backbay-labs · bb-connor · Feb 20, 2026 · Feb 18, 2026 · Feb 18, 2026 · Feb 18, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -880,6 +880,28 @@ jobs:
         run: |
           python -m pip install --upgrade pip
           python -m pip install -e ".[dev]"
+          python -m pip install "jsonschema>=4,<5"
+
+      - name: Run CUA roadmap fixture harnesses
+        working-directory: ${{ github.workspace }}
+        run: |
+          python docs/roadmaps/cua/research/verify_cua_migration_fixtures.py
+          python docs/roadmaps/cua/research/verify_remote_desktop_policy_matrix.py
+          python docs/roadmaps/cua/research/verify_injection_capabilities.py
+          python docs/roadmaps/cua/research/verify_policy_event_mapping.py
+          python docs/roadmaps/cua/research/verify_postcondition_probes.py
+          python docs/roadmaps/cua/research/verify_remote_session_continuity.py
+          python docs/roadmaps/cua/research/verify_envelope_semantic_equivalence.py
+          python docs/roadmaps/cua/research/verify_repeatable_latency_harness.py
+          python docs/roadmaps/cua/research/verify_verification_bundle.py
+          python docs/roadmaps/cua/research/verify_browser_action_policy.py
+          python docs/roadmaps/cua/research/verify_session_recording_evidence.py
+          python docs/roadmaps/cua/research/verify_orchestration_isolation.py
+          python docs/roadmaps/cua/research/verify_cua_policy_evaluation.py
+          python docs/roadmaps/cua/research/verify_canonical_adapter_contract.py
+          python docs/roadmaps/cua/research/verify_provider_conformance.py
+          python docs/roadmaps/cua/research/verify_openclaw_cua_bridge.py
+          python docs/roadmaps/cua/research/verify_trycua_connector.py
 
       - name: Run tests
         run: python -m pytest
diff --git a/crates/libs/clawdstrike/rulesets/remote-desktop-permissive.yaml b/crates/libs/clawdstrike/rulesets/remote-desktop-permissive.yaml
@@ -0,0 +1,28 @@
+# Remote Desktop Permissive Ruleset
+# Development-friendly CUA policy: allows all channels, observe-only enforcement
+version: "1.2.0"
+name: Remote Desktop Permissive
+description: Permissive CUA security rules for development and testing
+extends: remote-desktop
+
+guards:
+  computer_use:
+    enabled: true
+    mode: observe
+
+  remote_desktop_side_channel:
+    clipboard_enabled: true
+    file_transfer_enabled: true
+    session_share_enabled: true
+
+  input_injection_capability:
+    allowed_input_types:
+      - "keyboard"
+      - "mouse"
+      - "touch"
+    require_postcondition_probe: false
+
+settings:
+  fail_fast: false
+  verbose_logging: true
+  session_timeout_secs: 7200  # 2 hours
diff --git a/crates/libs/clawdstrike/rulesets/remote-desktop-strict.yaml b/crates/libs/clawdstrike/rulesets/remote-desktop-strict.yaml
@@ -0,0 +1,30 @@
+# Remote Desktop Strict Ruleset
+# Maximum CUA security for high-security environments
+version: "1.2.0"
+name: Remote Desktop Strict
+description: Strict CUA security rules for high-security remote desktop environments
+extends: remote-desktop
+
+guards:
+  computer_use:
+    enabled: true
+    mode: fail_closed
+    allowed_actions:
+      - "remote.session.connect"
+      - "remote.session.disconnect"
+      - "input.inject"
+
+  remote_desktop_side_channel:
+    clipboard_enabled: false
+    file_transfer_enabled: false
+    session_share_enabled: false
+
+  input_injection_capability:
+    allowed_input_types:
+      - "keyboard"
+    require_postcondition_probe: true
+
+settings:
+  fail_fast: true
+  verbose_logging: false
+  session_timeout_secs: 1800  # 30 minutes
diff --git a/crates/libs/clawdstrike/rulesets/remote-desktop.yaml b/crates/libs/clawdstrike/rulesets/remote-desktop.yaml
@@ -0,0 +1,36 @@
+# Remote Desktop Agent Ruleset
+# Moderate CUA security policy for remote desktop AI agents
+version: "1.2.0"
+name: Remote Desktop Agent
+description: Security rules for AI agents operating via remote desktop (CUA)
+extends: ai-agent
+
+guards:
+  computer_use:
+    enabled: true
+    mode: guardrail
+    allowed_actions:
+      - "remote.session.connect"
+      - "remote.session.disconnect"
+      - "remote.session.reconnect"
+      - "input.inject"
+      - "remote.clipboard"
+      - "remote.file_transfer"
+      - "remote.session_share"
+
+  remote_desktop_side_channel:
+    clipboard_enabled: true
+    file_transfer_enabled: true
+    session_share_enabled: false
+    max_transfer_size_bytes: 104857600  # 100MB
+
+  input_injection_capability:
+    allowed_input_types:
+      - "keyboard"
+      - "mouse"
+    require_postcondition_probe: false
+
+settings:
+  fail_fast: false
+  verbose_logging: false
+  session_timeout_secs: 7200  # 2 hours