feat(agent): add Claude Code-style agent, skills, slash-commands, hooks, todos, sandboxed workspace, and full-stack scaffolding

Adds Claude Code-inspired agent capabilities:
- Agent loop with tools (read/write/edit/glob/grep/bash/todos)
- Skills system (markdown skill files, runtime loading)
- Slash commands (/commit /review /feature /design /explain /test /refactor /skill /help)
- Hooks system (block-dangerous-rm, warn-debug-code, warn-secrets-in-code, warn-eval-exec)
- Sandboxed workspace with path-escape protection
- Todo lists (todo_write / todo_read / todo_update)
- Full-stack scaffolding skill
- No external SDK dependencies; no Next.js conversion

CLAUDE.md

@@ -0,0 +1,147 @@
+# SoniCoder — Project Memory
+
+> This file is the project's persistent memory. The agent reads it on every session.
+> Edit it freely — it overrides defaults.
+
+## What is SoniCoder?
+
+SoniCoder is a local-first AI coding agent that can:
+- Generate complete fullstack applications in any language/framework
+- Read, write, and edit files in a sandboxed workspace
+- Run shell commands (git, npm, pip, tests)
+- Apply specialized skills (frontend-design, feature-dev, code-review, debugging, fullstack-scaffold, commit-workflow)
+- Respond to slash commands (/commit, /review, /feature, /design, /explain, /test, /refactor, /skill, /help)
+- Deploy to HuggingFace Spaces with one click
+
+## Architecture
+
+```
+app.py                          ← Entry point: launches Gradio Server
+code/
+├── config/constants.py         ← App config, system prompt, language options
+├── model/
+│   ├── loader.py               ← Dual model loading (text + VLM)
+│   └── inference.py            ← Streaming inference (text + VLM)
+├── agent/__init__.py           ← Agent loop (model ↔ tools)
+├── tools/
+│   ├── fs.py                   ← read_file, write_file, edit_file, glob, grep, list_dir
+│   ├── bash.py                 ← Sandboxed shell execution
+│   └── todos.py                ← Todo list management
+├── skills/
+│   ├── __init__.py             ← Skill discovery + loading
+│   └── builtins/               ← Built-in skills (markdown)
+├── commands/
+│   ├── __init__.py             ← Slash command parser + expander
+│   └── builtins/               ← Built-in commands (markdown)
+├── hooks/
+│   ├── __init__.py             ← Hook rule engine
+│   └── builtins/               ← Built-in hook rules (markdown)
+├── execution/
+│   ├── code_extractor.py       ← Code extraction from model output
+│   ├── python_runner.py        ← Sandboxed Python execution
+│   └── gradio_runner.py        ← Gradio app subprocess runner
+├── huggingface/
+│   ├── dockerfile_gen.py       ← Auto Dockerfile/package.json for JS
+│   └── push.py                 ← HF Hub push + ZIP packaging
+├── websearch/google_scraper.py ← DuckDuckGo + Google scraping (no API)
+└── server/
+    ├── chat_helpers.py         ← Chat history + prompt building
+    └── routes.py               ← All HTTP + API endpoints
+index.html                      ← Frontend (single-file SPA)
+workspace/                      ← Sandboxed agent workspace (auto-created)
+```
+
+## Conventions
+
+- **Python**: 3.11+, type hints everywhere, `from __future__ import annotations`
+- **Style**: Black formatting, 4-space indent, 100 char line limit
+- **Docstrings**: Google style for modules, functions, classes
+- **Error handling**: catch specific exceptions, never bare `except:`
+- **Logging**: use `logging.getLogger(__name__)`, never `print()`
+- **Tests**: pytest, in `tests/` directory, `test_*.py` naming
+- **Frontend**: single-file HTML with inline CSS/JS, no build step
+
+## Server rules
+
+- All servers bind to `0.0.0.0` (never `localhost`)
+- Default port: `7860` (HF Spaces convention)
+- Sub-servers use `7861`, `7862`, etc.
+
+## Model
+
+- Default: `openbmb/MiniCPM5-1B` (text-only, 2.17 GB)
+- Optional: `openbmb/MiniCPM-V-4.6` (vision + text, 2.8 GB)
+- Loaded in background thread on startup
+- Streaming inference via `TextIteratorStreamer`
+
+## Tool call format
+
+The model calls tools by emitting fenced code blocks with `tool` as the language:
+
+```tool
+read_file
+path: src/app.py
+```
+
+Multi-line values use YAML block scalars:
+
+```tool
+write_file
+path: src/new.py
+content: |
+  import os
+  def main():
+      pass
+```
+
+## Slash commands
+
+| Command | Description |
+|---------|-------------|
+| `/commit` | Create a git commit with a generated message |
+| `/review` | Review current changes for bugs and quality |
+| `/feature <desc>` | Guided feature development workflow |
+| `/design <brief>` | Generate a distinctive frontend design |
+| `/explain <target>` | Explain how code works |
+| `/test <target>` | Generate tests |
+| `/refactor <target>` | Refactor code for clarity |
+| `/skill <name>` | Load and apply a skill |
+| `/help` | Show available commands and skills |
+
+## Skills
+
+| Skill | Description |
+|-------|-------------|
+| `frontend-design` | Distinctive visual design guidance |
+| `feature-dev` | Guided feature implementation workflow |
+| `code-review` | High-signal code review |
+| `debugging` | Systematic debugging workflow |
+| `fullstack-scaffold` | Project structure scaffolding rules |
+| `commit-workflow` | Git commit best practices |
+
+## Hooks
+
+Hooks are markdown rules that fire on events (`bash`, `file`, `prompt`, `stop`).
+They can `warn` (show a message) or `block` (prevent the action).
+
+Built-in hooks:
+- `block-dangerous-rm` — blocks `rm -rf /`, `~`, `$HOME`, `..`
+- `warn-debug-code` ��� warns on `console.log`, `debugger`, `print`, `alert`
+- `warn-secrets-in-code` — warns on hardcoded API_KEY/SECRET/TOKEN/PASSWORD
+- `warn-eval-exec` — warns on `eval()` and `exec()`
+
+Users can add custom hooks in `workspace/.sonicoder/hooks/*.local.md`.
+
+## Workspace
+
+The agent's sandboxed filesystem lives at `./workspace/` (configurable via
+`SONICODER_WORKSPACE` env var). All file tools refuse paths that escape this root.
+
+## Deploy
+
+Generated projects can be pushed to HuggingFace Spaces via the Deploy tab.
+Supported SDKs:
+- `static` — HTML/CSS/JS
+- `gradio` — Python Gradio apps
+- `streamlit` — Python Streamlit apps
+- `docker` — JS/TS frameworks (auto-generates Dockerfile + package.json)

README.md

@@ -17,23 +17,33 @@ hf_oauth_scopes:
 
 ## SoniCoder
 
-An AI-powered fullstack application generator running **entirely locally** with no external API dependencies. Powered by [MiniCPM5-1B](https://huggingface.co/openbmb/MiniCPM5-1B) (2.17 GB).
+An AI-powered **autonomous coding agent** running entirely locally with no external API dependencies. Powered by [MiniCPM5-1B](https://huggingface.co/openbmb/MiniCPM5-1B) (2.17 GB).
 
-### Features
+Inspired by [Claude Code](https://github.com/anthropics/claude-code), SoniCoder adds:
 
-- **Local Inference**: Uses MiniCPM5-1B running locally via `transformers` — no API keys needed
-- **Multi-Language Support**: Generate apps in Python, JavaScript, TypeScript, Java, Go, Rust, PHP, Ruby, C#, Swift, Kotlin, and more
-- **Framework Support**: Choose from popular frameworks like React, Vue, Flask, Django, Express, Spring Boot, and others
-- **Live Preview**: See generated web apps in a sandboxed iframe preview
-- **Code Execution**: Run generated Python code and see output
-- **Project Download**: Download generated projects as ZIP files
-- **HuggingFace Deploy**: Push generated projects directly to HuggingFace Spaces
+- 🤖 **Agent Loop** — model calls tools (read/write/edit/glob/grep/bash/todos) in a feedback loop
+- 🎯 **Skills System** — load markdown skill files at runtime (frontend-design, feature-dev, code-review, debugging, fullstack-scaffold, commit-workflow)
+- ⚡ **Slash Commands** — `/commit`, `/review`, `/feature`, `/design`, `/explain`, `/test`, `/refactor`, `/skill`, `/help`
+- 🪝 **Hooks System** — pre/post tool execution rules (block dangerous commands, warn on debug code/secrets)
+- 📁 **Sandboxed Workspace** — agent manipulates files in `./workspace/` (path-escape protected)
+- ✅ **Todo Lists** — track multi-step tasks Claude Code-style
+- 🚀 **HuggingFace Deploy** — push generated projects directly to HuggingFace Spaces
+
+### Features (original)
+
+- **Local Inference**: MiniCPM5-1B via `transformers` — no API keys
+- **Multi-Language**: Python, JavaScript, TypeScript, Java, Go, Rust, PHP, Ruby, C#, Swift, Kotlin
+- **Frameworks**: React, Vue, Next.js, Express, Flask, Django, FastAPI, Spring Boot, and more
+- **Live Preview**: sandboxed iframe preview of generated web apps
+- **Code Execution**: run generated Python and see output
+- **Project Download**: ZIP the generated project
+- **HuggingFace Deploy**: one-click push to HF Spaces (Static/Gradio/Streamlit/Docker)
 
 ### Supported Languages & Frameworks
 
 | Language | Frameworks |
 |----------|-----------|
-| Python | Flask, Django, FastAPI, Streamlit, Plain Python |
+| Python | Flask, Django, FastAPI, Streamlit, Gradio, Plain Python |
 | JavaScript | React, Vue.js, Next.js, Express.js, Node.js, Vanilla JS |
 | TypeScript | React, Next.js, Express.js, NestJS |
 | HTML/CSS/JS | Tailwind CSS, Bootstrap, Vanilla |
@@ -46,6 +56,58 @@ An AI-powered fullstack application generator running **entirely locally** with
 | Swift | Vapor, SwiftUI |
 | Kotlin | Ktor, Spring Boot |
 
+### Agent Tools
+
+The agent can call these tools (Claude Code-style):
+
+| Tool | Description |
+|------|-------------|
+| `read_file` | Read a file from the workspace |
+| `write_file` | Write content to a file |
+| `edit_file` | Replace text in a file (with uniqueness check) |
+| `multi_edit` | Apply multiple edits atomically |
+| `list_dir` | List directory contents |
+| `glob` | Find files matching a pattern |
+| `grep` | Search file contents with regex |
+| `bash` | Run a shell command (sandboxed) |
+| `todo_write` | Replace the todo list |
+| `todo_read` | Read the current todo list |
+| `todo_update` | Update a single todo |
+
+### Slash Commands
+
+| Command | Description |
+|---------|-------------|
+| `/commit [msg]` | Create a git commit with a generated message |
+| `/review [file]` | Review changes for bugs and quality |
+| `/feature <desc>` | Guided feature development |
+| `/design <brief>` | Generate a distinctive frontend design |
+| `/explain <target>` | Explain how code works |
+| `/test [target]` | Generate tests |
+| `/refactor <target>` | Refactor code for clarity |
+| `/skill <name>` | Load and apply a skill |
+| `/help` | Show available commands and skills |
+
+### Built-in Skills
+
+- **frontend-design** — distinctive visual design guidance (palette, typography, signature)
+- **feature-dev** — 7-phase guided feature implementation
+- **code-review** — high-signal review focusing on bugs and security
+- **debugging** — systematic 6-phase debugging workflow
+- **fullstack-scaffold** — project structure rules for any framework
+- **commit-workflow** — conventional commits best practices
+
+Add custom skills in `workspace/.sonicoder/skills/<name>/SKILL.md`.
+
+### Built-in Hooks
+
+- **block-dangerous-rm** — blocks `rm -rf /`, `~`, `$HOME`, `..`
+- **warn-debug-code** — warns on `console.log`, `debugger`, `print`, `alert`
+- **warn-secrets-in-code** — warns on hardcoded API_KEY/SECRET/TOKEN/PASSWORD
+- **warn-eval-exec** — warns on `eval()` and `exec()`
+
+Add custom hooks in `workspace/.sonicoder/hooks/<name>.local.md`.
+
 ### Local Run
 
 ```bash
@@ -53,16 +115,20 @@ pip install -r requirements.txt
 python app.py
 ```
 
-The model (MiniCPM5-1B, ~2.17 GB) will be automatically downloaded on first run.
+The model (MiniCPM5-1B, ~2.17 GB) downloads automatically on first run.
+
+### Project Memory
+
+The `CLAUDE.md` file at the project root is the agent's persistent memory. Edit it freely to override defaults and document project-specific conventions.
 
 ### HuggingFace Deploy
 
 1. Generate your application
-2. Go to the "Deploy" tab in the output panel
-3. Enter your HuggingFace repository name and token
-4. Select the Space SDK (Static, Gradio, Streamlit, or Docker)
+2. Go to the "Deploy" tab
+3. Sign in with HuggingFace OAuth (or paste a token)
+4. Select the Space SDK (Auto, Docker, Static, Gradio, Streamlit)
 5. Click "Push to HuggingFace"
 
 ### No External APIs
 
-This application does not use any external API calls. All model inference runs locally using the `transformers` library with MiniCPM5-1B.
+This application does not use any external API calls. All model inference runs locally using `transformers` with MiniCPM5-1B. Web search uses DuckDuckGo/Google HTML scraping (no API key).

