Documentation

v2.0.0

Getting Access

11ku7-ai-nodecoder uses a community-funded access model with two authentication paths: Community Key for shared short access and Contribution Login for personal 30-day access. The hosted Server Agent runtime unlocks through one of these paths on first launch:

🌐 Community Key (Free Access)

When the community funding goal is reached, a Community Key is generated and available to everyone for 2 hours. No registration required:

  1. Check api.11ku7-ai.com for an active community key
  2. Copy the key displayed on the dashboard
  3. When 11ku7-ai-nodecoder prompts for authentication, select "Community Key"
  4. Paste the key — you're in! No account needed

Community keys expire after 2 hours. When expired, re-check the dashboard for a new key.

🔑 Contribution Login (30-Day Personal Access)

For extended access, contribute at api.11ku7-ai.com to receive personal 30-day access. This requires a registered account and unlocks the hosted Server Agent runtime for your account:

Step 1: Register

  • Visit api.11ku7-ai.com and create an account (username: 5-8 chars, password: 8-32 chars)
  • After registration, you will be shown a 12-word recovery phrase
  • ⚠️ Save this phrase immediately! It is shown only once and cannot be recovered. You need it to reset your password or revoke compromised sessions.

Step 2: Contribute & Activate Login

  • Log in at the dashboard and make a contribution
  • Your 30-day contribution login access is linked to your account

Step 3: Login in 11ku7-ai-nodecoder

  • Launch 11ku7-ai-nodecoder — select "Login" at the auth prompt
  • Enter your registered username and password
  • Your device is locked to your account — one active device per contribution login
  • JWT tokens are saved locally and refresh automatically

Contribution login does more than extend time. It unlocks the premium hosted Server Agent layer: server-delivered prompts, agent strategies, essential tool policy, and the broader advanced tool registry maintained by the backend.

🔐 If You Forget Your Password or Get Compromised

Use the 12-word recovery phrase you saved during registration:

  • Reset password: Go to api.11ku7-ai.com → "Forgot Password" → enter username + recovery phrase + new password
  • Revoke compromised session: Dashboard → "Revoke Device" → enter recovery phrase to instantly kill the active session from any device
  • Then re-login in 11ku7-ai-nodecoder with your new credentials

Installation

📦 Method 1: Install via npm (Recommended)

Install globally to get CLI commands available system-wide: 

npm install -g 11ku7-ai-nodecoder

Available commands after install:

Command Description
nodecoder Launch the Terminal UI (CLI)
nodecoder-web Launch in headless WebUI mode (browser-only, no TUI)
nodecoder-web --remote WebUI with LAN/remote access enabled
nodecoder-web --remote --tunnel cloudflare WebUI with Cloudflare tunnel for public HTTPS access
nodecoder-web --remote --tunnel tailscale WebUI with Tailscale tunnel for private network access
nodecoder-web --port 8080 WebUI on a custom port
nodecoder-telegram Launch the Telegram bot interface
nodecoder-daemon Launch the no-TUI daemon CLI for REPL, automation, or one-shot prompts

🔧 Method 2: Run Locally

Clone the repository and run locally — ideal for contributing or customizing: 

git clone https://github.com/dheeraj21/11ku7-ai-nodecoder.git
cd 11ku7-ai-nodecoder
npm install

Windows users: Use the Windows-specific install for terminal support: 

npm run install:windows

Run locally using node directly:

Command Description
node index.js Launch the Terminal UI (CLI)
node headless.js Launch in headless WebUI mode
node headless.js -- remote Launch in headless WebUI mode access on same wifi network
node headless.js --remote --tunnel cloudflare WebUI with Cloudflare tunnel
node headless.js --remote --tunnel tailscale WebUI with Tailscale tunnel
node telegram.js Launch the Telegram bot interface
node daemon.js Launch the daemon CLI for no-TUI automation and persistent sessions

Upon first launch, you'll be prompted to accept a disclaimer and then authenticate with your community key or contribution login. Server Agent features unlock through that active access, while custom-agent workflows can also run from local configuration. Select a UI theme from 22+ options and choose from multiple AI providers including Gemini, OpenAI, Claude, Groq, Grok, OpenRouter, Ollama, or custom endpoints. Configure your API keys in the .env file. The application starts in Agent Mode by default.

Supported Platforms

🪟 Windows 🐧 Linux 🍎 macOS 📱 Termux (Android) 💻 WSL

Note: Requires Node.js 18.0.0 or higher. Windows uses node-pty for native PTY support (installed automatically as an optional dependency). Linux/macOS/Termux uses Python's pty module.

Core Modes

  • Agent Mode (Default): The autonomous AI developer. Plans multi-step operations, executes shell commands, edits files, analyzes code, and self-corrects. Uses intelligent tool selection to accomplish complex goals.
  • Chat Mode (/chat): A general conversational interface where the AI responds without tool use, ideal for open-ended discussions and quick questions.

Agent Runtime Selection

☁️ Server Agent

Uses authenticated backend-delivered prompts, strategies, tool definitions, and essential tool policy. This is the premium hosted runtime unlocked through community access or contribution login.

🛠️ Custom Agent

Runs from nodecoder-agents.js and can redefine the system prompt, local, hybrid, remote, and skills strategies, essential tool access, and custom tools. This is more powerful than skills because it redesigns the agent runtime itself.

🔀 Both Mode

Keeps the hosted Server Agent toolset active while also loading local custom tools and custom strategy prompts from your custom agent config.

Custom agents can run fully server-free with server_tools: false, and support both inline tool handlers and external tool implementation patterns through the custom agent blueprint examples.

Daemon Mode

Daemon mode runs the agent as a no-TUI standard I/O process for servers, automation flows, and persistent command-line sessions.

  • Interactive REPL: Start nodecoder-daemon or node daemon.js to run without the terminal UI
  • One-shot execution: Use --prompt to run a single prompt and exit automatically
  • Persistent sessions: Use --session to keep long-lived state for automation or service workflows
  • Runtime selection: Supports --agent server, custom, and both

Toggle Features

  • Auto Mode (/auto [on|off]): When enabled, the agent acts autonomously without asking for confirmations, even for potentially dangerous operations. Self-validates and corrects plans automatically.
  • Web Search Integration (/websearch [on|off]): Enables live web search, result navigation, and direct page-text extraction through the built-in browser search flow.
  • OS Notifications (/notify [on|off]): Toggle desktop notifications and terminal bells for agent events and task completions.
  • MCP (/mcp [on|off]): Toggle Model Context Protocol integration for extended tool access.
  • GitHub (/github [on|off]): Toggle GitHub integration for repository management.
  • Skills (/skills [on|off]): Toggle the skill system. Active skills inject structured workflow guidance from SKILL.md and can expose on-demand scripts/, references/, and assets/ resources.
  • Memory (/memory [on|off]): Toggle persistent agent memory. When enabled, the agent retains context and learnings across sessions.

Commands Reference

Mode Commands

  • /agent: Switch to Agent Mode (Autonomous Developer - Default)
  • /auto [on|off]: Toggle Auto Mode for fully autonomous operation
  • /chat: Switch to Chat Mode (General Conversation)
  • /digest: Toggle Digest Mode or process a path (e.g., /digest ./my_project)

Integration Commands

  • /websearch [on|off]: Toggle web search integration for live search and page reading
  • /mcp [on|off]: Toggle MCP (Model Context Protocol) integration
  • /github [on|off]: Toggle GitHub integration
  • /skills [on|off]: Toggle agent skill system
  • /memory [on|off]: Toggle persistent agent memory
  • /notify [on|off]: Toggle OS notifications
  • /crp: Select Current Repository (Change Remote Context)

Cron Jobs (Scheduling)

  • /cron: List all scheduled jobs
  • /cron add <schedule> <prompt>: Schedule a new task (e.g., /cron add every 5 minutes Tell me a joke)
  • /cron remove <id>: Delete a scheduled job
  • /cron toggle <id>: Pause or resume a job
  • /cron presets: Show common schedule presets

Google Workspace (GWS)

  • /gws on: Enable GWS tools (Gmail, Calendar, Drive, etc.)
  • /gws off: Disable GWS tools
  • /gws auth: Authenticate with Google (opens browser)
  • /gws disconnect: Revoke tokens and disable tools

🛠️ GWS Setup Guide

  1. Go to Google Cloud Console and create a new project.
  2. Enable Gmail, Calendar, Drive, Docs, and Sheets APIs in the Library.
  3. Configure OAuth consent screen (External) and add test users.
  4. Create Credentials > OAuth client ID (Web application).
  5. Add Authorized redirect URI: http://localhost:3000/auth/google/callback
  6. Run /gws on and enter your Client ID and Client Secret.

File & Context Commands

  • /browse: Open file browser to attach files (images, PDFs, text)
  • /detach: Detach all currently attached files
  • /cwd: Open folder browser to set working directory
  • /clear: Clear chat history and memory for search

Session & Utility Commands

  • /help: Display comprehensive command list
  • /model: Switch between AI models and providers
  • /session: Open Session Manager
  • /savecon: Save conversation to markdown
  • /webui: Toggle Web UI (http://localhost:3000)
  • /logout: Logout from contribution login session
  • /exit: Exit the application

UI Navigation (Key Bindings)

  • Esc: Disable input focus (switch to folder tree navigation)
  • i: Re-enable input focus
  • c: Focus the chat area for scrolling
  • s: Focus the save conversation button
  • t: Focus terminal input box
  • Tab: Cycle modes (Agent → Chat)
  • Ctrl+Enter (in input): Enter to next line
  • q or Ctrl+C: Exit the application
  • Up/k (in chat): Scroll chat content up
  • Down/j (in chat): Scroll chat content down
  • Enter (in tree): Toggle folder expand/collapse

For detailed information on any command, type /help or ask the AI directly in Agent Mode.



Security & Session Management

11ku7-ai-nodecoder uses a multi-layered security model built on JWT tokens, device locking, and server-side session management. Here's how each layer works and how to regain control if your account is compromised.

🔑 JWT Token Lifecycle

  • Access Token — Expires every 1 hour. Every API call is verified against this token. When it expires, the client automatically re-authenticates.
  • Refresh Token — Matches the remaining lifetime of your contribution login access (up to 30 days). Used to issue new access tokens without re-entering credentials.
  • Session Verification — On each API call, the server checks that your session still exists in the database. If the session has been revoked (remotely or via auto-cleanup), the server returns a SESSION_REVOKED code and the client logs out immediately.
  • Device ID Binding — Tokens are bound to a unique device fingerprint (stored in ~/.device_uuid). Using a token from a different device is blocked.

🚪 Three Ways to Logout

If your program is compromised or you need to terminate a session, there are three independent methods:

1. CLI / Telegram /logout

  • Clears device lock on the server
  • Deletes active session identifier from database
  • Removes ACCESS_TOKEN, REFRESH_TOKEN, and ACTIVE_LOGIN_IDENTIFIER from local .env file
  • Returns you to the authentication screen

2. Remote Device Revocation (via Dashboard)

  • Go to api.11ku7-ai.com and log in
  • Click "Revoke Device" and enter your 12-word recovery phrase
  • The server immediately deletes the session and clears the device lock
  • The CLI tool detects SESSION_REVOKED on its next API call and auto-logs out
  • ⚡ This works from any device — you don't need access to the compromised machine

3. Server Auto-Cleanup

  • The server runs a cleanup cycle every 10 seconds
  • Automatically removes sessions for users whose contribution login access has expired
  • No action required — expired sessions are purged automatically

🔐 Forgot Password / Account Recovery

When you register, you receive a 12-word BIP39 mnemonic recovery phrase. This phrase is your master key for account recovery:

  • Reset Password: Visit api.11ku7-ai.com, enter your username, recovery phrase, and new password (8-32 characters)
  • Revoke Compromised Session: Use the same recovery phrase via the dashboard's "Revoke Device" feature to immediately kill an active session
  • ⚠️ Store your recovery phrase securely! It cannot be recovered if lost. It is shown only once during registration.

🛡️ If Your Account Is Compromised

  1. Revoke the active session — Go to api.11ku7-ai.com, log in, and use "Revoke Device" with your recovery phrase. This kills the session instantly.
  2. Reset your password — On the same dashboard, use "Forgot Password" with your recovery phrase to set a new password.
  3. Re-login on your device — Launch 11ku7-ai-nodecoder, log in with your new credentials. A new device lock and session will be created.

Because the JWT access token expires every hour and each API call verifies the session server-side, a revoked session is detected and terminated within minutes — even if the attacker has your tokens.

Web UI & Headless Mode

11ku7-ai-nodecoder includes a full browser-based IDE interface that can run alongside the TUI or in headless mode (no terminal required).

This headless Web UI mode is separate from Daemon Mode. Headless mode serves the browser IDE, while daemon mode runs a no-TUI CLI over standard input/output for automation and background execution.

Starting the Web UI

  • Alongside TUI: Type /webui to toggle on, then visit http://localhost:3000
  • Headless Mode (npm install): Run nodecoder-web — no TUI, browser-only
  • Headless Mode (Run locally): Run node headless.js
  • Remote Access: nodecoder-web --remote — enables LAN access
  • With Cloudflare Tunnel: nodecoder-web --remote --tunnel cloudflare — auto-provisions a Cloudflare tunnel for public HTTPS access
  • With Tailscale Tunnel: nodecoder-web --remote --tunnel tailscale — uses Tailscale for private network access
  • Custom Port: nodecoder-web --port 8080 — sets a custom port (default: 3000)

Web UI Features

  • IDE-style layout with collapsible file explorer
  • Monaco editor for viewing and editing files
  • Real-time chat with markdown rendering and syntax highlighting
  • Status bar with all toggle controls (agent mode, web search, GitHub, MCP, skills)
  • CWD picker, session manager, and model switcher modals
  • File upload for attachments (images, PDFs, text files)
  • Mobile-responsive design
  • Gateway token authentication for secure remote connections

Telegram Bot Interface

Access 11ku7-ai-nodecoder from any device with Telegram installed. The bot mirrors the terminal experience with full command support.

Setup

  1. Create a bot via @BotFather on Telegram
  2. Add your bot token and Telegram chat ID to the .env file as TELEGRAM_BOT_TOKEN and TELEGRAM_CHAT_ID
  3. Start the Telegram bot:
    • npm install: nodecoder-telegram
    • Run locally: node telegram.js
  4. The bot connects automatically and you can begin chatting

Telegram Commands

Setup

  • /start — Begin setup wizard
  • /auth — Authenticate
  • /provider — Select AI provider & model
  • /session — Manage sessions
  • /logout — Log out and clear auth

Settings

  • /cwd — Folder browser (or /cwd <path>)
  • /browse — Attach files from CWD
  • /detach — Remove all attachments
  • /auto — Toggle auto-mode
  • /memory — Toggle memory
  • /mode — Toggle agent/chat mode
  • /status — Show status dashboard

Integrations

  • /crp — Clone/select GitHub repo
  • /websearch — Toggle live web search and page reading
  • /skills — Toggle agent skills (on/off/list)
  • /mcp — Toggle MCP servers (on/off/list)

Control

  • /stop — Interrupt agent
  • /shutdown — Stop bot
  • /help — Show help message

Features

  • Inline keyboard buttons for consent/approval prompts
  • File upload and download support (drag-drop)
  • Markdown/HTML formatted messages with syntax highlighting
  • Status bar toggles via interactive buttons
  • Owner-only access with rate limiting

Cross-Platform PTY Terminal

The agent's shell execution uses true pseudo-terminal (PTY) emulation, with platform-specific implementations that provide persistent, interactive terminal sessions.

🐧 Linux / macOS / Termux

  • Uses Python's pty module
  • Spawns bash/zsh via pty.spawn()
  • Full signal forwarding (Ctrl+C → SIGINT)
  • Works natively on Termux (Android)

🪟 Windows

  • Uses node-pty native addon
  • Spawns PowerShell with ConPTY
  • Custom prompt suppression for clean output
  • ANSI escape code stripping

Shared Architecture

  • Persistent sessions: Terminal stays alive across tool calls, preserving env vars and cwd
  • Output buffering: Ring buffer with configurable timeouts and exit code detection
  • Smart cleanup: ANSI sequences stripped before feeding output to AI
  • Timeout protection: 30s default with automatic process interruption

Diff Validation Engine

A multi-pass validation system that catches AI code generation errors before applying changes to your codebase.

