feat(serve): add extensions diagnostic HTTP/ACP surface (issue #4514 T3.9)

[doudouOUC]

Summary

• Add read-only GET /workspace/extensions endpoint exposing installed extension status with capability summaries
• ServeExtensionEntry includes id, name, version, isActive, redacted source URL, install type, and per-extension capability counts (MCP servers, skills, agents, hooks, commands, context files, channels, settings)
• /extensions slash command enabled in non_interactive and acp modes with new list subcommand (text output); manage/install/explore remain interactive-only
• DaemonClient.workspaceExtensions() SDK helper + workspace_extensions capability tag
• Sensitive data handling: resolvedSettings never serialized, installMetadata.source redacted via redactUrlCredentials(), MCP/hook configs only counted (not embedded)

Test plan

• GET /workspace/extensions returns 200 with correct shape and bridge call count (supertest)
• workspace_extensions appears in getRegisteredServeFeatures() and EXPECTED_STAGE1_FEATURES
• fakeBridge stubs + queryWorkspaceStatus dispatch wired for extensions
• /extensions list returns text listing in non-interactive mode
• /extensions defaults to manage dialog in interactive mode
• Extensions without installMetadata handled gracefully (optional chaining)
• SDK bundle size verified within limit

🤖 Generated with Qwen Code

[qwen-code-ci-bot]

Thanks for the PR!

Template: the PR body doesn't follow the required template. Missing sections: "What this PR does", "Why it's needed", "Reviewer Test Plan" (How to verify, Evidence Before/After, Tested on table), "Risk & Scope", "Linked Issues", and the Chinese translation <details>. The current "Summary" + checkbox "Test plan" format doesn't give reviewers enough to verify the change. Please reformat.

On direction: clearly aligned — this is issue #4514 T3.9, explicitly tracked as a Tier 3 gap. The hooks PR (#4822) set the exact same precedent and shipped cleanly. Extending the diagnostic surface to extensions is a natural next step.

On approach: the scope feels right — follows the same layered pattern as the hooks PR (status types → HTTP route → workspace service → bridge → SDK → command). The /extensions command gaining non_interactive/acp modes with a list subcommand is a sensible addition. One observation: roughly 40% of the diff is prettier reformatting existing code (spreading ternaries in serializeHookConfig, IDLE_HOOK_EVENTS, etc.) that's unrelated to the feature. Not blocking, but splitting those into a separate commit would make the actual feature changes easier to review.

Once the template is filled in, happy to proceed to code review. 🔍

中文说明

感谢贡献！

模板：PR 描述没有遵循要求的模板。缺少的章节包括："What this PR does"、"Why it's needed"、"Reviewer Test Plan"（含 How to verify、Evidence Before/After、Tested on 表格）、"Risk & Scope"、"Linked Issues" 以及中文翻译 <details>。当前的 "Summary" + 勾选框 "Test plan" 格式无法给审查者提供足够的验证信息，请重新填写。

方向：明确对齐——这是 issue #4514 T3.9，明确列为 Tier 3 缺口。Hooks PR (#4822) 是完全相同的先例，已顺利合入。将诊断接口扩展到 extensions 是自然的延续。

方案：范围合理——遵循与 hooks PR 相同的分层模式（status types → HTTP route → workspace service → bridge → SDK → command）。/extensions 命令增加 non_interactive/acp 模式和 list 子命令是合理的补充。一个观察：大约 40% 的 diff 是 prettier 对现有代码的格式化（serializeHookConfig 中的展开三元、IDLE_HOOK_EVENTS 等），与功能无关。不阻塞，但如果能拆成单独的 commit 会让功能变更更容易审查。

模板补全后，继续进入代码审查 🔍

— Qwen Code · qwen3.7-max

[qwen-code-ci-bot]

Thanks for the PR!

Template: the PR body doesn't follow the required template. Missing sections: "What this PR does", "Why it's needed", "Reviewer Test Plan" (How to verify, Evidence Before/After, Tested on table), "Risk & Scope", "Linked Issues", and the Chinese translation <details>. The current "Summary" + checkbox "Test plan" format doesn't give reviewers enough to verify the change. Please reformat.

