Package Exports
- @polylogicai/polycode
- @polylogicai/polycode/bin/polycode.mjs
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@polylogicai/polycode) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
polycode
An agentic coding CLI. Runs on your machine, writes a SHA-256 chained session log to disk, and ships with a free hosted tier so you can start in one command. Your history is auditable, replayable, and portable across machines.
As of v1.2.0, polycode is a substrate router, not a single agent loop. Every prompt is classified and dispatched to the right substrate: questions stream like ChatGPT, image requests call the image API directly, vague website prompts ask a clarifying question before building. Full parity with the web playground at polylogicai.com/polycode/play.
Install and run
One command, no setup, any platform:
npx @polylogicai/polycode@latestThat is the entire install. The first run provisions a per-install ID under ~/.polycode/ and opens an interactive session. On the free hosted tier you get 60 turns per hour for free, routed through polylogicai.com/api/polycode/inference. For unlimited use, set GROQ_API_KEY (see below) and polycode will talk to Groq directly and skip the proxy.
For repeated use, install globally:
npm install -g @polylogicai/polycode
polycodeOne-shot mode
Pass your prompt as an argument:
npx @polylogicai/polycode@latest "read README.md and summarize it in one sentence"Unlimited use with your own key
Grab a free key from console.groq.com, then:
# macOS and Linux
export GROQ_API_KEY=gsk_...
npx @polylogicai/polycode@latest
# Windows PowerShell
$env:GROQ_API_KEY = "gsk_..."
npx @polylogicai/polycode@latestConfiguration
polycode reads configuration from environment variables and optionally from a ~/.polycode/secrets.env file (chmod 600 recommended).
| Variable | Purpose | Required |
|---|---|---|
GROQ_API_KEY |
Direct Groq access, unlimited. If unset, polycode uses the hosted tier. | no |
ANTHROPIC_API_KEY |
Optional higher-quality compile tier for long sessions | no |
POLYCODE_MODEL |
Override the default model | no |
POLYCODE_CWD |
Override the working directory | no |
How polycode keeps costs low
polycode defaults to Groq's free developer tier. Every turn routes through moonshotai/kimi-k2-instruct on Groq, which has zero per-token cost. The hosted proxy at polylogicai.com forwards requests to Groq using a server-side key, so you do not need any API key to start.
This means prompt caching (Anthropic's 90% input-token discount) is not relevant to the default path. There are no input tokens to cache because Groq's free tier does not charge for them.
For users who set ANTHROPIC_API_KEY for higher-quality reasoning on complex tasks, the Anthropic path uses Claude Haiku for context compilation (selecting which session-log rows matter for this turn) and the primary model for the agentic loop. The system prompt is static across turns, which preserves Anthropic's prompt cache. Each turn adds incrementally to the conversation prefix, so cache hit rates remain high.
Context window: polycode chains every turn into a SHA-256 linked session log at ~/.polycode/history/. The compiler (lib/compiler.mjs) selects only the most relevant prior turns for each new request, so the model never receives the full history. This keeps each call well within the model's context window while preserving cross-session continuity through the chain.
How polycode decides what to do (v1.2.0 substrate router)
Every prompt you send goes through a fast regex classifier that picks one of four substrates:
- Chat -- EXPLAIN prompts ("how do React hooks work", "what is a closure") stream a plain-text answer. No files, no tools.
- Image -- BUILD prompts that name a concrete image ("generate a cat image", "make me a logo for a coffee shop") call the image API directly. The image is downloaded to your current working directory.
- Ask-on-vague -- BUILD prompts that are too vague to start ("make me a website") print a clarifying question and wait for your next message.
- Agent -- everything else dispatches into the agent loop with a subtype-aware system prompt. A
bakery websiterequest gets the premium website template; amonthly revenue chartgets the Recharts data template; afood truck menugets the printable document template.
The classifier is pure regex, deterministic, <1ms, no network round-trip. Pass --force-build on one-shot mode to skip the chat-mode branch when your shell script knows better.
