This package is a small RSScript code agent that talks to an OpenAI-compatible chat-completions endpoint, executes a narrow tool set, and feeds tool results back into the next model turn.

Run it against the local Codex bridge:

AGENT_API_KEY=test_key cargo run -- run examples/packages/code-agent

The example is intentionally structured like a simplified Codex loop:

• src/config.rss: environment-derived model, endpoint, API key, loop budget, retry policy, and the write sandbox root.
• src/protocol.rss: builds the model request JSON. (Response, usage, and tool-call parsing come from the rss-chat-completions dependency via ChatResponse.)
• src/state.rss: structured chat message history.
• src/tool_types.rss: tool request/output/action types and shared helpers.
• src/tool_specs.rss: JSON schemas sent to the model.
• src/tool_file.rss: read, write, and edit.
• src/tool_command.rss: shell, rss_check, rss_cmd, rss_ide, and finish.
• src/tools.rss: explicit ToolRuntime dispatch and chat-history glue.
• src/main.rss: bounded agent loop.

All knobs are environment-driven (with safe defaults), so the loop budget and network behavior are not hard-coded:

• Structured history: model turns are stored as chat messages. Tool results are appended as role=tool messages with the original tool call id, not as natural-language transcript text.
• Discovery tools: read and rss_ide let the model inspect source files and indexed interfaces before it edits.
• Edit tools: write overwrites files and edit replaces exact text.
• Command tools: rss_check and rss_cmd run structured RSScript commands from the repository root; shell refuses RSScript commands so language checks stay reviewable. Command execution uses ProcessRequest with explicit cwd, timeout, merged stdout/stderr, and runtime-enforced output caps.
• Finish tool: finish ends the loop explicitly with a final answer.
• Tool argument enforcement: tool arguments must decode as the declared JSON object shape. Missing required fields or wrong types return an explicit tool error instead of falling back to a default action.
• Read/write scope: read, rss_check, rss_cmd, and rss_ide resolve safe relative paths from AGENT_REPO_ROOT. write, edit, and apply_patch are additionally confined to AGENT_WORKSPACE_ROOT, reject absolute paths and .. traversal, and cap new content with AGENT_MAX_WRITE_BYTES. read refuses files larger than AGENT_MAX_READ_BYTES.
• Real checks: rss_check runs the package checker and returns status/stdout/stderr.
• HTTP errors: a non-success response is logged as a turn.failed event and fails the run instead of being parsed as if it were a successful turn.
• Budget: the loop is bounded by two budgets. When the step budget (AGENT_MAX_STEPS) is exhausted before the task finishes, the agent emits a turn.budget_exhausted event and returns an error. The accumulated token usage is also tracked: once usage_total reaches AGENT_MAX_TOTAL_TOKENS, the agent emits a turn.token_budget_exhausted event and returns an error rather than letting a long run grow without bound. Both stops flow through the same state.failed exit, so main returns Err with the reason.

The agent should not guess RSScript APIs. It reads the repository root AGENT.md first, then examples/packages/code-agent/AGENTS.md, uses rss_ide or direct read calls against schemas/core-package-index.json, then opens the relevant indexed .rssi files under core/ or rss/*/interface/ before writing RSScript code.