On direction: clearly aligned — this is issue #4514 T3.9, explicitly tracked as a Tier 3 gap. The hooks PR (#4822) set the exact same precedent and shipped cleanly. Extending the diagnostic surface to extensions is a natural next step.

On approach: the scope feels right — follows the same layered pattern as the hooks PR (status types → HTTP route → workspace service → bridge → SDK → command). The /extensions command gaining non_interactive/acp modes with a list subcommand is a sensible addition. One observation: roughly 40% of the diff is prettier reformatting existing code (spreading ternaries in serializeHookConfig, IDLE_HOOK_EVENTS, etc.) that's unrelated to the feature. Not blocking, but splitting those into a separate commit would make the actual feature changes easier to review.

Once the template is filled in, happy to proceed to code review. 🔍

中文说明

感谢贡献！

模板：PR 描述没有遵循要求的模板。缺少的章节包括："What this PR does"、"Why it's needed"、"Reviewer Test Plan"（含 How to verify、Evidence Before/After、Tested on 表格）、"Risk & Scope"、"Linked Issues" 以及中文翻译 <details>。当前的 "Summary" + 勾选框 "Test plan" 格式无法给审查者提供足够的验证信息，请重新填写。

方向：明确对齐——这是 issue #4514 T3.9，明确列为 Tier 3 缺口。Hooks PR (#4822) 是完全相同的先例，已顺利合入。将诊断接口扩展到 extensions 是自然的延续。

方案：范围合理——遵循与 hooks PR 相同的分层模式（status types → HTTP route → workspace service → bridge → SDK → command）。/extensions 命令增加 non_interactive/acp 模式和 list 子命令是合理的补充。一个观察：大约 40% 的 diff 是 prettier 对现有代码的格式化（serializeHookConfig 中的展开三元、IDLE_HOOK_EVENTS 等），与功能无关。不阻塞，但如果能拆成单独的 commit 会让功能变更更容易审查。

模板补全后，继续进入代码审查 🔍

— Qwen Code · qwen3.7-max

[github-actions]

📋 Review Summary

This PR adds a read-only diagnostic surface for installed extensions via a new HTTP endpoint (GET /workspace/extensions) and CLI slash command (/extensions list). The implementation follows established patterns from similar status endpoints (MCP, skills, hooks) and includes appropriate test coverage. Overall, the code is well-structured and maintains consistency with existing diagnostic surfaces.

🔍 General Feedback

• The implementation correctly follows the established pattern for workspace status endpoints, mirroring the structure of workspaceHooks, workspaceMcp, etc.
• Good separation of concerns: types in status.ts, HTTP route in server.ts, bridge integration in bridge.ts, and CLI command in extensionsCommand.ts.
• The SDK client helper (DaemonClient.workspaceExtensions()) provides a clean API for external consumers.
• Test coverage includes both the HTTP endpoint and the fake bridge stub, which is consistent with other status endpoint tests.
• The PR appropriately handles sensitive data by redacting URLs via redactUrlCredentials() and excluding resolvedSettings from serialization.

🎯 Specific Feedback

🟡 High

• File: packages/cli/src/ui/commands/extensionsCommand.ts:133-141 - The capability counting logic in listTextAction differs from the HTTP endpoint's counting in buildWorkspaceExtensionsStatus. The CLI command counts MCP servers, skills, and commands only, while the HTTP endpoint counts all 8 capability types (including agents, hooks, context files, channels, settings). This inconsistency could confuse users who see different capability summaries in different contexts. Consider aligning the CLI output to show all capabilities or extracting the counting logic to a shared utility.

🟢 Medium

• File: packages/acp-bridge/src/status.ts:882-892 - The createIdleWorkspaceExtensionsStatus function sets initialized: false but doesn't include an errors array. While optional, other idle status creators like createIdleWorkspaceMcpStatus include all optional fields for consistency. Consider adding errors: [] for pattern consistency.

