Support HCL as an alternative agent config format

.github/workflows/ci.yml

@@ -81,7 +81,7 @@ jobs:
         run: go install github.com/google/go-licenses@latest
 
       - name: Check licenses
-        run: go-licenses check . --allowed_licenses=Apache-2.0,MIT,BSD-3-Clause,BSD-2-Clause --ignore modernc.org/mathutil
+        run: go-licenses check . --allowed_licenses=Apache-2.0,MIT,BSD-3-Clause,BSD-2-Clause --ignore modernc.org/mathutil --ignore github.com/hashicorp/hcl/v2
 
   build-image:
     if: github.event_name == 'pull_request'

examples/gopher.hcl

@@ -0,0 +1,256 @@
+#!/usr/bin/env docker agent run
+
+model "claude" {
+  provider = "anthropic"
+  model    = "claude-opus-4-6"
+}
+
+model "haiku" {
+  provider = "anthropic"
+  model    = "claude-haiku-4-5"
+}
+
+agent "root" {
+  model       = "claude"
+  description = "Expert Golang Developer specialized in implementing features and improving code quality."
+  skills      = true
+
+  instruction = <<-EOT
+  **Goal:**
+  Help with Go code-related tasks by examining, modifying, and validating code changes.
+
+  <TASK>
+      **Workflow:**
+      1. **Analyze the Task**: Understand the user's requirements and identify the relevant code areas to examine.
+
+      2. **Code Examination**: 
+      - Search for relevant code files and functions
+      - Analyze code structure and dependencies
+      - Identify potential areas for modification
+
+      3. **Code Modification**:
+      - Make necessary code changes
+      - Ensure changes follow best practices
+      - Maintain code style consistency
+
+      4. **Validation Loop**:
+      - Run linters and tests to check code quality
+      - Verify changes meet requirements
+      - If issues found, return to step 3
+      - Continue until all requirements are met
+
+      5. **Summary**:
+      - Very concisely summarize the changes made (not in a file)
+      - For trivial tasks, answer the question without extra information
+  </TASK>
+
+  **Details:**
+   - Be thorough in code examination before making changes
+   - Always validate changes before considering the task complete
+   - Follow Go best practices
+   - Maintain or improve code quality
+   - Be proactive in identifying potential issues
+   - Only ask for clarification if necessary, try your best to use all the tools to get the info you need
+
+   **Tools:**
+    - When needed and possible, call multiple tools concurrently. It's faster and cheaper.
+  EOT
+
+  add_date             = true
+  add_environment_info = true
+  add_prompt_files     = ["AGENTS.md"]
+  sub_agents           = ["librarian"]
+
+  toolset "filesystem" {}
+  toolset "shell" {}
+  toolset "todo" {}
+
+  toolset "mcp" {
+    command = "gopls"
+    version = "golang/tools@v0.21.0"
+    args    = ["mcp"]
+  }
+
+  command "fix-lint" {
+    description = "Fix the lint issues"
+    instruction = <<-EOT
+    Fix the lint issues (if any).
+
+    Here the result of the linting command:
+    $ mise lint
+    $${shell({cmd: "mise lint"})}
+
+    $go_diagnostics
+    $${go_diagnostics()}
+
+    $go_vulncheck
+    $${go_vulncheck()}
+    EOT
+  }
+
+  command "remove-comments-tests" {
+    instruction = "Remove useless comments in test files (*_test.go)"
+  }
+
+  command "commit" {
+    description = "Commit local changes"
+    instruction = <<-EOT
+    Based on the below changes: create a single commit with an appropriate message.
+
+    - Current git status: !shell(cmd="git status")
+    - Current git diff (staged and unstaged changes): !shell(cmd="git diff HEAD")
+    - Current branch: !shell(cmd="git branch --show-current")
+    EOT
+  }
+
+  command "simplify" {
+    instruction = "Look at the local changes and try to simplify the code and architecture but don't remove any feature. I just want the code to be easier to read and maintain."
+  }
+
+  command "init" {
+    instruction = <<-EOT
+    Create an AGENTS.md file for this project by inspecting the codebase. The AGENTS.md should help AI coding agents understand how to work with this project effectively.
+
+    Analyze the project structure and include:
+    1. **Development Commands**: Build, test, lint, and run commands (check Makefile, mise.toml, package.json, Cargo.toml, etc.)
+    2. **Architecture Overview**: Key packages/modules, their responsibilities, and how they interact
+    3. **Code Style and Conventions**: Patterns used, error handling approaches, naming conventions
+    4. **Testing Guidelines**: How to run tests, test patterns used, any special testing setup
+    5. **Configuration**: Important config files and environment variables
+    6. **Common Development Patterns**: Frequently used patterns specific to this codebase
+    7. **Key Files Reference**: Quick reference table of important files and their purposes
+
+    Focus on information that would help an AI agent navigate and modify the codebase correctly. Be concise but comprehensive.
+    EOT
+  }
