nex-code 0.3.43 → 0.3.54

package/README.md

@@ -1,13 +1,13 @@
 ```
-▀▄ ▀▄   nex-code  v0.3.x
-█████   qwen3-coder:480b  ·  /help
-▄███▄
+ ██▄▄██   nex-code  v0.3.54
+ █▀██▀█   qwen3-coder:480b  ·  /help
+ ▀████▀
 ```
 
 <p align="center">
-  <b>The open-source coding CLI for Ollama Cloud — and every other provider.</b><br>
-  Free by default with Ollama. Switch to OpenAI, Anthropic, or Gemini anytime.<br>
-  A lightweight, powerful alternative to Claude Code and Gemini CLI.
+  <b>The open-source agentic coding assistant for Ollama Cloud — and every other provider.</b><br>
+  Use it in the terminal or install the built-in <b>VS Code extension</b> for a sidebar chat panel.<br>
+  Free by default with Ollama. Switch to OpenAI, Anthropic, or Gemini anytime.
 </p>
 
 <p align="center">
@@ -19,7 +19,8 @@
   <img src="https://img.shields.io/badge/Ollama_Cloud-supported-brightgreen.svg" alt="Ollama Cloud: supported">
   <img src="https://img.shields.io/badge/node-%3E%3D18-brightgreen.svg" alt="Node >= 18">
   <img src="https://img.shields.io/badge/dependencies-2-green.svg" alt="Dependencies: 2">
-  <img src="https://img.shields.io/badge/tests-2059-blue.svg" alt="Tests: 2059">
+  <img src="https://img.shields.io/badge/tests-3074-blue.svg" alt="Tests: 3074">
+  <img src="https://img.shields.io/badge/VS_Code-extension-007ACC.svg" alt="VS Code extension">
 </p>
 
 ---
@@ -67,12 +68,13 @@ npm update -g nex-code
 
 | | **nex-code** | Claude Code | Gemini CLI | Aider |
 |---|---|---|---|---|
+| **VS Code extension** | ✅ Built-in sidebar panel | ✅ | ❌ | ❌ |
 | **Free with Ollama** | ✅ Native, first-class | ⚠️ Workaround | ❌ | ✅ |
 | **Ollama Cloud support** | ✅ 47+ models, native | ⚠️ API-compat only | ❌ | ✅ |
 | **Multi-provider runtime swap** | ✅ 5 providers, no restart | ❌ Claude-only | ❌ Gemini-only | ✅ |
 | **Tool tiers (adapts to model)** | ✅ essential/standard/full | ❌ | ❌ | ❌ |
 | **5-layer open-model auto-fix** | ✅ | ❌ | ❌ | ⚠️ |
-| **Undo / Redo** | ✅ | ❌ | ❌ | ❌ |
+| **Undo / Redo (persistent)** | ✅ Survives restart | ❌ | ❌ | ❌ |
 | **Cost tracking + budgets** | ✅ | ❌ | ❌ | ❌ |
 | **Pre-push secret detection** | ✅ | ❌ | ❌ | ❌ |
 | **Browser agent (headless)** | ✅ Playwright-based | ❌ | ⚠️ Experimental | ❌ |
@@ -84,7 +86,10 @@ npm update -g nex-code
 | **Open-source** | ✅ MIT | ❌ | ✅ Apache 2.0 | ✅ |
 | **Runtime dependencies** | **2** (axios, dotenv) | Many | Many | Heavy (Python) |
 | **Startup time** | **~100ms** | ~400ms | ~300ms | Slow |
-| **Test coverage** | 2059 tests, 84% | — | — | — |
+| **Plugin API** | ✅ registerTool + hooks | ❌ | ❌ | ❌ |
+| **Skill marketplace** | ✅ Install from git | ❌ | ❌ | ❌ |
+| **Audit logging** | ✅ JSONL + sanitization | ❌ | ❌ | ❌ |
+| **Test coverage** | 3074 tests, 85% | — | — | — |
 
