VS Code Marketplace Release Blueprint
Target extension ID: contenox.contenox-runtime
The VS Code extension is a thin adapter around the existing Contenox Go runtime. Each Marketplace package should be platform-specific and contain exactly one native binary:
bin/contenox macOS/Linux
bin/contenox.exe Windows
Identity
- Publisher:
contenox - Extension name:
contenox-runtime - Extension ID:
contenox.contenox-runtime - Display name:
Contenox - Homepage:
https://contenox.com - Repository:
https://github.com/contenox/runtime - Stable package:
packages/vscode/contenox-runtime-<target>-<version>.vsix - Proposed local package:
packages/vscode/contenox-runtime-<target>-<version>-proposed.vsix
Do not publish under rejected or legacy IDs such as contenox.runtime or
contenox.contenox.
Publisher Profile Copy
Use this for the Visual Studio Marketplace publisher profile description:
Use Contenox for local, reviewable AI work in your editor and terminal: ask
about a codebase, review a diff before pushing, fix diagnostics, draft commit
messages, run approved tool workflows, and turn repeated work into reusable
Chains.
Contenox is an open-source, local-first AI workflow runtime for developers. It
keeps sessions, configuration, telemetry, and workflow state on your machine
while letting you choose local or hosted models and define explicit tool and
approval boundaries.
The VS Code extension brings the runtime into the editor for codebase chat,
code actions, autocomplete, review workflows, and human-in-the-loop tool use.
The same workflows can also run from the CLI or any ACP-compatible client, so
useful AI work can graduate from chat into versioned, auditable automation.
GitHub Setup
Create a protected GitHub Environment:
vscode-marketplace
Recommended protection:
- require manual reviewer approval before deployment
- restrict deployment branches/tags after the process is stable
Add this repository secret:
VSCE_PAT
VSCE_PAT is transitional. Keep the publishing step isolated so it can move to
Microsoft Entra/workload identity before global Azure DevOps PAT retirement.
Workflows
Release gating and tag ownership are tracked separately in
ci-release-hardening.md. Marketplace publishing
should eventually be entered only through that promoted-release path, not by
manually pushing a v* tag.
.github/workflows/vscode-extension-ci.yml should run on extension and
vscodeagent changes. It should type-check the extension, build a Linux smoke
VSIX, verify package contents, smoke bin/contenox --version, and upload the
artifact.
.github/workflows/vscode-marketplace.yml should run on release tags and manual
dispatch. All target VSIX artifacts must build and pass package checks before
the final publish job starts.
Initial target matrix:
linux-x64linux-arm64darwin-arm64darwin-x64win32-x64
Local target package smoke:
CONTENOX_VSCODE_TARGET=linux-x64 npm run package
CONTENOX_VSCODE_TARGET=linux-x64 npm run package:check -- artifacts/contenox-runtime-linux-x64-<version>.vsix
Remote Development and Codespaces use the workspace extension host. Contenox is a workspace extension, so the bundled runtime must match the remote host, not the user’s desktop. A macOS desktop connected to a Linux SSH host, container, or Codespace must install/run a Linux-compatible Contenox runtime in that remote environment.
First Publish Steps
- Create the Visual Studio Marketplace publisher with ID
contenox. - Confirm
packages/vscode/package.jsonresolves tocontenox.contenox-runtime. - Add
VSCE_PATas a GitHub Actions secret. - Create and protect the
vscode-marketplaceGitHub environment. - Run
VS Code Marketplacemanually withpublish=false. - Download and inspect all target VSIX artifacts.
- Install and smoke-test at least
linux-x64,darwin-arm64, andwin32-x64. - Run the workflow manually with
publish=trueandpre_release=true. - Install from Marketplace and smoke setup, chat, autocomplete, and telemetry.
- Publish stable from a release tag after the pre-release is clean.
Release Checklist
- Publisher ID is
contenox - Publisher profile description uses the approved local-first workflow copy
- Extension ID is
contenox.contenox-runtime - Display name is
Contenox -
privateis absent frompackages/vscode/package.json -
pricingisFree - Marketplace icon is PNG
- README has no arbitrary SVG images or
http://links -
LICENSE,CHANGELOG.md,SUPPORT.md, andSECURITY.mdare packaged - each target VSIX contains exactly one native binary
- Unix target binary is executable
- Windows target binary is
bin/contenox.exe - no
src/**,node_modules/**, source maps,.env, or generated VSIXs - stable package has no
enabledApiProposals - setup works without
contenox serve - remote SSH/container/Codespaces smoke confirms Contenox runs in the workspace extension host
- remote package/runtime target matches the remote host platform and architecture
- file/tool/shell mutations require approval
- output and telemetry are local and inspectable
-
vscode-marketplaceenvironment requires approval - build jobs complete for every target before publish starts
- follow-up exists to migrate from PAT to Entra/workload identity
Automated Tests To Add
- Remote extension-host smoke with an installed VSIX in SSH/container/Codespaces
- Bridge JSON-RPC smoke for initialize, health, shutdown, and multiline payloads
- Generated VSIX install smoke in a temporary VS Code profile
- Generated VSIX install smoke in Remote SSH, WSL/container, or Codespaces
- Runtime config smoke using a temporary data directory
- Cross-platform
bin/contenox --versionsmoke - Maintainer-only provider integration tests using scoped secrets
Do not run real provider/API-key tests in public PR CI.
Automated Tests Added
- Extension Development Host smoke through
@vscode/test-cliand@vscode/test-electron - Contribution checks for command registration, workspace extension kind, walkthrough metadata, welcome content, and missing command-title duplication