+
+  command "security-review" {
+    instruction = <<-EOT
+    Perform a security review of the local changes in this Git repository.
+
+    **Workflow:**
+    1. **Identify Changes**: Run `git diff` to see uncommitted changes, and `git diff HEAD~1` or `git log --oneline -5` to understand recent commits if needed.
+
+    2. **Security Analysis**: Review the changes for common security issues:
+       - **Input Validation**: Check for missing or inadequate input validation
+       - **SQL Injection**: Look for raw SQL queries or improper use of query builders
+       - **Command Injection**: Identify unsafe use of exec, shell commands, or system calls
+       - **Path Traversal**: Check for unsafe file path handling
+       - **Sensitive Data Exposure**: Look for hardcoded secrets, API keys, or credentials
+       - **Authentication/Authorization**: Review any auth-related changes
+       - **Error Handling**: Check for information leakage in error messages
+       - **Dependency Security**: Note any new dependencies that should be vetted
+       - **Race Conditions**: Identify potential concurrency issues in Go code
+       - **Unsafe Pointer Usage**: Check for unsafe package usage
+
+    3. **Go-Specific Checks**:
+       - Run `go_vulncheck` to check for known vulnerabilities
+       - Review use of `unsafe` package
+       - Check for proper context cancellation and timeout handling
+       - Verify proper error wrapping and handling
+
+    4. **Report**: Provide a structured security review with:
+       - **Summary**: Overall security posture of the changes
+       - **Findings**: List of identified issues with severity (Critical/High/Medium/Low/Info)
+       - **Recommendations**: Specific suggestions to improve security
+       - **Tips**: General security best practices relevant to the changes
+    EOT
+  }
+}
+
+agent "planner" {
+  model = "claude"
+
+  instruction = <<-EOT
+  You are a planning agent responsible for gathering user requirements and creating a development plan.
+  Always ask clarifying questions to ensure you fully understand the user's needs before creating the plan.
+  Once you have a clear understanding, analyze the existing code and create a detailed development plan in a markdown file. Do not write any code yourself.
+  Once the plan is created, you will delegate tasks to the root agent. Make sure to provide the file name of the plan when delegating. Write the plan in the current directory.
+  Use the `user_prompt` tool to ask questions to the user. Prefer Multiple Choice Questions.
+  EOT
+
+  sub_agents = ["root"]
+
+  toolset "filesystem" {}
+  toolset "user_prompt" {}
+}
+
+agent "reviewer" {
+  model = "google/gemini-3-pro-preview"
+
+  instruction = <<-EOT
+  Give me feedback about the local changes. Don't be too picky, think about code quality, security, duplication, idiomatic Go,
+  performance, maintainability, and best practices.
+  Provide suggestions for improvements and point out any potential issues.
+  Don't be too verbose, keep your review concise and to the point.
+  EOT
+
+  add_prompt_files = ["AGENTS.md"]
+  sub_agents       = ["librarian"]
+
+  toolset "filesystem" {}
+  toolset "shell" {}
+
+  toolset "mcp" {
+    command = "gopls"
+    version = "golang/tools@v0.21.0"
+    args    = ["mcp"]
+  }
+}
+
+agent "librarian" {
+  model       = "haiku"
+  description = "Documentation librarian. Can search the Web and look for relevant documentation to help the golang developer agent."
+
+  instruction = <<-EOT
+  You are the librarian, your job is to look for relevant documentation to help the golang developer agent.
+  When given a query, search the internet for relevant documentation, articles, or resources that can assist in completing the task.
+  Use context7 for searching documentation and brave for general web searches.
+  A good source of information available to agents is https://deepwiki.com/.
+  EOT
+
+  toolset "mcp" {
+    ref = "docker:context7"
+  }
+  toolset "mcp" {
+    ref = "docker:brave"
+  }
+  toolset "fetch" {}
+}
+
+permissions {
+  allow = [
+    "go_diagnostics",
+    "go_file_context",
+    "go_package_api",
+    "go_symbol_references",
+    "go_vulncheck",
+    "go_workspace",
+    "shell:cmd=gh --version",
+    "shell:cmd=gh pr view *",
+    "shell:cmd=gh pr diff *",
+    "shell:cmd=git remote -v",
+    "shell:cmd=ls *",
+    "shell:cmd=cat *",
+    "shell:cmd=head *",
+    "shell:cmd=tail *",
+    "shell:cmd=wc *",
+    "shell:cmd=find *",
+    "shell:cmd=grep *",
+    "shell:cmd=pwd",
+    "shell:cmd=echo *",
+    "shell:cmd=which *",
+    "shell:cmd=type *",
+    "shell:cmd=file *",
+    "shell:cmd=stat *",
+    "shell:cmd=git status*",
+    "shell:cmd=git log*",
+    "shell:cmd=git diff*",
+    "shell:cmd=git show*",
+    "shell:cmd=git branch*",
+    "shell:cmd=git remote -v*",
+    "shell:cmd=git commit *",
+    "shell:cmd=go test*",
+    "shell:cmd=go build*",
+  ]
+}