 ---
 
@@ -155,6 +160,7 @@ FALLBACK_CHAIN=anthropic,openai # Providers tried on failure (comma-separated)
 NEX_STALE_WARN_MS=60000        # Warn if no tokens received for N ms (default: 60000)
 NEX_STALE_ABORT_MS=120000      # Abort and retry stream after N ms of silence (default: 120000)
 NEX_LANGUAGE=auto              # Response language: "auto" (mirrors user's language, default) or e.g. "English", "Deutsch"
+NEX_THEME=dark                 # Force dark/light theme (overrides auto-detection). Use if colours look wrong for your terminal profile.
 FOOTER_DEBUG=1                 # Write terminal layout debug log to /tmp/footer-debug.log
 ```
 
@@ -264,12 +270,52 @@ nex-code --prompt-file /tmp/task.txt --yolo --json
 | `--delete-prompt-file` | Delete the prompt file after reading (use with `--prompt-file`) |
 | `--auto` | Skip confirmations (non-interactive, no REPL banner) |
 | `--yolo` | Skip all confirmations including dangerous commands |
+| `--server` | Start JSON-lines IPC server (used by the VS Code extension) |
 | `--json` | Output `{"success":true,"response":"..."}` to stdout |
 | `--max-turns <n>` | Override the agentic loop iteration limit |
 | `--model <spec>` | Use a specific model (e.g. `anthropic:claude-sonnet-4-6`) |
 
 ---
 
+## VS Code Extension
+
+nex-code ships with a built-in VS Code extension (`vscode/`) — no separate repo needed. It adds a sidebar chat panel with streaming output, collapsible tool cards, and confirmation dialogs, all styled with VS Code's native theme variables.
+
+**Architecture:** The extension spawns `nex-code --server` as a child process and communicates over a JSON-lines protocol on stdin/stdout. No agent logic is duplicated — the CLI is the single source of truth.
+
+**Requirements:** nex-code must be in `$PATH` — either `npm install -g nex-code` or `npm link` for local development.
+
+**Install:**
+```bash
+cd vscode
+npm install
+npm run package        # syncs version, builds, and creates .vsix
+# Cmd+Shift+P → Extensions: Install from VSIX...
+```
+
+**Settings** (`Settings → Extensions → Nex Code`):
+
+| Setting | Default | Description |
+|---------|---------|-------------|
+| `nexCode.executablePath` | `nex-code` | Path to the nex-code binary |
+| `nexCode.defaultProvider` | `ollama` | LLM provider |
+| `nexCode.defaultModel` | `qwen3-coder:480b` | Model name |
+| `nexCode.anthropicApiKey` | — | Anthropic API key |
+| `nexCode.openaiApiKey` | — | OpenAI API key |
+| `nexCode.ollamaApiKey` | — | Ollama Cloud API key |
+| `nexCode.geminiApiKey` | — | Google Gemini API key |
+| `nexCode.maxTurns` | `50` | Max agentic loop iterations |
+
+**Commands** (`Cmd+Shift+P`):
+
+| Command | Description |
+|---------|-------------|
+| `Nex Code: Clear Chat` | Clear conversation history |
+| `Nex Code: Switch Model` | Pick a different model |
+| `Nex Code: Restart Agent` | Restart the child process (e.g. after source changes) |
+
+---
+
 ## Providers & Models
 
 Switch providers and models at runtime:
@@ -354,13 +400,18 @@ Type `/` to see inline suggestions as you type. Tab completion is supported for
 | `/review [--strict] [file]` | Deep code review: 3-phase protocol (broad scan → grep deep-dive → report), score table, diff fix snippets. `--strict` forces ≥3 critical findings. |
 | `/k8s [user@host]` | Kubernetes overview: namespaces + pod health (remote via SSH optional) |
 | `/setup` | Interactive setup wizard — configure provider, API keys, web search |
+| `/benchmark` | Show model benchmark results (7-day trend) |
+| `/install-skill <url>` | Install a skill from a git repo |
+| `/search-skill <query>` | Search GitHub for nex-code skills |
+| `/remove-skill <name>` | Remove an installed skill |
+| `/audit` | Show tool execution audit summary |
