Skip to content

feat: add TormentNexus extension crate with full Pi extension parity#4086

Open
robertpelloni wants to merge 3 commits into
Hmbown:mainfrom
robertpelloni:feat/extension-api
Open

feat: add TormentNexus extension crate with full Pi extension parity#4086
robertpelloni wants to merge 3 commits into
Hmbown:mainfrom
robertpelloni:feat/extension-api

Conversation

@robertpelloni

Copy link
Copy Markdown

Summary

Adds crates/tn-extension — a native Rust extension implementing the codewhale_extension::Extension trait with full parity to the TormentNexus Pi Coding Agent extension for persistent L2 memory, MCP tool discovery, skill registry, code search, RBAC, and context harvesting.

Changes

7 files (+387/-1 lines):

New crate: crates/tn-extension/

  • Cargo.toml — depends on codewhale-extension, serde_json, reqwest, chrono, async-trait
  • src/lib.rsTormentNexusExtension implementing all lifecycle hooks

Extension Lifecycle Hooks

  • SessionStart — logs session to TN L2 memory at http://127.0.0.1:7778/api/memory/add
  • BeforeAgentStart — injects TN system prompt guidance + searches L2 for relevant context per turn
  • ToolCall — logs tool calls; checks 6 dangerous patterns (rm -rf, sudo, DROP TABLE, etc.) against POST /api/enterprise/authorize
  • ToolResult — auto-stores substantial results (>=100 chars) from 6 key tools to L2
  • TurnEnd — logs tool usage summary per turn
  • Input — expands @memory:key inline with L2 content from TN sidecar
  • UserBash — audit-logs shell commands to TN enterprise audit
  • ModelSelect — tracks model changes to L2
  • SessionBeforeCompact / SessionCompact — preserves memory across compaction boundaries

Registration via Extension Trait

  • 9 custom tool definitions: tn_memory_store, tn_memory_search, tn_memory_vector_search, tn_tool_search, tn_session_search, tn_skill_manage, tn_code_search, tn_context_harvest, tn_scratchpad
  • 6 slash commands: /tn-store, /tn-search, /tn-status, /tn-plan, /tn-summary, /tn-purge
  • 3 keyboard shortcuts: Ctrl+Shift+M (memory search), Ctrl+Shift+T (tool search), Ctrl+Shift+P (system status)
  • MCP server auto-registration: points at tormentnexus.exe mcp with env TORMENTNEXUS_WORKSPACE_ROOT

Wiring

  • crates/tui/Cargo.toml — added codewhale-tn-extension dependency
  • crates/tui/src/core/engine.rs — registers TormentNexusExtension into ExtensionManager at startup
  • Cargo.toml (workspace root) — added crates/tn-extension as workspace member

Dependencies

  • reqwest (HTTP client for TN sidecar API)
  • serde_json (JSON serialization for API payloads)
  • chrono (RFC3339 timestamps)
  • async-trait (async trait support for Extension)
  • All are already workspace dependencies; no new crate registry entries.

Introduces codewhale-extension — a generic runtime extension system
for CodeWhale that mirrors the Pi Coding Agent's ExtensionAPI pattern.

Extension trait with 12 lifecycle hooks:
- SessionStart, BeforeAgentStart, ToolCall, ToolResult
- TurnEnd, Input, UserBash, ModelSelect
- SessionBeforeCompact, SessionCompact, SessionShutdown

Extensions can also register:
- MCP servers via mcp_servers()
- Slash commands via slash_commands()
- Keyboard shortcuts via shortcuts()
- Custom tools via tools()

Includes ExtensionManager for registration + dispatch,
and generic McpServerDef, SlashCommandDef, ShortcutDef, ToolDef types.

Also fixes Ctrl+Up/Down keybinding to scroll by 1 line.
…(hooks, tools, commands, shortcuts, L2 memory, RBAC)
@robertpelloni
robertpelloni requested a review from Hmbown as a code owner July 7, 2026 06:34
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Thanks @robertpelloni for taking the time to contribute.

This repository is observing a maintainer-managed PR intake gate in dry-run mode, so this pull request is staying open. This note helps maintainers prepare the allowlist before any enforcement is considered.

Please read CONTRIBUTING.md for the expected contribution shape. A maintainer can grant recurring PR access by commenting /lgtm on a pull request.

Hmbown commented Jul 9, 2026

Copy link
Copy Markdown
Owner

wow cool - this is a great idea - let me work to get this in!

@Hmbown Hmbown added this to the v0.9.3 milestone Jul 16, 2026 — with ChatGPT Codex Connector
@Hmbown Hmbown added the v0.9.3 Targeting v0.9.3 label Jul 16, 2026 — with ChatGPT Codex Connector
@Hmbown Hmbown added enhancement New feature or request external-memory External memory, context substrate, and long-running agent state security Security, isolation, permissions, or trust-boundary work tools Tool execution, tool schemas, tool UX, and built-in tool behavior labels Jul 16, 2026 — with ChatGPT Codex Connector

Hmbown commented Jul 16, 2026

Copy link
Copy Markdown
Owner

Roadmap triage: this PR is now in the v0.9.3 milestone and is design input for #4399. Before merge, its native extension, input mutation, sidecar network, MCP registration, tools/commands/shortcuts, and memory hooks should be reviewed against the trust-vs-enablement and declared-capability contract there. Related startup/skills plumbing: #3916 and #3917.

Hmbown commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Thanks — the Extension trait / ExtensionManager design in crates/codewhale-extension is a real contribution: #4399 explicitly rules out a second runtime beside codewhale-extension, so this crate is the intended home for extension work, and the TN adapter is a useful stress test of what the API must express.

Where it stands: v0.9.3 milestone, and #4399's acceptance criteria require a capability/trust review of this PR before merge. Being upfront: a security-labeled new crate moves slower than provider or refactor work, deliberately. The full CI matrix has not run on this head yet.

What review found, in landing order:

  1. Registration is unconditional in Engine::new, so every user message triggers a memory-search GET to 127.0.0.1:7778 carrying the prompt prefix — for all users, whether or not TN exists. This must be opt-in config, disabled by default; exactly the v0.9.1 Plugins: separate trust from enablement and define bundle capabilities #4399 trust/enablement boundary.
  2. mcp_servers() hardcodes C:\Users\hyper\...\tormentnexus.exe; command, env, and base URL need to be config-driven.
  3. &prompt[..100] / &c[..200] slice at byte offsets and panic on multi-byte UTF-8 — reachable today from the wired dispatch.
  4. Only BeforeAgentStart is dispatched, its HookResult is discarded, and the RBAC authorize call ignores the response — so none of the described behaviors take effect yet. Wire the dispatch points or trim the claims to match.
  5. Drop the unrelated hunks (ui.rs Ctrl+Up/Down scrolling, tool_execution.rs indentation, the npm README "built-in" section) and rebase; the lockfile is at 0.8.66 against workspace 0.9.1.

Suggested split: (a) the API crate shaped to #4399's capability contract; (b) an opt-in TN adapter. Authorship stays preserved either way.


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request external-memory External memory, context substrate, and long-running agent state security Security, isolation, permissions, or trust-boundary work tools Tool execution, tool schemas, tool UX, and built-in tool behavior v0.9.3 Targeting v0.9.3

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants