🤖 feat: add Mux Extension Platform v1#3255
Conversation
|
/coder-agents-review |
|
@codex review |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 78225309f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
![coder-agents-review[bot]](https://avatars.githubusercontent.com/in/3454270?s=60&v=4){kind=small}
There was a problem hiding this comment.
First-pass review (Netero only). These are mechanical findings from the first-pass scan. The full review panel has not yet reviewed this PR. The panel will review after these findings are addressed.
Severity count: 2 P2, 1 P3, 1 Nit, 1 Note.
The extension platform is well-structured: broad test coverage (~51% test-to-code ratio), clean error handling patterns, no circular imports, and thoughtful domain modeling. The architecture separates concerns cleanly across common/node/browser layers.
"TypeScript structural typing makes the mismatch compile-safe, but the displayName and extensionId fields from the registry are silently dropped by every consumer." (Netero)
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 782fdaeb28
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 782fdaeb28
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: efc6c71a1f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Panel review (10 reviewers: Bisky, Hisoka, Kite, Knov, Mafuuu, Melody, Meruem, Nami, Pariston, Zoro). All 5 R1 Netero findings addressed; thank you for the quick fixes.
Severity count: 1 P1, 5 P2, 7 P3, 2 Nit.
The architecture is well-designed: clean domain model separation, strong test coverage (51% ratio), thoughtful conflict resolution, and principled ADRs. The permission model, telemetry gating, and path containment are solid foundations.
The P1 is surgical: PolicyFileSchema.passthrough() was the only schema loosened while all others remain strict. The P2s cluster around scope-blind stale detection, async UI coordination, and accessibility. Most P3s are correctness-in-future-scenarios (multi-root, identity conflicts) that are latent in v1 but worth fixing before the code fossilizes.
"A Governor administrator who fat-fingers
extensionPlatfrom: falsepreviously got a parse error. Now it passes, the intended kill switch never fires, and the extension platform runs unblocked on a managed fleet." (Hisoka)
🤖 This review was automatically generated with Coder Agents.
There was a problem hiding this comment.
Round 3 is blocked. Further review is paused until the author responds to or pushes fixes for the open findings from Round 2.
DEREM-6 (P3, initialize user root) and DEREM-8 (P2, scope-blind stale records) were addressed in efc6c71. Thank you.
The following findings remain open with no response:
- DEREM-7 (P1): PolicyFileSchema
.strict()to.passthrough()(policy.ts:81). The security kill switch typo gap. - DEREM-9 (P2): wrapBusy async race (ExtensionCard.tsx:512)
- DEREM-10 (P2): aria-modal without focus trap (ConsentShortcutModal.tsx, DestructiveConfirmDialog.tsx, ExtensionsCheatSheetModal.tsx)
- DEREM-11 (P2): projectExtensionStateService non-atomic read-then-write (projectExtensionStateService.ts:60)
- DEREM-12 (P2): resolveScopeByRootId maps bundled to global scope (extensionRegistryService.ts:251)
- DEREM-13 (P3): permissions map keyed by extensionId alone
- DEREM-14 (P3): extensionRootWatcher scheduleReload missing closed check
- DEREM-15 (P3): homepage link no protocol validation
- DEREM-16 (P3): no loading state for extensions section
- DEREM-17 (P3): cheat sheet modal no Escape handler
- DEREM-18 (P3): onChanged multicast test 10ms sleep fragility
- DEREM-19 (P3): runReloadRoot stale flags from spliced roots
- DEREM-20 (Nit): useCallback/useMemo vs React Compiler convention
- DEREM-21 (Nit): dead manifest-invalid UnavailableReason variant
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 15c9e0283c
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7e95e2ef3a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 7e95e2ef3a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
/coder-agents-review |
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 78bfd470c6
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
Re-review (4 reviewers: Mafuuu, Meruem, Nami, Kite). All 14 R2 fixes verified clean. DEREM-20 (useCallback/useMemo) closed by panel vote (2/2 accept author defense).
Severity count: 2 P2, 5 P3.
