Conversation
Capture the extension platform glossary, ADRs, and PRD generated from the design grilling session.
---
_Generated with `mux` • Model: `openai:gpt-5.5` • Thinking: `high` • Cost: `729323{MUX_COSTS_USD:-0}`_
<!-- mux-attribution: model=openai:gpt-5.5 thinking=high costs=103.38 -->
Apply six P0 fixes from advisor review and capture supporting language in CONTEXT.md and a new ADR-0005:
- Add v1 Contribution Activation Matrix (separates schema-supported from capability-consumed; clarifies that themes/layouts/runtime presets/commands are inspection-only in v1).
- Mark inspection-only contribution types as Provisional Descriptors so their schemas can evolve without bumping descriptor version.
- Tighten telemetry boundary to Provenance-gated Telemetry (reserved-prefix regex AND bundled-root provenance), with defense-in-depth.
- Make Snapshot Cache feed only the Inspection Path; Capability Path uses the live Snapshot, and cache invalidation includes Global/Project-local Extension State mtimes.
- Clarify Grant Records store the normalized granted set (inferred registration + operational); enablement does not grant registration.
- Drop the manifest icon field; inspection UI uses generic icons.
- Add P0 Acceptance Criteria section before Implementation Decisions.
- Make IPC mutators identify with { rootId, extensionId } and add BundledExtensionRootResolver as a supporting module.
- Replace bun install --no-save assembly with deterministic offline copy/pack.
- Pre-trust project-local discovery is existence-only.
- Add explicit security tests (reserved prefix, provenance-gated telemetry, capability-vs-cache separation, drift across new contribution types) and screenshot/video evidence requirements to dogfood checklist.
- Add ADR-0005 capturing the aggregate security boundary.
---
_Generated with `mux` • Model: `anthropic:claude-opus-4-7` • Thinking: `max` • Cost: `881861{MUX_COSTS_USD:-0}`_
<!-- mux-attribution: model=anthropic:claude-opus-4-7 thinking=max costs=130.54 -->
…r kill switch ServiceContainer now resolves the bundled extension root via detectBundledExtensionRoot() (preferring the assembled tree at build/extensions in dev) and kicks off an initial extensions.reload() so the Settings UI paints on cold start without a hang. SettingsPage gates the Extensions tab on the EXTENSION_PLATFORM experiment so the kill switch hides the section without unmounting downstream sections. Adds the e2e Electron smoke that asserts the Demo Extension card surfaces on first paint, disappears with the kill switch, survives a renderer reload, and reappears on re-enable without a fresh trust/grant prompt.
…cklist) Adds the v1 authoring quickstart + manifest reference, the full v1 telemetry events catalog with provenance-gating notes, and the pre-release dogfood checklist with screenshot/video evidence requirements. Wires the new pages into docs.json navigation and regenerates the built-in mux-docs index so the docs skill surfaces them.
Formatting-only normalization (collapse multi-line argument lists, consistent quoting) across the extension layer plus minor test cleanup left over from US-026/27/28 integration. Marks US-026/27/28 passes:true in tasks/prd.json.
PRD §Permission Model defines bundled Extensions as policy-granted (not user-consented). Before this fix the Demo Extension shipped with `granted: false`, surfaced `Pending re-grant` on the card, and the `mux-extensions` skill never reached `Available` — breaking the "fresh-install, no manual setup" promise of P0 #2. Discovery now treats `isBundled` as activation-granted, and the Registry synthesizes a matching policy Grant Record at permission-calculation time (never persisted, recomputed on every reload, distribution-identity-aligned so drift stays `null` across version bumps). The discovery test that asserted `activated:false` on a bundled root without a grant has been updated to reflect the new contract.
…ry disabled Renderer's useExperimentValue falls back to `enabledByDefault` when PostHog returns no assignment, but the backend's isExperimentEnabled returned `false` in the same scenario — so dev-server / MUX_E2E builds shipped with EXTENSION_PLATFORM (default-on) effectively off. Frontend showed the Extensions tab while the backend reported "No extension roots configured". isExperimentEnabled now uses EXPERIMENTS[id].enabledByDefault as the fallback. Existing tests for default-off experiments still assert false because their definitions are enabledByDefault:false.
…ively The renderer can't reproduce permissionCalculator's canonical SHA-256 without a Node `crypto` import, so both Consent Shortcut paths sent `requestedPermissionsHash: ""`. After persistence the very next reload read `hash !== ""` → driftStatus `permissions-changed` for an already-fresh grant. setGrant now overwrites the hash with hashRequestedPermissions(<live manifest's requestedPermissions>) before persistence; falls back to hashing grantedPermissions when no live snapshot is available (equivalent under v1's all-or-nothing grants). The frontend-side comments are updated to point at the canonical recompute site instead of misleading future readers.
#2) agentSkillsService had zero references to extensionRegistry. Even with the Demo Extension fully Available in the Registry snapshot, its `mux-extensions` skill never reached the slash menu — directly contradicting PRD P0 #2 ("Demo Extension visible end-to-end … exposes the mux-extensions skill via the existing slash menu"). Changes: - Adds 'extension' as a fourth AgentSkillScope value (project > global > extension > built-in precedence so user-authored skills always shadow extension-provided ones). - ExtensionRegistry.getSkillSources() returns the resolved list of Available skill contributions (absolute body path + display metadata) for agentSkillsService to consume. - discoverAgentSkills / discoverAgentSkillsDiagnostics / readAgentSkill accept an optional extensionSkills array; the agentSkills router supplies it from context.extensionRegistry.getSkillSources() on every call so kill-switch flips and reload events take effect immediately. - readAgentSkill reads the extension body via node:fs (extensions live on the host, not the workspace runtime) and returns it with scope:'extension'. - SkillIndicator gains an "Extension" scope group; MuxMessageMetadata scope union widens to include 'extension' so /skill messages from extension skills render correctly. - Adds YAML frontmatter to packages/mux-extension-platform-demo/SKILL.md so parseSkillMarkdown accepts it (the Manifest Validator only needs the body file to exist; the agent-skill consumer needs frontmatter).
The 'Why?' link in the Inferred Registration Permissions header pointed at docs.mux.dev (not our domain) with an anchor that didn't exist. Repoints to https://mux.coder.com/extensions/authoring#permissions where the v1 permissions reference actually lives.
The Shift+? hotkey hint at the top of the Extensions Settings Section was rendered as low-contrast plain text on a transparent ghost button — hard to read against the section background. Wraps the keybind in the same <kbd> styling already used by ExtensionsCheatSheetModal so the trigger visually echoes the cheat sheet itself instead of looking like a comment.
The modal panel was styled with `bg-background-primary`, but globals.css only defines `--color-background` and `--color-background-secondary`. The non-existent token resolved to nothing, so the panel rendered fully transparent — only the dimmed backdrop was visible behind it, and the shortcut list bled through into the section content. Switches to `bg-background-secondary` to match ConsentShortcutModal.
…atform-demo The package shipped under `@mux/extension-platform-demo`, but `@mux` is not Coder's npm scope. Renames the distribution identity to `@coder/mux-extension-platform-demo` (Extension Identity `mux.platformdemo` is unchanged — it lives under the reserved `mux.*` prefix and survives package renames per ADR-0003). Touches: package.json + README + SKILL.md inside the workspace, the docs/extensions/authoring.mdx quickstart, bundled-extensions.ts comment, test fixtures (the assemble + discovery + registry suites all rebuilt against the new path), and the PRD/CONTEXT/prd.json planning artifacts that referenced the old name. Regenerates the embedded mux-docs builtin skill index so `agent_skill_read` surfaces the renamed link.
agentSkillsService.list (the slash menu) merged extension-contributed skills correctly, but the dispatch path that actually invokes a skill (`agentSession.ts` slash resolver, `agent_skill_read`, `agent_skill_read_file`) called readAgentSkill without the extensionSkills source list. Result: the slash menu showed `mux-extensions` but `/mux-extensions` failed with `Agent skill not found: mux-extensions` — the user-reported bug. Wires a single getExtensionSkillSources provider from ExtensionRegistry.getSkillSources() through three layers: - ServiceContainer registers the provider with both WorkspaceService (for AgentSession.sendMessage slash resolution) and AIService (for the tool layer). - WorkspaceService passes the provider into every AgentSession via a new option. - AgentSession reads the live source list per slash invocation; fixes agentSession.ts:5253 to pass extensionSkills to readAgentSkill. - AIService injects extensionSkills into ToolConfiguration on every stream so agent_skill_read / agent_skill_read_file resolve extension skills the same way they resolve project / global / built-in skills. Adds a regression test in agentSession.agentSkillSnapshot.test.ts that exercises a slash invocation against an extension-contributed skill — fails on the pre-fix codepath, passes here.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 787f91fe05
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed extension agent availability in b533f79 by keeping agent contributions inspection-only until an extension-agent consumer is wired. Settings no longer reports agents as capability-available, and the registry excludes them from the capability path. ExtensionCard/registry tests and static-check pass locally. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b533f79705
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 84579a6e61
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 232d485920
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 26f099883b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 444fdf70d7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
Codex Review: Didn't find any major issues. Hooray! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
Restore strict top-level policy validation so typoed Governor kill-switch fields block startup instead of being silently ignored. --- _Generated with `mux` • Model: `openai:gpt-5.5` • Thinking: `xhigh` • Cost: `60.80`_
|
/coder-agents-review |
![coder-agents-review[bot]](https://avatars.githubusercontent.com/in/3454270?s=60&v=4){kind=small}
There was a problem hiding this comment.
