MONOSPACE


TOOLCHAINNº 004

One Maintainer, 313,000 Lines of Rust

jcode calls itself 'possibly the greatest coding agent ever built.' The code is more real than the swagger suggests — and the supply chain is exactly as risky as it sounds.

The Cargo.toml description reads like a movie poster: “Possibly the greatest coding agent ever built — blazing-fast TUI, multi-model, swarm coordination, 30+ tools.” Behind it: one maintainer, Jeremy Huang, and a public git history of exactly 200 commits squash-pushed across five days in May. This is precisely the kind of project that is either a hidden gem or a vibes-driven kitchen sink, and the study’s job was to find out which.

The Premise

jcode is a TUI-first, daemon-backed, multi-session coding-agent harness in 313,000 lines of Rust. One local runtime wires Claude, OpenAI, Gemini, Bedrock, Copilot, and dozens more behind a single client — subscription OAuth included, so it runs without an API key. The pitch stacks next-generation features: swarm coordination, autonomous overnight mode, always-on ambient mode, self-modification, cross-session semantic memory, an iOS companion.

The Machine

The architecture is more disciplined than the marketing. A daemon on a Unix socket survives its clients and holds session state, the agent loop, a shared MCP pool, and the swarm coordinator; 43 provider presets resolve to 11 actual transport implementations. The headline features are real code, not stubs: the swarm engine is ~4,000 lines with dedicated tests, overnight mode is ~2,700 lines, MCP support ~2,300. The TUI alone is 110,000 lines across 193 files. The agent loop shows craft — soft-interrupts injected without breaking the KV cache, compaction at 80% of a 200k-token budget with emergency truncation at 95%.

Possibly the greatest coding agent ever built.

The Test Drive

Nine static experiments verified the claim inventory feature by feature, producing a taxonomy of 8 first-class capabilities, 9 secondary, and 5 aspirational. Notable corrections to the marketing: “30+ tools” verifies at 32 always-on; the desktop GUI — the largest single crate at 13,403 lines — is, per its own architecture doc, a fake-data prototype; and overnight mode’s budget protections are time-based only, with no per-turn cap and no dollar cap. The morning report flags risk="high" when limits are breached — and nothing acts on it.

The Fine Print

No hardcoded secrets, no eval, no shell string concatenation outside the bash tool. But the scan surfaced a decisive gap: a real permission allow-list exists in the code, and no tool call site invokes it — in ambient mode the agent can run shell, edit files, send email, and modify its own binary without per-action approval. Add telemetry that defaults on to a personal Cloudflare Worker, an installer with no checksum, no prompt-injection mitigation, and bus factor of exactly one, and the enterprise conversation ends before it starts.

That’s a loaded gun pointed at your home directory.

The Verdict

On your own machine, with telemetry off and the install pinned, jcode is a genuinely capable power tool — arguably the most feature-dense solo harness reviewed here. The verdict splits cleanly on trust boundary: pilot it where you are the only stakeholder; keep it away from CI, shared infrastructure, and anything that reads untrusted input.

The Deck

Click the deck, then use ← → to advance

Open fullscreen ↗