Feature Request: Per-App Permission Prompts Before Computer Use
Problem
Currently, open-computer-use can access and interact with applications without explicit per-app user consent. Once macOS-level Screen Recording and Accessibility permissions are granted, the tool has broad access to any app on the system. This creates a security and privacy risk — the AI agent could potentially access sensitive applications (password managers, banking apps, email clients) without the user being aware or having a chance to intervene.
Proposed Solution
Implement a per-app approval flow similar to OpenAI's Codex computer use:
- Permission prompt before each app access: When the agent attempts to interact with an app for the first time in a session, show a prompt asking the user to approve or deny access to that specific app.
- "Always allow" option: Let users mark trusted apps so they don't get prompted repeatedly.
- Manage allowed apps: Provide a settings view where users can review and revoke previously granted app permissions.
- Sensitive action prompts: Optionally prompt before high-impact actions (e.g., submitting forms, deleting content).
How Codex Does It
In OpenAI's Codex app, the computer use feature:
- Shows a dialog: "Allow Codex to use [App]?" with options to allow once, always allow, or deny.
- Keeps a list of always-allowed apps in the Computer Use settings.
- Prompts separately for sensitive/disruptive actions.
- Keeps macOS system permissions (Screen Recording, Accessibility) separate from per-app approvals.
Why This Matters
- Security: Prevents unintended access to sensitive apps.
- User Trust: Gives users visibility and control over what the AI is doing.
- Industry Standard: Aligns with how leading tools (Codex) handle this concern.
- User Control: Users can revoke access to specific apps without losing full functionality.
Reference
Feature Request: Per-App Permission Prompts Before Computer Use
Problem
Currently, open-computer-use can access and interact with applications without explicit per-app user consent. Once macOS-level Screen Recording and Accessibility permissions are granted, the tool has broad access to any app on the system. This creates a security and privacy risk — the AI agent could potentially access sensitive applications (password managers, banking apps, email clients) without the user being aware or having a chance to intervene.
Proposed Solution
Implement a per-app approval flow similar to OpenAI's Codex computer use:
How Codex Does It
In OpenAI's Codex app, the computer use feature:
Why This Matters
Reference