---
name: gentic-code
description: "A Mother capability, not a connect-it-yourself MCP. Mother runs self-contained data and scripting tasks — analyses, transforms, generated artifacts — inside an isolated, network-blocked sandbox on your uploaded inputs, then returns the output plus the code and a verified diff for you to review. Propose-only: nothing deploys, pushes, or writes to your systems without your approval. No access to your repos or storefronts in this release."
license: MIT
metadata:
  author: gentic
  version: "1.0.0"
---

# Gentic Code

Ask Mother for something that needs real code — compute cohort LTV from an orders export, dedupe a customer list, turn a messy CSV into a clean chart — and Mother runs it in an isolated sandbox and hands you back the result plus the code as a reviewable artifact. Nothing of yours is touched: the sandbox has no network, no secrets, and no access to your stores or repos. You see exactly what it did before anything goes anywhere.

## When to apply

- Mother is asked for a bespoke data analysis on data the user can provide — "compute cohort LTV from this orders export and chart retention by acquisition channel."
- Mother is asked for a one-off script or transform — "dedupe this customer list and give me the cleaned file," "parse these logs and summarize the errors."
- The user wants a self-contained generated artifact that takes real computation — a chart, a computed dataset, a small script — rather than something the fixed MCP tool menu already expresses.
- The task is self-contained on uploaded inputs and a pre-baked toolchain — no network, no package installs, no repo or store access needed to do it.
- Refuse cleanly (do NOT open a sandbox) when the request needs something outside the US1 envelope — `pip`/`npm install`, cloning a repo, fetching a URL, or calling an external API. Say the capability arrives in a later release rather than spinning up a doomed sandbox or claiming partial success.
- Never present a coding result as done without running its checks; if there's no verifiable signal, surface it as proposed-but-unverified.

## Tools

| Tool | Description | Cost |
|------|-------------|------|
| `code_create_session` | Open a Coding Agent sandbox session. The sandbox is created with block_network and zero secrets attached; one session caps at 600 seconds wall-clock (the modal-side self-kill). Pre-spend cap: refused if the org is at or over its daily sandbox-seconds cap (3600s/org/UTC-day). Free; sandbox-seconds are metered internally for the cap, not surfaced as a per-second billed rate. | Free |
| `code_exec` | Run a shell command inside a Coding Agent sandbox session and get stdout/stderr/exit_code/elapsed_seconds back synchronously. A single exec is capped at 140s by gentic-modal's per-command soft timeout (session total caps at 600s). The session_id comes from code_create_session. Free. | Free |
| `code_get_diff` | Get the unified diff (+ a name-status file list) of all changes made in a Coding Agent sandbox session so far. Used by the agent loop to inspect mid-task progress. diff_text may be null if no changes have been made yet; files[] is always present. The session_id comes from code_create_session. Free. | Free |
| `code_terminate` | Terminate a Coding Agent sandbox session. Returns elapsed_seconds_total (records to the per-org daily cap counter on every terminal path: success, cancel, timeout, crash) and the final artifact_uri assembled by gentic-modal. Pass created_at from the original code_create_session response — gentic-modal is stateless and computes elapsed from it. Free; sandbox-seconds recorded internally, not surfaced as a billed per-second rate. | Free |
| `code_upload` | Upload one or more files into a Coding Agent sandbox session. Each file is { path: <inside-sandbox path>, content_b64: <base64> }. The session_id comes from code_create_session. Free. | Free |

## Workflow

### 1. Open a session with the task

Start with `code_create_session`, passing the task description. It opens an isolated sandbox with the network blocked and no secrets attached. The session is refused up front if the org is at or over its daily sandbox-seconds cap (3600s/org/UTC-day) — a pre-spend check, so a capped org never burns compute it can't have. Keep the returned `session_id` (and `created_at`, needed later by `code_terminate`); the sandbox lives provider-side and every later call is keyed by `session_id`.

### 2. Upload the inputs

Use `code_upload` to put the task's input files into the sandbox — each file is `{ path, content_b64 }`. This is how data gets in: US1 has no network egress, so the sandbox can't fetch anything itself. Upload the orders export, the customer list, the logs — whatever the task operates on — before running commands against them.

### 3. Run the work with code_exec

Run shell commands with `code_exec` against the pre-baked toolchain and get `stdout`/`stderr`/`exit_code`/`elapsed_seconds` back synchronously. A single command is capped at 140s (the session totals cap at 600s). Iterate: read the data, run the analysis, generate the artifact, write and run the checks. There are no installs or network calls — work with what's uploaded and what's already in the image.

### 4. Inspect progress with code_get_diff

`code_get_diff` returns the unified diff plus a name-status file list of everything changed in the session so far — use it to inspect mid-task progress and to assemble the reviewable artifact. `diff_text` may be null before any changes are made; the `files[]` list is always present.