 | `/exit` | Quit |
 
 ---
 
 ## Tools
 
-The agent has 39 built-in tools:
+The agent has 45 built-in tools:
 
 ### Core & File System
 | Tool | Description |
@@ -422,6 +473,8 @@ Requires `.nex/servers.json` — run `/init` to configure. See [Server Managemen
 | `ssh_download` | Download a file or directory via SCP |
 | `service_manage` | Start/stop/restart/reload/enable/disable a systemd service (local or remote) |
 | `service_logs` | Fetch journalctl logs (local or remote, with `--since` support) |
+| `sysadmin` | Senior sysadmin operations on any Linux server (local or SSH). Actions: `audit` (full health overview), `disk_usage`, `process_list`, `network_status`, `package` (dnf/apt auto-detect), `user_manage` (list/create/delete/add\_ssh\_key), `firewall` (firewalld/ufw/iptables auto-detect), `cron` (list/add/remove), `ssl_check` (domain or cert file), `log_tail` (any log), `find_large` (big files by size). Read-only actions run without confirmation; state-changing actions require approval. |
+| `remote_agent` | Delegate a full coding task to a **nex-code instance running on a remote server** via SSH. Writes the task to a temp file, executes `nex-code --prompt-file ... --auto` on the remote, and streams back the result. Requires `.nex/servers.json`. Optional `project_path` (defaults to remote home dir) and `model` override. Timeout: 5 minutes. |
 
 ### Docker
 | Tool | Description |
@@ -434,7 +487,13 @@ Requires `.nex/servers.json` — run `/init` to configure. See [Server Managemen
 ### Deploy
 | Tool | Description |
 |------|-------------|
-| `deploy` | rsync files to a remote server + optional post-deploy script. Supports named configs from `.nex/deploy.json`. |
+| `deploy` | Deploy to a remote server via **rsync** (sync local files) or **git** (git pull on remote) + optional post-deploy script + optional health check. Supports named configs from `.nex/deploy.json`. |
+| `deployment_status` | Check deployment health across all configured servers — server reachability, service status, health checks. Reads `.nex/deploy.json`. |
+
+### Frontend Design
+| Tool | Description |
+|------|-------------|
+| `frontend_recon` | **Mandatory first step before any frontend work.** Scans the project and returns: (1) design tokens — CSS custom properties (`:root`), Tailwind theme colors/fonts, (2) main layout/index page structure, (3) a reference component of the same type (`type=` hint), (4) detected JS/CSS framework stack — Vue/React, Alpine.js v2 vs v3, HTMX, Tailwind, Django. Call this before writing any markup or styles so the agent uses the project's actual design system instead of inventing one. |
 
 **Interactive commands** (vim, top, htop, ssh, tmux, fzf, etc.) are automatically detected and spawned with full TTY passthrough — no separate handling required.
 
@@ -505,10 +564,20 @@ Create `.nex/deploy.json` (or use `/init deploy`):
 {
   "prod": {
     "server": "prod",
+    "method": "rsync",
     "local_path": "dist/",
     "remote_path": "/var/www/app",
     "exclude": ["node_modules", ".env"],
-    "deploy_script": "systemctl restart gunicorn"
+    "deploy_script": "systemctl restart gunicorn",
+    "health_check": "https://myapp.example.com/health"
+  },
+  "api": {
+    "server": "prod",
+    "method": "git",
+    "remote_path": "/home/jarvis/my-api",
+    "branch": "main",
+    "deploy_script": "npm ci --omit=dev && sudo systemctl restart my-api",
+    "health_check": "systemctl is-active my-api"
   }
 }
 ```
@@ -558,7 +627,7 @@ The system prompt enforces substantive responses: the model always presents find
 - **In-Memory Indexing**: A background indexing engine (using `ripgrep` or a fast fallback) keeps project file paths in RAM for instant file discovery, path auto-fixing, and glob searches.
 
