Skip to main content

Extensions

Inspect local extension records and MCP capabilities.

v0.19.0 keeps extension handling local and approval-gated. The shipped CLI can inspect skills, steering, profiles, MCP manifests, and preview negotiated MCP capabilities without silently granting permissions or writing config.

Read docsConfigure recordsManifest reference

Directory

Click any record to inspect the matching runtime shape.

The page mirrors the CLI extension model: local `.phonton` records, MCP declarations, and preview commands that keep trust, permissions, and source visible before a tool can affect a run.

5 reference records

CLI backed

The directory reflects shipped inspection commands.

The public page is a product surface for the same local extension data that phonton extensions reads. MCP capability preview starts the server only after approval and does not call tools.

phonton extensions list --json
[
  {
    "id": "review-gate",
    "kind": "skill",
    "source": "workspace",
    "status": "active",
    "trust": "text-only"
  },
  {
    "id": "github",
    "kind": "mcp-server",
    "source": "workspace",
    "trust": "networked-tool",
    "permissions": ["network.request"]
  }
]

Runtime path

The extension system feeds the ADE loop.

01

load

Read local manifests and assign source, scope, trust, permissions, and checksum.

02

resolve

Apply precedence, disabled records, conflicts, and diagnostics.

03

plan

Inject applicable text-only steering and skills into the GoalContract.

04

preview

Capture MCP initialize metadata, tool descriptors, and proposed permission rules.

05

approve

Gate any actual MCP tool request by trust, permission, and workspace approval.

06

receipt

Record extension and MCP influence in the Flight Log and HandoffPacket.

Typed records

The page matches the CLI extension model.

Shared extension and MCP records let planner, worker, verifier, CLI, and review surfaces name the same trust and capability evidence.

Skill.phonton/skills/<id>/SKILL.md

Text-first task guidance with optional recommended verification.

Steering.phonton/steering.toml

Persistent rules with advise, warn, or fail severity.

MCP server.phonton/mcp.toml or .phonton/mcp.d/*.toml

Tool declarations with transport, trust, permissions, env, and enabled state.

Profile.phonton/profiles.toml

Activation bundles with optional max_tokens and max_usd_micros ceilings.

Trust vocabulary

Capabilities become explicit before a tool can affect a run.

Text-only guidance cannot execute tools. MCP servers and mutating capabilities stay permissioned and approval-gated by the runtime.

TextOnlyContext-only. Cannot request tool permissions.
ReadOnlyToolCan request read-only tool calls.
MutatingToolCan request mutating local tool calls.
NetworkedToolCan request networked tool calls.