### 5. Verify, then terminate with the artifact

Before claiming done, run the task's checks in the sandbox; only report success if they pass, otherwise surface the change as proposed-but-unverified. Then call `code_terminate`, passing `created_at` from the session open (gentic-modal is stateless and computes elapsed from it) plus the `diff`, `files`, and `checks`. It tears the sandbox down promptly, records elapsed sandbox-seconds to the per-org daily cap on every terminal path (success, cancel, timeout, crash), and returns the final artifact reference. Always terminate — leaving a session to its TTL leaks compute against the cap.

## Notes

- This is a Mother capability, not a connect-it-yourself MCP. The `code_*` tools are session-keyed and driven by Mother's own loop; a customer does not point their own agent at /code and call code_exec directly.
- US1 envelope: self-contained data and script tasks on uploaded inputs with a pre-baked toolchain and ZERO network egress. No `pip`/`npm install`, no repo clones, no URL fetches, no external API calls — a request that needs those is refused cleanly, not run into a failing sandbox.
- No access to your repositories or storefronts in this release — it operates only on Mother-owned compute and the inputs you provide. Storefront/repo fixes (US2) and building a product (US3) are later, separately-gated slices.
- Propose-only: a session returns a reviewable change-artifact (diff + files + verification result). Nothing is deployed, pushed, scheduled, or written back to your systems without explicit human approval.
- Isolation: each sandbox is created with the network fully blocked and no secrets attached, external to Mother's control plane — untrusted code never runs in the API/worker container, and one session can't reach another org's data.
- Bounded compute: 140s per command, 600s per session, and a 3600s/org/UTC-day cap checked before a sandbox is created; metering fires on every terminal path. Sandbox-seconds are metered internally for the cap — the tools themselves are free.
- Verify-before-done: a task's checks are run in the sandbox before a result is presented as complete; with no verifiable signal the change is surfaced as proposed-but-unverified rather than as success.

## Tool details

- `code_create_session` — Open a Coding Agent sandbox session. The sandbox is created with block_network and zero secrets attached; one session caps at 600 seconds wall-clock (the modal-side self-kill). Pre-spend cap: refused if the org is at or over its daily sandbox-seconds cap (3600s/org/UTC-day). Free; sandbox-seconds are metered internally for the cap, not surfaced as a per-second billed rate.
  - `task` (string, required) — Short human-readable description of what this session is for (logged for telemetry; not sent to a model).
- `code_exec` — Run a shell command inside a Coding Agent sandbox session and get stdout/stderr/exit_code/elapsed_seconds back synchronously. A single exec is capped at 140s by gentic-modal's per-command soft timeout (session total caps at 600s). The session_id comes from code_create_session. Free.
  - `session_id` (string, required) — The sandbox session_id returned by code_create_session.
  - `cmd` (required) — Command to run. Either a shell line or an argv array.
  - `timeout_seconds` (integer) — Per-exec timeout seconds (max 140 — gentic-modal's per-command soft cap; the modal tier clamps higher values down).
- `code_get_diff` — Get the unified diff (+ a name-status file list) of all changes made in a Coding Agent sandbox session so far. Used by the agent loop to inspect mid-task progress. diff_text may be null if no changes have been made yet; files[] is always present. The session_id comes from code_create_session. Free.
  - `session_id` (string, required) — The sandbox session_id returned by code_create_session.
- `code_terminate` — Terminate a Coding Agent sandbox session. Returns elapsed_seconds_total (records to the per-org daily cap counter on every terminal path: success, cancel, timeout, crash) and the final artifact_uri assembled by gentic-modal. Pass created_at from the original code_create_session response — gentic-modal is stateless and computes elapsed from it. Free; sandbox-seconds recorded internally, not surfaced as a billed per-second rate.
  - `session_id` (string, required) — The sandbox session_id returned by code_create_session.
  - `created_at` (string, required) — The created_at timestamp from the code_create_session response. Required — gentic-modal uses it to compute elapsed_seconds_total.
  - `reason` (string, enum: `cancelled` | `timed_out` | `crashed`) — Caller-supplied reason for terminate when the activity knows it. Modal can't distinguish a TTL self-kill from a terminate() call, so the activity is the source of truth. Omit on success.
  - `diff` (string) — Optional final diff text the agent loop computed. Folded into the artifact bundle assembled at terminate.
  - `files` (array of object) — Optional final name-status list folded into the artifact bundle.
  - `checks` (array of object) — Optional verification check results (from the agent loop's verify-before-done step) folded into the artifact bundle.
- `code_upload` — Upload one or more files into a Coding Agent sandbox session. Each file is { path: <inside-sandbox path>, content_b64: <base64> }. The session_id comes from code_create_session. Free.
  - `session_id` (string, required) — The sandbox session_id returned by code_create_session.
  - `files` (array of object, required) — Files to upload. At least one.

---

_This SKILL.md is generated from the live Gentic MCP manifest. Tool names, descriptions, and pricing are always current. Gentic Code is a Mother capability: these tools are session-keyed and driven by Mother's own loop, not connected standalone. Learn more at https://gentic.co/code._