Usage
polycode runs a standard agentic loop: you ask, it thinks, it uses tools, it returns a result. Available tools are:
bashrun a shell command in the working directoryread_fileread a file relative to the working directorywrite_filewrite a file to the working directoryedit_filereplace a substring in a filegloblist files matching a pattern (cross-platform, pure Node.js)grepsearch for a regex in files (cross-platform, pure Node.js)describe_imageanalyze an image file via a vision modelfetch_urlfetch a URL and return the body as readable textweb_searchsearch the web and return titles, URLs, and snippets
All file tool calls are sandboxed to the working directory. polycode refuses any path that escapes it. fetch_url refuses loopback and private network addresses.
Session history
Every turn polycode takes is appended to a SHA-256 chained JSONL file at ~/.polycode/history/YYYY-MM-DD.jsonl. You own this file. You can:
- Read it to see exactly what the agent did
- Back it up by copying it
- Hand it to a teammate, who can replay the session on their machine
- Run
polycode --verifyto confirm the chain is intact
Slash commands
Inside the REPL:
/help show all commands
/key save an API key (Groq, Anthropic, OpenAI). Input is masked on real terminals.
/clear clear the terminal
/history show the session history file path and row count
/verify verify session history integrity
/exit leave polycodePaste handling
When you paste multi-line content into polycode, the terminal collapses it to a marker like [Pasted #1 (20 lines)] in the prompt line. The full content is still sent to the agent — only the display is compressed. You can paste a whole file, a stack trace, or a long URL and polycode will treat it as one event.
Saving API keys (never in chat)
polycode never accepts API keys pasted into the chat — the local secret scrubber blocks any message that matches a key pattern before it reaches the model. To save a key the right way:
# Inside the REPL
/key
# Or from your shell
polycode loginBoth flows read the key through a masked prompt and save it to ~/.polycode/secrets.env with chmod 600. The model never sees it. Auto-detects Groq, Anthropic, and OpenAI from the key prefix.
Command-line flags
polycode interactive REPL
polycode "<prompt>" one-shot mode
polycode --version print version
polycode --help print help
polycode --history print session history status
polycode --verify verify session history integritySafety rules
polycode enforces a small set of non-negotiable safety rules out of the box:
- Shell commands referencing system paths (
/etc/passwd,~/.ssh, private key files) are refused - Code patterns that evaluate untrusted input are refused
- Tool output containing recognized secret patterns (AWS, GitHub, Stripe, Anthropic, Groq, PEM blocks) is redacted before it reaches the model or the terminal
Rules live in ~/.polycode/rules.yaml. You can add your own.
Requirements
- Node.js 20 or newer
- macOS, Linux, or Windows
- No API key required for the free hosted tier. Set
GROQ_API_KEYfor unlimited use.
Releasing (for maintainers)
polycode ships through a gated publish pipeline. Do not run npm publish by hand — that path can silently ship a broken tarball the way the web-app chat substrate env-var bug reached production on 2026-04-17. Use the gated flow instead:
npm run publish:gatedWhat it does: (1) publishes the tarball to the @next dist-tag, so users running npm install -g @polylogicai/polycode still get the previous known-good build; (2) installs that tarball into a scratch temp directory; (3) runs four smoke probes against the installed binary — version match, --help render, a chat-substrate arithmetic check, and an identity-gate leak check; (4) only promotes the version to @latest if every probe passes. If any probe fails, @next keeps the broken snapshot for post-mortem and @latest stays pinned to the previous release.
npm run publish:gated -- --dry-run runs the full pipeline against whatever version is currently on @latest, minus the real publish and promote commands. Useful before a real release.
Pushing a v*.*.* git tag triggers the same flow in CI via .github/workflows/publish-on-tag.yml, using the NPM_TOKEN repo secret.
Documentation and support
- Install and usage:
polylogicai.com/polycode - Issues and questions:
ajs10845@psu.edu
License
MIT. See LICENSE. Built by Polylogic AI.
polycode is inspired by Claude Code's public architecture at docs.claude.com. polycode is not affiliated with Anthropic. No Claude Code code or system prompts are copied.