 ### Streaming Output
-Tokens appear live as the model generates them. Bouncing-ball spinner during connection, then real-time line-by-line rendering via `StreamRenderer` with markdown formatting and syntax highlighting (JS, TS, Python, Go, Rust, CSS, HTML, and more).
+Tokens appear live as the model generates them. Bouncing-ball spinner during connection, then real-time line-by-line rendering via `StreamRenderer` with terminal width-aware word wrapping, markdown formatting, and syntax highlighting (JS, TS, Python, Go, Rust, CSS, HTML, and more).
 
 ### Paste Detection
 Automatic bracketed paste mode: pasting multi-line text into the prompt is detected and combined into a single input. A `[Pasted content — N lines]` indicator is shown with a preview of the first line. The user must press Enter to send — pasted content never auto-fires. The paste handler stores the combined text and waits for explicit submission.
@@ -581,6 +650,20 @@ Every file change is shown in a diff-style format before being applied:
 - OOM-safe: large diffs (>2000 lines) fall back to add/remove instead of LCS
 - All changes require `[y/n]` confirmation (toggle with `/autoconfirm` or start with `-yolo`)
 
+### Terminal Theme Detection
+Nex Code automatically adapts all colours to your terminal's background:
+
+- **Dark terminals** — bright, saturated palette with `\x1b[2m` dim for muted text
+- **Light/white terminals** — darker, high-contrast palette; dim replaced with explicit grey to stay visible on white backgrounds; command echo uses a light blue-grey highlight instead of dark grey
+
+Detection priority:
+1. `NEX_THEME=light|dark` env var — explicit override, useful if auto-detection is wrong
+2. `COLORFGBG` env var — set by iTerm2 and other terminals
+3. **OSC 11 query** — asks the terminal emulator directly for its background colour (works with Apple Terminal, iTerm2, WezTerm, Ghostty, and most xterm-compatible terminals). Result is cached per terminal session in `~/.nex-code/.theme_cache.json`, so the one-time ~100 ms startup cost only occurs on first launch in each terminal window.
+4. Default → dark
+
+If you use multiple Apple Terminal profiles (e.g. white, dark teal, dark green), each window is detected independently — no manual configuration needed.
+
 ### Auto-Context
 On startup, the CLI reads your project and injects context into the system prompt:
 - `package.json` — name, version, scripts, dependencies
@@ -595,20 +678,43 @@ Automatic token management with compression when the context window gets full. T
 ### Safety Layer
 Three tiers of protection:
 - **Forbidden** (blocked): `rm -rf /`, `rm -rf .`, `mkfs`, `dd if=`, fork bombs, `curl|sh`, `cat .env`, `chmod 777`, reverse shells — 30+ patterns
-- **Dangerous** (requires confirmation): `git push`, `npm publish`, `rm -rf`, `docker rm`, `sudo`, `ssh` — 14 patterns
+- **Critical** (always re-prompted, even in YOLO mode): `rm -rf`, `sudo`, `--no-verify` (hook bypass), `git reset --hard`, `git clean -f`, `git checkout --`, `git push --force` — every run requires explicit confirmation, no exceptions
+- **Notable** (confirmation on first use): `git push`, `npm publish`, `ssh`, `HUSKY=0`, `SKIP_HUSKY=1` — first-time prompt, then respects "always allow"
 - **SSH read-only safe list**: Common read-only SSH commands (`systemctl status`, `journalctl`, `tail`, `cat`, `git pull`, etc.) skip the dangerous-command confirmation
 - **Path protection**: Sensitive paths (`.ssh/`, `.aws/`, `.env`, credentials) are blocked from file operations
+- **Loop detection**: Edit-loop abort after 4 edits to the same file (warn at 2); bash-command loop abort after 8 identical commands (warn at 5); consecutive-error abort after 10 failures (warn at 6)
+- **Stale-stream detection**: Warns after 60 s without tokens (shows retry count + seconds until auto-abort); auto-switches to the fast model on retry 1 and offers interactive recovery when all retries are exhausted
+- **Auto Plan Mode**: Implementation tasks (`implement`, `refactor`, `create`, `build`, `add`, `write`, …) automatically activate plan mode — read-only analysis first, approve before any writes. Disable with `NEX_AUTO_PLAN=0`
+- **Intent-first behavior**: Before executing, the agent understands why you asked. If it finds something that contradicts or already satisfies the task, it asks instead of proceeding blindly
 - **Pre-push secret detection**: Git hook scans diffs for API keys, private keys, hardcoded secrets, SSH+IP patterns, and `.env` leaks before allowing push
 - **Post-merge automation**: Auto-bumps patch version on `devel→main` merge; runs `npm install` when `package.json` changes
 