code/agent/__init__.py

@@ -0,0 +1,572 @@
+"""Agent orchestration — Claude Code-style agent loop.
+
+The agent:
+1. Receives a user prompt
+2. Calls the model with available tools in system prompt
+3. Parses the model's response for tool calls
+4. Executes tools (with hooks checking)
+5. Feeds results back to the model
+6. Repeats until model stops calling tools or max iterations reached
+
+Tool call format (model outputs):
+```tool
+read_file
+path: src/app.py
+```
+
+Or multi-line:
+```tool
+write_file
+path: src/new.py
+content: |
+  import os
+  def main():
+      pass
+```
+
+The agent executes the tool, captures output, and feeds back as a
+user-style message in the next iteration.
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+import re
+from typing import Any, Iterator
+
+from code.commands import expand_command, parse_command_input
+from code.config.constants import SYSTEM_PROMPT
+from code.hooks import check_hook
+from code.skills import build_skills_context
+from code.tools import (
+    edit_file,
+    glob_paths,
+    grep_search,
+    list_dir,
+    multi_edit,
+    read_file,
+    run_bash,
+    todo_read,
+    todo_write,
+    todo_update,
+    write_file,
+)
+
+logger = logging.getLogger(__name__)
+
+# ─── Tool registry ──────────────────────────────────────────────────────
+
+TOOL_REGISTRY: dict[str, Any] = {
+    "read_file": read_file,
+    "write_file": write_file,
+    "edit_file": edit_file,
+    "multi_edit": multi_edit,
+    "list_dir": list_dir,
+    "glob": glob_paths,
+    "grep": grep_search,
+    "bash": run_bash,
+    "todo_read": todo_read,
+    "todo_write": todo_write,
+    "todo_update": todo_update,
+}
+
+
+def _tool_schemas() -> str:
+    """Return a description of all available tools for the system prompt."""
+    return """## Available Tools
+
+You have access to these tools. To call a tool, output a fenced block with `tool` as the language, the tool name on the first line, and parameters as `key: value` pairs (one per line). For multi-line values, use YAML `|` block syntax.
+
+### read_file
+Read a text file from the workspace.
+```
+read_file
+path: src/app.py
+```
+Optional: `offset` (1-indexed line to start from), `limit` (max lines).
+
+### write_file
+Write content to a file (creates parent dirs).
+```
+write_file
+path: src/new.py
+content: |
+  import os
+  def main():
+      print("hello")
+```
+
+### edit_file
+Replace text in a file.
+```
+edit_file
+path: src/app.py
+old_str: print("hello")
+new_str: print("goodbye")
+```
+Optional: `replace_all: true` to replace all occurrences.
+
+### multi_edit
+Apply multiple edits atomically.
+```
+multi_edit
+path: src/app.py
+edits: |
+  - old_str: "foo"
+    new_str: "bar"
+  - old_str: "baz"
+    new_str: "qux"
+```
+
+### list_dir
+List directory contents.
+```
+list_dir
+path: src
+```
+
+### glob
+Find files matching a pattern.
+```
+glob
+pattern: **/*.py
+path: .
+```
+
+### grep
+Search file contents with regex.
+```
+grep
+pattern: def main
+path: .
+include: *.py
+```
+Optional: `ignore_case: true`, `max_results: 50`.
+
+### bash
+Run a shell command (sandboxed to workspace).
+```
+bash
+command: npm test
+timeout: 30
+```
+Optional: `cwd`, `timeout` (default 30s).
+
+### todo_write
+Replace the entire todo list.
+```
+todo_write
+todos: |
+  - id: "1"
+    content: "Set up project structure"
+    status: "in_progress"
+    priority: "high"
+  - id: "2"
+    content: "Implement API endpoints"
+    status: "pending"
+    priority: "high"
+```
+
+### todo_read
+Read the current todo list. No parameters.
+
+### todo_update
+Update a single todo by id.
+```
+todo_update
+todo_id: "1"
+status: "completed"
+```
+
+## Rules
+
+- Call ONE tool per turn. Wait for the result before calling the next.
+- After tool results come back, summarize what you learned and decide the next step.
+- If you don't need a tool, just respond normally.
+- Use `todo_write` to track multi-step tasks.
+- Always use `read_file` before `edit_file` so you know the exact content.
+- Use `bash` for git, test running, and other shell tasks.
+"""
+
+
+# ─── Tool call parsing ──────────────────────────────────────────────────
+
+_TOOL_BLOCK_RE = re.compile(
+    r"```tool\s*\n(.*?)```",
+    re.DOTALL,
+)
+
+
+def _parse_yaml_block(text: str) -> dict[str, Any]:
+    """Parse a simple YAML-like block into a dict.
+
+    Supports:
+    - key: value (single line)
+    - key: | (multi-line block scalar)
+    - key: > (folded scalar)
+    - Nested lists with - item
+    """
+    result: dict[str, Any] = {}
+    lines = text.split("\n")
+    i = 0
+    while i < len(lines):
+        line = lines[i]
+        stripped = line.rstrip()
+        if not stripped or stripped.startswith("#"):
+            i += 1
+            continue
+
+        # Match key: value or key: | or key: >
+        m = re.match(r"^(\w+)\s*:\s*(.*)$", stripped)
+        if not m:
+            i += 1
+            continue
+
+        key = m.group(1)
+        value = m.group(2).strip()
+
+        if value in ("|", "|-", ">", ">-"):
+            # Multi-line block scalar — collect indented lines
+            collect: list[str] = []
+            i += 1
+            while i < len(lines):
+                next_line = lines[i]
+                if next_line.strip() == "" and i + 1 < len(lines) and not lines[i + 1].startswith(" "):
+                    break
+                if next_line.startswith("  ") or next_line.startswith("\t") or next_line.strip() == "":
+                    collect.append(next_line)
+                    i += 1
+                else:
+                    break
+            # Dedent
+            block = "\n".join(collect)
+            # Remove common leading whitespace
+            block = re.sub(r"^( {2}|\t)", "", block, flags=re.MULTILINE)
+            result[key] = block.rstrip()
+        else:
+            # Try parsing as JSON for complex values
+            if value.startswith("[") or value.startswith("{"):
+                try:
+                    result[key] = json.loads(value)
+                except json.JSONDecodeError:
+                    result[key] = value
+            else:
+                result[key] = value
+        i += 1
+
+    return result
+
+
+def _parse_tool_call(text: str) -> dict[str, Any] | None:
+    """Parse a single tool call block content into {tool, args}."""
+    lines = text.strip().split("\n", 1)
+    if not lines:
+        return None
+
+    tool_name = lines[0].strip()
+    if tool_name not in TOOL_REGISTRY:
+        return {"tool": tool_name, "error": f"Unknown tool: {tool_name}"}
+
+    args_block = lines[1] if len(lines) > 1 else ""
+    args = _parse_yaml_block(args_block)
+
+    # Type coercion for known int/bool fields
+    if "timeout" in args:
+        try:
+            args["timeout"] = int(args["timeout"])
+        except (ValueError, TypeError):
+            pass
+    if "offset" in args:
+        try:
+            args["offset"] = int(args["offset"])
+        except (ValueError, TypeError):
+            pass
+    if "limit" in args:
+        try:
+            args["limit"] = int(args["limit"])
+        except (ValueError, TypeError):
+            pass
+    if "replace_all" in args:
+        args["replace_all"] = str(args["replace_all"]).lower() in ("true", "1", "yes")
+    if "ignore_case" in args:
+        args["ignore_case"] = str(args["ignore_case"]).lower() in ("true", "1", "yes")
+    if "todos" in args and isinstance(args["todos"], str):
+        # Parse YAML list of todos
+        todos: list[dict[str, Any]] = []
+        for block in re.split(r"\n\s*-\s+", "\n" + args["todos"]):
+            if not block.strip():
+                continue
+            todo: dict[str, Any] = {}
+            for line in block.splitlines():
+                m = re.match(r"(\w+):\s*(.*)$", line.strip())
+                if m:
+                    val = m.group(2).strip()
+                    if m.group(1) in {"status", "priority"}:
+                        todo[m.group(1)] = val
+                    else:
+                        todo[m.group(1)] = val
+            if todo:
+                todos.append(todo)
+        args["todos"] = todos
+    if "edits" in args and isinstance(args["edits"], str):
+        # Parse YAML list of edits
+        edits: list[dict[str, str]] = []
+        for block in re.split(r"\n\s*-\s+", "\n" + args["edits"]):
+            if not block.strip():
+                continue
+            edit: dict[str, str] = {}
+            for line in block.splitlines():
+                m = re.match(r"(\w+):\s*(.*)$", line.strip())
+                if m:
+                    edit[m.group(1)] = m.group(2).strip()
+            if edit:
+                edits.append(edit)
+        args["edits"] = edits
+
+    return {"tool": tool_name, "args": args}
+
+
+def find_tool_calls(text: str) -> list[dict[str, Any]]:
+    """Find all tool call blocks in the model's output."""
+    calls: list[dict[str, Any]] = []
+    for match in _TOOL_BLOCK_RE.finditer(text):
+        parsed = _parse_tool_call(match.group(1))
+        if parsed:
+            calls.append(parsed)
+    return calls
+
+
+# ─── Tool execution with hooks ──────────────────────────────────────────
+
+def execute_tool(tool_name: str, args: dict[str, Any]) -> dict[str, Any]:
+    """Execute a single tool with hook checks."""
+    if tool_name not in TOOL_REGISTRY:
+        return {"success": False, "error": f"Unknown tool: {tool_name}"}
+
+    # Hook check
+    if tool_name == "bash":
+        hook_context = {"command": str(args.get("command", ""))}
+        hook_result = check_hook("bash", hook_context)
+    elif tool_name in {"write_file", "edit_file", "multi_edit"}:
+        hook_context = {
+            "file_path": str(args.get("path", "")),
+            "new_text": str(args.get("content", args.get("new_str", ""))),
+        }
+        hook_result = check_hook("file", hook_context)
+    else:
+        hook_result = {"blocked": False, "warnings": [], "matched_hooks": []}
+
+    if hook_result["blocked"]:
+        return {
+            "success": False,
+            "error": "Blocked by hook rule",
+            "hook_warnings": hook_result["warnings"],
+            "blocked": True,
+        }
+
+    try:
+        fn = TOOL_REGISTRY[tool_name]
+        result = fn(**args) if args else fn()
+        # Attach any warnings
+        if hook_result["warnings"]:
+            result["hook_warnings"] = hook_result["warnings"]
+        return result
+    except TypeError as exc:
+        return {"success": False, "error": f"Invalid arguments: {exc}"}
+    except Exception as exc:
+        logger.exception("Tool execution failed: %s", tool_name)
+        return {"success": False, "error": str(exc)}
+
+
+# ─── Agent loop ─────────────────────────────────────────────────────────
+
+MAX_ITERATIONS = 8
+
+
+def build_agent_system_prompt(
+    target_language: str = "",
+    target_framework: str = "",
+    skills: list[str] | None = None,
+) -> str:
+    """Build the system prompt with tool descriptions and skill context."""
+    parts = [
+        SYSTEM_PROMPT,
+        "",
+        _tool_schemas(),
+        "",
+        "## Agent Behavior",
+        "",
+        "- You are an autonomous coding agent. Use tools to inspect and modify the workspace.",
+        "- Always plan first with `todo_write` when given a multi-step task.",
+        "- Use `read_file` before `edit_file` to know exact content.",
+        "- After each tool result, briefly note what you learned before the next step.",
+        "- When done, give a concise summary of what you did and what files changed.",
+        "- If a hook warns you, acknowledge it and adjust your approach.",
+    ]
+
+    if target_language or target_framework:
+        parts.append("")
+        parts.append(f"Target: {target_language}" + (f" / {target_framework}" if target_framework else ""))
+
+    skills_ctx = build_skills_context(skills)
+    if skills_ctx:
+        parts.append("")
+        parts.append("## Skills Loaded")
+        parts.append("")
+        parts.append(skills_ctx)
+
+    return "\n".join(parts)
+
+
+def run_agent(
+    user_input: str,
+    history: list[dict[str, str]] | None = None,
+    target_language: str = "",
+    target_framework: str = "",
+    skills: list[str] | None = None,
+    search_context: str = "",
+    image_url: str | None = None,
+) -> Iterator[dict[str, Any]]:
+    """Run the agent loop. Yields events as dict.
+
+    Events:
+    - {type: "status", status_text, status_state, ...}
+    - {type: "tool_call", tool, args, result}
+    - {type: "streaming", content, ...}
+    - {type: "complete", content, ...}
+    - {type: "error", message, ...}
+    """
+    from code.model.inference import call_model
+    from code.model.loader import get_model_status, is_model_loaded
+
+    history = history or []
+
+    # Check for slash command
+    cmd_name, cmd_args = parse_command_input(user_input)
+    if cmd_name:
+        expansion = expand_command(cmd_name, cmd_args)
+        if expansion.get("success"):
+            # Replace user input with expanded command
+            user_input = expansion["prompt"]
+            yield {
+                "type": "status",
+                "status_text": f"Running /{cmd_name} command...",
+                "status_state": "working",
+            }
+        else:
+            yield {
+                "type": "error",
+                "message": expansion.get("error", "Unknown command"),
+                "available": expansion.get("available", []),
+            }
+            return
+
+    # Hook check on user prompt
+    prompt_hook = check_hook("prompt", {"user_prompt": user_input})
+    if prompt_hook["blocked"]:
+        yield {
+            "type": "error",
+            "message": "Prompt blocked by hook rule",
+            "warnings": prompt_hook["warnings"],
+        }
+        return
+
+    # Model status
+    if not is_model_loaded():
+        status = get_model_status()
+        yield {
+            "type": "error",
+            "message": status["message"],
+        }
+        return
+
+    # Build system prompt
+    system_prompt = build_agent_system_prompt(target_language, target_framework, skills)
+
+    # Add search context if present
+    if search_context:
+        user_input = f"{user_input}\n\n--- Web Search Results ---\n{search_context}"
+
+    # Build messages
+    messages: list[dict[str, Any]] = [{"role": "system", "content": system_prompt}]
+    for h in history:
+        role = h.get("role", "user")
+        content = str(h.get("content", "")).strip()
+        if role in {"user", "assistant"} and content:
+            messages.append({"role": role, "content": content})
+    messages.append({"role": "user", "content": user_input})
+
+    # Agent loop
+    for iteration in range(MAX_ITERATIONS):
+        yield {
+            "type": "status",
+            "status_text": f"Thinking... (step {iteration + 1})",
+            "status_state": "working",
+            "iteration": iteration + 1,
+        }
+
+        # Call model
+        full_response = ""
+        for partial in call_model(messages, image_url=image_url):
+            full_response = partial
+            yield {
+                "type": "streaming",
+                "content": partial,
+                "iteration": iteration + 1,
+            }
+
+        if not full_response:
+            yield {"type": "error", "message": "Empty model response"}
+            return
+
+        # Check for tool calls
+        tool_calls = find_tool_calls(full_response)
+
+        if not tool_calls:
+            # No tools called — final response
+            yield {
+                "type": "complete",
+                "content": full_response,
+                "iterations": iteration + 1,
+            }
+            return
+
+        # Execute each tool call in order
+        for tc in tool_calls:
+            tool_name = tc.get("tool")
+            args = tc.get("args", {})
+
+            if "error" in tc:
+                # Unknown tool
+                tool_result = {"success": False, "error": tc["error"]}
+            else:
+                yield {
+                    "type": "tool_call",
+                    "tool": tool_name,
+                    "args": args,
+                    "iteration": iteration + 1,
+                }
+                tool_result = execute_tool(tool_name, args)
+
+            yield {
+                "type": "tool_result",
+                "tool": tool_name,
+                "result": tool_result,
+                "iteration": iteration + 1,
+            }
+
+            # Feed result back to model
+            result_str = json.dumps(tool_result, indent=2, default=str)
+            messages.append({"role": "assistant", "content": full_response})
+            messages.append({
+                "role": "user",
+                "content": f"Tool `{tool_name}` result:\n```json\n{result_str}\n```\n\nContinue with the next step or finish if done.",
+            })
+
+    # Max iterations reached
+    yield {
+        "type": "complete",
+        "content": full_response + "\n\n_(Max iterations reached)_",
+        "iterations": MAX_ITERATIONS,
+    }

code/commands/__init__.py

@@ -0,0 +1,148 @@
+"""Slash commands system — Claude Code-style.
+
+Commands are markdown files with YAML frontmatter that define
+prompt templates triggered by `/command` syntax.
+
+Built-in commands live in code/commands/builtins/.
+User commands live in workspace's .sonicoder/commands/.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import re
+from typing import Any
+
+from code.skills import _parse_frontmatter
+
+logger = logging.getLogger(__name__)
+
+_BUILTIN_COMMANDS_DIR = os.path.join(os.path.dirname(__file__), "builtins")
+_USER_COMMANDS_DIRNAME = ".sonicoder/commands"
+
+
+def _command_dirs() -> list[str]:
+    dirs = [_BUILTIN_COMMANDS_DIR]
+    try:
+        from code.tools.fs import get_workspace_root
+        user_dir = os.path.join(get_workspace_root(), _USER_COMMANDS_DIRNAME)
+        if os.path.isdir(user_dir):
+            dirs.append(user_dir)
+    except Exception:
+        pass
+    return dirs
+
+
+def _load_command(filepath: str) -> dict[str, Any] | None:
+    try:
+        with open(filepath, "r", encoding="utf-8") as f:
+            content = f.read()
+    except Exception as exc:
+        logger.warning("Failed to read %s: %s", filepath, exc)
+        return None
+
+    meta, body = _parse_frontmatter(content)
+    name = meta.get("name") or os.path.splitext(os.path.basename(filepath))[0]
+    return {
+        "name": name,
+        "description": meta.get("description", ""),
+        "argument_hint": meta.get("argument-hint", ""),
+        "allowed_tools": [t.strip() for t in meta.get("allowed-tools", "").split(",") if t.strip()],
+        "body": body.strip(),
+        "path": filepath,
+    }
+
+
+def list_commands() -> list[dict[str, Any]]:
+    """List all available slash commands."""
+    commands: list[dict[str, Any]] = []
+    seen: set[str] = set()
+
+    for cmds_dir in _command_dirs():
+        if not os.path.isdir(cmds_dir):
+            continue
+        for entry in sorted(os.listdir(cmds_dir)):
+            if not entry.endswith(".md"):
+                continue
+            filepath = os.path.join(cmds_dir, entry)
+            cmd = _load_command(filepath)
+            if cmd and cmd["name"] not in seen:
+                seen.add(cmd["name"])
+                commands.append({
+                    "name": cmd["name"],
+                    "description": cmd["description"],
+                    "argument_hint": cmd["argument_hint"],
+                })
+    return commands
+
+
+def get_command(name: str) -> dict[str, Any] | None:
+    """Get full command content by name."""
+    for cmds_dir in _command_dirs():
+        if not os.path.isdir(cmds_dir):
+            continue
+        # Try name.md and name/something.md
+        direct = os.path.join(cmds_dir, f"{name}.md")
+        if os.path.isfile(direct):
+            return _load_command(direct)
+        # Try subdirectory: name/command.md
+        if os.path.isdir(os.path.join(cmds_dir, name)):
+            for entry in os.listdir(os.path.join(cmds_dir, name)):
+                if entry.endswith(".md"):
+                    return _load_command(os.path.join(cmds_dir, name, entry))
+    return None
+
+
+def parse_command_input(user_input: str) -> tuple[str | None, str]:
+    """Parse a user input string for a slash command.
+
+    Returns (command_name, arguments) or (None, user_input) if not a command.
+    """
+    stripped = user_input.strip()
+    if not stripped.startswith("/"):
+        return None, user_input
+
+    # Match /command-name or /namespace:command
+    match = re.match(r"^/([a-zA-Z][\w:-]*)\s*(.*)$", stripped, re.DOTALL)
+    if not match:
+        return None, user_input
+
+    return match.group(1), match.group(2).strip()
+
+
+def expand_command(name: str, arguments: str = "") -> dict[str, Any]:
+    """Expand a slash command into a full prompt for the model.
+
+    Replaces $ARGUMENTS placeholder with the user-provided arguments.
+    """
+    cmd = get_command(name)
+    if not cmd:
+        return {
+            "success": False,
+            "error": f"Unknown command: /{name}",
+            "available": [c["name"] for c in list_commands()],
+        }
+
+    body = cmd["body"]
+    # Replace $ARGUMENTS
+    expanded = body.replace("$ARGUMENTS", arguments)
+
+    # Also support bash-style $(cmd) execution for context blocks (like Claude Code)
+    # e.g. !`git status` becomes the output of `git status`
+    from code.tools.bash import run_bash
+
+    def _exec_bash(match: re.Match) -> str:
+        cmd_str = match.group(1)
+        result = run_bash(cmd_str, timeout=10)
+        return result.get("stdout", "") + result.get("stderr", "")
+
+    expanded = re.sub(r"!`([^`]+)`", _exec_bash, expanded)
+
+    return {
+        "success": True,
+        "name": cmd["name"],
+        "description": cmd["description"],
+        "prompt": expanded,
+        "allowed_tools": cmd["allowed_tools"],
+    }

code/commands/builtins/commit.md

@@ -0,0 +1,25 @@
+---
+name: commit
+description: Create a git commit with a generated message
+argument-hint: Optional commit message override
+---
+## Context
+
+- Current git status: !`git status`
+- Current git diff (staged and unstaged changes): !`git diff HEAD`
+- Current branch: !`git branch --show-current`
+- Recent commits: !`git log --oneline -10`
+
+## Your task
+
+Based on the above changes, create a single git commit.
+
+Write a clean commit message in conventional-commits format:
+- Type: feat, fix, docs, style, refactor, perf, test, chore
+- Subject: imperative mood, lowercase, under 72 chars, no period
+- Optional body explaining WHY (not what)
+
+If $ARGUMENTS is provided, use it as the commit message.
+
+Stage the relevant files and commit using a heredoc to preserve formatting.
+Do not use any other tools or do anything else. Do not send any other text besides these tool calls.

