Summary
Add guardrails for extension hooks so they cannot silently rewrite the stable prompt prefix by default.
Why
Current extension hook paths can replace:
- the system prompt,
- the full context message list,
- the full provider request payload.
That flexibility is powerful, but it makes cache behavior unpredictable and can invalidate stable-prefix reuse turn-by-turn.
Scope
Introduce explicit hook capabilities and default-safe behavior.
Proposed capability levels
tail_appendsemi_static_addfull_context_rewrite (disabled by default)full_request_rewrite (disabled by default)
Telemetry
Emit cache-risk mutation flags whenever hooks modify:
- system prompt
- context body
- provider payload
Code touchpoints
crates/cli/src/turn_runner/runner.rscrates/cli/src/extensions.rs- plugin hook protocol/types if required
crates/plugin-host/js/host.js
Acceptance criteria
- default extension behavior preserves a stable prompt prefix
- unsafe rewrite paths require explicit opt-in
- system/context/request mutations are observable in request metrics
- backward compatibility path exists for advanced extensions
Reference
knowledge/internal/KV_CACHE_REFACTOR_MASTER_PLAN.md
Summary
Add guardrails for extension hooks so they cannot silently rewrite the stable prompt prefix by default.
Why
Current extension hook paths can replace:
That flexibility is powerful, but it makes cache behavior unpredictable and can invalidate stable-prefix reuse turn-by-turn.
Scope
Introduce explicit hook capabilities and default-safe behavior.
Proposed capability levels
tail_appendsemi_static_addfull_context_rewrite(disabled by default)full_request_rewrite(disabled by default)Telemetry
Emit cache-risk mutation flags whenever hooks modify:
Code touchpoints
crates/cli/src/turn_runner/runner.rscrates/cli/src/extensions.rscrates/plugin-host/js/host.jsAcceptance criteria
Reference
knowledge/internal/KV_CACHE_REFACTOR_MASTER_PLAN.md