🤖 feat: add Mux Extension Platform v1#3255
Conversation
|
/coder-agents-review |
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 78225309f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
![coder-agents-review[bot]](https://avatars.githubusercontent.com/in/3454270?s=60&v=4){kind=small}
There was a problem hiding this comment.
First-pass review (Netero only). These are mechanical findings from the first-pass scan. The full review panel has not yet reviewed this PR. The panel will review after these findings are addressed.
Severity count: 2 P2, 1 P3, 1 Nit, 1 Note.
The extension platform is well-structured: broad test coverage (~51% test-to-code ratio), clean error handling patterns, no circular imports, and thoughtful domain modeling. The architecture separates concerns cleanly across common/node/browser layers.
"TypeScript structural typing makes the mismatch compile-safe, but the displayName and extensionId fields from the registry are silently dropped by every consumer." (Netero)
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 782fdaeb28
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 782fdaeb28
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: efc6c71a1f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Panel review (10 reviewers: Bisky, Hisoka, Kite, Knov, Mafuuu, Melody, Meruem, Nami, Pariston, Zoro). All 5 R1 Netero findings addressed; thank you for the quick fixes.
Severity count: 1 P1, 5 P2, 7 P3, 2 Nit.
The architecture is well-designed: clean domain model separation, strong test coverage (51% ratio), thoughtful conflict resolution, and principled ADRs. The permission model, telemetry gating, and path containment are solid foundations.
The P1 is surgical: PolicyFileSchema.passthrough() was the only schema loosened while all others remain strict. The P2s cluster around scope-blind stale detection, async UI coordination, and accessibility. Most P3s are correctness-in-future-scenarios (multi-root, identity conflicts) that are latent in v1 but worth fixing before the code fossilizes.
"A Governor administrator who fat-fingers
extensionPlatfrom: falsepreviously got a parse error. Now it passes, the intended kill switch never fires, and the extension platform runs unblocked on a managed fleet." (Hisoka)
🤖 This review was automatically generated with Coder Agents.
There was a problem hiding this comment.
Round 3 is blocked. Further review is paused until the author responds to or pushes fixes for the open findings from Round 2.
DEREM-6 (P3, initialize user root) and DEREM-8 (P2, scope-blind stale records) were addressed in efc6c71. Thank you.
The following findings remain open with no response:
- DEREM-7 (P1): PolicyFileSchema
.strict()to.passthrough()(policy.ts:81). The security kill switch typo gap. - DEREM-9 (P2): wrapBusy async race (ExtensionCard.tsx:512)
- DEREM-10 (P2): aria-modal without focus trap (ConsentShortcutModal.tsx, DestructiveConfirmDialog.tsx, ExtensionsCheatSheetModal.tsx)
- DEREM-11 (P2): projectExtensionStateService non-atomic read-then-write (projectExtensionStateService.ts:60)
- DEREM-12 (P2): resolveScopeByRootId maps bundled to global scope (extensionRegistryService.ts:251)
- DEREM-13 (P3): permissions map keyed by extensionId alone
- DEREM-14 (P3): extensionRootWatcher scheduleReload missing closed check
- DEREM-15 (P3): homepage link no protocol validation
- DEREM-16 (P3): no loading state for extensions section
- DEREM-17 (P3): cheat sheet modal no Escape handler
- DEREM-18 (P3): onChanged multicast test 10ms sleep fragility
- DEREM-19 (P3): runReloadRoot stale flags from spliced roots
- DEREM-20 (Nit): useCallback/useMemo vs React Compiler convention
- DEREM-21 (Nit): dead manifest-invalid UnavailableReason variant
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 15c9e0283c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7e95e2ef3a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7e95e2ef3a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 78bfd470c6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Re-review (4 reviewers: Mafuuu, Meruem, Nami, Kite). All 14 R2 fixes verified clean. DEREM-20 (useCallback/useMemo) closed by panel vote (2/2 accept author defense).
Severity count: 2 P2, 5 P3.
The R3/R4 fix commits addressed every P1 and P2 from Round 2 correctly. The new findings cluster around a common root: the multi-root improvements (efc6c71) added support for multiple project-local roots in rendering (getRootSections), but the keyboard navigation, trust shortcuts, and permission lookup paths still assume at most one project-local root. These are fix-chain artifacts from the DEREM-8/DEREM-19 fixes that broadened root enumeration.
The keyboard-behind-modal finding (DEREM-31) is the highest priority: the consent modal is a security-consent surface, and having the section shortcut handler execute r (reload), e (enable), t (trust) behind it undermines the consent flow.
"Pressing J to navigate: the focus ring moves through bundled, user-global, and the first project-local root's extensions, then stops. Extensions from the second project-local root are visible on screen but unreachable via keyboard." (Mafuuu)
🤖 This review was automatically generated with Coder Agents.
There was a problem hiding this comment.
Round 5 is blocked. Further review is paused until the author responds to or pushes fixes for the open findings from Round 4.
DEREM-33 (lookupLiveRequestedPermissions) and DEREM-34 (conflict descriptor) were addressed. Thank you.