 ### Sessions
-Save and restore conversations:
+nex-code automatically saves your conversation after every turn. If the process crashes or is closed unexpectedly, the next startup will detect the autosave and offer to restore it:
+
+```
+Previous session found. Resume? (y/n)
+```
+
+Only sessions from the last 24 hours are offered for auto-resume. Older autosaves are silently skipped.
+
+**Session commands:**
+
+| Command | Description |
+|---------|-------------|
+| `/save <name>` | Save current conversation under a named slot |
+| `/load <name>` | Restore a previously saved session |
+| `/sessions` | List all saved sessions with message count and timestamp |
+| `/resume` | Resume the most recently saved session |
+
 ```
-/save my-feature
-/load my-feature
-/resume              # resume last session
+/save my-feature        # save with name
+/load my-feature        # restore by name
+/sessions               # list all saved sessions
+/resume                 # restore the latest session
 ```
-Auto-save after every turn.
+
+Sessions are stored in `.nex/sessions/` as JSON files. Auto-saves always write to `_autosave` (overwritten each turn). Writes are atomic — a temp file is written and renamed, so a crash mid-write never corrupts the saved state.
 
 ### Memory
 Persistent project memory that survives across sessions:
@@ -636,9 +742,18 @@ A project-scoped knowledge base stored in `.nex/brain/`. The agent automatically
 The agent uses the `brain_write` tool to save discoveries automatically. All writes are tracked in git so you can review, revert, or audit what the agent has stored.
 
 ### Plan Mode
-Analyze before executing — the agent explores the codebase with read-only tools, produces a structured plan, then you approve before any changes are made:
+Analyze before executing — the agent explores the codebase with read-only tools, produces a structured plan, then you approve before any changes are made.
+
+**Auto Plan Mode** — nex-code automatically activates plan mode when it detects an implementation task (prompts containing `implement`, `refactor`, `create`, `build`, `add`, `write`, etc.). No manual `/plan` needed:
 ```
-/plan refactor the auth module   # enter plan mode with optional task
+> implement a search endpoint    # → Auto Plan Mode activates immediately
+> refactor the auth module       # → Auto Plan Mode activates immediately
+> how does auth work?            # → normal mode (question, not implementation)
+```
+Disable with `NEX_AUTO_PLAN=0` if you prefer manual control.
+
+```
+/plan refactor the auth module   # manual: enter plan mode with optional task
 /plan status                     # show extracted steps with status icons
 /plan edit                       # open plan in $EDITOR (nano/vim/code) to modify
 /plan approve                    # approve and exit plan mode (all tools re-enabled)
@@ -668,16 +783,16 @@ Visualize the project structure:
 ```
 Automatically excludes `node_modules`, `.git`, `dist`, `build`, `coverage`, and all entries listed in `.gitignore`. Directories are sorted before files.
 
-### Undo / Redo
-In-session undo/redo for all file changes (write, edit, patch):
+### Undo / Redo (Persistent)
+Undo/redo for all file changes (write, edit, patch) — **survives restart**:
 ```
 /undo                # undo last file change
 /redo                # redo last undone change
 /history             # show file change history
 ```
-Undo stack holds up to 50 changes. `/clear` resets the history.
+Undo stack holds up to 50 changes, persisted to `.nex/history/`. Large files (>100KB) are deduplicated via SHA-256 blob storage. History is auto-pruned after 7 days. `/clear` resets the in-memory stack.
 
-> **Snapshots vs Undo**: `/undo` operates on the in-memory change stack for fine-grained per-file rollback within a session. `/snapshot` + `/restore` use git stash for broader checkpoints across multiple files or sessions.
+> **Snapshots vs Undo**: `/undo` operates on the persistent change stack for fine-grained per-file rollback across sessions. `/snapshot` + `/restore` use git stash for broader checkpoints across multiple files.
 
 ### Desktop Notifications
 On macOS, nex-code fires a system notification when a task completes after ≥ 30 seconds — useful when running long autonomous tasks in the background. No configuration needed; requires macOS Notification Center access.
@@ -707,10 +822,13 @@ When the agent creates a task list, a **live animated display** replaces the sta
 ### Sub-Agents
 Spawn parallel sub-agents for independent tasks:
 - Up to 5 agents run simultaneously with their own conversation contexts
-- File locking prevents concurrent writes to the same file
+- File locking prevents concurrent writes to the same file (intra-process sub-agents)
 - Multi-progress display shows real-time status of each agent
 - Good for: reading multiple files, analyzing separate modules, independent research
 
+### Parallel Sessions
+Running multiple nex-code instances in the same project directory is safe. All shared state files (`.nex/memory/memory.json`, `.nex/config.json`, `NEX.md`, brain index) use advisory inter-process locking (`O_EXCL` lock files with stale-lock reclaim) and atomic writes (temp file + `rename`). A session in Terminal A and a session in Terminal B can both call `/remember`, `/allow`, or `/learn` simultaneously without data corruption.
+
 **Multi-Model Routing** — Sub-agents auto-select the best model per task based on complexity:
 - **Read/search/list** tasks → fast models (essential tier)
 - **Edit/fix/analyze** tasks → capable models (standard tier)
@@ -787,7 +905,7 @@ Four features that make Nex Code significantly more reliable with open-source mo
 **Tool Tiers** — Dynamically reduces the tool set based on model capability:
 - **essential** (5 tools): bash, read_file, write_file, edit_file, list_directory
 - **standard** (21 tools): + search_files, glob, grep, ask_user, git_status, git_diff, git_log, task_list, ssh_exec, service_manage, service_logs, container_list, container_logs, container_exec, container_manage, deploy
-- **full** (33 tools): all tools
+- **full** (45 tools): all tools
 
 Models are auto-classified, or override per-model in `.nex/config.json`:
 ```json
@@ -854,6 +972,92 @@ module.exports = {
 
 Skills are loaded on startup. All enabled by default. Disabled skills tracked in `.nex/config.json`.
 
+### Global Skills (`~/.nex-code/skills/`)
+
+Skills placed in `~/.nex-code/skills/` are loaded globally across all projects. Useful for cross-project workflows.
+
+**Example: `server-agent.md`** — instructs nex-code on your Mac to delegate tasks to a nex-code instance on a remote server using the `remote_agent` tool. Define a project→server mapping table in the skill so the agent knows which path to use for each project name.
+
+### Skill Marketplace
+
+Install community skills directly from git:
+
+```
+/install-skill https://github.com/user/nex-skill-deploy
+/install-skill user/nex-skill-deploy       # shorthand
+/search-skill kubernetes                    # search GitHub
+/remove-skill deploy                        # uninstall
+```
+
+Skills are cloned to `.nex/skills/{name}/` and validated (must contain `skill.json`, `.md`, or `.js` files).
+
+### Built-in Skills
+
+nex-code ships with built-in skills in `cli/skills/`:
+- **devops** — DevOps agent instructions for SSH, Docker, deploy, and infrastructure tools
+
+Built-in skills are loaded automatically. Project skills with the same name override built-ins.
+
+---
+
+## Plugins
+
+Extend nex-code with custom tools and lifecycle hooks via `.nex/plugins/`:
+
+```javascript
+// .nex/plugins/my-plugin.js
+module.exports = function setup(api) {
+  api.registerTool({
+    type: 'function',
+    function: { name: 'my_tool', description: 'Custom tool', parameters: { type: 'object', properties: {} } }
+  }, async (args) => {
+    return 'result';
+  });
+
+  api.registerHook('onToolResult', (data) => {
+    console.log(`Tool ${data.tool} completed`);
+    return data;
+  });
+};
+```
+
+**Events:** `onToolResult`, `onModelResponse`, `onSessionStart`, `onSessionEnd`, `onFileChange`, `beforeToolExec`, `afterToolExec`
+
+Plugins are loaded automatically on startup. Hook handlers can modify event data (return the modified object).
+
+---
+
+## Audit Logging
+
+When `NEX_AUDIT=1` is set, all tool executions are logged to `.nex/audit/YYYY-MM-DD.jsonl`:
+
+```
+/audit                # show summary (total calls, success rate, per-tool breakdown)
+```
+
+Arguments are automatically sanitized — keys matching `key`, `token`, `password`, `secret`, or `credential` are masked. Long values (>500 chars) are truncated.
+
+---
+
+## Team Permissions
+
+Permission presets for team environments:
+
+| Preset | Description |
+|--------|-------------|
+| `readonly` | Search and read tools only — no writes, no deploys |
+| `developer` | All tools except deploy, ssh_exec, service_manage |
+| `admin` | Full access to all tools |
+
+Configure in `.nex/config.json`:
+```json
+{
+  "permissionPreset": "developer"
+}
+```
+
+Works alongside the existing per-tool `/allow` and `/deny` system.
+
 ---
 
 ## MCP
@@ -912,7 +1116,7 @@ Or place executable scripts in `.nex/hooks/`:
 ```