examples/pirate.hcl

@@ -0,0 +1,13 @@
+#!/usr/bin/env docker agent run
+
+agent "root" {
+  description = "An agent that talks like a pirate"
+  instruction = "Always answer by talking like a pirate."
+  model       = "auto"
+
+  welcome_message = <<-EOT
+  Ahoy! I be yer pirate guide, ready to set sail on the seas o' knowledge!
+
+  What be yer quest? 🏴‍☠️
+  EOT
+}

go.mod

@@ -40,6 +40,7 @@ require (
 	github.com/google/jsonschema-go v0.4.3
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.3
+	github.com/hashicorp/hcl/v2 v2.20.1
 	github.com/junegunn/fzf v0.72.0
 	github.com/k3a/html2text v1.4.0
 	github.com/kofalt/go-memoize v0.0.0-20240506050413-9e5eb99a0f2a
@@ -58,6 +59,7 @@ require (
 	github.com/wk8/go-ordered-map/v2 v2.1.9-0.20250401010720-46d686821e33
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yuin/goldmark v1.8.2
+	github.com/zclconf/go-cty v1.13.0
 	go.opentelemetry.io/otel v1.43.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
 	go.opentelemetry.io/otel/sdk v1.43.0
@@ -77,17 +79,23 @@ require (
 require (
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
+	github.com/agext/levenshtein v1.2.1 // indirect
+	github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.24 // indirect
 	github.com/danieljoos/wincred v1.2.2 // indirect
 	github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
 	github.com/godbus/dbus v0.0.0-20190726142602-4481cbc300e2 // indirect
 	github.com/gsterjov/go-libsecret v0.0.0-20161001094733-a6f4afe4910c // indirect
 	github.com/invopop/jsonschema v0.13.0 // indirect
 	github.com/junegunn/go-shellwords v0.0.0-20250127100254-2aa3b3277741 // indirect
+	github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect
 	github.com/mtibben/percent v0.2.1 // indirect
 	github.com/pb33f/jsonpath v0.8.2 // indirect
 	github.com/pb33f/ordered-map/v2 v2.3.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0 // indirect
+	golang.org/x/mod v0.35.0 // indirect
+	golang.org/x/tools v0.44.0 // indirect
 	google.golang.org/api v0.272.0 // indirect
 )
 
@@ -231,8 +239,8 @@ require (
 	go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.10.0 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.4
-	golang.org/x/crypto v0.49.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/crypto v0.50.0 // indirect
+	golang.org/x/net v0.53.0 // indirect
 	golang.org/x/text v0.36.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect