Scalix Coder
AI coding agent for your terminal and VS Code — edit code, run commands, and build with Scalix
███████╗ ██████╗ █████╗ ██╗ ██╗██╗ ██╗
██╔════╝██╔════╝██╔══██╗██║ ██║╚██╗██╔╝
███████╗██║ ███████║██║ ██║ ╚███╔╝
╚════██║██║ ██╔══██║██║ ██║ ██╔██╗
███████║╚██████╗██║ ██║███████╗██║██╔╝ ██╗
╚══════╝ ╚═════╝╚═╝ ╚═╝╚══════╝╚═╝╚═╝ ╚═╝
c o d e rScalix Coder is an AI coding agent that runs in your terminal and as a VS Code extension. It gives the model direct, sandboxed access to your codebase — file editing, shell, search, git, web, and more — so you can build, refactor, and debug in plain language. It runs on your Scalix account's models (the Scalix Lumio family) and can be pointed at any OpenAI-compatible endpoint you bring.
It's a separate product from Scalix Cloud — install it on its own; no platform account is required to try it, though connecting your Scalix API key unlocks the hosted models.
Install
npm install -g scalix
scalix # launch the terminal agent in your projectOn first run you'll be prompted for an API key (create one in the console). The key is
stored in your OS credential store — macOS Keychain, Windows DPAPI, or Linux
secret-tool — never in a plaintext file. (Set SCALIX_NO_KEYCHAIN=1 to keep it in the
config file instead, e.g. in CI.) The agent then discovers the models available to
your account.
Permission modes
Coder never edits files or runs commands without your control. Switch modes at any time:
| Mode | Behavior |
|---|---|
plan | Read-only — explores and proposes, never writes |
default | Asks before each file write or command |
auto | Auto-approves safe edits/commands; asks on risky ones |
yolo | Full autonomy (use in a sandbox/disposable checkout) |
Approvals fail closed: if there's nothing to ask (headless runs, a disconnected UI),
anything that would need confirmation is denied rather than silently allowed — only
yolo bypasses confirmation. You can also define scoped permission rules in settings
to always-allow or always-deny specific tools by name and arguments (e.g. allow
run_command only for npm test).
What it can do
40 built-in tools, grouped:
- Code — read, write, and surgically edit files; ripgrep search; directory tree; Jupyter notebooks
- Shell & git — run commands, stage/commit, create and undo checkpoints
- Web & browser — fetch pages, web search, and headless browser automation (navigate, click, type, screenshot)
- Vision & voice — analyze images; voice input
- Sub-agents — delegate a task to an isolated agent with its own scoped tools
Plus: auto-compression for long sessions, per-model context limits, complexity-based model routing with fallback, and token/cost tracking with per-session/day/month budgets.
VS Code extension
The same agent ships as a VS Code sidebar — install Scalix Coder from the Marketplace:
code --install-extension scalix.scalixInline diffs, inline chat (Cmd+I), tab
completion, codebase search, a model picker, checkpoints, and session history. Tool
permissions are approved right in the chat — allow once, always-allow a tool for the
session, or deny — and a live chip tracks the session's tokens and cost. Checkpoints
snapshot your working tree without touching it, so restoring is always safe.
Safety
Coder runs inside a security sandbox: path-traversal prevention with symlink resolution, a command blocklist, secret-scrubbed environments for spawned commands and hooks, prompt-injection detection on fetched content, and SSRF protection that blocks private networks, cloud metadata endpoints, DNS rebinding, and encoded-IP tricks. Combined with the permission modes, you stay in control of every side effect.
Workspace trust. Project-local executable surfaces — plugins, hooks, rules, and
local settings overrides — only load in workspaces you've explicitly trusted, so
opening a freshly cloned repo never silently runs its code. Trust a workspace with
/trust in the terminal UI; in VS Code, Coder follows VS Code's own workspace-trust
decision. For CI and headless runs, set SCALIX_TRUST_WORKSPACE=1.
Customize
- Custom commands — reusable prompts in
.scalix/commands/*.md - Plugins — add your own tools under
.scalix/plugins/ - Hooks — pre/post tool-use hooks via
.scalix/hooks.json, written in POSIX shell (on Windows they run through Git Bash); a hook that times out blocks the tool call - Project memory — Coder auto-detects your stack, conventions, and git context
Plugins, hooks, and rules are gated behind workspace trust (see above).
How it relates to the rest of Scalix
- Scalix Coder (this) — the coding agent you run locally.
- Scalix Cloud — the platform Coder can deploy to (databases, functions, storage, AI).
- MCP & agent-native — operate Scalix Cloud from any AI agent, not just Coder.