Re-review after R8 regression (3 reviewers: Netero, Mafuuu, Kite). DEREM-7 (P1) re-fix verified by all 3 reviewers. Regression test at policy.test.ts prevents recurrence.
The 38-commit post-approval delta adds project-scoped conflict resolution, live-manifest-only grants, discovery hardening (symlink/escape/size), experiment/policy change propagation, and bundled state isolation. All changes are coherent with the extension platform scope, well-tested, and proportional.
Severity count: 1 P2, 3 P3 (new).
The P2 is a 5-file duplication of the drift-checking predicate (requiresRegrant). A shared utility in permissionCalculator.ts would eliminate lockstep update risk when new drift variants are added.
The P3s are: trust escalation through the extension UI is one-way in the config layer (DEREM-45), setGrant IPC accepts a parameter it ignores (DEREM-46), and a narrow TOCTOU in skill read (DEREM-47, acknowledged low risk by the reviewer).
9 rounds, 48 findings. Approval restored.
"The grant pipeline redesign is a sound security boundary. The server is authoritative for requestedPermissionsHash, grantedPermissions, and approvedDistributionIdentity." (Kite)
🤖 This review was automatically generated with Coder Agents.
Centralize regrant drift detection, keep extension root untrust symmetric with project trust, remove ignored grant payloads from IPC, and harden extension skill body reads with no-follow file handles. Validation: bun test src/common/extensions/permissionCalculator.test.ts src/node/extensions/extensionRegistryService.test.ts src/node/orpc/extensionsRouter.test.ts src/node/services/agentSkills/agentSkillsService.test.ts src/browser/features/Settings/Sections/ExtensionCard.test.tsx src/browser/features/Settings/Sections/ExtensionsSection.test.tsx src/browser/features/Settings/Sections/extensionDiagnostics.test.ts src/browser/hooks/useExtensionsPaletteSource.test.ts; make static-check --- _Generated with `mux` • Model: `openai:gpt-5.5` • Thinking: `xhigh` • Cost: `60.80`_
|
/coder-agents-review |
There was a problem hiding this comment.
Post-approval verification (Round 10). All 4 R9 findings addressed in commit 5f87281:
- DEREM-44 (P2): Shared
requiresRegrantextracted topermissionDrift.ts, imported by all 5 former duplication sites. Net -62 lines. - DEREM-45 (P3):
untrustRootnow callssetProjectTrustForExtensionRoot(context, projectPath, false), making trust symmetric. - DEREM-46 (P3):
setGrantsignature reduced to(scope, extensionId). UnusedGrantRecordparameter and IPC schema field removed. - DEREM-47 (P3): Extension skill body reads hardened with no-follow file handles.
10 rounds, 48 findings. 47 addressed, 1 accepted as non-blocking (DEREM-39, trapTabKey test coverage). Approval stands.
🤖 This review was automatically generated with Coder Agents.
1 participant
Summary
Adds the Mux Extension Platform v1 as a pure-additive, default-on experiment: manifest schemas, permission/grant/drift logic, root discovery and registry services, bundled demo extension packaging, Extensions settings UI, palette/debug surfaces, telemetry gating, docs, ADRs, and tests. The v1 surface ships one bundled demo skill and keeps code-bearing extension surfaces inspection-only.
Background
Mux's extension surface has grown across runtimes, tools, themes, agents, skills, policies, and secret providers. This PR introduces the package-based Extension model from the PRD while preserving current built-in behavior and deferring built-in migrations behind a documented migration contract.
Implementation
mux.*identity enforcement, conflict resolution, permission calculation, global/project-local state stores, snapshot cache, and provenance-gated telemetry.bun run debug extensions.Validation
make static-checkbun test src/common/extensions/conflictResolver.test.ts src/common/extensions/permissionCalculator.test.tsbun test src/node/extensions/bundledExtensionsAssemble.test.tsbun test src/node/orpc/extensionsRouter.test.tsbun test src/cli/debug/extensions.test.tsbun test src/browser/features/Settings/Sections/ExtensionCard.test.tsx src/browser/features/Settings/Sections/ExtensionsSection.test.tsxRisks
This is a large additive subsystem touching app startup, settings, package assembly, telemetry, and skill discovery. The primary rollback lever is the default-on
EXTENSION_PLATFORMexperiment; v1 avoids migrating existing built-ins and keeps non-skill/agent contribution types inspection-only to reduce user-visible blast radius.Generated with
mux• Model:openai:gpt-5.5• Thinking:xhigh• Cost:2631059{MUX_COSTS_USD:-0}