
Research
/Security News
11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windows Host-Surveillance Payload
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.
AI coding agent CLI — 22 LLM providers, 101 models, wiki knowledge engine, OpenCode-inspired TUI, MIT-licensed
A production-grade AI coding agent in your terminal — powered by a wiki knowledge engine, OpenCode-inspired TUI, and 22 LLM providers.
Install · Features · Providers · Usage · Contributing · Docs
╔════════════════════════════════════════════════════════════════════╗
║ huagent v6.0.0 ║
║ AI coding agent CLI — 22 providers, 101 models ║
╚════════════════════════════════════════════════════════════════════╝
│ Ask, search, or run /help for commands
│ huagent · claude-sonnet-4 anthropic
╰
ready · ↵ send · alt+↵ newline · ↑↓ history · tab complete · ctrl+c exit
~/projects/myapp • 2 LSP /status
tokens: 1247 cost: $0.0089 perm: workspace-write ? help Ctrl+P/T/E/R pickers
npm install -g huagent
curl -fsSL https://raw.githubusercontent.com/ahmdd4vd/Huagent/main/install.sh | sh
git clone https://github.com/ahmdd4vd/Huagent.git
cd Huagent
npm install
npm run build
node bin/huagent.js
# Set any provider's API key
export ANTHROPIC_API_KEY=sk-ant-*** # or OPENAI_API_KEY, GEMINI_API_KEY, etc.
# Launch the TUI
huagent
Node.js >= 18 required. Huagent auto-detects your provider from environment variables — set one and you're ready.
| 🧠 Wiki Knowledge Engine | 🎨 OpenCode-Inspired TUI | 🔌 22 LLM Providers |
| 5-memory system that learns from your codebase | Left-border prompt, minimal aesthetic, braille spinners | Anthropic, OpenAI, Gemini, DeepSeek, Groq, +17 more |
| 🔄 Auto-Ingest | ⌨️ Full Keyboard Control | 🛡️ Security-First |
| Watches files & auto-creates wiki pages | Emacs keys, multi-line, history, autocomplete | SSRF protection, path-traversal guards, default-deny |
| 📊 Cost Tracking | 🔍 Smart Search | 🧪 239 Tests |
| Real-time token count + cost per request | Fuzzy matching with intent-based routing | Comprehensive test suite covering all subsystems |
Huagent ships with a wiki knowledge engine that makes your agent smarter over time.
┌─────────────────────────────────────────────────────────┐
│ 5-Memory System │
│ │
│ Semantic ──── Facts, concepts, entities │
│ Episodic ──── Events, debugging sessions │
│ Structural ── Architecture, dependencies │
│ Causal ────── Decisions, tradeoffs, migrations │
│ Meta ──────── Self-reflection, heuristics │
│ │
│ Confidence: ASSUMED → INFERRED → VERIFIED │
│ Freshness: LOW → MEDIUM → HIGH → STALE │
└─────────────────────────────────────────────────────────┘
/mod → get /model, /models, /modes| Key | Action |
|---|---|
Enter | Submit prompt |
Alt+Enter / Shift+Enter | Insert newline (multi-line) |
↑ / ↓ | Navigate history (single-line) or cursor (multi-line) |
← / → | Move cursor horizontally |
Ctrl+A / Home | Move to line start |
Ctrl+E / End | Move to line end |
Ctrl+U | Delete to line start |
Ctrl+K | Delete to line end |
Ctrl+W | Delete previous word |
Tab | Accept autocomplete suggestion |
Esc | Close autocomplete / dialog |
Ctrl+C | Exit huagent |
Ctrl+P | Open provider picker |
Ctrl+T | Open model picker |
Ctrl+E | Open scope picker |
Ctrl+R | Resume previous session |
Ctrl+K | Command palette |
Ctrl+L | Clear messages |
? | Show help dialog |
web tool blocks private IPs, loopback, cloud metadata (169.254.169.254), link-local^[A-Za-z0-9_-]+$grep and hooks use execFile with arg arrays (no shell interpolation)workspace-write modeHUAGENT_GOOGLE_*_CLIENT_SECRET)22 providers, 101 models. Each with a default model, full registry, and capability metadata.
| Category | Models |
|---|---|
| Flagship | Claude Opus 4.7, Claude Sonnet 4.6, GPT-5.5, Gemini 3 Pro, Grok 4 |
| Reasoning | DeepSeek R1, o3, QwQ 32B, Sonar Reasoning, Magistral Medium |
| Fast | Claude Haiku 4.5, GPT-5 mini, Llama 3.1 8B, Gemini 3 Flash |
| Code | Qwen 3 Coder 480B, Codestral 25, DeepSeek Coder V2, GPT-5.5 Codex |
| Local (free) | Ollama (Llama 3.2, Qwen 2.5 Coder 32B, DeepSeek R1 32B) |
| Search | Perplexity Sonar Pro |
| Cloud | AWS Bedrock, Google Vertex AI |
Browse in the TUI:
/providers # all 22 providers
/models # models for current provider
/models anthropic # models for a specific provider
Set any of these env vars and huagent picks the provider automatically:
| Env var | Provider |
|---|---|
ANTHROPIC_API_KEY | Anthropic Claude |
OPENAI_API_KEY | OpenAI |
GEMINI_API_KEY | Google Gemini |
MINIMAX_API_KEY | MiniMax |
TOKENROUTER_API_KEY | Custom (TokenRouter) |
GROQ_API_KEY | Groq |
DEEPSEEK_API_KEY | DeepSeek |
OPENROUTER_API_KEY | OpenRouter |
GITHUB_TOKEN | GitHub Copilot |
HF_TOKEN | HuggingFace |
PERPLEXITY_API_KEY | Perplexity |
TOGETHER_API_KEY | Together AI |
FIREWORKS_API_KEY | Fireworks AI |
CEREBRAS_API_KEY | Cerebras |
XAI_API_KEY | xAI Grok |
MISTRAL_API_KEY | Mistral |
NVIDIA_API_KEY | NVIDIA NIM |
OPENCODE_API_KEY | OpenCode Zen |
CODEX_API_KEY | OpenAI Codex |
MIMO_API_KEY | Xiaomi MiMo |
AWS_BEARER_TOKEN_BEDROCK | AWS Bedrock |
GOOGLE_APPLICATION_CREDENTIALS | Google Vertex AI |
| Command | What it does |
|---|---|
/model <name> | Switch LLM model |
/provider <name> | Switch provider |
/models | Browse all 101 models |
/providers | List all 22 providers |
/autonomous | Toggle autonomous mode |
/scope <file> | Limit edits to one file |
/permissions <mode> | Switch permission mode |
/memory | Inspect knowledge base |
/skills | List installed skills |
/status | Session status + stats |
/cost | Token usage + cost breakdown |
/sessions | List saved sessions |
/resume <id> | Resume a session |
/diff | Show git diff |
/doctor | Run diagnostics |
/clear | Fresh session |
/help | Show all commands |
/exit | Exit huagent |
huagent # interactive TUI
huagent "fix the auth bug" # one-shot mode
huagent --provider anthropic --model claude-sonnet-4 # pick provider + model
huagent --autonomous # no confirmations
huagent --scope src/auth.ts # limit to one file
huagent --permission-mode sandboxed # sandboxed edits
huagent --no-tui # simple REPL mode
huagent version # show version
huagent --help # show help
| Mode | What you can do |
|---|---|
read-only | Read files, no edits |
workspace-write | Edit project files (default) |
sandboxed | Edits go to a temp directory |
danger-full-access | No confirmations at all |
allow | Auto-approve everything (autonomous) |
| Metric | Value |
|---|---|
| LLM Providers | 22 |
| Models | 101 |
| Tests | 239 passing |
| Source Files | 130+ TS/TSX |
| Slash Commands | 26 |
| Permission Modes | 5 |
| Memory Systems | 5 |
| TUI Components | 20+ |
| Documentation | 6,000+ lines |
| Lines of Code | 25,000+ |
| Security Fixes | 72 bugs fixed |
| Keyboard Shortcuts | 20+ |
npm test # run all 239 tests
npm run verify # lint + test + build
| Suite | Tests | What it covers |
|---|---|---|
| Provider integrity | 350 | 22 providers, 101 models, pricing, auto-detect |
| TUI stress | 153 | Visual regression, 40–240 cols, unicode, edge cases |
| Discipline | 181 | Plan → Ground → Observe → Diagnose → Verify |
| TUI v4 | 119 | Theme, activity store, status bar, slash commands |
| CLI commands | 68 | All 26 slash commands, option parsing |
| WllmConcept | 26 | WikiMemory, 5-memory routing, lint, evolve |
| Auto-Ingest | 25 | Content analyzer, file watcher, page creation |
| OpenCode TUI | 52 | Theme, borders, MessageList, Prompt, Picker, Dialog |
| Keyboard | 16 | Enter, Esc, Tab, Ctrl+C/U/W, Alt+Enter, arrows |
| App shortcuts | 8 | Ctrl+P/T/E/L, ?, stats, footer |
| Security | 25 | SSRF, path traversal, LRU, dialog reset, limit:0 |
| Render | 23 | MessageList, Footer, Dialog, Picker rendering |
src/
├── cli.tsx # entry point, bootstrap, arg parsing
│
├── providers/ # 22-provider abstraction layer
│ ├── registry.ts # provider registry + auto-detect
│ ├── models.ts # 101-model catalog with pricing
│ ├── client.ts # unified streaming client
│ ├── capabilities.ts # model capability metadata
│ ├── pricing.ts # cost calculation engine
│ └── executors/ # provider-specific executors
│
├── engine/ # AI engine core
│ ├── core.ts # main engine loop + WikiStore integration
│ ├── wiki-memory.ts # backward-compatible wiki memory wrapper
│ └── v4/ # stream-native actor model
│ ├── discipline/ # Plan → Ground → Observe → Diagnose → Verify
│ ├── stream/ # SSE pipeline + cognitive events
│ ├── actor/ # actor model + supervisor
│ ├── htn/ # hierarchical task network planner
│ └── graph/ # SQLite-backed graph store
│
├── tui/ # terminal user interface
│ ├── OpenCodeApp.tsx # production TUI (OpenCode-inspired)
│ └── oc/ # OpenCode-style components
│ ├── theme.ts # 12-step grayscale + semantic palette
│ ├── border.ts # SplitBorder, LeftBorder, TopBorder
│ ├── MessageList.tsx # chat history with tool call badges
│ ├── Prompt.tsx # left-border textarea + autocomplete
│ ├── Footer.tsx # status bar (directory, LSP, MCP)
│ ├── Dialog.tsx # modal dialogs (confirm, alert, help)
│ └── Picker.tsx # fuzzy-searchable list dialog
│
├── wllm/ # wiki knowledge engine
│ ├── graph/ # WikiStore (bi-temporal property graph)
│ ├── ingest/ # content analyzer + auto-ingest
│ ├── lint/ # quality audit (7 checks, A–F grade)
│ ├── evolve/ # self-reflection engine
│ └── query/ # intent-based search + 5-memory routing
│
├── tools/ # built-in tools (bash, file ops, search, git)
├── memory/ # SQLite-backed session memory
├── sessions.ts # session save/load/resume
└── slash-commands.ts # 26 runtime commands
| Guide | Description |
|---|---|
| User Guide | Getting started, configuration, daily usage |
| Architecture | System design, engine internals, TUI layout |
| API Reference | Full API documentation for all modules |
| WllmConcept | Wiki knowledge engine deep-dive |
| Auto-Ingest | File watcher + content analysis |
| Contributing | How to contribute to Huagent |
| Security | Vulnerability reporting + threat model |
| Changelog | Release history |
Bug reports and feature requests welcome via issues.
See CONTRIBUTING.md for development setup and guidelines.
git clone https://github.com/ahmdd4vd/Huagent.git
cd Huagent
npm install
npm run dev # watch mode (auto-rebuild on save)
npm test # run all 239 tests
npm run verify # lint + test + build (must pass before PR)
type(scope): short summary
Body explaining the why. Reference issues with #123.
Types: feat, fix, chore, docs, test, refactor, style, perf.
See SECURITY.md for the vulnerability reporting policy and threat model.
Don't open a public issue for security bugs. Use GitHub's private vulnerability reporting: https://github.com/ahmdd4vd/Huagent/security/advisories/new
# 1. Update version in package.json
# 2. Update CHANGELOG.md
# 3. Run verify
npm run verify
# 4. Publish to npm
npm publish
# 5. Tag and push
git tag v6.0.0
git push origin v6.0.0
MIT © 2026 Huanime
Built with Ink · Inspired by OpenCode, claw-code, and OpenClaude
The AI coding agent that learns from your codebase.
FAQs
AI coding agent CLI — 22 LLM providers, 101 models, wiki knowledge engine, OpenCode-inspired TUI, MIT-licensed
The npm package huagent receives a total of 64 weekly downloads. As such, huagent popularity was classified as not popular.
We found that huagent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.