• File: packages/cli/src/acp-integration/acpAgent.ts:2250-2252 - The hook counting logic uses a reduce pattern that's more verbose than necessary:

  hookCount: ext.hooks
    ? Object.values(ext.hooks).reduce(
        (sum, defs) => sum + (defs?.length ?? 0),
        0,
      )
    : 0,

  This could be simplified to:

  hookCount: ext.hooks
    ? Object.values(ext.hooks).reduce((sum, defs) => sum + (defs?.length ?? 0), 0)
    : 0,

  (minor formatting) or extracted to a helper function for clarity.

• File: packages/cli/src/serve/server.ts:1058-1066 - The endpoint handler doesn't include any request validation or rate limiting comments. While other status endpoints follow the same pattern, it's worth considering whether this endpoint needs any protection against abuse since it queries extension state on every call.

🔵 Low

• File: packages/acp-bridge/src/bridge.ts:3042-3047 - Consider adding a JSDoc comment to getWorkspaceExtensionsStatus method to match the style of other methods like getSessionHooksStatus which has /** Read session-scoped hook status for a live session. */.

• File: packages/acp-bridge/src/status.ts:846-855 - The ServeExtensionCapabilities interface could benefit from inline comments explaining what each count represents, especially for less obvious ones like channelCount or hasSettings.

• File: packages/cli/src/ui/commands/extensionsCommand.ts:125 - The markdown output format uses **Installed Extensions (${extensions.length} total, ${active.length} active)** which is good. Consider adding a note about the /extensions list command being available in non-interactive mode when the user is in interactive mode, or vice versa.

• File: packages/sdk-typescript/src/daemon/types.ts:1477-1526 - The type definitions are at the end of the file without any grouping comment separator like the other interfaces have. Consider adding a comment block separator for consistency with the rest of the file.

✅ Highlights

• Security handling: Excellent attention to sensitive data - using redactUrlCredentials() for source URLs and explicitly excluding resolvedSettings from serialization (as noted in the PR description).
• Test coverage: The test at line 1815-1858 in server.test.ts thoroughly validates the endpoint response shape, status code, and bridge call count.
• Type safety: The ServeExtensionInstallType and ServeExtensionOriginSource types are properly constrained unions, preventing invalid values from being serialized.
• Error handling: The buildWorkspaceExtensionsStatus method wraps the entire operation in a try-catch and returns a structured error response with initialized: false and an error cell, which is the correct pattern.
• Optional chaining: Proper use of optional chaining (ext.installMetadata?.source) throughout handles extensions without metadata gracefully.

[Copilot]

Pull request overview

This PR adds a new read-only “workspace extensions” diagnostic surface across the serve HTTP API/ACP bridge and the TypeScript SDK, and exposes a non-interactive /extensions list text view so clients can inspect installed extensions and their capability summaries.

Changes:

• Add GET /workspace/extensions route backed by a new ACP status method (qwen/status/workspace/extensions) and a new workspace_extensions capability tag.
• Introduce new “workspace extensions status” types in @qwen-code/acp-bridge and packages/sdk-typescript, plus an SDK helper DaemonClient.workspaceExtensions().
• Extend /extensions slash command to support non_interactive/acp modes with a new list subcommand and non-interactive default behavior.

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
packages/sdk-typescript/src/daemon/types.ts	Adds SDK-facing types for workspace extension status entries and capability counts.
packages/sdk-typescript/src/daemon/index.ts	Re-exports the new SDK types from the daemon module barrel.
packages/sdk-typescript/src/daemon/DaemonClient.ts	Adds workspaceExtensions() client helper for GET /workspace/extensions.
packages/cli/src/ui/commands/extensionsCommand.ts	Adds /extensions list and enables /extensions in non-interactive/acp with text output.
packages/cli/src/serve/workspace-service/types.ts	Extends the workspace service interface with getWorkspaceExtensionsStatus().
packages/cli/src/serve/workspace-service/index.ts	Wires getWorkspaceExtensionsStatus() through queryWorkspaceStatus() with idle fallback.
packages/cli/src/serve/server.ts	Registers GET /workspace/extensions route and forwards to workspace service.
packages/cli/src/serve/server.test.ts	Adds feature expectations and a supertest asserting the new route bridges correctly.
packages/cli/src/serve/index.ts	Re-exports the new workspace extensions status types and idle factory for consumers.
packages/cli/src/serve/capabilities.ts	Registers workspace_extensions capability in the serve capability registry.
packages/cli/src/acp-integration/acpAgent.ts	Implements serialization/counting for workspace extension status and adds ext-method dispatch.
packages/acp-bridge/src/status.ts	Adds ACP method constant, status types, and createIdleWorkspaceExtensionsStatus().
packages/acp-bridge/src/bridgeTypes.ts	Adds getWorkspaceExtensionsStatus() to the AcpSessionBridge interface.
packages/acp-bridge/src/bridge.ts	Implements bridge wiring for the new workspace extensions status request.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[doudouOUC]