The R3/R4 fix commits addressed every P1 and P2 from Round 2 correctly. The new findings cluster around a common root: the multi-root improvements (efc6c71) added support for multiple project-local roots in rendering (getRootSections), but the keyboard navigation, trust shortcuts, and permission lookup paths still assume at most one project-local root. These are fix-chain artifacts from the DEREM-8/DEREM-19 fixes that broadened root enumeration.
The keyboard-behind-modal finding (DEREM-31) is the highest priority: the consent modal is a security-consent surface, and having the section shortcut handler execute r (reload), e (enable), t (trust) behind it undermines the consent flow.
"Pressing J to navigate: the focus ring moves through bundled, user-global, and the first project-local root's extensions, then stops. Extensions from the second project-local root are visible on screen but unreachable via keyboard." (Mafuuu)
🤖 This review was automatically generated with Coder Agents.
There was a problem hiding this comment.
Round 5 is blocked. Further review is paused until the author responds to or pushes fixes for the open findings from Round 4.
DEREM-33 (lookupLiveRequestedPermissions) and DEREM-34 (conflict descriptor) were addressed. Thank you.
The following findings remain open with no response:
- DEREM-30 (P2):
orderedExtensionsonly traverses first project-local root; J/K navigation skips the rest (ExtensionsSection.tsx:746) - DEREM-31 (P2): Keyboard handler fires behind open consent/destructive modals (ExtensionsSection.tsx:770)
- DEREM-28 (P3):
reloadRoot(rootId)name claims targeted but is full reload (extensionRegistryService.ts:292) - DEREM-32 (P3): Trust shortcut targets only first project-local root (ExtensionsSection.tsx:760)
- DEREM-35 (P3):
body-failedcondition changed with zero test coverage (extensionRegistryService.ts:639) - DEREM-36 (P3): Modals lack focus trapping; Tab escapes to background (ConsentShortcutModal.tsx:74)
🤖 This review was automatically generated with Coder Agents.
|
/coder-agents-review |
|
@codex review Addressed the module inspection diagnostic finding: per-module realpath/stat failures now emit extension-scoped diagnostics except for transient missing-path races. Added coverage showing healthy modules continue to load. |
ThomasK33
force-pushed
the
extensions-main
branch
from
181ffd3 to
1b5c0b6
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1b5c0b6b33
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the entrypoint stat diagnostic finding: entrypoint existence checks now catch permission/I/O failures and emit extension-scoped diagnostics while continuing to load healthy modules. Added regression coverage for the EACCES case. |
ThomasK33
force-pushed
the
extensions-main
branch
from
1b5c0b6 to
c6fc187
Compare
|
Codex Review: Didn't find any major issues. Delightful! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review CI unit was repeatedly crashing in Bun/QuickJS coverage runs, so I also changed QuickJS runtime creation to reuse the async WASM module across sandbox contexts. This reduces repeated WASM instantiation pressure while preserving per-extension QuickJS contexts. Local validation includes the extension subset with coverage. |
ThomasK33
force-pushed
the
extensions-main
branch
from
c6fc187 to
bb3f849
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bb3f849402
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed the shared Asyncify module finding: the QuickJS module reuse now includes a global eval serialization queue so only one asyncified execution can suspend at a time across contexts. Re-ran the extension coverage subset and static-check locally. |
ThomasK33
force-pushed
the
extensions-main
branch
from
bb3f849 to
a01f63d
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a01f63d742
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Addressed both QuickJS queue findings: queued evals now time out using wall-clock time while waiting for the serialized Asyncify slot, and failed module initialization clears the cached promise so later runtime creation can retry. Added queue-timeout regression coverage. |
ThomasK33
force-pushed
the
extensions-main
branch
from
a01f63d to
42f927c
Compare
|
Codex Review: Didn't find any major issues. Hooray! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review Removed the Extension Platform experiment/Governor kill switch so Extensions are always initialized and the Settings/command-palette surfaces stay available. This is intentional because built-in skills may migrate onto Extension Modules and a platform-level off switch would remove core functionality. Deprecated policy fields remain schema-compatible but are ignored. |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6ffed514b1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review Rebased onto latest main and updated the bundled demo extension package version to match the 0.25.0 app version so bundled-extension validation passes on the PR merge ref. |