The following findings remain open with no response:
- DEREM-30 (P2):
orderedExtensionsonly traverses first project-local root; J/K navigation skips the rest (ExtensionsSection.tsx:746) - DEREM-31 (P2): Keyboard handler fires behind open consent/destructive modals (ExtensionsSection.tsx:770)
- DEREM-28 (P3):
reloadRoot(rootId)name claims targeted but is full reload (extensionRegistryService.ts:292) - DEREM-32 (P3): Trust shortcut targets only first project-local root (ExtensionsSection.tsx:760)
- DEREM-35 (P3):
body-failedcondition changed with zero test coverage (extensionRegistryService.ts:639) - DEREM-36 (P3): Modals lack focus trapping; Tab escapes to background (ConsentShortcutModal.tsx:74)
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6b275608c7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed both latest findings: static Extension Module manifests now preserve explicit requestedPermissions and merge them with registration-derived permissions, and the activation gate now keys off registrations observed during Registration Discovery so activation-only registrations are not executed under an empty approval. Added regression coverage for both cases. |
ThomasK33
force-pushed
the
extensions-main
branch
from
7088e0e to
cf28400
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: cf28400d47
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the static manifest array parsing finding: static extraction now accepts literal arrays, with coverage at the extractor level and end-to-end discovery coverage for requestedPermissions merging. |
ThomasK33
force-pushed
the
extensions-main
branch
from
cf28400 to
12d9c43
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 12d9c43e12
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the root realpath failure finding: Extension root realpath errors now produce a failed root diagnostic instead of rejecting the whole discovery pass. Added root-isolation coverage to ensure healthy roots still load. |
ThomasK33
force-pushed
the
extensions-main
branch
from
12d9c43 to
7b866c9
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7b866c9aea
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the runtime initialization isolation finding: QuickJS runtime creation failures now return extension-scoped discovery/activation diagnostics instead of rejecting the entire discovery pass. Added regression coverage proving a healthy sibling extension still loads. |
ThomasK33
force-pushed
the
extensions-main
branch
from
7b866c9 to
181ffd3
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 181ffd315c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the module inspection diagnostic finding: per-module realpath/stat failures now emit extension-scoped diagnostics except for transient missing-path races. Added coverage showing healthy modules continue to load. |
ThomasK33
force-pushed
the
extensions-main
branch
from
181ffd3 to
1b5c0b6
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1b5c0b6b33
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the entrypoint stat diagnostic finding: entrypoint existence checks now catch permission/I/O failures and emit extension-scoped diagnostics while continuing to load healthy modules. Added regression coverage for the EACCES case. |
ThomasK33
force-pushed
the
extensions-main
branch
from
1b5c0b6 to
c6fc187
Compare
|
Codex Review: Didn't find any major issues. Delightful! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review CI unit was repeatedly crashing in Bun/QuickJS coverage runs, so I also changed QuickJS runtime creation to reuse the async WASM module across sandbox contexts. This reduces repeated WASM instantiation pressure while preserving per-extension QuickJS contexts. Local validation includes the extension subset with coverage. |
ThomasK33
force-pushed
the
extensions-main
branch
from
c6fc187 to
bb3f849
Compare
1 participant
Summary
Adds the Mux Extension Platform v1 behind the
EXTENSION_PLATFORMexperiment and documents the platform's architectural pivot to Extension Modules: extension folders with a singleextension.ts, statically extractable manifests, QuickJS-based discovery/activation, skill-style root precedence, source locks, and Mux-owned trust/capability state. The implementation is now partially refactored toward that model: trusted roots can discover direct child Extension Module folders via staticextension.tsmanifest extraction, local authoring roots use~/.mux/extensions/local, and source-lock schemas now model git/vendored extension sources without carrying trust state.Background
This PR grew out of the need to consolidate Mux's extension surfaces across skills, tools, agents, policies, themes, and future runtime contributions. During review, the design moved away from npm-package identity and repo-stored project approvals toward a Go-modules-like Extension Module model. The updated docs capture that decision, the code hardens the current scaffold so repositories cannot provide security authority, and the latest slices begin moving discovery/root layout/source metadata from package manifests to static Extension Module manifests and locks.
Implementation
extension.tsmanifest extraction forexport const manifest = defineManifest({ ... })or a literal object export, rejecting dynamic manifest values without executing extension code.extension.ts, including folder-name validation,manifest.namemismatch diagnostics, project-local pre-trust no-read behavior, and static capability validation.~/.mux/extensions/localand updatesinitializeUserRootto create that folder instead of a package-rootpackage.json.bun run debug extensions.agent_skill_*tool reads, including hardened skill-body reads that reject symlinks and TOCTOU path swaps.extension.ts) as the target architecture.~/.mux/extensions/project-state/<project-hash>/, not inside the target repository.Validation
make static-checkmake test -j1bun test src/node/extensions/extensionRoots.test.ts src/node/orpc/extensionsRouter.test.ts src/common/extensions/sourceLocks.test.ts src/node/extensions/staticManifestExtractor.test.ts src/node/extensions/extensionDiscoveryService.test.tsbun test src/common/extensions/conflictResolver.test.ts src/common/extensions/permissionCalculator.test.tsbun test src/node/extensions/bundledExtensionsAssemble.test.tsbun test src/node/extensions/projectExtensionStateService.test.tsbun test src/node/orpc/extensionsRouter.test.tsbun test src/cli/debug/extensions.test.tsbun test src/browser/features/Settings/Sections/ExtensionCard.test.tsx src/browser/features/Settings/Sections/ExtensionsSection.test.tsxRisks
This is a large additive subsystem touching startup wiring, settings UI, package assembly, telemetry, and skill discovery. The primary rollback lever is the default-on
EXTENSION_PLATFORMexperiment. The highest remaining architectural risk is that full QuickJS Registration Discovery/Full Activation and git install/store materialization are still follow-up work; the current module-discovery slice intentionally publishes no module-registered skills until that runtime path exists.Pains
This PR required several review and merge cycles: resolving older security findings, integrating concurrent
mainchanges around heartbeat/image-generation skill filtering, aligning extension skill IDs with agent skill schemas, moving project extension state out of repositories after review identified the trust-injection vulnerability, and beginning the package-to-Extension-Module refactor while preserving transitional compatibility.Generated with
mux• Model:openai:gpt-5.5• Thinking:off• Cost:$916.09