Review round — wenshao CHANGES_REQUESTED

Thread	Verdict	Action
extensionsCommand.ts:296 — TS2322 MessageType enum type mismatch	Agreed	Fixed in e7cbefc — string literals
extensionsCommand.ts:315 — mode enforcement gap for subcommands	Agreed	Fixed in fb8b8de — runtime mode guards
extensionsCommand.ts:103 — missing unit tests	Defer	Consistent with hooks PR
extensionsCommand.ts:124 — i18n inconsistency	Agreed	Fixed in e7cbefc — wrapped in t()

[wenshao]

[Suggestion] getCommandSubcommandNames in commandMetadata.ts does not filter subcommands by execution mode. Since this PR widens extensionsCommand.supportedModes to ['interactive', 'non_interactive', 'acp'], the ACP available_commands_update now advertises manage, install, and explore to the model — but these subcommands are interactive-only. When the model invokes them, it gets an error response, wasting tokens. Consider filtering subcommands by mode, or documenting that supportedModes on subcommands is advisory only.

— qwen3.7-max via Qwen Code /review

[doudouOUC]

Addressed wenshao's latest review (2026-06-07)

Fixed:

• _args → args in listAction — removed misleading underscore prefix since the parameter is used (b39b6a0)

Deferred (framework-level):

• getCommandSubcommandNames not filtering subcommands by mode — this is the same framework-level gap identified in Codex review round 2. Runtime guards already prevent execution of interactive-only subcommands in ACP/non_interactive mode (fb8b8de). The metadata advertising issue affects all commands with mixed-mode subcommands, not just /extensions. Fixing it properly requires changes to commandMetadata.ts and the command registration framework, which is out of scope for this PR.

[wenshao]

Local Verification Report

PR: #4832 feat/serve-extensions-status → daemon_mode_b_main
Scope: 14 files, +525/−51 (acp-bridge, CLI serve, SDK daemon)

Test Results

Check	Result	Details
SDK tests	✅ 742/742 passed	All 15 test files clean
CLI server.test.ts	⚠️ 12 pre-existing failures	364 passed, 12 failed (376 total)
Core typecheck	✅ 0 errors	Clean
CLI typecheck	⚠️ 45 errors	43 pre-existing + 2 new
SDK typecheck	✅ 0 errors	Clean
ESLint	✅ Clean	--max-warnings 0 on all 13 changed source files
Whitespace	✅ Clean	git diff --check passed

New Typecheck Errors (2)

Both in packages/cli/src/ui/commands/extensionsCommand.ts:

extensionsCommand.ts(31,16): error TS7030: Not all code paths return a value.
extensionsCommand.ts(169,16): error TS7030: Not all code paths return a value.

exploreAction (line 31) and installAction (line 169) return an object on some code paths (e.g., early-exit error message) but void on others. TypeScript flags the inconsistency. Consider either always returning a result object or typing the return as ... | void.

CLI Test Failure Analysis (all pre-existing)

All 12 CLI failures are pre-existing on daemon_mode_b_main:

1. Capability registry stale assertions (3 tests) — expected feature lists don't include features added by recent PRs.
2. runQwenServe afterEach hook timeouts (9 tests) — afterEach at server.test.ts:5284 times out at 10000ms.

Build Notes

• Core and acp-bridge rebuilt before test/typecheck (cross-package dist dependency).

Verdict

✅ PASS with nit — No new test failures. 2 new TS7030 typecheck warnings in extensionsCommand.ts (inconsistent return paths) — non-blocking but worth fixing before merge.