code/commands/builtins/design.md

@@ -0,0 +1,49 @@
+---
+name: design
+description: Generate a distinctive frontend design — palette, typography, layout, signature
+argument-hint: Design brief (subject, audience, mood)
+---
+# Frontend Design
+
+Brief: $ARGUMENTS
+
+You are the design lead at a small studio known for giving every client a visual identity that could not be mistaken for anyone else's.
+
+## Step 1: Pin the subject
+
+If the brief doesn't pin down what the product is, do it yourself:
+- Name one concrete subject
+- Its audience
+- The page's single job
+
+## Step 2: Design tokens
+
+Output a compact token system:
+
+### Color (4-6 named hex values)
+- Background, foreground, accent, muted, border, etc.
+
+### Typography (2+ faces)
+- Display face (used with restraint)
+- Body face
+- Optional utility face for captions/data
+
+### Layout
+- One-sentence concept
+- ASCII wireframe
+
+### Signature
+- The single unique element this page will be remembered by
+
+## Step 3: Build
+
+After the design plan, generate the complete HTML/CSS/JS in a single self-contained file (or multi-file @@FILE: project if appropriate).
+
+Rules:
+- Mobile responsive (html/body margin:0, 100% width)
+- Visible keyboard focus states
+- Respect `prefers-reduced-motion`
+- Take ONE real aesthetic risk you can justify
+- Cut any decoration that doesn't serve the brief
+
+Output the design plan first, then the code.

code/commands/builtins/explain.md

@@ -0,0 +1,32 @@
+---
+name: explain
+description: Explain how the current codebase or a specific file works
+argument-hint: File path or "codebase"
+---
+# Explain
+
+Target: $ARGUMENTS
+
+Explain the code clearly and concisely.
+
+If target is "codebase" or empty:
+1. Use `list_dir` to map the project structure
+2. Identify the entry point (app.py, main.py, index.js, etc.)
+3. Read the entry point and key modules
+4. Produce a high-level architecture summary
+
+If target is a file path:
+1. `read_file` the target
+2. Read any files it imports/requires (one level deep)
+3. Explain:
+   - What the file does
+   - Its main functions/classes
+   - How it fits into the larger project
+   - Any non-obvious patterns or gotchas
+
+Format your explanation for a developer who is new to this code. Use:
+- Short paragraphs for prose
+- Code snippets for examples
+- A "Key takeaways" list at the end
+
+Don't editorialize — describe what's there, not what should be.

code/commands/builtins/feature.md

@@ -0,0 +1,65 @@
+---
+name: feature
+description: Guided feature development — understand, design, then implement
+argument-hint: Feature description
+---
+# Feature Development
+
+Initial request: $ARGUMENTS
+
+You are helping a developer implement a new feature. Follow a systematic approach.
+
+## Phase 1: Discovery
+
+If the feature is unclear, ask the user:
+- What problem are they solving?
+- What should the feature do?
+- Any constraints or requirements?
+
+## Phase 2: Codebase Exploration
+
+Use `list_dir` and `glob` to map the project, then `grep` and `read_file` to find:
+- Similar existing features
+- Architecture patterns
+- Naming conventions
+- Test patterns
+
+## Phase 3: Clarifying Questions
+
+Present ALL clarifying questions to the user before designing. Cover:
+- Edge cases
+- Error handling
+- Integration points
+- Scope boundaries
+- Backward compatibility
+
+Wait for answers before proceeding.
+
+## Phase 4: Architecture Design
+
+Design the implementation:
+- Files to create/modify
+- Component responsibilities
+- Data flow
+- Build sequence
+
+Present to user with trade-offs. **Ask for approval.**
+
+## Phase 5: Implementation
+
+After approval:
+1. Create a todo list with `todo_write`
+2. Read all relevant files
+3. Implement following codebase conventions
+4. Update todos as you progress
+
+## Phase 6: Quality Review
+
+Self-review for:
+- Bugs / functional correctness
+- Simplicity / DRY
+- Project conventions
+
+## Phase 7: Summary
+
+Summarize what was built, decisions made, files modified, and next steps.

code/commands/builtins/help.md

@@ -0,0 +1,25 @@
+---
+name: help
+description: Show available commands and skills
+argument-hint: Optional command name to get help for
+---
+# Help
+
+If $ARGUMENTS is empty, list all available slash commands and skills with brief descriptions.
+
+If $ARGUMENTS is a command or skill name, show its full description and usage.
+
+Format:
+
+```
+## Commands
+/command-name — Description
+...
+
+## Skills
+skill-name — Description
+...
+
+Type /command for any command above.
+Type /skill <skill-name> to load skill instructions.
+```

code/commands/builtins/refactor.md

@@ -0,0 +1,39 @@
+---
+name: refactor
+description: Refactor code for clarity, simplicity, and maintainability
+argument-hint: File path or "current changes"
+---
+# Refactor
+
+Target: $ARGUMENTS
+
+Refactor the specified code without changing its behavior.
+
+## Process
+
+1. `read_file` the target.
+2. Identify smells:
+   - Duplicated code (extract function/component)
+   - Long functions (split into smaller ones)
+   - Deep nesting (early returns, guard clauses)
+   - Unclear names (rename to reveal intent)
+   - Magic numbers (extract constants)
+   - Mixed concerns (separate responsibilities)
+   - Dead code (remove)
+3. Plan changes — show the user before applying if the refactor is significant.
+4. Apply changes with `edit_file` or `write_file`.
+5. Verify nothing broke: run tests with `bash` if available.
+
+## Rules
+
+- **Behavior-preserving**: the refactored code must produce the same output for the same input.
+- **One refactor at a time**: don't mix 5 changes into one edit.
+- **Match conventions**: follow the surrounding code style.
+- **Update names everywhere**: don't leave stale references.
+- **Test after each significant change**.
+
+Don't refactor for refactoring's sake. Only refactor when:
+- The code is hard to read
+- The code is hard to change
+- The code has bugs you're about to fix anyway
+- The user explicitly asked

code/commands/builtins/review.md

@@ -0,0 +1,50 @@
+---
+name: review
+description: Review the current changes for bugs and quality issues
+argument-hint: Optional file or PR to review
+---
+## Review Task
+
+Review the current code changes for quality and correctness.
+
+If $ARGUMENTS is provided, review that specific file or changeset.
+Otherwise, review the current `git diff HEAD`.
+
+## Process
+
+1. Use `bash` to get the diff:
+   - If arguments given and it's a file: `git diff HEAD -- $ARGUMENTS`
+   - Otherwise: `git diff HEAD`
+
+2. Read each changed file fully with `read_file` for context.
+
+3. Apply the code-review skill — focus on HIGH SIGNAL issues only:
+   - Bugs that will cause incorrect behavior
+   - Security issues (hardcoded secrets, injection, path traversal)
+   - Syntax/type errors
+   - Clear convention violations
+
+4. Do NOT flag:
+   - Subjective style preferences
+   - Potential issues that depend on specific inputs
+   - Pedantic nitpicks
+
+5. Output your review in this format:
+
+```
+## Code Review
+
+### Critical
+- `file:line` — Description and fix
+
+### High
+- `file:line` — Description and fix
+
+### Medium
+- `file:line` — Description and fix
+
+### Summary
+Brief overall assessment.
+```
+
+If no issues: state "No issues found. Checked for bugs, security, and conventions."

code/commands/builtins/skill.md

@@ -0,0 +1,12 @@
+---
+name: skill
+description: Load and apply a specific skill
+argument-hint: Skill name
+---
+# Skill Invocation
+
+Loading skill: $ARGUMENTS
+
+The skill instructions have been loaded into context. Apply them to the current task.
+
+If the user provided additional context after the skill name, treat it as the task brief.

code/commands/builtins/test.md

@@ -0,0 +1,39 @@
+---
+name: test
+description: Generate tests for the current code or a specific file
+argument-hint: File path or test framework
+---
+# Test Generation
+
+Target: $ARGUMENTS
+
+Generate tests for the specified file or the current changes.
+
+## Process
+
+1. If a file path is given, `read_file` it. Otherwise use `bash` to get `git diff HEAD` and identify changed files.
+
+2. Identify the test framework in use:
+   - Python: pytest (preferred), unittest
+   - JavaScript: vitest, jest, mocha
+   - Check `package.json` or `requirements.txt` for hints
+
+3. Read existing tests in the `tests/` or `__tests__/` directory to match style.
+
+4. Generate tests that cover:
+   - Happy path (typical usage)
+   - Edge cases (empty input, boundary values)
+   - Error cases (invalid input, network failures)
+   - Integration points (if applicable)
+
+5. Write the test file to the appropriate location using `write_file`.
+
+6. Run the tests with `bash` to verify they pass.
+
+## Rules
+
+- One test file per source file (e.g. `src/auth.py` → `tests/test_auth.py`)
+- Use descriptive test names: `test_user_can_login_with_valid_credentials`
+- Arrange-Act-Assert pattern
+- Don't test the framework — test your code's behavior
+- Mock external dependencies (network, filesystem, time) when flaky

code/config/constants.py

@@ -80,22 +80,27 @@ LANGUAGE_MAP: dict[str, list[str]] = {lang: frameworks for lang, frameworks in L
 
 # ─── System Prompt ───────────────────────────────────────────────────────
 
-SYSTEM_PROMPT = """You are a code generator. Output ONLY the code. No thinking, no explanation, no commentary.
+SYSTEM_PROMPT = """You are SoniCoder — an autonomous coding agent that can write full-stack applications, manipulate files, run shell commands, and apply skills.
+
+CAPABILITIES:
+- Generate complete, runnable applications in any language/framework
+- Read, write, and edit files in a sandboxed workspace
+- Run shell commands (git, npm, pip, tests) via the bash tool
+- Track multi-step tasks with the todo system
+- Apply specialized skills (frontend-design, feature-dev, code-review, debugging, fullstack-scaffold, commit-workflow)
+- Respond to slash commands: /commit, /review, /feature, /design, /explain, /test, /refactor, /skill, /help
 
 CRITICAL RULES:
-- Do NOT use <think> or <thinking> tags. Do NOT reason aloud. Just output code directly.
-- Do NOT write explanations before or after code. Just output the code.
-- If you must explain something, keep it to ONE short sentence.
-
-When the user asks you to build an application:
-1. Generate complete, working code - not snippets or pseudocode
-2. Include all necessary files for the project to run
-3. Add proper error handling and comments
-4. For web apps, make the UI responsive and modern
-5. For Gradio apps, use gradio library and create a complete working app with gr.Interface or gr.Blocks
-
-FILE OUTPUT FORMAT - IMPORTANT:
-When generating multi-file projects, wrap each file in this format:
+- Do NOT use <think> or <thinking> tags. Do NOT reason aloud.
+- For multi-step tasks, ALWAYS create a todo list first with `todo_write`.
+- Read files before editing them — `read_file` then `edit_file`.
+- Match the codebase's existing style and conventions.
+- After tool calls, briefly note what you learned before the next step.
+- When done, give a concise summary of what changed.
+
+WHEN GENERATING CODE (without tools):
+
+FILE OUTPUT FORMAT for multi-file projects:
 @@FILE: path/to/file.ext@@
 (file content here)
 @@FILE: path/to/another/file.ext@@
@@ -109,30 +114,37 @@ For single-file code, use standard markdown fenced blocks:
 ```typescript for TypeScript
 etc.
 
-JAVASCRIPT / TYPESCRIPT PROJECTS:
-For React, Next.js, Vue.js, Express, NestJS, or any JS/TS framework:
-- ALWAYS use the @@FILE: multi-file format
-- Include a package.json with name, version, scripts, and dependencies
-- Include all source files (src/App.jsx, src/index.js, etc.)
+FULLSTACK PROJECT RULES:
+- For React, Next.js, Vue.js, Express, NestJS, or any JS/TS framework: ALWAYS use @@FILE: multi-file format
+- Include package.json with name, version, scripts, and dependencies
 - For React+Vite: include vite.config.js and index.html
 - For Next.js: include next.config.js with output: 'standalone'
-- For Express: main entry is index.js with app.listen(7860)
+- For Express: main entry is index.js with app.listen(7860, '0.0.0.0')
 - Server ports MUST be 7860 and bind to 0.0.0.0
 - Do NOT include node_modules or lock files
+- For Python web apps: use gradio/flask/fastapi/streamlit as appropriate
 
-When generating web apps with HTML/CSS/JS, return a single self-contained HTML document with all CSS and JavaScript inline. Make the page fully responsive: html/body at margin:0 and 100% width/height, use flexbox/grid layouts, and size any canvas to its container.
+WEB APP RULES (HTML/CSS/JS):
+- Return a single self-contained HTML document with all CSS and JavaScript inline
+- Make the page fully responsive: html/body at margin:0 and 100% width/height
+- Use flexbox/grid layouts; size any canvas to its container
+- Respect prefers-reduced-motion
+- Include visible keyboard focus states
 
-When generating Gradio apps, create a complete app.py with:
+GRADIO APP RULES:
 - import gradio as gr
-- Define the interface using gr.Interface() or gr.Blocks()
+- Use gr.Interface() or gr.Blocks()
 - Call iface.launch(server_name="0.0.0.0", server_port=7860) at the end
-- Include all necessary processing logic inline
-
-For Python, prefer standard library or common packages. Do not use network calls, subprocesses, shell commands, or long-running loops in demo code (except Gradio apps which are server-based).
+- Include all processing logic inline
 
-If web search results are provided in the context, use them to inform your code generation. Incorporate relevant information from the search results into the generated code.
+PYTHON RULES:
+- Prefer standard library or common packages
+- Do not use network calls, subprocesses, or long-running loops in demo code
+- Add proper error handling and comments
 
-If the user provides an image, analyze it and generate code based on what you see in the image. For example: replicate a UI from a screenshot, generate code from a wireframe, or build an app described in a document.
+If web search results are provided, use them to inform your code generation.
+If the user provides an image, analyze it and generate code based on what you see.
+If a hook warns you, acknowledge it and adjust your approach.
 """
 
 # ─── Example Prompts ────────────────────────────────────────────────────

code/hooks/__init__.py

@@ -0,0 +1,242 @@
+"""Hooks system — pre/post tool execution rules.
+
+Inspired by Claude Code's hookify plugin. Rules are markdown files
+with YAML frontmatter that define:
+- event: bash | file | prompt | stop | all
+- pattern: regex to match
+- action: warn | block
+- message: shown to the user/agent when triggered
+
+Rules are discovered from:
+- code/hooks/builtins/  (built-in rules)
+- workspace/.sonicoder/hooks/  (user rules)
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import re
+from typing import Any
+
+from code.skills import _parse_frontmatter
+
+logger = logging.getLogger(__name__)
+
+_BUILTIN_HOOKS_DIR = os.path.join(os.path.dirname(__file__), "builtins")
+_USER_HOOKS_DIRNAME = ".sonicoder/hooks"
+
+
+def _hook_dirs() -> list[str]:
+    dirs = [_BUILTIN_HOOKS_DIR]
+    try:
+        from code.tools.fs import get_workspace_root
+        user_dir = os.path.join(get_workspace_root(), _USER_HOOKS_DIRNAME)
+        if os.path.isdir(user_dir):
+            dirs.append(user_dir)
+    except Exception:
+        pass
+    return dirs
+
+
+def _load_hook(filepath: str) -> dict[str, Any] | None:
+    try:
+        with open(filepath, "r", encoding="utf-8") as f:
+            content = f.read()
+    except Exception:
+        return None
+
+    meta, body = _parse_frontmatter(content)
+
+    name = meta.get("name", os.path.splitext(os.path.basename(filepath))[0])
+    enabled = meta.get("enabled", "true").lower() == "true"
+    event = meta.get("event", "all").lower()
+    action = meta.get("action", "warn").lower()
+    pattern = meta.get("pattern", "")
+    conditions_raw = meta.get("conditions", "")
+
+    # Parse conditions (simplified — actual hookify uses YAML lists)
+    conditions: list[dict[str, str]] = []
+    if conditions_raw:
+        # Very rough parse: each "- field: x\n  operator: y\n  pattern: z"
+        for block in re.split(r"(?=\n-\s+field:)", "\n" + conditions_raw):
+            field_m = re.search(r"field:\s*(\S+)", block)
+            op_m = re.search(r"operator:\s*(\S+)", block)
+            pat_m = re.search(r"pattern:\s*(.+?)(?=\n\s*$|\n\s*-|\Z)", block, re.DOTALL)
+            if field_m and op_m and pat_m:
+                conditions.append({
+                    "field": field_m.group(1),
+                    "operator": op_m.group(1),
+                    "pattern": pat_m.group(1).strip(),
+                })
+
+    return {
+        "name": name,
+        "enabled": enabled,
+        "event": event,
+        "action": action,
+        "pattern": pattern,
+        "conditions": conditions,
+        "message": body.strip(),
+        "path": filepath,
+    }
+
+
+def list_hooks() -> list[dict[str, Any]]:
+    """List all hooks (metadata only)."""
+    hooks: list[dict[str, Any]] = []
+    seen: set[str] = set()
+
+    for hooks_dir in _hook_dirs():
+        if not os.path.isdir(hooks_dir):
+            continue
+        for entry in sorted(os.listdir(hooks_dir)):
+            if not entry.endswith(".md"):
+                continue
+            filepath = os.path.join(hooks_dir, entry)
+            hook = _load_hook(filepath)
+            if hook and hook["name"] not in seen:
+                seen.add(hook["name"])
+                hooks.append({
+                    "name": hook["name"],
+                    "enabled": hook["enabled"],
+                    "event": hook["event"],
+                    "action": hook["action"],
+                    "pattern": hook["pattern"],
+                })
+    return hooks
+
+
+def _match_condition(condition: dict[str, str], context: dict[str, Any]) -> bool:
+    """Check if a single condition matches."""
+    field = condition.get("field", "")
+    operator = condition.get("operator", "regex_match")
+    pattern = condition.get("pattern", "")
+
+    value = str(context.get(field, ""))
+
+    if operator == "regex_match":
+        return bool(re.search(pattern, value))
+    elif operator == "contains":
+        return pattern in value
+    elif operator == "equals":
+        return value == pattern
+    elif operator == "not_contains":
+        return pattern not in value
+    elif operator == "starts_with":
+        return value.startswith(pattern)
+    elif operator == "ends_with":
+        return value.endswith(pattern)
+    return False
+
+
+def _match_hook(hook: dict[str, Any], event: str, context: dict[str, Any]) -> bool:
+    """Check if a hook matches the given event and context."""
+    if not hook["enabled"]:
+        return False
+    if hook["event"] != "all" and hook["event"] != event:
+        return False
+
+    # Simple pattern match (single pattern)
+    if hook["pattern"]:
+        # For bash event, match against command
+        target = str(context.get("command", context.get("file_path", context.get("user_prompt", ""))))
+        if not re.search(hook["pattern"], target):
+            return False
+
+    # Multi-condition match (all conditions must match)
+    if hook["conditions"]:
+        for cond in hook["conditions"]:
+            if not _match_condition(cond, context):
+                return False
+
+    return True
+
+
+def check_hook(event: str, context: dict[str, Any]) -> dict[str, Any]:
+    """Check all hooks for an event.
+
+    Args:
+        event: One of 'bash', 'file', 'prompt', 'stop', 'all'
+        context: Dict with relevant fields (command, file_path, new_text, user_prompt, etc.)
+
+    Returns:
+        dict with:
+        - blocked: bool — whether the action should be blocked
+        - warnings: list of warning messages to show
+        - matched_hooks: list of hook names that matched
+    """
+    warnings: list[str] = []
+    matched: list[str] = []
+    blocked = False
+
+    for hooks_dir in _hook_dirs():
+        if not os.path.isdir(hooks_dir):
+            continue
+        for entry in sorted(os.listdir(hooks_dir)):
+            if not entry.endswith(".md"):
+                continue
+            filepath = os.path.join(hooks_dir, entry)
+            hook = _load_hook(filepath)
+            if not hook:
+                continue
+            if _match_hook(hook, event, context):
+                matched.append(hook["name"])
+                if hook["action"] == "block":
+                    blocked = True
+                    warnings.append(f"🛑 BLOCKED by rule '{hook['name']}':\n\n{hook['message']}")
+                else:
+                    warnings.append(f"⚠️ Warning from rule '{hook['name']}':\n\n{hook['message']}")
+
+    return {
+        "blocked": blocked,
+        "warnings": warnings,
+        "matched_hooks": matched,
+    }
+
+
+def create_hook(
+    name: str,
+    event: str,
+    pattern: str,
+    action: str = "warn",
+    message: str = "",
+    enabled: bool = True,
+) -> dict[str, Any]:
+    """Create a new user hook (saved to workspace/.sonicoder/hooks/)."""
+    try:
+        from code.tools.fs import get_workspace_root
+        hooks_dir = os.path.join(get_workspace_root(), _USER_HOOKS_DIRNAME)
+        os.makedirs(hooks_dir, exist_ok=True)
+
+        filepath = os.path.join(hooks_dir, f"{name}.local.md")
+        content = f"""---
+name: {name}
+enabled: {str(enabled).lower()}
+event: {event}
+pattern: {pattern}
+action: {action}
+---
+
+{message}
+"""
+        with open(filepath, "w", encoding="utf-8") as f:
+            f.write(content)
+
+        return {"success": True, "name": name, "path": filepath}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+def delete_hook(name: str) -> dict[str, Any]:
+    """Delete a user hook by name."""
+    try:
+        from code.tools.fs import get_workspace_root
+        hooks_dir = os.path.join(get_workspace_root(), _USER_HOOKS_DIRNAME)
+        filepath = os.path.join(hooks_dir, f"{name}.local.md")
+        if os.path.exists(filepath):
+            os.remove(filepath)
+            return {"success": True, "name": name}
+        return {"success": False, "error": f"Hook not found: {name}"}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}

code/hooks/builtins/block-dangerous-rm.local.md

@@ -0,0 +1,16 @@
+---
+name: block-dangerous-rm
+enabled: true
+event: bash
+pattern: rm\s+-rf\s+(/|~|\$HOME|\.\.)
+action: block
+---
+
+🛑 **Dangerous rm command detected!**
+
+This command could delete important files. The operation has been blocked.
+
+If this is intentional, please:
+- Verify the path is correct
+- Use a more specific path
+- Make sure you have backups

code/hooks/builtins/warn-debug-code.local.md

@@ -0,0 +1,11 @@
+---
+name: warn-debug-code
+enabled: true
+event: file
+pattern: (console\.log\(|debugger;|print\(|alert\()
+action: warn
+---
+
+🐛 **Debug code detected**
+
+Remember to remove debugging statements (console.log, debugger, print, alert) before committing.

code/hooks/builtins/warn-eval-exec.local.md

@@ -0,0 +1,15 @@
+---
+name: warn-eval-exec
+enabled: true
+event: bash
+pattern: (^|\s)(eval|exec)\s*\(
+action: warn
+---
+
+⚠️ **eval()/exec() detected**
+
+Using eval() or exec() on untrusted input is a code injection risk.
+Consider safer alternatives:
+- ast.literal_eval() for Python literals
+- json.loads() for JSON
+- Function constructors with explicit scope for JS

code/hooks/builtins/warn-secrets-in-code.local.md

@@ -0,0 +1,22 @@
+---
+name: warn-secrets-in-code
+enabled: true
+event: file
+pattern: (API_KEY|SECRET|TOKEN|PASSWORD)\s*=\s*["'][^"']+["']
+action: warn
+---
+
+🔐 **Possible hardcoded secret detected**
+
+Hardcoded credentials are a security risk. Use environment variables instead:
+
+```python
+import os
+api_key = os.environ.get("API_KEY")
+```
+
+```javascript
+const apiKey = process.env.API_KEY;
+```
+
+Make sure to add the real secret to `.env` (and `.env` to `.gitignore`).

code/server/routes.py

@@ -11,6 +11,16 @@ Defines all HTTP and API endpoints:
 - API switch_model → switch between loaded models
 - API upload_image → upload image for VLM inference
 - API hf_auth      → get HF OAuth profile & organizations
+- API agent_run    → Claude Code-style agent loop with tools
+- API list_skills  → list available skills
+- API list_commands→ list available slash commands
+- API list_hooks   → list configured hooks
+- API workspace_tree→ list workspace files
+- API workspace_read→ read a workspace file
+- API workspace_write→ write a workspace file
+- API workspace_bash→ run a bash command in workspace
+- API todo_read    → read current todo list
+- API todo_write   → update todo list
 """
 
 from __future__ import annotations
@@ -24,7 +34,28 @@ from pathlib import Path
 from typing import Any
 
 from fastapi.responses import HTMLResponse, FileResponse
-from gradio import Server
+try:
+    from gradio import Server
+except ImportError:
+    # Fallback for older/newer Gradio versions where Server may not be exposed
+    # at the top level. We provide a minimal shim so the module can still be
+    # imported for testing purposes.
+    class Server:  # type: ignore
+        """Minimal shim for Gradio Server when not available."""
+        def __init__(self, *args, **kwargs):
+            from fastapi import FastAPI
+            self._fastapi = FastAPI()
+
+        def get(self, path: str, **kwargs):
+            return self._fastapi.get(path, **kwargs)
+
+        def api(self, name: str = None, concurrency_limit: int = 1):
+            def decorator(fn):
+                # Store as attribute so it can be inspected
+                fn._api_name = name
+                fn._concurrency_limit = concurrency_limit
+                return fn
+            return decorator
 
 from code.config.constants import (
     APP_TITLE,
@@ -82,6 +113,25 @@ async def homepage():
     with open(html_path, "r", encoding="utf-8") as f:
         content = f.read()
 
+    # Load skills, commands, hooks for the frontend
+    try:
+        from code.skills import list_skills
+        skills_list = list_skills()
+    except Exception:
+        skills_list = []
+
+    try:
+        from code.commands import list_commands
+        commands_list = list_commands()
+    except Exception:
+        commands_list = []
+
+    try:
+        from code.hooks import list_hooks
+        hooks_list = list_hooks()
+    except Exception:
+        hooks_list = []
+
     config = json.dumps({
         "app_title": APP_TITLE,
         "model_id": MODEL_CONFIGS[DEFAULT_MODEL_KEY]["id"],
@@ -93,6 +143,9 @@ async def homepage():
             for label, prompt, lang, fw in EXAMPLE_PROMPTS
         ],
         "default_model": "minicpm5-1b",
+        "skills": skills_list,
+        "commands": commands_list,
+        "hooks": hooks_list,
     })
     content = content.replace("__RUNTIME_CONFIG__", config)
     return content
@@ -630,3 +683,235 @@ def handle_push_hf(
 def get_app() -> Server:
     """Return the configured Gradio Server app instance."""
     return app
+
+
+# ─── Agent / Skills / Commands / Hooks / Workspace Endpoints ──────────
+
+
+@app.api(name="agent_run", concurrency_limit=2)
+def handle_agent_run(
+    prompt: str,
+    target_language: str = "",
+    target_framework: str = "",
+    history_json: str = "[]",
+    skills_json: str = "[]",
+    search_enabled: str = "false",
+    image_url: str = "",
+) -> str:
+    """Run the Claude Code-style agent loop with tools.
+
+    Yields JSON events: status, tool_call, tool_result, streaming, complete, error.
+    """
+    from code.agent import run_agent
+
+    history = json.loads(history_json) if history_json else []
+    skills = json.loads(skills_json) if skills_json else []
+
+    prompt = (prompt or "").strip()
+    if not prompt:
+        yield json.dumps({
+            "type": "error",
+            "message": "Empty prompt",
+        })
+        return
+
+    # Optional web search
+    search_context = ""
+    if search_enabled.lower() == "true":
+        try:
+            search_results = web_search_google(prompt, num_results=6)
+            if search_results:
+                search_context = format_search_results(search_results)
+                yield json.dumps({
+                    "type": "search_results",
+                    "results": search_results,
+                    "status_text": f"Found {len(search_results)} results, running agent...",
+                })
+        except Exception as exc:
+            logger.warning("Web search failed: %s", exc)
+
+    try:
+        for event in run_agent(
+            user_input=prompt,
+            history=history,
+            target_language=target_language,
+            target_framework=target_framework,