 bin/nex-code.js          # Entrypoint (shebang, .env, startREPL)
 cli/
-├── index.js             # REPL + ~39 slash commands + history persistence + AbortController
+├── index.js             # REPL + ~45 slash commands + history persistence + AbortController
 ├── agent.js             # Agentic loop + conversation state + compact output + résumé + abort handling
 ├── providers/           # Multi-provider abstraction
 │   ├── base.js          # Abstract provider interface
@@ -922,33 +1126,37 @@ cli/
 │   ├── gemini.js        # Google Gemini provider
 │   ├── local.js         # Local Ollama server
 │   └── registry.js      # Provider registry + model resolution + provider routing
-├── tools.js             # 17 tool definitions + implementations + auto-fix engine
+├── tools.js             # 45 tool definitions + implementations + auto-fix engine
 ├── sub-agent.js         # Parallel sub-agent runner with file locking + model routing
 ├── tasks.js             # Task list management (create, update, render, onChange callbacks)
-├── skills.js            # Skills system (prompt + script skills)
+├── skills.js            # Skills system (prompt + script + marketplace)
+├── plugins.js           # Plugin API (registerTool, registerHook, event system)
+├── audit.js             # Tool execution audit logging (JSONL + sanitization)
 ├── mcp.js               # MCP client (JSON-RPC over stdio)
 ├── hooks.js             # Hook system (pre/post events)
 ├── context.js           # Auto-context (package.json, git, README) + generateFileTree()
-├── context-engine.js    # Token management + context compression
+├── context-engine.js    # Token management + relevance-based context compression
 ├── session.js           # Session persistence (.nex/sessions/)
 ├── memory.js            # Project memory (.nex/memory/ + NEX.md)
-├── permissions.js       # Tool permission system
+├── filelock.js          # Inter-process file locking (atomicWrite + withFileLockSync)
+├── permissions.js       # Tool permission system + team presets (readonly/developer/admin)
 ├── planner.js           # Plan mode, step extraction, step cursor, autonomy levels
 ├── git.js               # Git intelligence (commit, diff, branch)
 ├── render.js            # Markdown + syntax highlighting + StreamRenderer + EPIPE guard
 ├── format.js            # Tool call formatting, result formatting, compact summaries
-├── spinner.js           # Spinner, MultiProgress, TaskProgress display components
+├── spinner.js           # Spinner, MultiProgress, TaskProgress, ToolProgress display components
 ├── diff.js              # LCS diff (Myers + Hirschberg) + colored output + side-by-side view
 ├── fuzzy-match.js       # Fuzzy text matching for edit auto-fix (Levenshtein, whitespace normalization)
-├── file-history.js      # In-session undo/redo + named git snapshots
+├── file-history.js      # Persistent undo/redo + named git snapshots + blob storage
 ├── picker.js            # Interactive terminal picker (model selection)
 ├── costs.js             # Token cost tracking + per-provider budget limits
 ├── safety.js            # Forbidden/dangerous pattern detection
 ├── tool-validator.js    # Tool argument validation + auto-correction
-├── tool-tiers.js        # Dynamic tool set selection per model + model tier lookup
+├── tool-tiers.js        # Dynamic tool set selection per model + model tier lookup + edit mode
 ├── footer.js            # Sticky footer (scroll region, status bar, input row, resize, FOOTER_DEBUG)
 ├── ui.js                # ANSI colors, banner + re-exports from format.js/spinner.js
-├── index-engine.js      # In-memory file index (ripgrep/fallback)
+├── index-engine.js      # In-memory file index (ripgrep/fallback) + semantic content index
+├── skills/devops.md     # Built-in DevOps agent skill
 ├── auto-fix.js          # Path resolution, edit matching, bash error hints
 ├── tool-retry.js        # Malformed argument retry with schema hints
 └── ollama.js            # Backward-compatible wrapper
@@ -998,7 +1206,7 @@ Project-local configuration and state (gitignored):
 
 ## Performance
 
-Nex Code v0.3.7+ includes comprehensive performance optimizations:
+Nex Code v0.3.45+ includes comprehensive performance optimizations:
 
 | Optimization | Improvement | Impact |
 |--------------|-------------|--------|