---

Verified locally by wenshao

[doudouOUC]

Addressed wenshao's local verification (2026-06-07)

Fixed:

• TS7030 exploreAction and installAction inconsistent return paths — added explicit return undefined at function end to satisfy noImplicitReturns (6211ef9)

Thanks for the thorough local verification!

[doudouOUC]

Addressed wenshao's round 3 review (2026-06-07)

#	Finding	Verdict	Action
1	errorCell should redact URL credentials	Deferred	Systemic issue across all builders — fix belongs in errorCell() centrally, follow-up PR
2	listTextAction shows 3/8 capabilities vs API's 8	Push back	Compact subset intentional for human-readable terminal output
3	getExtensions() missing try/catch	Fixed	Added try/catch in 724ff59, consistent with ACP builder

[wenshao]

Local Verification Report (Re-run after 2 new commits)

PR: #4832 feat/serve-extensions-status → daemon_mode_b_main
Scope: 14 files, +525/−51 (acp-bridge, CLI serve, SDK daemon)
Commits: 8 (was 6 at prior review — 2 new fix commits)

Test Results

Check	Result	Details
SDK tests	✅ 742/742 passed	All 15 test files clean
CLI server.test.ts	⚠️ 12 pre-existing failures	364 passed, 12 failed (376 total)
Core typecheck	✅ 0 errors	Clean
CLI typecheck	✅ 0 new errors	43 total — matches base exactly
SDK typecheck	✅ 0 errors	Clean
ESLint	✅ Clean	--max-warnings 0 on all 13 changed source files
Whitespace	✅ Clean	git diff --check passed

Previous Issue Resolved

The 2 TS7030 errors in extensionsCommand.ts ("not all code paths return a value") flagged in the prior review have been fixed in the new commits. CLI typecheck now shows 43 errors, exactly matching the daemon_mode_b_main baseline.

CLI Test Failure Analysis (all pre-existing)

All 12 CLI failures are pre-existing on daemon_mode_b_main:

1. Capability registry stale assertions (3 tests) — expected feature lists don't include features added by recent PRs.
2. runQwenServe afterEach hook timeouts (9 tests) — afterEach at server.test.ts:5284 times out at 10000ms.

Verdict

✅ PASS — No new test failures, no new typecheck errors, no lint issues. Previous TS7030 nits resolved.

---

Verified locally by wenshao

[wenshao]

No issues found. LGTM! ✅ — qwen3.7-max via Qwen Code /review

[chiga0]

Review Summary — PR #4832

PR: feat(serve): add extensions diagnostic HTTP/ACP surface (issue #4514 T3.9)
Author: @doudouOUC | +538/-51 | 14 files | 7 commits
HEAD: 724ff59b | Base: daemon_mode_b_main

Independent Review

Follows the hooks/workspace diagnostic pattern from #4822 end-to-end:

Layer	Verification
Types (status.ts)	ServeExtensionEntry, ServeExtensionCapabilities, idle factory — clean
Bridge (bridge.ts)	getWorkspaceExtensionsStatus() via requestWorkspaceStatus — correct pattern
ACP agent (acpAgent.ts)	buildWorkspaceExtensionsStatus() with try/catch + redactUrlCredentials — solid
HTTP route (server.ts)	GET /workspace/extensions with buildWorkspaceCtx + sendBridgeError — standard
Workspace service	Wired through DaemonWorkspaceService interface + impl
SDK (DaemonClient.ts)	workspaceExtensions() + mirror types — correct
CLI command	Mode guards on all 3 interactive-only subcommands + listTextAction with try/catch
Tests (server.test.ts)	Full endpoint test with capability array update

wenshao Finding Resolution (7 commits)

All Critical findings addressed: TS2322 enum (commit 5), mode enforcement gap (commit 4), i18n strings (commit 5), _args rename (commit 6), try/catch (commit 7). wenshao: APPROVED at HEAD.

Verdict: APPROVED — 0 findings.

Reviewed at HEAD 724ff59b.

[wenshao]

@qwen-code-ci-bot

Already have 2 approved.3ks.