+            skills=skills,
+            search_context=search_context,
+            image_url=image_url.strip() or None,
+        ):
+            yield json.dumps(event, default=str)
+    except Exception as exc:
+        logger.exception("Agent run failed")
+        yield json.dumps({
+            "type": "error",
+            "message": str(exc),
+        })
+
+
+@app.api(name="list_skills", concurrency_limit=4)
+def handle_list_skills() -> str:
+    """List all available skills."""
+    from code.skills import list_skills
+    skills = list_skills()
+    yield json.dumps({"success": True, "skills": skills})
+
+
+@app.api(name="list_commands", concurrency_limit=4)
+def handle_list_commands() -> str:
+    """List all available slash commands."""
+    from code.commands import list_commands
+    commands = list_commands()
+    yield json.dumps({"success": True, "commands": commands})
+
+
+@app.api(name="list_hooks", concurrency_limit=4)
+def handle_list_hooks() -> str:
+    """List all configured hooks."""
+    from code.hooks import list_hooks
+    hooks = list_hooks()
+    yield json.dumps({"success": True, "hooks": hooks})
+
+
+@app.api(name="workspace_tree", concurrency_limit=4)
+def handle_workspace_tree() -> str:
+    """Return the workspace file tree."""
+    from code.tools.fs import list_workspace_tree
+    result = list_workspace_tree()
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_read", concurrency_limit=4)
+def handle_workspace_read(path: str, offset: int = 0, limit: int = 0) -> str:
+    """Read a file from the workspace."""
+    from code.tools.fs import read_file
+    args = {"path": path}
+    if offset:
+        args["offset"] = offset
+    if limit:
+        args["limit"] = limit
+    result = read_file(**args)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_write", concurrency_limit=1)
+def handle_workspace_write(path: str, content: str) -> str:
+    """Write a file to the workspace."""
+    from code.tools.fs import write_file
+    result = write_file(path=path, content=content)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_bash", concurrency_limit=1)
+def handle_workspace_bash(command: str, timeout: int = 30) -> str:
+    """Run a bash command in the workspace."""
+    from code.tools.bash import run_bash
+    result = run_bash(command=command, timeout=timeout)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_edit", concurrency_limit=1)
+def handle_workspace_edit(
+    path: str,
+    old_str: str,
+    new_str: str,
+    replace_all: str = "false",
+) -> str:
+    """Edit a file in the workspace."""
+    from code.tools.fs import edit_file
+    result = edit_file(
+        path=path,
+        old_str=old_str,
+        new_str=new_str,
+        replace_all=replace_all.lower() == "true",
+    )
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_glob", concurrency_limit=4)
+def handle_workspace_glob(pattern: str, path: str = ".") -> str:
+    """Glob files in the workspace."""
+    from code.tools.fs import glob_paths
+    result = glob_paths(pattern=pattern, path=path)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_grep", concurrency_limit=4)
+def handle_workspace_grep(
+    pattern: str,
+    path: str = ".",
+    include: str = "",
+    ignore_case: str = "false",
+) -> str:
+    """Grep file contents in the workspace."""
+    from code.tools.fs import grep_search
+    result = grep_search(
+        pattern=pattern,
+        path=path,
+        include=include or None,
+        ignore_case=ignore_case.lower() == "true",
+    )
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="todo_read", concurrency_limit=4)
+def handle_todo_read(session_id: str = "default") -> str:
+    """Read the current todo list."""
+    from code.tools.todos import todo_read
+    result = todo_read(session_id=session_id)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="todo_write", concurrency_limit=1)
+def handle_todo_write(todos_json: str, session_id: str = "default") -> str:
+    """Replace the todo list."""
+    from code.tools.todos import todo_write
+    todos = json.loads(todos_json) if todos_json else []
+    result = todo_write(todos=todos, session_id=session_id)
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="workspace_snapshot", concurrency_limit=2)
+def handle_workspace_snapshot() -> str:
+    """Return all workspace files for ZIP/deploy."""
+    from code.tools.fs import snapshot_workspace
+    files = snapshot_workspace()
+    yield json.dumps({"success": True, "files": files, "count": len(files)})
+
+
+@app.api(name="workspace_reset", concurrency_limit=1)
+def handle_workspace_reset() -> str:
+    """Clear the workspace."""
+    from code.tools.fs import reset_workspace
+    result = reset_workspace()
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="create_hook", concurrency_limit=1)
+def handle_create_hook(
+    name: str,
+    event: str,
+    pattern: str,
+    action: str = "warn",
+    message: str = "",
+    enabled: str = "true",
+) -> str:
+    """Create a new user hook."""
+    from code.hooks import create_hook
+    result = create_hook(
+        name=name,
+        event=event,
+        pattern=pattern,
+        action=action,
+        message=message,
+        enabled=enabled.lower() == "true",
+    )
+    yield json.dumps(result, default=str)
+
+
+@app.api(name="delete_hook", concurrency_limit=1)
+def handle_delete_hook(name: str) -> str:
+    """Delete a user hook by name."""
+    from code.hooks import delete_hook
+    result = delete_hook(name)
+    yield json.dumps(result, default=str)

code/skills/__init__.py

@@ -0,0 +1,192 @@
+"""Skills system — load markdown skill files at runtime.
+
+Inspired by Claude Code's Skill system. Each skill is a directory with:
+- SKILL.md: the skill instructions (markdown with YAML frontmatter)
+- references/ (optional): supporting docs
+- scripts/ (optional): helper scripts
+
+Skills are discovered under code/skills/builtins/ and can also be loaded
+from the workspace's .sonicoder/skills/ directory.
+"""
+
+from __future__ import annotations
+
+import logging
+import os
+import re
+from pathlib import Path
+from typing import Any
+
+logger = logging.getLogger(__name__)
+
+# ─── Skill discovery roots ──────────────────────────────────────────────
+
+_BUILTIN_SKILLS_DIR = os.path.join(os.path.dirname(__file__), "builtins")
+_USER_SKILLS_DIRNAME = ".sonicoder/skills"  # relative to workspace root
+
+
+def _skill_dirs() -> list[str]:
+    """Return all directories to search for skills."""
+    dirs = [_BUILTIN_SKILLS_DIR]
+    # Add user skills dir from workspace
+    try:
+        from code.tools.fs import get_workspace_root
+        user_dir = os.path.join(get_workspace_root(), _USER_SKILLS_DIRNAME)
+        if os.path.isdir(user_dir):
+            dirs.append(user_dir)
+    except Exception:
+        pass
+    return dirs
+
+
+# ─── YAML frontmatter parsing ───────────────────────────────────────────
+
+_FRONTMATTER_RE = re.compile(r"^---\s*\n(.*?)\n---\s*\n(.*)$", re.DOTALL)
+
+
+def _parse_frontmatter(content: str) -> tuple[dict[str, str], str]:
+    """Parse YAML frontmatter from markdown. Returns (metadata, body)."""
+    match = _FRONTMATTER_RE.match(content)
+    if not match:
+        return {}, content
+
+    raw_yaml = match.group(1)
+    body = match.group(2)
+
+    # Very simple YAML parser (key: value pairs only)
+    meta: dict[str, str] = {}
+    for line in raw_yaml.splitlines():
+        line = line.strip()
+        if not line or line.startswith("#"):
+            continue
+        if ":" in line:
+            key, _, value = line.partition(":")
+            meta[key.strip()] = value.strip().strip("\"'")
+    return meta, body
+
+
+# ─── Skill loading ──────────────────────────────────────────────────────
+
+def _load_skill(skill_dir: str) -> dict[str, Any] | None:
+    """Load a single skill from a directory."""
+    skill_md = os.path.join(skill_dir, "SKILL.md")
+    if not os.path.isfile(skill_md):
+        return None
+
+    try:
+        with open(skill_md, "r", encoding="utf-8") as f:
+            content = f.read()
+    except Exception as exc:
+        logger.warning("Failed to read %s: %s", skill_md, exc)
+        return None
+
+    meta, body = _parse_frontmatter(content)
+
+    # Load any reference files
+    references: dict[str, str] = {}
+    refs_dir = os.path.join(skill_dir, "references")
+    if os.path.isdir(refs_dir):
+        for fname in os.listdir(refs_dir):
+            if fname.endswith((".md", ".txt")):
+                try:
+                    with open(os.path.join(refs_dir, fname), "r", encoding="utf-8") as f:
+                        references[fname] = f.read()
+                except Exception:
+                    pass
+
+    return {
+        "name": meta.get("name", os.path.basename(skill_dir)),
+        "description": meta.get("description", ""),
+        "language": meta.get("language", ""),
+        "tags": [t.strip() for t in meta.get("tags", "").split(",") if t.strip()],
+        "body": body.strip(),
+        "references": references,
+        "path": skill_dir,
+    }
+
+
+def list_skills() -> list[dict[str, Any]]:
+    """List all available skills (metadata only, no body)."""
+    skills: list[dict[str, Any]] = []
+    seen_names: set[str] = set()
+
+    for skills_dir in _skill_dirs():
+        if not os.path.isdir(skills_dir):
+            continue
+        for entry in sorted(os.listdir(skills_dir)):
+            entry_path = os.path.join(skills_dir, entry)
+            if not os.path.isdir(entry_path):
+                continue
+            skill = _load_skill(entry_path)
+            if skill and skill["name"] not in seen_names:
+                seen_names.add(skill["name"])
+                skills.append({
+                    "name": skill["name"],
+                    "description": skill["description"],
+                    "language": skill["language"],
+                    "tags": skill["tags"],
+                })
+    return skills
+
+
+def get_skill(name: str) -> dict[str, Any] | None:
+    """Get full skill content by name."""
+    for skills_dir in _skill_dirs():
+        if not os.path.isdir(skills_dir):
+            continue
+        # Try directory match
+        for entry in os.listdir(skills_dir):
+            entry_path = os.path.join(skills_dir, entry)
+            if not os.path.isdir(entry_path):
+                continue
+            skill = _load_skill(entry_path)
+            if skill and skill["name"] == name:
+                return skill
+    return None
+
+
+def invoke_skill(name: str) -> dict[str, Any]:
+    """Invoke a skill by name — returns its full body and references."""
+    skill = get_skill(name)
+    if not skill:
+        return {
+            "success": False,
+            "error": f"Skill not found: {name}",
+            "available": [s["name"] for s in list_skills()],
+        }
+    return {
+        "success": True,
+        "name": skill["name"],
+        "description": skill["description"],
+        "body": skill["body"],
+        "references": skill["references"],
+    }
+
+
+def build_skills_context(skill_names: list[str] | None = None) -> str:
+    """Build a context string with skill bodies to inject into the prompt.
+
+    If skill_names is None, includes all skills (brief listing only).
+    """
+    if not skill_names:
+        # List all skills briefly
+        skills = list_skills()
+        if not skills:
+            return ""
+        lines = ["Available skills (use /skill <name> to load full instructions):"]
+        for s in skills:
+            desc = s["description"][:120]
+            lines.append(f"- {s['name']}: {desc}")
+        return "\n".join(lines)
+
+    # Load full bodies for requested skills
+    parts: list[str] = []
+    for name in skill_names:
+        skill = get_skill(name)
+        if skill:
+            parts.append(f"# Skill: {skill['name']}\n\n{skill['body']}")
+            for ref_name, ref_body in skill["references"].items():
+                parts.append(f"\n## Reference: {ref_name}\n\n{ref_body}")
+        else:
+            parts.append(f"# Skill: {name}\n\n(Skill not found)")
+    return "\n\n---\n\n".join(parts)

code/skills/builtins/code-review/SKILL.md

@@ -0,0 +1,65 @@
+---
+name: code-review
+description: Review code for bugs, simplicity, DRY violations, and project conventions. Use when the user asks for a review or before committing changes.
+language: any
+tags: review, quality, bugs, refactoring
+---
+# Code Review
+
+Review code with high signal and low noise. We only want HIGH SIGNAL issues.
+
+## What to flag
+
+Flag issues where:
+- The code will fail to compile or parse (syntax errors, type errors, missing imports, unresolved references)
+- The code will definitely produce wrong results regardless of inputs (clear logic errors)
+- Clear, unambiguous project convention violations where you can quote the exact rule being broken
+- Security issues (hardcoded secrets, SQL injection, XSS, path traversal, command injection)
+- Resource leaks (unclosed files, connections, etc.)
+
+## What NOT to flag
+
+Do NOT flag:
+- Code style or quality concerns (subjective)
+- Potential issues that depend on specific inputs or state
+- Subjective suggestions or improvements
+- Issues a linter will catch
+- Pre-existing issues outside the diff
+- Pedantic nitpicks that a senior engineer would not flag
+
+## Process
+
+1. **Read all changed files** using `read_file`. If the user mentions a diff, focus on the changed lines plus surrounding context.
+2. **Run parallel reviews** mentally:
+   - Review 1: Bugs and functional correctness — does it do what it claims?
+   - Review 2: Simplicity/DRY/elegance — can it be simpler?
+   - Review 3: Project conventions — does it match the codebase style?
+3. **Validate each issue**: For each potential issue, check whether it's actually a problem by reading surrounding code.
+4. **Filter false positives**: Drop anything you're not certain about.
+5. **Present findings** sorted by severity (critical > high > medium > low). For each issue:
+   - File and line number
+   - Description of the issue
+   - Suggested fix (with code snippet if small)
+
+## Output format
+
+If issues found:
+```
+## Code Review
+
+### Critical
+- `path/to/file.py:42` — Description and fix
+
+### High
+- `path/to/file.py:50` — Description and fix
+
+### Medium
+- ...
+```
+
+If no issues:
+```
+## Code Review
+
+No issues found. Checked for bugs, simplicity, DRY, and project conventions.
+```

code/skills/builtins/commit-workflow/SKILL.md

@@ -0,0 +1,79 @@
+---
+name: commit-workflow
+description: Guided git commit workflow. Use before committing changes — generates a clean commit message from the diff.
+language: any
+tags: git, commit, version-control
+---
+# Commit Workflow
+
+When the user asks to commit changes, follow this workflow.
+
+## Step 1: Inspect the changes
+
+Run via `bash`:
+- `git status` — see what's modified/staged/untracked
+- `git diff HEAD` — full diff of staged and unstaged changes
+- `git branch --show-current` — current branch
+- `git log --oneline -10` — recent commits (to match style)
+
+## Step 2: Analyze
+
+Determine:
+- What's the **single logical change** being committed?
+- Are there multiple unrelated changes? If so, suggest splitting into multiple commits.
+- What's the conventional commit type?
+  - `feat:` new feature
+  - `fix:` bug fix
+  - `docs:` documentation only
+  - `style:` formatting, no code change
+  - `refactor:` code change that neither fixes a bug nor adds a feature
+  - `perf:` code change that improves performance
+  - `test:` adding tests
+  - `chore:` build process, tooling, deps
+
+## Step 3: Write the message
+
+Format:
+```
+<type>(<optional scope>): <imperative subject under 72 chars>
+
+<optional body explaining why, wrapped at 72 chars>
+
+<optional footer like "Fixes #123">
+```
+
+Rules:
+- Subject in imperative mood: "Add" not "Added" or "Adds"
+- Subject lowercase, no period
+- Body explains **why**, not what (the diff shows what)
+- Reference issues in footer
+
+## Step 4: Stage and commit
+
+If specific files should be staged, run `git add <files>` explicitly. Otherwise `git add -A` is fine.
+
+Commit with a heredoc to preserve formatting:
+```bash
+git commit -m "$(cat <<'EOF'
+feat(auth): add OAuth2 login flow
+
+Implements the login button, callback handler, and session
+persistence using JWT in httpOnly cookies.
+
+Fixes #142
+EOF
+)"
+```
+
+## Step 5: Verify
+
+- `git log -1 --stat` to confirm the commit looks right
+- `git status` to confirm clean working tree (or remaining unrelated changes)
+
+## Anti-patterns
+
+- ❌ `git commit -m "fix"` — too vague
+- ❌ `git commit -m "Update file.py"` — describes what, not why
+- ❌ Mixing unrelated changes in one commit
+- ❌ Committing `node_modules/`, `.env`, build artifacts
+- ❌ Using `--no-verify` to skip hooks without explanation

code/skills/builtins/debugging/SKILL.md

@@ -0,0 +1,76 @@
+---
+name: debugging
+description: Systematic debugging workflow for diagnosing and fixing errors. Use when the user reports a bug, crash, or unexpected behavior.
+language: any
+tags: debug, errors, troubleshooting, fix
+---
+# Debugging
+
+Approach debugging systematically. Don't guess — investigate.
+
+## Phase 1: Reproduce
+
+**Goal**: Make the bug happen reliably.
+
+- Ask: what exact steps trigger it?
+- Ask: what was the expected vs actual behavior?
+- Ask: is it consistent or intermittent?
+- If you can reproduce it locally, do so with `bash` and capture the full error output.
+
+## Phase 2: Isolate
+
+**Goal**: Find the smallest scope where the bug reproduces.
+
+- Read the relevant code with `read_file`
+- Trace the data flow from input to failure point
+- Add temporary print/logging statements if needed
+- Identify the exact line where things go wrong
+
+## Phase 3: Diagnose
+
+**Goal**: Understand WHY the bug happens.
+
+Common root causes:
+- **Null/None/undefined**: missing null checks
+- **Type confusion**: passing wrong type, silent coercion
+- **Off-by-one**: loop bounds, slicing
+- **Race conditions**: shared state, async ordering
+- **Stale state**: cached data not invalidated
+- **Wrong assumption**: code expects something the caller doesn't guarantee
+- **Environment**: missing env vars, wrong paths, permissions
+
+State the root cause in one sentence before fixing.
+
+## Phase 4: Fix
+
+**Goal**: Apply the minimal correct fix.
+
+- Fix the root cause, not the symptom
+- Don't introduce new patterns — match the surrounding code style
+- Add a comment if the fix is non-obvious
+- Consider: are there other places with the same bug?
+
+## Phase 5: Verify
+
+**Goal**: Confirm the fix works and doesn't break anything.
+
+- Re-run the reproduction steps
+- Run any existing tests with `bash`
+- Test edge cases related to the bug
