Blade Computer Use
БесплатноНе проверенEnables MCP clients to control macOS via accessibility and screen recording, providing tools to list apps, observe UI, click, type, press keys, and scroll.
Описание
Enables MCP clients to control macOS via accessibility and screen recording, providing tools to list apps, observe UI, click, type, press keys, and scroll.
README
blade-computer-use is a small, agent-neutral macOS computer-use implementation over the Model Context Protocol (MCP). It gives Codex, Claude Code, Orca, and other MCP clients the same six tools:
list_appsobserveclicktype_textpress_keyscroll
It is an independent security research project, not an OpenAI product and not a reproduction of OpenAI's private Computer Use implementation.
How it works
Coding agent
| stdio MCP: schemas, allowlist, one-shot revisions, PNG responses
v
TypeScript server (bundled as one runtime file)
| JSONL request/response protocol
v
Persistent Swift helper
| AXUIElement | ScreenCaptureKit | CGEvent
v v v
Accessibility tree window screenshot mouse/keyboard input
observe returns a bounded AX tree, a window screenshot, and an opaque revision. That revision permits exactly one action. The next action consumes it, so an agent must observe again before doing anything else. element_index values are scoped to that observation and are never treated as stable cross-frame identities.
Requirements
- macOS 14 or newer
- Node.js 20 or newer
- Swift 5.10 or newer and the Xcode Command Line Tools (
xcode-select --install) - Accessibility and Screen Recording permission for
BladeComputerUseHelperor the agent host macOS attributes it to
The first plugin launch compiles the native helper for the current Mac. The TypeScript MCP server is already committed as a standalone bundle, so runtime installation does not run npm install.
Codex
Install this repository as a Codex marketplace, then install the plugin:
codex plugin marketplace add echoVic/blade-computer-use
codex plugin add blade-computer-use@blade-computer-use
Restart the Codex app after installation. The packaged configuration allows only TextEdit by default.
For a custom allowlist, clone the repository, change CUA_ALLOWED_APPS in .mcp.json, build once, and add the local checkout as the marketplace source:
git clone https://github.com/echoVic/blade-computer-use.git
cd blade-computer-use
npm install
npm run build
codex plugin marketplace add "$PWD"
codex plugin add blade-computer-use@blade-computer-use
Use comma-separated bundle identifiers, for example:
"CUA_ALLOWED_APPS": "com.apple.TextEdit,com.apple.Notes"
CUA_ALLOW_ALL_APPS=1 is available for local research, but the lock screen and SecurityAgent remain hard-denied.
Claude Code
Clone the repository, then load it as a local Claude Code plugin:
git clone https://github.com/echoVic/blade-computer-use.git
claude --plugin-dir /absolute/path/to/blade-computer-use
Claude Code reads .claude-plugin/plugin.json and the shared root .mcp.json. ${CLAUDE_PLUGIN_ROOT} is resolved by the launcher, so the checkout can live anywhere.
Orca
Copy the Orca MCP example into Orca's configuration and replace the absolute command path. The example uses an underscore-safe server name, so Orca discovers the tools as mcp__blade_computer_use__<tool>.
Permissions
The first observe requests Accessibility and Screen Recording through the macOS system APIs. The user must approve both permissions; the plugin cannot toggle security settings on the user's behalf.
If macOS opens System Settings > Privacy & Security, grant:
- Accessibility to
BladeComputerUseHelper, or to the terminal/Codex/Claude host shown by macOS. - Screen Recording to the same executable shown by macOS.
Restart the plugin host after changing permissions, then retry observe. list_apps reports both accessibility_trusted and screen_recording_trusted; a denied request returns permission_denied with the missing permission names.
TextEdit smoke test
- Open TextEdit and create a new plain-text document.
- Ask the agent to call
list_appsand findcom.apple.TextEdit. - Ask it to
observeTextEdit. - Ask it to click the editor, type a short line, and verify the result.
The expected loop is observe -> one action -> observe. A stale or already-consumed revision must not be retried.
With an empty TextEdit document focused and both permissions granted, run the live integration check:
npm run test:manual:textedit
This opt-in test verifies AX observation, two PNG responses, Unicode input, one-shot revision rejection, and the final AX text. It is not part of CI because it requires an interactive macOS session and user-granted permissions.
Security and privacy
- Apps require an explicit bundle-id allowlist; TextEdit is the only packaged default.
com.apple.loginwindow,com.apple.SecurityAgent, andcom.apple.SecurityAgentHelperare always denied.- Secure AX fields reject
type_text. - Coordinate actions verify that the observed window has not moved or resized.
- Screenshots are written to a mode-
0700temporary directory, read into the MCP image response, and deleted immediately afterward. - No telemetry is implemented. AX text and screenshots are returned to the connected agent, whose own model-request and retention behavior is outside this project.
See SECURITY.md for the trust boundary and reporting process.
Current limits
This is deliberately smaller than a production computer-use stack:
- macOS-only; there is no Linux or Windows implementation.
- No AX diff protocol or cross-observation element identity matching.
- No lock-screen guardian, URL policy, or physical user-intervention detector.
- No OCR, browser-specific DOM bridge, or action-specific confirmation UI.
- No telemetry, account-policy integration, code signing, notarization, or prebuilt native binaries.
- The AX tree is capped at 500 nodes, depth 12, and 160 characters per text field.
Development
npm install
npm test
npm run typecheck
npm run build
npm run validate:manifests
npm run smoke:mcp
The native checks use a framework-free self-test executable because a Command Line Tools-only Swift installation does not provide XCTest or the Swift Testing module:
npm run test:native
The self-test currently covers 22 protocol, AX serialization, input, coordinate, and permission-gate checks.
License
MIT
Установка Blade Computer Use
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/echoVic/blade-computer-useFAQ
Blade Computer Use MCP бесплатный?
Да, Blade Computer Use MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Blade Computer Use?
Нет, Blade Computer Use работает без API-ключей и переменных окружения.
Blade Computer Use — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Blade Computer Use в Claude Desktop, Claude Code или Cursor?
Открой Blade Computer Use на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
LibreOffice Tools
Enables AI agents to read, write, and edit Office documents via LibreOffice with token-efficient design. Supports multiple formats including DOCX, XLSX, PPTX, a
автор: passerbyflutterdannote/figma-use
Full Figma control: create shapes, text, components, set styles, auto-layout, variables, export. 80+ tools.
автор: dannoteLogo.dev
Search and retrieve company logos by brand or domain. Customize size, format, and theme to match your design needs. Accelerate design, prototyping, and content
автор: NOVA-3951PIX4Dmatic
Enables GUI automation for controlling PIX4Dmatic on Windows through MCP. Supports launching, focusing, capturing screenshots, sending hotkeys, clicking UI elem
автор: jangjo123Compare Blade Computer Use with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории design