|
@codex review Addressed the trust rollback finding: trustRoot now captures the previous project-extension root trust bit and restores it alongside project trust when registry trust/reload fails. Added/updated router coverage to simulate a failure after extension trust has been persisted. |
|
Codex Review: Didn't find any major issues. What shall we delve into next? ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review Rebased onto latest origin/main and force-pushed the updated branch. Please re-check the final diff. |
|
Codex Review: Didn't find any major issues. Bravo. ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
@codex review Rebased again onto the latest origin/main after main advanced and force-pushed the updated branch. Please re-check the final diff. |
|
Codex Review: Didn't find any major issues. Breezy! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
1 participant
Summary
Adds the Mux Extension Platform v1 behind the
EXTENSION_PLATFORMexperiment and documents the platform's architectural pivot to Extension Modules: extension folders with a singleextension.ts, statically extractable manifests, QuickJS-based discovery/activation, skill-style root precedence, source locks, and Mux-owned trust/capability state. The implementation is now partially refactored toward that model: trusted roots can discover direct child Extension Module folders via staticextension.tsmanifest extraction, local authoring roots use~/.mux/extensions/local, and source-lock schemas now model git/vendored extension sources without carrying trust state.Background
This PR grew out of the need to consolidate Mux's extension surfaces across skills, tools, agents, policies, themes, and future runtime contributions. During review, the design moved away from npm-package identity and repo-stored project approvals toward a Go-modules-like Extension Module model. The updated docs capture that decision, the code hardens the current scaffold so repositories cannot provide security authority, and the latest slices begin moving discovery/root layout/source metadata from package manifests to static Extension Module manifests and locks.
Implementation
extension.tsmanifest extraction forexport const manifest = defineManifest({ ... })or a literal object export, rejecting dynamic manifest values without executing extension code.extension.ts, including folder-name validation,manifest.namemismatch diagnostics, project-local pre-trust no-read behavior, and static capability validation.~/.mux/extensions/localand updatesinitializeUserRootto create that folder instead of a package-rootpackage.json.bun run debug extensions.agent_skill_*tool reads, including hardened skill-body reads that reject symlinks and TOCTOU path swaps.extension.ts) as the target architecture.~/.mux/extensions/project-state/<project-hash>/, not inside the target repository.Validation
make static-checkmake test -j1bun test src/node/extensions/extensionRoots.test.ts src/node/orpc/extensionsRouter.test.ts src/common/extensions/sourceLocks.test.ts src/node/extensions/staticManifestExtractor.test.ts src/node/extensions/extensionDiscoveryService.test.tsbun test src/common/extensions/conflictResolver.test.ts src/common/extensions/permissionCalculator.test.tsbun test src/node/extensions/bundledExtensionsAssemble.test.tsbun test src/node/extensions/projectExtensionStateService.test.tsbun test src/node/orpc/extensionsRouter.test.tsbun test src/cli/debug/extensions.test.tsbun test src/browser/features/Settings/Sections/ExtensionCard.test.tsx src/browser/features/Settings/Sections/ExtensionsSection.test.tsxRisks
This is a large additive subsystem touching startup wiring, settings UI, package assembly, telemetry, and skill discovery. The primary rollback lever is the default-on
EXTENSION_PLATFORMexperiment. The highest remaining architectural risk is that full QuickJS Registration Discovery/Full Activation and git install/store materialization are still follow-up work; the current module-discovery slice intentionally publishes no module-registered skills until that runtime path exists.Pains
This PR required several review and merge cycles: resolving older security findings, integrating concurrent
mainchanges around heartbeat/image-generation skill filtering, aligning extension skill IDs with agent skill schemas, moving project extension state out of repositories after review identified the trust-injection vulnerability, and beginning the package-to-Extension-Module refactor while preserving transitional compatibility.Generated with
mux• Model:openai:gpt-5.5• Thinking:off• Cost:$916.09