feat: add App Use control framework

[hiqiancheng]

Summary

• Reframes issue [Feature]: Support third-party app integration via COM etc., first batch covering WPS/Office/PS/AI #417 as App Use / 软件控制 with a Chinese design doc and a P0-P8 staged roadmap; P6 is explicitly a Computer Use boundary and is not implemented as App Use.
• Adds/extends app_session, app_observe, and app_act with strict schemas, create_owned_target, shared config, native bridge wiring, and disabled-by-default seed entries.
• Adds a dedicated App Use settings tab with Settings/Call logs subtabs, adapter toggles, read-only/interactive mode, approval policy display, timeout/output limits, and the full P0-P8 phase plan.
• Expands the Rust App Use runtime and Office/WPS adapters around TouchAI-owned signed OpenXML targets, one-time permits, target-bound writes, structured observations, and safer WPS/Office spreadsheet writes.

Related issue or RFC

• Closes [Feature]: Support third-party app integration via COM etc., first batch covering WPS/Office/PS/AI #417
• Related to [RFC]: support computer use for grounded desktop interaction #111
• Related to feat(agent-service): add native computer use tools #400
• Related to feat(agent-service): add web research and browser control settings #414

AI assistance disclosure

• Tool(s) used: OpenAI Codex.
• Scope of assistance: upstream/product research synthesis, implementation, tests, real WPS smoke verification, subagent review, PR update, and CI monitoring.
• Human review or rewrite performed: scope and naming decisions were reviewed with the maintainer in-thread; final diff, tests, and CI were inspected before updating this draft PR.
• Architecture or boundary impact: introduces/expands the App Use / 软件控制 native runtime boundary, built-in tool group, NativeService bridge, settings surface, owned-target model, and adapter contracts.

Testing evidence

Local commands run and observed passing:

pnpm.cmd --dir apps/desktop check
pnpm.cmd --dir apps/desktop test:unit -- --maxWorkers=50%
pnpm.cmd --dir apps/desktop test:unit tests/services/BuiltInToolService/tools/appUse/config.test.ts tests/services/BuiltInToolService/tools/appUse/schema.test.ts tests/services/BuiltInToolService/tools/appUse/native.test.ts tests/services/BuiltInToolService/tools/appUse/registration.test.ts tests/views/SettingsView/appUseComponent.test.ts tests/SettingsView/navigation-sidebar-i18n.test.ts
pnpm.cmd --dir apps/desktop test:typecheck
cargo test --manifest-path apps/desktop/src-tauri/Cargo.toml --lib core::app_use --target-dir rust-target/check
cargo test --manifest-path apps/desktop/src-tauri/Cargo.toml --test app_use_commands --target-dir rust-target/check
cargo test --manifest-path apps/desktop/src-tauri/Cargo.toml --test app_use_wps_smoke --target-dir rust-target/check app_use_wps_spreadsheet_create_owned_target_smoke -- --ignored --test-threads=1 --nocapture
cargo fmt --manifest-path apps/desktop/src-tauri/Cargo.toml --all -- --check
git diff --check

Coverage evidence for new App Use frontend code:

App Use tools focused coverage: statements 100%, branches 95.55%, functions 100%, lines 100%.
Settings App Use component focused coverage: statements 93.66%, branches 77.77%, functions 100%, lines 93.38%.

Real WPS acceptance:

app_use_wps_spreadsheet_create_owned_target_smoke ... ok

The smoke used production app_use_session(create_owned_target) to create a signed TouchAI-owned .xlsx, then authorized and ran app_act(write_cells) against WPS Spreadsheet, then app_use_observe read back the sentinel, 42, and ok from the created workbook. It only touched its own temp owned workbook and did not kill existing WPS processes.

CI checks for head 1663bb5:

CI Required: pass
Frontend Quality: pass
Frontend Tests: pass
Rust Checks: pass
Desktop E2E Smoke (Windows): pass
Security / CodeQL: pass
PR Template Check: pass
license/cla: pass

Notes:

• The full local pnpm test:unit first hit one unrelated Settings General test timeout under default parallelism; rerunning that file passed 11/11, and rerunning full unit with --maxWorkers=50% passed 140 files / 820 tests.
• pnpm test:coverage:rust was not run locally because cargo-tarpaulin is not available in this Windows workspace; Rust behavior is covered by targeted Rust tests and CI Rust Checks.

Risk notes

• AgentService, runtime, MCP, or schema impact: adds a new built-in tool group and schema surface for App Use; model-facing requests reject raw script, macro, COM, UXP, batchPlay, and hidden raw automation payloads.
• database baseline or migration impact: adds disabled-by-default app_session, app_observe, and app_act seed entries with conservative read-only default config.
• release or packaging impact: adds zip for minimal OpenXML owned-target package generation.
• Safety: mutating actions require UI approval plus a short-lived, one-time Rust-owned permit bound to execution id, adapter, action, target id, and parameter hash. Office/WPS writes require signed TouchAI-owned targets.

Screenshots or recordings

Not attached. The App Use settings surface is covered by component tests; real WPS behavior is covered by the ignored smoke run above and CI Desktop E2E covers desktop smoke.

Checklist

• The PR title follows Conventional Commits and is valid for squash merge.
• This PR is either ready for review or explicitly marked as a Draft PR.
• I did not use [WIP] or similar title prefixes.
• If AI materially assisted this PR, I disclosed the tools and scope and I personally reviewed every affected change.
• I can explain the why, what, and how of this change without relying on an AI tool.
• If this touches AgentService, runtime, MCP, or schema boundaries, there is an accepted RFC or tracking issue.
• If this changes architecture or adds a new cross-boundary abstraction, there is an accepted RFC or tracking issue.
• I ran pnpm test:pr for this code PR, or documented the local blocker and equivalent command evidence.
• If I changed Rust behavior or tests, I reviewed pnpm test:coverage:rust or relied on CI coverage evidence.
• If I changed desktop startup/window/search/popup/settings/E2E paths, I ran pnpm test:e2e locally or documented why CI is the first valid proof.
• I added tests or explained why tests are not appropriate.
• I updated docs when behavior changed.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 64ee748f-7b29-4294-8295-f2a021435c35

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/issue-417-app-use

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}