+- Check that you haven't introduced regressions
+
+## Phase 6: Document
+
+**Goal**: Prevent recurrence.
+
+- If appropriate, add a regression test
+- Update relevant docs/comments
+- Note the fix in the commit message
+
+## Anti-patterns to avoid
+
+- ❌ Shotgun debugging: changing random things hoping it works
+- ❌ Fixing symptoms: papering over the real issue
+- ❌ Adding null checks everywhere: hiding the real bug
+- ❌ "Works on my machine": dismissing environmental factors
+- ❌ Skipping verification: assuming the fix works

code/skills/builtins/feature-dev/SKILL.md

@@ -0,0 +1,97 @@
+---
+name: feature-dev
+description: Guided feature development with codebase understanding and architecture focus. Use when the user asks to implement a feature or build something non-trivial.
+language: any
+tags: workflow, architecture, planning, implementation
+---
+# Feature Development
+
+You are helping a developer implement a new feature. Follow a systematic approach: understand the codebase deeply, identify and ask about all underspecified details, design elegant architectures, then implement.
+
+## Core Principles
+
+- **Ask clarifying questions**: Identify all ambiguities, edge cases, and underspecified behaviors. Ask specific, concrete questions rather than making assumptions.
+- **Understand before acting**: Read and comprehend existing code patterns first
+- **Simple and elegant**: Prioritize readable, maintainable, architecturally sound code
+- **Use TodoWrite**: Track all progress throughout
+
+## Phase 1: Discovery
+
+**Goal**: Understand what needs to be built
+
+**Actions**:
+1. Create a todo list with all phases
+2. If feature unclear, ask user for:
+   - What problem are they solving?
+   - What should the feature do?
+   - Any constraints or requirements?
+3. Summarize understanding and confirm with user
+
+## Phase 2: Codebase Exploration
+
+**Goal**: Understand relevant existing code and patterns
+
+**Actions**:
+1. Use `list_dir` and `glob` to map the project structure
+2. Use `grep` to find similar features and patterns
+3. Use `read_file` on 5-10 key files identified
+4. Present comprehensive summary of findings and patterns discovered
+
+## Phase 3: Clarifying Questions
+
+**Goal**: Fill in gaps and resolve all ambiguities before designing
+
+**CRITICAL**: This is one of the most important phases. DO NOT SKIP.
+
+**Actions**:
+1. Review the codebase findings and original feature request
+2. Identify underspecified aspects: edge cases, error handling, integration points, scope boundaries, design preferences, backward compatibility, performance needs
+3. **Present all questions to the user in a clear, organized list**
+4. **Wait for answers before proceeding to architecture design**
+
+If the user says "whatever you think is best", provide your recommendation and get explicit confirmation.
+
+## Phase 4: Architecture Design
+
+**Goal**: Design an implementation approach with concrete trade-offs
+
+**Actions**:
+1. Design the implementation: minimal changes (smallest change, maximum reuse), clean architecture (maintainability, elegant abstractions), or pragmatic balance (speed + quality)
+2. Present to user: brief summary, trade-offs, **your recommendation with reasoning**, concrete implementation differences
+3. **Ask user to approve the approach**
+
+## Phase 5: Implementation
+
+**Goal**: Build the feature
+
+**DO NOT START WITHOUT USER APPROVAL**
+
+**Actions**:
+1. Wait for explicit user approval
+2. Read all relevant files identified in previous phases
+3. Implement following chosen architecture
+4. Follow codebase conventions strictly
+5. Write clean, well-documented code
+6. Update todos as you progress
+
+## Phase 6: Quality Review
+
+**Goal**: Ensure code is simple, DRY, elegant, easy to read, and functionally correct
+
+**Actions**:
+1. Self-review for: simplicity/DRY/elegance, bugs/functional correctness, project conventions/abstractions
+2. Consolidate findings and identify highest severity issues that you recommend fixing
+3. **Present findings to user and ask what they want to do** (fix now, fix later, or proceed as-is)
+4. Address issues based on user decision
+
+## Phase 7: Summary
+
+**Goal**: Document what was accomplished
+
+**Actions**:
+1. Mark all todos complete
+2. Summarize:
+   - What was built
+   - Key decisions made
+   - Files modified
+   - Suggested next steps

code/skills/builtins/frontend-design/SKILL.md

@@ -0,0 +1,38 @@
+---
+name: frontend-design
+description: Guidance for distinctive, intentional visual design when building UI. Helps with palette, typography, and avoiding templated defaults.
+language: any
+tags: frontend, design, ui, css, html
+---
+# Frontend Design
+
+Approach this as the design lead at a small studio known for giving every client a visual identity that could not be mistaken for anyone else's. This client has already rejected proposals that felt templated, and is paying for a distinctive point of view: make deliberate, opinionated choices about palette, typography, and layout that are specific to this brief, and take one real aesthetic risk you can justify.
+
+## Ground it in the subject
+
+If the brief does not pin down what the product or subject is, pin it yourself before designing: name one concrete subject, its audience, and the page's single job, and state your choice. The subject's own world, its materials, instruments, artifacts, and vernacular, is where distinctive choices come from.
+
+## Design principles
+
+For web designs, the hero is a thesis. Open with the most characteristic thing in the subject's world. Be deliberate with your choice: a big number with a small label, supporting stats, and a gradient accent is the template answer, only use if that's truly the best option.
+
+Typography carries the personality of the page. Pair the display and body faces deliberately, not the same families you would reach for on any other project, and set a clear type scale with intentional weights, widths, and spacing.
+
+Structure is information. Structural devices, numbering, eyebrows, dividers, labels, should encode something true about the content, not decorate it.
+
+Leverage motion deliberately. Think about where and if animation can serve the subject: a page-load sequence, a scroll-triggered reveal, hover micro-interactions, ambient atmosphere.
+
+## Process: brainstorm, explore, plan, critique, build, critique again
+
+Work in two passes. First, brainstorm a short design plan based on the human's design brief: create a compact token system with color, type, layout, and signature.
+
+- **Color**: describe the palette as 4-6 named hex values
+- **Type**: the typefaces for 2+ roles (display + body + utility)
+- **Layout**: a layout concept with one-sentence prose descriptions and ASCII wireframes
+- **Signature**: the single unique element this page will be remembered by
+
+Then review that plan against the brief before building: if any part of it reads like the generic default you would produce for any similar page rather than a choice made for this specific brief — revise that part, say what you changed and why. Only after you've confirmed the relative uniqueness of your design plan should you start to write the code.
+
+## Restraint and self-critique
+
+Spend your boldness in one place. Let the signature element be the one memorable thing, keep everything around it quiet and disciplined, and cut any decoration that does not serve the brief. Build to a quality floor without announcing it: responsive down to mobile, visible keyboard focus, reduced motion respected.

code/skills/builtins/fullstack-scaffold/SKILL.md

@@ -0,0 +1,124 @@
+---
+name: fullstack-scaffold
+description: Scaffold complete fullstack projects with proper structure. Generates package.json, requirements.txt, Dockerfiles, and config files for any framework.
+language: any
+tags: scaffold, fullstack, project, structure, framework
+---
+# Fullstack Project Scaffolding
+
+When generating a fullstack application, always produce a complete, runnable project — not just snippets.
+
+## Project structure rules
+
+### Python (Flask/FastAPI/Django/Streamlit/Gradio)
+```
+project-name/
+├── app.py              # Entry point (HF Spaces expects app.py)
+├── requirements.txt    # Pinned dependencies
+├── README.md           # With HF Space frontmatter if deploying
+├── .env.example        # Document required env vars
+├── src/
+│   ├── __init__.py
+│   ├── routes/         # API routes
+│   ├── models/         # Data models
+│   ├── services/       # Business logic
+│   └── utils/          # Helpers
+├── tests/
+│   └── test_app.py
+└── static/             # Static assets (if web framework)
+```
+
+### Next.js / React (Vite)
+```
+project-name/
+├── package.json        # name, version, scripts, deps
+├── next.config.js      # (Next.js only) output: 'standalone'
+├── vite.config.js      # (Vite only)
+├── tsconfig.json       # (TypeScript)
+├── Dockerfile          # Multi-stage build for HF Spaces
+├── .dockerignore
+├── README.md
+├── public/
+│   └── (static assets)
+└── src/
+    ├── app/            # Next.js App Router
+    ├── pages/          # Next.js Pages Router (legacy)
+    ├── components/     # Reusable components
+    ├── lib/            # Utilities, helpers
+    ├── hooks/          # Custom hooks
+    ├── styles/         # Global CSS
+    └── types/          # TypeScript types
+```
+
+### Express / NestJS
+```
+project-name/
+├── package.json
+├── Dockerfile
+├── .dockerignore
+├── README.md
+├── src/
+│   ├── index.js        # Entry — app.listen(7860, '0.0.0.0')
+│   ├── routes/
+│   ├── middleware/
+│   ├── controllers/    # NestJS only
+│   ├── services/
+│   └── models/
+└── tests/
+```
+
+## Port and host rules (critical for HF Spaces)
+
+- All servers MUST listen on `0.0.0.0` (not `localhost` or `127.0.0.1`)
+- All servers MUST use port `7860` (HF Spaces default)
+- For sub-servers (Gradio subprocess), use 7861, 7862, etc.
+
+## Dockerfile rules
+
+For JS/TS projects, generate a Dockerfile:
+- Use `node:20-slim` as base
+- Multi-stage build: deps → builder → runner
+- For SPAs (React/Vue), serve with nginx on port 7860
+- For Next.js, use `output: 'standalone'` and copy `.next/standalone`
+- Run as non-root user
+
+For Python projects, the HF Space SDK auto-generates the runtime — no Dockerfile needed unless using Docker SDK.
+
+## package.json rules
+
+- Always include `name`, `version`, `private: true`
+- Scripts: `dev`, `build`, `start` (start must bind 0.0.0.0:7860)
+- Pin major versions: `"react": "^18.3.0"` not `"react": "latest"`
+- Dev dependencies: TypeScript, types, build tools, linters
+- Production dependencies: runtime libraries only
+
+## requirements.txt rules
+
+- Pin with `>=` to allow patch updates: `flask>=3.0.0`
+- Group by category (web, db, ml, dev) with comments
+- Always include the framework (flask, fastapi, gradio, etc.)
+- Never include stdlib modules
+
+## README.md rules
+
+For HF Spaces, include frontmatter:
+```yaml
+---
+title: App Name
+emoji: 🚀
+colorFrom: blue
+colorTo: purple
+sdk: gradio  # or docker, static, streamlit
+app_file: app.py  # or index.html, Dockerfile
+pinned: false
+---
+```
+
+## Don't include
+
+- `node_modules/`
+- `.next/` (build output)
+- `__pycache__/`
+- `.venv/`, `venv/`
+- Lock files (let HF install fresh)
+- `.env` (only `.env.example`)

code/tools/__init__.py

@@ -0,0 +1,38 @@
+"""File system and shell tools for the agent.
+
+Inspired by Claude Code's tool set:
+- read_file / write_file / edit_file
+- glob / grep
+- bash (subprocess)
+- list_dir
+- todo_write / todo_read
+"""
+from code.tools.fs import (
+    read_file,
+    write_file,
+    edit_file,
+    multi_edit,
+    list_dir,
+    glob_paths,
+    grep_search,
+)
+from code.tools.bash import run_bash
+from code.tools.todos import (
+    todo_read,
+    todo_write,
+    todo_update,
+)
+
+__all__ = [
+    "read_file",
+    "write_file",
+    "edit_file",
+    "multi_edit",
+    "list_dir",
+    "glob_paths",
+    "grep_search",
+    "run_bash",
+    "todo_read",
+    "todo_write",
+    "todo_update",
+]

code/tools/bash.py

@@ -0,0 +1,127 @@
+"""Bash subprocess tool with timeout and output capture."""
+
+from __future__ import annotations
+
+import os
+import shlex
+import subprocess
+from typing import Any
+
+from code.tools.fs import _resolve_safe, get_workspace_root
+
+# ─── Safety: commands that are forbidden by default ────────────────────
+
+_BLOCKED_PATTERNS = [
+    "rm -rf /",
+    "rm -rf ~",
+    "rm -rf $HOME",
+    ":(){:|:&};:",
+    "mkfs",
+    "dd if=/dev/zero of=/dev/",
+    "> /dev/sda",
+    "shutdown",
+    "reboot",
+    "halt",
+]
+
+# Default env vars to scrub for safety
+_ENV_SCRUB = {"HF_TOKEN", "OPENAI_API_KEY", "ANTHROPIC_API_KEY", "AWS_SECRET_ACCESS_KEY"}
+
+
+def _is_safe_command(cmd: str) -> tuple[bool, str]:
+    """Check if a command is safe to run."""
+    stripped = cmd.strip()
+    if not stripped:
+        return False, "Empty command"
+    for pat in _BLOCKED_PATTERNS:
+        if pat in stripped:
+            return False, f"Blocked pattern detected: {pat}"
+    return True, ""
+
+
+def run_bash(
+    command: str,
+    cwd: str | None = None,
+    timeout: int = 30,
+    env_extra: dict[str, str] | None = None,
+) -> dict[str, Any]:
+    """Run a shell command in the workspace.
+
+    Args:
+        command: Shell command to execute.
+        cwd: Working directory (relative to workspace root, defaults to workspace).
+        timeout: Max seconds before killing the process.
+        env_extra: Extra environment variables.
+
+    Returns:
+        dict with: stdout, stderr, returncode, timed_out
+    """
+    try:
+        safe, reason = _is_safe_command(command)
+        if not safe:
+            return {
+                "success": False,
+                "stdout": "",
+                "stderr": reason,
+                "returncode": -1,
+                "timed_out": False,
+            }
+
+        if cwd:
+            work_dir = _resolve_safe(cwd)
+        else:
+            work_dir = get_workspace_root()
+
+        # Build env: scrub secrets, add extras
+        env = {k: v for k, v in os.environ.items() if k not in _ENV_SCRUB}
+        if env_extra:
+            env.update(env_extra)
+
+        # Run with bash -c for full shell semantics
+        completed = subprocess.run(
+            ["bash", "-c", command],
+            cwd=work_dir,
+            env=env,
+            capture_output=True,
+            text=True,
+            timeout=timeout,
+            check=False,
+        )
+
+        # Truncate huge outputs
+        stdout = completed.stdout
+        stderr = completed.stderr
+        if len(stdout) > 50_000:
+            stdout = stdout[:50_000] + f"\n... truncated ({len(stdout) - 50_000} chars) ..."
+        if len(stderr) > 50_000:
+            stderr = stderr[:50_000] + f"\n... truncated ({len(stderr) - 50_000} chars) ..."
+
+        return {
+            "success": completed.returncode == 0,
+            "stdout": stdout,
+            "stderr": stderr,
+            "returncode": completed.returncode,
+            "timed_out": False,
+            "command": command,
+            "cwd": cwd or ".",
+        }
+    except subprocess.TimeoutExpired as exc:
+        stdout = exc.stdout or "" if isinstance(exc.stdout, str) else (exc.stdout or b"").decode("utf-8", errors="replace")
+        stderr = exc.stderr or "" if isinstance(exc.stderr, str) else (exc.stderr or b"").decode("utf-8", errors="replace")
+        return {
+            "success": False,
+            "stdout": stdout,
+            "stderr": f"Timeout after {timeout}s\n{stderr}",
+            "returncode": -1,
+            "timed_out": True,
+            "command": command,
+        }
+    except Exception as exc:
+        return {
+            "success": False,
+            "stdout": "",
+            "stderr": str(exc),
+            "returncode": -1,
+            "timed_out": False,
+            "command": command,
+        }

code/tools/fs.py

@@ -0,0 +1,378 @@
+"""File system tools: read, write, edit, list, glob, grep.
+
+All tools are sandboxed to a configurable workspace root (default: ./workspace).
+They return JSON-serializable dicts so they can be exposed via the API.
+"""
+
+from __future__ import annotations
+
+import fnmatch
+import os
+import re
+import shutil
+from pathlib import Path
+from typing import Any
+
+# ─── Workspace sandbox ──────────────────────────────────────────────────
+
+# Default workspace: ./workspace under the app root
+_DEFAULT_WORKSPACE = os.environ.get(
+    "SONICODER_WORKSPACE",
+    os.path.abspath(os.path.join(os.path.dirname(__file__), "..", "..", "workspace")),
+)
+
+
+def get_workspace_root() -> str:
+    """Return the absolute path of the agent's workspace root."""
+    root = _DEFAULT_WORKSPACE
+    os.makedirs(root, exist_ok=True)
+    return root
+
+
+def _resolve_safe(path: str) -> str:
+    """Resolve a path safely within the workspace root.
+
+    Raises ValueError if the resolved path escapes the workspace.
+    """
+    root = get_workspace_root()
+    if os.path.isabs(path):
+        full = os.path.abspath(path)
+    else:
+        full = os.path.abspath(os.path.join(root, path))
+
+    # Ensure path is within the workspace
+    if not (full == root or full.startswith(root + os.sep)):
+        raise ValueError(
+            f"Path '{path}' resolves outside the workspace root ({root}). "
+            "Agent tools are sandboxed."
+        )
+    return full
+
+
+# ─── read_file ──────────────────────────────────────────────────────────
+
+def read_file(path: str, offset: int = 0, limit: int | None = None) -> dict[str, Any]:
+    """Read a text file from the workspace.
+
+    Args:
+        path: Relative path inside the workspace, or absolute within it.
+        offset: 1-indexed line to start reading from.
+        limit: Maximum number of lines to read.
+
+    Returns:
+        dict with: path, content, line_count, truncated
+    """
+    try:
+        full = _resolve_safe(path)
+        if not os.path.exists(full):
+            return {"success": False, "error": f"File not found: {path}"}
+        if os.path.isdir(full):
+            return {"success": False, "error": f"Path is a directory: {path}"}
+
+        with open(full, "r", encoding="utf-8", errors="replace") as f:
+            lines = f.readlines()
+
+        total = len(lines)
+        start = max(0, (offset - 1) if offset > 0 else 0)
+        end = (start + limit) if limit else total
+        selected = lines[start:end]
+
+        # Re-number for display
+        numbered = "".join(
+            f"{start + i + 1:6}\t{line}" for i, line in enumerate(selected)
+        )
+
+        return {
+            "success": True,
+            "path": path,
+            "content": numbered,
+            "line_count": total,
