product/priv-app) with a matching privapp-permissions allowlist entry for the two signature permissions.
  • Non-system builds must degrade to the MediaProjection + AccessibilityService path (see ANDROID_CONSTRAINTS.md). The plugin feature-detects at runtime and never assumes the privileged path.

Capture — ScreenState source

The AOSP capture feeds the same per-display frame contract the desktop scene uses (DisplayCapture { display, frame: PNG }, see src/platform/capture.ts):

  • Privileged: SurfaceControl.captureDisplay(DisplayCaptureArgs)HardwareBuffer → PNG. No user prompt; supports secondary/virtual displays.
  • Fallback: MediaProjection + ImageReader (one-time user consent), wired in src/mobile/android-scene.ts / mobile-screen-capture.ts.

Both paths populate the Android scene (android-scene.ts) with display bounds so multi-display coordinate translation (src/platform/coords.ts) works unchanged.

Input — AospPrivilegedInputBridge

src/actor/aosp-input-actor.ts is the seam. createAospInputActor() returns null today; the privileged bridge must implement the ComputerInterface verbs via InputManager.injectInputEvent:

Verb Implementation
click / double_click / long_press MotionEvent ACTION_DOWN→UP (→DOWN→UP) at (x,y), INJECT_INPUT_EVENT_MODE_ASYNC
drag ACTION_DOWN → interpolated ACTION_MOVE waypoints → ACTION_UP (mirror the desktop manual-drag in nut-driver.ts)
scroll per-notch ACTION_SCROLL or MOVE deltas (mirror the desktop per-notch split)
type KeyEvent stream or InputConnection commit
key / key_combo KeyEvent with meta-state

Coordinates are logical display pixels (same contract the empirical Windows probe established for nutjs); the bridge applies the display's density only if injectInputEvent is found to operate in physical pixels on the target ROM — verify empirically before adding any scale, exactly as documented for the desktop driver.

Grounding — Brain-less, Actor-only (cheap by construction)

There is no mobile Brain (no full-frame VLM reasoning loop on device). AOSP uses the Actor-only path: OcrCoordinateGroundingActor resolves a target by matching Scene.ocr (OCR boxes) and Scene.ax (AccessibilityNodeInfo clickables) — exactly the structured readout GET_SCREEN produces (#9105 M2). This means AOSP gets computer-use without a remote VLM:

  1. android-scene.ts builds Scene from MediaProjection/SurfaceControl capture
    • the AccessibilityNodeInfo tree + OCR.
  2. OCR provider: register PaddleOCR PP-OCRv5 mobile (Paddle-Lite) as the AOSP CoordOcrProvider via registerCoordOcrProvider (the same seam plugin-vision uses on desktop, #9105 M1) — on-device, ARM-optimized, zero LLM tokens.
  3. Cascade grounds via resolveReference (OCR/AX text-match) with the per-Scene grounding cache (#9105 M5); dispatch routes the concrete coords to the AospPrivilegedInputBridge.

Remaining work (tracked in #9105 M6)

  • Implement AospPrivilegedInputBridge and return it from createAospInputActor() when the privileged permissions are held.
  • SurfaceControl.captureDisplay capture path + MediaProjection fallback feeding android-scene.ts.
  • Register Paddle-Lite PP-OCRv5 as the AOSP CoordOcrProvider.
  • Empirically verify injectInputEvent coordinate space (logical vs physical) on the target ROM before any density scaling.
  • Complete docs/android-aosp-validation.json evidence (capture + a click landed via injection + an OCR-grounded tap) and gate the release on it.

Security

All destructive actions still pass through ComputerUseApprovalManager (smart_approve by default). A platform-signed agent with INJECT_EVENTS is a high-privilege component — keep approval gating on, scope the priv-app allowlist to exactly the two signature permissions, and never expose the injection bridge over an unauthenticated IPC surface.