  • Structural validation: Checks syntax integrity of generated diffs
  • Holographic analysis: Uses the Holograph engine to validate scope and symbol consistency
  • Match verification: Ensures SEARCH blocks match actual file content
  • Bracket balance: Validates brace/bracket/paren matching in modified code
  • Auto-retry: On validation failure, automatically re-prompts the AI with specific error guidance

Diff Validation handles structural correctness first. After that, the separate Review Council layer audits the proposed change for scope, completeness, and unintended edits.

Review Council

Review Council is an independent AI review layer that audits generated diffs before they are applied. It is designed to separate code generation from code review so the system can catch risks that a single agent may miss.

  • Independent diff audit: reviews the proposed change against the user goal and confirmed plan
  • Scope enforcement: catches unrelated additions, deletions, and accidental rewrites
  • Completeness checks: verifies that planned changes were actually made
  • Structural evidence: can use holographic code-graph evidence to detect risky symbol removals
  • Fix guidance: returns specific rejection reasons and suggestions for the next attempt

Core Agent Tools

Tooling is layered. Custom agents start from a configurable essential tool base, while the hosted Server Agent can additionally unlock the larger server-side registry from toolRegistry.

Essential Tools For Custom Agents

Base tools:

execute_shell, load_file_full, web_search, browser_read_page, general_chat, provide_code_analysis, read_pdf_page_visual, manage_cron_job

Google Workspace essentials:

send_gmail, read_emails, read_calendar, create_calendar_event, search_drive, read_drive_file, read_sheet, write_sheet, create_sheet, batch_update_sheet, create_doc, read_doc, insert_text_doc, batch_update_doc

Computer-use essentials:

computer_screenshot, computer_mouse_move, computer_mouse_click, computer_keyboard_type, computer_keyboard_press

Hosted Server Agent Tool Registry

Core hosted editing and analysis tools:

download_asset, terminal_parallel, terminal_watch, scan_vulnerabilities, get_file_dependencies, find_symbol_definition, run_diagnostics, generate_edit_plan, apply_change_interactive, apply_multi_file_change

GitHub-hosted tools:

github_create_repo, github_list_repos, github_delete_repos, github_explore_repo, github_load_file_full, github_apply_change_interactive, github_write_file, github_read_file, github_create_issue, github_list_issues, github_read_issue, github_comment_issue, github_close_issue, github_create_branch, github_create_pr, github_sync_changes

Computer & Mobile Use

11ku7-ai-nodecoder can operate beyond files and shell commands by grounding the agent in live screen control on desktop and Android environments.

🖱️ Computer Use (Windows + WSL)

  • Captures live screenshots with a visual coordinate grid overlay
  • Supports mouse movement, left/right/double clicks, typing, and hotkeys
  • Designed for visual grounding so the agent reads coordinates instead of guessing them
  • Useful for browser tasks, desktop apps, and GUI-driven workflows

📱 Mobile Use (Termux + ADB)

  • Uses wireless ADB from Termux to capture the Android screen live
  • Supports taps, long-press, text input, key events, and recent-app switching
  • Applies the same coordinate-grid grounding model used for desktop control
  • Lets the agent adapt the same action model from computer use to mobile automation

Agent Skill System

Extend the agent with structured skill packages. Skills use a required SKILL.md file plus optional resources, and are injected into the active workflow only when enabled.

How It Works

  1. Create a skill folder containing a required SKILL.md with metadata and instructions
  2. Skills are auto-discovered from the configured skill directories
  3. Toggle skills on/off with /skills or via the WebUI skills modal
  4. Enabled skills are injected into the agent prompt as the primary workflow guide for that session
  5. Optional scripts/, references/, and assets/ resources are loaded on demand instead of bloating the base context

Benefits

  • Reduces base context token usage through progressive disclosure
  • User-configurable per session from both TUI and WebUI
  • Scripts can be executed directly by the agent, while references and assets stay available as support material
  • Complements custom agents, but does not replace them: skills customize workflows, while custom agents customize the agent runtime itself