+            "returned_lines": len(selected),
+            "truncated": end < total,
+        }
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── write_file ─────────────────────────────────────────────────────────
+
+def write_file(path: str, content: str) -> dict[str, Any]:
+    """Write content to a file, creating parent directories as needed."""
+    try:
+        full = _resolve_safe(path)
+        os.makedirs(os.path.dirname(full), exist_ok=True)
+        with open(full, "w", encoding="utf-8") as f:
+            f.write(content)
+        return {
+            "success": True,
+            "path": path,
+            "bytes_written": len(content.encode("utf-8")),
+        }
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── edit_file ──────────────────────────────────────────────────────────
+
+def edit_file(
+    path: str,
+    old_str: str,
+    new_str: str,
+    replace_all: bool = False,
+) -> dict[str, Any]:
+    """Replace occurrences of old_str with new_str in a file."""
+    try:
+        full = _resolve_safe(path)
+        if not os.path.exists(full):
+            return {"success": False, "error": f"File not found: {path}"}
+
+        with open(full, "r", encoding="utf-8") as f:
+            content = f.read()
+
+        if old_str not in content:
+            return {
+                "success": False,
+                "error": f"old_str not found in {path}. Edit aborted.",
+            }
+
+        if old_str == new_str:
+            return {"success": False, "error": "old_str and new_str are identical."}
+
+        count = content.count(old_str) if replace_all else 1
+        if not replace_all and count > 1:
+            return {
+                "success": False,
+                "error": (
+                    f"old_str is not unique ({count} matches) in {path}. "
+                    "Provide more context or use replace_all=true."
+                ),
+            }
+
+        new_content = content.replace(old_str, new_str) if replace_all else content.replace(
+            old_str, new_str, 1
+        )
+
+        with open(full, "w", encoding="utf-8") as f:
+            f.write(new_content)
+
+        return {
+            "success": True,
+            "path": path,
+            "replacements": count,
+        }
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+def multi_edit(path: str, edits: list[dict[str, Any]]) -> dict[str, Any]:
+    """Apply multiple edits to a file atomically (all-or-nothing)."""
+    try:
+        full = _resolve_safe(path)
+        if not os.path.exists(full):
+            return {"success": False, "error": f"File not found: {path}"}
+
+        with open(full, "r", encoding="utf-8") as f:
+            content = f.read()
+
+        applied = 0
+        for edit in edits:
+            old_str = edit.get("old_str", "")
+            new_str = edit.get("new_str", "")
+            replace_all = edit.get("replace_all", False)
+            if old_str not in content:
+                return {
+                    "success": False,
+                    "error": f"old_str not found in {path} for edit #{applied + 1}.",
+                    "applied": applied,
+                }
+            if old_str == new_str:
+                return {
+                    "success": False,
+                    "error": f"old_str and new_str identical in edit #{applied + 1}.",
+                    "applied": applied,
+                }
+            content = content.replace(old_str, new_str) if replace_all else content.replace(
+                old_str, new_str, 1
+            )
+            applied += 1
+
+        with open(full, "w", encoding="utf-8") as f:
+            f.write(content)
+
+        return {"success": True, "path": path, "applied": applied}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── list_dir ───────────────────────────────────────────────────────────
+
+def list_dir(path: str = ".") -> dict[str, Any]:
+    """List directory contents."""
+    try:
+        full = _resolve_safe(path)
+        if not os.path.exists(full):
+            return {"success": False, "error": f"Path not found: {path}"}
+        if not os.path.isdir(full):
+            return {"success": False, "error": f"Not a directory: {path}"}
+
+        entries = []
+        for name in sorted(os.listdir(full)):
+            entry_path = os.path.join(full, name)
+            stat = os.stat(entry_path)
+            entries.append({
+                "name": name,
+                "type": "dir" if os.path.isdir(entry_path) else "file",
+                "size": stat.st_size,
+                "path": os.path.relpath(entry_path, get_workspace_root()),
+            })
+
+        return {
+            "success": True,
+            "path": path,
+            "entries": entries,
+        }
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── glob ───────────────────────────────────────────────────────────────
+
+def glob_paths(pattern: str, path: str = ".") -> dict[str, Any]:
+    """Glob file paths matching a pattern, recursively."""
+    try:
+        full = _resolve_safe(path)
+        matches: list[str] = []
+        for root_dir, _dirs, files in os.walk(full):
+            for fname in files:
+                if fnmatch.fnmatch(fname, pattern) or fnmatch.fnmatch(
+                    os.path.relpath(os.path.join(root_dir, fname), full), pattern
+                ):
+                    matches.append(os.path.relpath(os.path.join(root_dir, fname), get_workspace_root()))
+        matches.sort()
+        return {"success": True, "pattern": pattern, "matches": matches}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── grep ───────────────────────────────────────────────────────────────
+
+def grep_search(
+    pattern: str,
+    path: str = ".",
+    include: str | None = None,
+    ignore_case: bool = False,
+    max_results: int = 100,
+) -> dict[str, Any]:
+    """Search file contents with a regex pattern."""
+    try:
+        full = _resolve_safe(path)
+        flags = re.IGNORECASE if ignore_case else 0
+        regex = re.compile(pattern, flags)
+
+        matches: list[dict[str, Any]] = []
+        for root_dir, _dirs, files in os.walk(full):
+            for fname in files:
+                if include and not fnmatch.fnmatch(fname, include):
+                    continue
+                fpath = os.path.join(root_dir, fname)
+                try:
+                    with open(fpath, "r", encoding="utf-8", errors="replace") as f:
+                        for lineno, line in enumerate(f, 1):
+                            if regex.search(line):
+                                matches.append({
+                                    "file": os.path.relpath(fpath, get_workspace_root()),
+                                    "line": lineno,
+                                    "text": line.rstrip()[:500],
+                                })
+                                if len(matches) >= max_results:
+                                    return {
+                                        "success": True,
+                                        "pattern": pattern,
+                                        "matches": matches,
+                                        "truncated": True,
+                                    }
+                except (UnicodeDecodeError, PermissionError):
+                    continue
+
+        return {
+            "success": True,
+            "pattern": pattern,
+            "matches": matches,
+            "truncated": False,
+        }
+    except re.error as exc:
+        return {"success": False, "error": f"Invalid regex: {exc}"}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+# ─── Workspace management ───────────────────────────────────────────────
+
+def list_workspace_tree(max_depth: int = 3) -> dict[str, Any]:
+    """Return a tree view of the workspace."""
+    try:
+        root = get_workspace_root()
+
+        def _walk(path: str, depth: int) -> dict[str, Any]:
+            if depth > max_depth:
+                return {"name": os.path.basename(path), "type": "dir", "truncated": True}
+            entries = []
+            try:
+                for name in sorted(os.listdir(path)):
+                    full = os.path.join(path, name)
+                    if os.path.isdir(full):
+                        entries.append(_walk(full, depth + 1))
+                    else:
+                        entries.append({
+                            "name": name,
+                            "type": "file",
+                            "size": os.path.getsize(full),
+                        })
+            except PermissionError:
+                pass
+            return {"name": os.path.basename(path), "type": "dir", "children": entries}
+
+        tree = _walk(root, 0)
+        return {"success": True, "tree": tree}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+def reset_workspace() -> dict[str, Any]:
+    """Clear all files in the workspace (used by /new command)."""
+    try:
+        root = get_workspace_root()
+        if os.path.exists(root):
+            for entry in os.listdir(root):
+                full = os.path.join(root, entry)
+                if os.path.isdir(full):
+                    shutil.rmtree(full)
+                else:
+                    os.remove(full)
+        return {"success": True, "message": "Workspace cleared"}
+    except Exception as exc:
+        return {"success": False, "error": str(exc)}
+
+
+def snapshot_workspace() -> dict[str, str]:
+    """Return a dict of {relative_path: content} for all text files in the workspace.
+
+    Used to package workspace files for ZIP/HF deploy.
+    """
+    root = get_workspace_root()
+    files: dict[str, str] = {}
+    for dirpath, _dirs, fnames in os.walk(root):
+        # Skip hidden dirs and node_modules / __pycache__
+        parts = os.path.relpath(dirpath, root).split(os.sep)
+        if any(p.startswith(".") or p in {"node_modules", "__pycache__", ".venv", "venv"} for p in parts):
+            continue
+        for fname in fnames:
+            if fname.startswith("."):
+                continue
+            full = os.path.join(dirpath, fname)
+            try:
+                with open(full, "r", encoding="utf-8") as f:
+                    files[os.path.relpath(full, root)] = f.read()
+            except (UnicodeDecodeError, PermissionError):
+                continue
+    return files

code/tools/todos.py

@@ -0,0 +1,86 @@
+"""Todo list tool — Claude Code-style task tracking.
+
+Todos are persisted per-session in memory. Each todo has:
+- id (string)
+- content (string)
+- status: pending | in_progress | completed
+- priority: high | medium | low
+"""
+
+from __future__ import annotations
+
+import threading
+from typing import Any
+
+# ─── Per-session state ──────────────────────────────────────────────────
+
+_sessions: dict[str, list[dict[str, Any]]] = {}
+_lock = threading.Lock()
+
+
+def _get_session_id(session_id: str | None) -> str:
+    return session_id or "default"
+
+
+def todo_read(session_id: str | None = None) -> dict[str, Any]:
+    """Read the current todo list for a session."""
+    sid = _get_session_id(session_id)
+    with _lock:
+        todos = list(_sessions.get(sid, []))
+    return {"success": True, "todos": todos}
+
+
+def todo_write(
+    todos: list[dict[str, Any]],
+    session_id: str | None = None,
+) -> dict[str, Any]:
+    """Replace the entire todo list for a session.
+
+    Each todo: {id, content, status, priority}
+    """
+    sid = _get_session_id(session_id)
+
+    # Validate and normalize
+    normalized: list[dict[str, Any]] = []
+    for t in todos:
+        if not isinstance(t, dict):
+            continue
+        normalized.append({
+            "id": str(t.get("id", "")),
+            "content": str(t.get("content", "")),
+            "status": t.get("status", "pending") if t.get("status") in {"pending", "in_progress", "completed"} else "pending",
+            "priority": t.get("priority", "medium") if t.get("priority") in {"high", "medium", "low"} else "medium",
+        })
+
+    with _lock:
+        _sessions[sid] = normalized
+
+    return {"success": True, "todos": normalized, "count": len(normalized)}
+
+
+def todo_update(
+    todo_id: str,
+    status: str | None = None,
+    content: str | None = None,
+    session_id: str | None = None,
+) -> dict[str, Any]:
+    """Update a single todo by id."""
+    sid = _get_session_id(session_id)
+    with _lock:
+        todos = _sessions.get(sid, [])
+        for t in todos:
+            if t["id"] == todo_id:
+                if status in {"pending", "in_progress", "completed"}:
+                    t["status"] = status
+                if content is not None:
+                    t["content"] = content
+                return {"success": True, "todo": t}
+        return {"success": False, "error": f"Todo not found: {todo_id}"}
+
+
+def todo_clear(session_id: str | None = None) -> dict[str, Any]:
+    """Clear all todos for a session."""
+    sid = _get_session_id(session_id)
+    with _lock:
+        _sessions.pop(sid, None)
+    return {"success": True}

index.html

@@ -5,9 +5,9 @@
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
 <title>SoniCoder</title>
 <meta name="description" content="AI-powered fullstack app generator with local model inference">
-<link rel="preconnect" href="https://fonts.googleapis.com">
-<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600;700&display=swap" rel="stylesheet">
+<link rel="preconnect" href="https://fonts.googleapis.com/">
+<link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin>
+<link href="https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@300;400;500;600;700&amp;display=swap" rel="stylesheet">
 <style>
 /* ═══════════════════════════════════════════════════════
    RESET & BASE
@@ -1159,6 +1159,7 @@ body.hide-thinking .think-block { display: none; }
         <button class="output-tab" data-tab="console" onclick="switchTab('console')">Console</button>
         <button class="output-tab" data-tab="code" onclick="switchTab('code')">Code</button>
         <button class="output-tab" data-tab="search" onclick="switchTab('search')">Search</button>
+        <button class="output-tab" data-tab="agent" onclick="switchTab('agent')">Agent</button>
         <button class="output-tab" data-tab="deploy" onclick="switchTab('deploy')">Deploy</button>
       </div>
       <div id="output-content">
@@ -1215,6 +1216,75 @@ body.hide-thinking .think-block { display: none; }
           </div>
         </div>
 
+        <!-- Agent Pane (Claude Code-style) -->
+        <div class="tab-pane" id="pane-agent">
+          <div class="deploy-section">
+            <div class="deploy-title">&#129302; Agent Mode (Claude Code-style)</div>
+
+            <!-- Agent mode toggle -->
+            <div class="deploy-field">
+              <label>Agent Mode</label>
+              <div style="display:flex;align-items:center;gap:12px;">
+                <label style="display:flex;align-items:center;gap:6px;cursor:pointer;font-weight:400;">
+                  <input type="checkbox" id="agent-mode-toggle" onchange="toggleAgentMode()" style="cursor:pointer;">
+                  <span>Enable agent loop (model calls tools: read/write/edit/glob/grep/bash/todos)</span>
+                </label>
+              </div>
+              <div class="deploy-hint">When ON, the model can manipulate files in the sandboxed workspace and run shell commands.</div>
+            </div>
+
+            <!-- Slash Commands -->
+            <div class="deploy-field">
+              <label>Slash Commands</label>
+              <div id="commands-list" style="display:grid;grid-template-columns:1fr 1fr;gap:6px;font-size:11px;"></div>
+              <div class="deploy-hint">Type the command in chat (e.g. <code>/commit</code>, <code>/review</code>)</div>
+            </div>
+
+            <!-- Skills -->
+            <div class="deploy-field">
+              <label>Skills</label>
+              <div id="skills-list" style="display:grid;grid-template-columns:1fr 1fr;gap:6px;font-size:11px;"></div>
+              <div class="deploy-hint">Click a skill to activate it for the next prompt</div>
+            </div>
+
+            <!-- Active skills display -->
+            <div class="deploy-field" id="active-skills-section" style="display:none;">
+              <label>Active Skills</label>
+              <div id="active-skills-display" style="display:flex;flex-wrap:wrap;gap:4px;"></div>
+              <button onclick="clearActiveSkills()" style="margin-top:6px;font-size:10px;color:var(--red);background:none;border:1px solid var(--red);padding:2px 8px;cursor:pointer;border-radius:3px;">Clear all</button>
+            </div>
+
+            <!-- Hooks -->
+            <div class="deploy-field">
+              <label>Hooks (active rules)</label>
+              <div id="hooks-list" style="display:grid;grid-template-columns:1fr;gap:4px;font-size:11px;"></div>
+              <div class="deploy-hint">Rules fire on bash/file/prompt events. Add custom rules in <code>workspace/.sonicoder/hooks/</code></div>
+            </div>
+
+            <!-- Todo List -->
+            <div class="deploy-field">
+              <label>Todo List</label>
+              <div id="todos-display" style="font-size:11px;max-height:200px;overflow-y:auto;">
+                <div style="color:var(--gray-dim);">No todos yet. Use the agent to create some.</div>
+              </div>
+              <button onclick="refreshTodos()" style="margin-top:6px;font-size:10px;background:none;border:1px solid var(--border);padding:2px 8px;cursor:pointer;border-radius:3px;color:var(--gray-light);">Refresh</button>
+            </div>
+
+            <!-- Workspace -->
+            <div class="deploy-field">
+              <label>Workspace Files</label>
+              <div id="workspace-tree" style="font-size:11px;max-height:300px;overflow-y:auto;font-family:var(--font-mono);background:var(--bg-code);padding:8px;border-radius:4px;border:1px solid var(--border);">
+                <div style="color:var(--gray-dim);">Empty. The agent will create files here.</div>
+              </div>
+              <div style="display:flex;gap:6px;margin-top:6px;">
+                <button onclick="refreshWorkspace()" style="font-size:10px;background:none;border:1px solid var(--border);padding:2px 8px;cursor:pointer;border-radius:3px;color:var(--gray-light);">Refresh</button>
+                <button onclick="resetWorkspace()" style="font-size:10px;background:none;border:1px solid var(--red);padding:2px 8px;cursor:pointer;border-radius:3px;color:var(--red);">Reset workspace</button>
+              </div>
+              <div class="deploy-hint">Files live in <code>./workspace/</code> — sandboxed, path-escape protected</div>
+            </div>
+          </div>
+        </div>
+
         <!-- Deploy Pane -->
         <div class="tab-pane" id="pane-deploy">
           <div class="deploy-section">
@@ -1328,6 +1398,10 @@ const state = {
   currentModelType: 'text',
   uploadedImageFileUrl: '',
   uploadedImageName: '',
+  // Agent mode (Claude Code-style)
+  agentMode: false,
+  activeSkills: [],
+  todos: [],
 };
 
 // ═══════════════════════════════════════════════════════
@@ -1352,7 +1426,7 @@ document.addEventListener('DOMContentLoaded', () => {
   renderExamples();
 
   // Welcome message
-  addSystemMessage('Welcome to SoniCoder. The model is loading locally (no API keys needed). Select a language and framework, then describe the app you want to build.');
+  addSystemMessage('Welcome to SoniCoder — a Claude Code-style agent running locally. The model is loading (no API keys needed). Open the "Agent" tab to enable tool use (read/write/edit/glob/grep/bash), browse skills and slash commands, or just describe the app you want to build.');
 
   // Input auto-resize & keybinding
   const input = document.getElementById('chat-input');
@@ -2195,6 +2269,451 @@ function stopGeneration() {
   onGenerationEnd();
 }
 
+// ═══════════════════════════════════════════════════════
+// AGENT MODE (Claude Code-style)
+// ═══════════════════════════════════════════════════════
+
+async function callAgentApi(name, data) {
+  // Call a Gradio API endpoint and return an event source
+  const resp = await fetch(`/gradio_api/call/${name}`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ data: data }),
+  });
+  if (!resp.ok) throw new Error(`API ${name} failed: ${resp.status}`);
+  const { event_id } = await resp.json();
+  return new EventSource(`/gradio_api/call/${name}/${event_id}`);
+}
+
+function toggleAgentMode() {
+  state.agentMode = document.getElementById('agent-mode-toggle').checked;
+  if (state.agentMode) {
+    addSystemMessage('🤖 Agent mode enabled. The model can now call tools (read_file, write_file, edit_file, bash, etc.) and manipulate the workspace. Slash commands like /commit, /review, /feature are also active.');
+    // Refresh workspace + todos + skills display
+    refreshWorkspace();
+    refreshTodos();
+  } else {
+    addSystemMessage('Agent mode disabled. Back to standard chat mode.');
+  }
+}
+
+function renderSkillsList() {
+  const container = document.getElementById('skills-list');
+  if (!container) return;
+  const skills = (CONFIG.skills || []);
+  if (skills.length === 0) {
+    container.innerHTML = '<div style="color:var(--gray-dim);grid-column:1/-1;">No skills available.</div>';
+    return;
+  }
+  container.innerHTML = skills.map(s => {
+    const isActive = state.activeSkills.includes(s.name);
+    const bg = isActive ? 'var(--green-dim)' : 'var(--bg-code)';
+    const color = isActive ? 'var(--green)' : 'var(--gray-light)';
+    const border = isActive ? 'var(--green)' : 'var(--border)';
+    return `<div style="padding:6px 8px;background:${bg};color:${color};border:1px solid ${border};border-radius:3px;cursor:pointer;" onclick="toggleSkill('${s.name}')">
+      <div style="font-weight:600;">${s.name}</div>
+      <div style="font-size:10px;color:var(--gray-mid);margin-top:2px;">${(s.description || '').slice(0, 80)}</div>
+    </div>`;
+  }).join('');
+}
+
+function toggleSkill(name) {
+  const idx = state.activeSkills.indexOf(name);
+  if (idx >= 0) {
+    state.activeSkills.splice(idx, 1);
+  } else {
+    state.activeSkills.push(name);
+  }
+  renderSkillsList();
+  renderActiveSkills();
+}
+
+function renderActiveSkills() {
+  const section = document.getElementById('active-skills-section');
+  const display = document.getElementById('active-skills-display');
+  if (!section || !display) return;
+  if (state.activeSkills.length === 0) {
+    section.style.display = 'none';
+    return;
+  }
+  section.style.display = 'block';
+  display.innerHTML = state.activeSkills.map(name =>
+    `<span style="background:var(--green-dim);color:var(--green);padding:2px 8px;border:1px solid var(--green);border-radius:3px;font-size:10px;">${name} <span style="cursor:pointer;margin-left:4px;" onclick="toggleSkill('${name}')">x</span></span>`
+  ).join('');
+}
+
+function clearActiveSkills() {
+  state.activeSkills = [];
+  renderSkillsList();
+  renderActiveSkills();
+}
+
+function renderCommandsList() {
+  const container = document.getElementById('commands-list');
+  if (!container) return;
+  const commands = (CONFIG.commands || []);
+  if (commands.length === 0) {
+    container.innerHTML = '<div style="color:var(--gray-dim);grid-column:1/-1;">No commands available.</div>';
+    return;
+  }
+  container.innerHTML = commands.map(c =>
+    `<div style="padding:6px 8px;background:var(--bg-code);border:1px solid var(--border);border-radius:3px;">
+      <div style="font-weight:600;color:var(--cyan);">/${c.name}</div>
+      <div style="font-size:10px;color:var(--gray-mid);margin-top:2px;">${(c.description || '').slice(0, 80)}</div>
+    </div>`
+  ).join('');
+}
+
+function renderHooksList() {
+  const container = document.getElementById('hooks-list');
+  if (!container) return;
+  const hooks = (CONFIG.hooks || []);
+  if (hooks.length === 0) {
+    container.innerHTML = '<div style="color:var(--gray-dim);">No hooks configured.</div>';
+    return;
+  }
+  container.innerHTML = hooks.map(h => {
+    const enabledColor = h.enabled ? 'var(--green)' : 'var(--gray-dim)';
+    const actionColor = h.action === 'block' ? 'var(--red)' : 'var(--amber)';
+    return `<div style="padding:6px 8px;background:var(--bg-code);border:1px solid var(--border);border-radius:3px;">
+      <div style="display:flex;justify-content:space-between;align-items:center;">
+        <span style="font-weight:600;color:${enabledColor};">${h.enabled ? 'ON' : 'OFF'} ${h.name}</span>
+        <span style="font-size:10px;color:${actionColor};">[${h.action}] ${h.event}</span>
+      </div>
+      <div style="font-size:10px;color:var(--gray-mid);margin-top:2px;font-family:var(--font-mono);">${(h.pattern || '').slice(0, 80)}</div>
+    </div>`;
+  }).join('');
+}
+
+async function refreshTodos() {
+  try {
+    const es = await callAgentApi('todo_read', ['default']);
+    es.addEventListener('complete', (e) => {
+      try {
+        const data = JSON.parse(e.data);
+        const result = JSON.parse(data[0]);
+        state.todos = result.todos || [];
+        renderTodos();
+      } catch (err) { console.error('Todo refresh error:', err); }
+      es.close();
+    });
+    es.addEventListener('error', () => es.close());
+  } catch (err) { console.error('refreshTodos failed:', err); }
+}
+
+function renderTodos() {
+  const container = document.getElementById('todos-display');
+  if (!container) return;
+  if (state.todos.length === 0) {
+    container.innerHTML = '<div style="color:var(--gray-dim);">No todos yet. Use the agent to create some.</div>';
+    return;
+  }
+  const statusColor = { pending: 'var(--gray-mid)', in_progress: 'var(--amber)', completed: 'var(--green)' };
+  const statusIcon = { pending: '○', in_progress: '◐', completed: '●' };
+  container.innerHTML = state.todos.map(t =>
+    `<div style="padding:4px 0;border-bottom:1px solid var(--border);">
+      <span style="color:${statusColor[t.status] || 'var(--gray-mid)'};">${statusIcon[t.status] || '○'}</span>
+      <span style="margin-left:6px;color:var(--gray-light);">[${t.priority || 'med'}] ${t.content || t.id}</span>
+    </div>`
+  ).join('');
+}
+
+async function refreshWorkspace() {
+  try {
+    const es = await callAgentApi('workspace_tree', []);
+    es.addEventListener('complete', (e) => {
+      try {
+        const data = JSON.parse(e.data);
+        const result = JSON.parse(data[0]);
+        if (result.success) {
+          renderWorkspaceTree(result.tree);
+        }
+      } catch (err) { console.error('Workspace refresh error:', err); }
+      es.close();
+    });
+    es.addEventListener('error', () => es.close());
+  } catch (err) { console.error('refreshWorkspace failed:', err); }
+}
+
+function renderWorkspaceTree(node, depth = 0) {
+  const container = document.getElementById('workspace-tree');
+  if (!container) return;
+  if (depth === 0) {
+    if (!node || (node.children || []).length === 0) {
+      container.innerHTML = '<div style="color:var(--gray-dim);">Empty. The agent will create files here.</div>';
+      return;
+    }
+    container.innerHTML = renderWorkspaceNode(node, 0);
+  }
+}
+
+function renderWorkspaceNode(node, depth) {
+  const indent = '&nbsp;'.repeat(depth * 2);
+  if (node.type === 'dir') {
+    const children = (node.children || []).map(c => renderWorkspaceNode(c, depth + 1)).join('');
+    return `<div>${indent}<span style="color:var(--cyan);">📁 ${node.name}</span></div>${children}`;
+  } else {
+    const size = node.size ? `${(node.size / 1024).toFixed(1)}KB` : '';
+    return `<div>${indent}<span style="color:var(--gray-light);">📄 ${node.name}</span> <span style="color:var(--gray-dim);font-size:10px;">${size}</span></div>`;
+  }
+}
+
+async function resetWorkspace() {
+  if (!confirm('Reset the workspace? All files will be deleted.')) return;
+  try {
+    const es = await callAgentApi('workspace_reset', []);
+    es.addEventListener('complete', (e) => {
+      try {
+        const data = JSON.parse(e.data);
+        const result = JSON.parse(data[0]);
+        addSystemMessage('Workspace cleared.');
+        refreshWorkspace();
+      } catch (err) { console.error(err); }
+      es.close();
+    });
+    es.addEventListener('error', () => es.close());
+  } catch (err) { console.error('resetWorkspace failed:', err); }
+}
+
+// Override sendMessage to support agent mode
+const originalSendMessage = sendMessage;
+
+async function sendMessageAgent(prompt) {
+  if (state.isGenerating) return;
+  if (!state.modelReady) {
+    addSystemMessage('The model is still loading. Please wait...');
+    return;
+  }
+
+  state.isGenerating = true;
+  toggleInputState(true);
+  addUserMessage(prompt);
+  addAssistantMessage();
+  renderStatus('Running agent...', 'working');
+
+  const historyJSON = JSON.stringify(state.history.slice(0, -2)); // exclude just-added user+assistant placeholders
+  const framework = document.getElementById('framework-select')?.value || state.targetFramework;
+  const skillsJSON = JSON.stringify(state.activeSkills || []);
+
+  try {
+    const resp = await fetch('/gradio_api/call/agent_run', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        data: [prompt, state.targetLanguage, framework, historyJSON, skillsJSON, state.searchEnabled ? 'true' : 'false', state.uploadedImageFileUrl || '']
+      })
+    });
+
+    if (!resp.ok) throw new Error(`API error: ${resp.status} ${resp.statusText}`);
+
+    const { event_id } = await resp.json();
+    const eventSource = new EventSource(`/gradio_api/call/agent_run/${event_id}`);
+    state.currentEventSource = eventSource;
+
+    let lastContent = '';
+
+    eventSource.addEventListener('generating', (e) => {
+      try {
+        const dataArray = JSON.parse(e.data);
+        const event = JSON.parse(dataArray[0]);
+        handleAgentEvent(event);
+      } catch (err) { console.error('Parse error (generating):', err); }
+    });
+
+    eventSource.addEventListener('complete', (e) => {
+      try {
+        const dataArray = JSON.parse(e.data);
+        const event = JSON.parse(dataArray[0]);
+        handleAgentEvent(event);
+      } catch (err) { console.error('Parse error (complete):', err); }
+      eventSource.close();
+      onGenerationEnd();
+      // Refresh workspace + todos after agent run
+      refreshWorkspace();
+      refreshTodos();
+    });
+
+    eventSource.addEventListener('error', (e) => {
+      let errorMsg = 'Agent error.';
+      if (e.data) errorMsg = e.data;
+      console.error('SSE error:', errorMsg);
+      finalizeAssistantMessage();
+      addSystemMessage(`Error: ${errorMsg}`);
+      renderStatus('Error', 'error');
+      eventSource.close();
+      onGenerationEnd();
+    });
+
+  } catch (err) {
+    console.error('Agent send error:', err);
+    finalizeAssistantMessage();
+    addSystemMessage(`Error: ${err.message}`);
+    renderStatus('Error', 'error');
+    onGenerationEnd();
+  }
+}
+
+function handleAgentEvent(event) {
+  if (!event || typeof event !== 'object') return;
+
+  switch (event.type) {
+    case 'status':
+      renderStatus(event.status_text || 'Working...', event.status_state || 'working');
+      break;
+
+    case 'streaming':
+      // Update the current assistant message with streaming content
+      const msgs = document.querySelectorAll('.chat-message.assistant .message-content');
+      const last = msgs[msgs.length - 1];
+      if (last) {
+        last.innerHTML = window.renderMarkdown ? renderMarkdown(event.content || '') : (event.content || '').replace(/\n/g, '<br>');
+      }
+      // Update history
+      if (state.history.length > 0 && state.history[state.history.length - 1].role === 'assistant') {
+        state.history[state.history.length - 1].content = event.content || '';
+      }
+      renderStatus(`Thinking (step ${event.iteration || 1})...`, 'working');
+      break;
+
+    case 'tool_call':
+      addSystemMessage(`🔧 Calling tool: ${event.tool}` + (event.args && Object.keys(event.args).length ? `(${JSON.stringify(event.args).slice(0, 200)})` : ''));
+      renderStatus(`Running tool: ${event.tool}...`, 'working');
+      break;
+
+    case 'tool_result':
+      const result = event.result || {};
+      const success = result.success !== false;
+      const summary = success ? '✓' : '✗';
+      let resultPreview = '';
+      if (result.stdout) resultPreview = result.stdout.slice(0, 200);
+      else if (result.content) resultPreview = result.content.slice(0, 200);
+      else if (result.error) resultPreview = result.error;
+      else if (result.entries) resultPreview = `${result.entries.length} entries`;
+      else if (result.matches) resultPreview = `${result.matches.length} matches`;
+      else if (result.count !== undefined) resultPreview = `${result.count} items`;
+      else resultPreview = JSON.stringify(result).slice(0, 200);
+
+      // Show hook warnings if any
+      if (result.hook_warnings && result.hook_warnings.length > 0) {
+        for (const w of result.hook_warnings) {
+          addSystemMessage(`⚠️ Hook: ${w.slice(0, 300)}`);
+        }
+      }
+
+      addSystemMessage(`${summary} ${event.tool}: ${resultPreview}${resultPreview.length >= 200 ? '...' : ''}`);
+      break;
+
+    case 'search_results':
+      state.currentSearchResults = event.results || [];
+      renderStatus(`Found ${event.results?.length || 0} results, running agent...`, 'working');
+      break;
+
+    case 'complete':
+      // Finalize the assistant message
+      const content = event.content || '';
+      if (state.history.length > 0 && state.history[state.history.length - 1].role === 'assistant') {
+        state.history[state.history.length - 1].content = content;
+      }
+      finalizeAssistantMessage();
+
+      // Try to extract code from the response
+      tryExtractCodeFromResponse(content);
+
+      renderStatus('Done', 'success');
+      break;
+
+    case 'error':
+      finalizeAssistantMessage();
+      addSystemMessage(`Error: ${event.message || 'Unknown error'}`);
+      if (event.available && event.available.length) {
+        addSystemMessage('Available: ' + event.available.join(', '));
+      }
+      renderStatus('Error', 'error');
+      break;
+  }
+}
+
+function tryExtractCodeFromResponse(content) {
+  // Reuse the existing code extraction logic by simulating a chat payload
+  if (!content) return;
+  // Strip tool call blocks for display
+  const cleanContent = content.replace(/```tool\s*\n.*?```/gs, '').trim();
+  if (!cleanContent) return;
+
+  // Try to extract code blocks
+  const codeMatch = cleanContent.match(/```([a-zA-Z0-9_+.#-]*)\s*\n(.*?)```/s);
+  if (codeMatch) {
+    const code = codeMatch[2].trim();
+    const lang = codeMatch[1].toLowerCase();
+    state.lastCode = code;
+    state.lastCodeLang = lang;
+    // Update code tab
+    const codeDisplay = document.getElementById('code-display');
+    if (codeDisplay) {
+      codeDisplay.innerHTML = `<pre><code class="language-${lang}">${escapeHtml(code)}</code></pre>`;
+    }
+    document.getElementById('code-tab-lang').textContent = lang || 'text';
+    document.getElementById('btn-download').style.display = 'inline-block';
+
+    // If HTML, show in preview
+    if (lang === 'html' || /^<!doctype|<html/i.test(code)) {
+      const iframe = document.getElementById('preview-iframe');
+      if (iframe) {
+        iframe.srcdoc = code;
+        document.getElementById('preview-placeholder').style.display = 'none';
+        document.getElementById('preview-image').style.display = 'none';
+        iframe.style.display = 'block';
+      }
+    }
+  }
+
+  // Try multi-file extraction
+  const fileMatch = cleanContent.match(/@@FILE:\s*(.+?)@@\s*\n(.*?)(?=@@FILE:|@@END@@)/s);
+  if (fileMatch) {
+    // Build project files
+    const files = {};
+    const fileRegex = /@@FILE:\s*(.+?)@@\s*\n(.*?)(?=@@FILE:|@@END@@)/gs;
+    let m;
+    while ((m = fileRegex.exec(cleanContent)) !== null) {
+      files[m[1].trim()] = m[2].trim();
+    }
+    if (Object.keys(files).length > 0) {
+      state.executionContext = state.executionContext || {};
+      state.executionContext.project_files = files;
+      // Update project files display in deploy tab
+      const pf = document.getElementById('project-files');
+      if (pf) {
+        pf.innerHTML = '<div style="font-size:11px;color:var(--gray-mid);margin-top:8px;">' +
+          Object.keys(files).map(f => `<div>📄 ${f}</div>`).join('') +
+          '</div>';
+      }
+    }
+  }
+}
+
+function escapeHtml(s) {
+  return String(s).replace(/[&<>"']/g, c => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;', "'": '&#39;' }[c]));
+}
+
+// Override sendMessage to route to agent when agentMode is on
+sendMessage = async function(prompt) {
+  if (state.agentMode) {
+    return sendMessageAgent(prompt);
+  }
+  return originalSendMessage(prompt);
+};
+
+// Initialize agent UI on page load
+document.addEventListener('DOMContentLoaded', () => {
+  // Render skills/commands/hooks after CONFIG is loaded
+  setTimeout(() => {
+    renderSkillsList();
+    renderCommandsList();
+    renderHooksList();
+    renderActiveSkills();
+  }, 100);
+});
+
 function resetConversation(announcement) {
   state.history = [];
   state.executionContext = {};

requirements.txt

@@ -8,3 +8,5 @@ requests>=2.31.0
 beautifulsoup4>=4.12.0
 Pillow>=10.0
 torchvision>=0.16.0
+# New deps for agent features (most are stdlib in 3.11+)
+# (No new external deps required — agent/skills/hooks/commands use stdlib only)