Manifest reference
Phonton extension files are TOML. The loader parses them locally and reports
diagnostics through phonton extensions doctor.
Skill manifest
[skill]
id = "review-gate"
name = "Review Gate"
version = "0.1.1"
entry = "SKILL.md"
trust = "text-only"
recommended_verify = ["phonton review latest", "phonton extensions doctor"]
Field notes:
| Field | Required | Notes |
|---|---|---|
id | yes | Stable id used in reports and profiles. |
name | no | Human-readable label. Defaults to id. |
version | no | Defaults to 0.1.0. |
entry | no | Defaults to SKILL.md. |
trust | no | Defaults to text-only. |
paths | no | Path applicability patterns. |
languages | no | Language labels such as rust or typescript. |
recommended_verify | no | Commands surfaced as verification suggestions. |
Steering manifest
[[rules]]
id = "review-gate.verification-output"
name = "Verification output"
severity = "fail"
text = "A completed change must report which verification commands ran, passed, failed, or were not run."
MCP manifest
MCP servers can live in one shared .phonton/mcp.toml file or in separate
.phonton/mcp.d/*.toml files. Separate files are useful when a workspace
tracks more than one server manifest.
[[servers]]
id = "workspace-filesystem-readonly"
name = "Workspace filesystem readonly"
command = "npx"
args = ["-y", "@modelcontextprotocol/server-filesystem", "."]
trust = "read-only-tool"
permissions = ["fs.read.workspace", "process.run"]
enabled = true
MCP definitions request capability. They do not grant it. Phonton still applies workspace trust, approval policy, and tool-call checks before running tools.
Profile manifest
[[profiles]]
id = "review-gate"
name = "Review Gate"
activates = ["review-gate", "review-gate.changed-files", "review-gate.verification-output"]
max_tokens = 120000
Trust levels
| Trust | Use for |
|---|---|
text-only | Skills and steering that only add prompt context. |
read-only-tool | Tooling that reads workspace data. |
mutating-tool | Tooling that can write files or mutate local state. |
networked-tool | Tooling that can make network requests. |
Permissions
Supported permission labels include:
fs.read.workspacefs.read.outside-workspacefs.write.workspacefs.write.outside-workspaceprocess.runnetwork.requestgit.write