[DRAFT]Feature/user custom command

[abdalla1912mohamed]

Summary

Implements user-extended slash commands allowing users to create custom reusable prompts as markdown files (Usercmd_{name}.md) that appear in the / command dropdown and can be invoked like built-in commands.

Related

• RFC: docs/rfcs/rfc_extend_commands.md
• Architecture Doc: docs/architecture-enhancements/05-slash-commands.md

How It Works

1. User asks the agent: "Create a slash command for security reviews"
2. Agent creates file: .stakpak/commands/Usercmd_security-review.md
3. Command appears: /cmd:security-review shows in the autocomplete dropdown
4. User invokes: Select the command → prompt content is sent to the agent

Features

• Agent-driven creation: The agent creates commands via file system tools (informed via system prompt)
• Dynamic loading: Commands are re-scanned when input starts with / — no restart required
• Visually distinct: User commands display as /cmd:{name} to differentiate from built-in /command format
• Title support: First # Title line in markdown becomes the description (falls back to command name)
• Two locations supported:
  • .stakpak/commands/ — Project-specific, version-controlled, team-shared
  • ~/.stakpak/commands/ — Personal, user-wide commands
• Priority order: Built-in > Project > Personal (built-ins cannot be overridden)
• Flexible search: Users can search by /security or /cmd:security to find /cmd:security-review
• Info message display: Custom command prompts display as gray info messages (visually distinct from user input)

Naming Convention

Files must follow the pattern Usercmd_{command-name}.md:

File	Display in Dropdown	Description
Usercmd_create-component.md	/cmd:create-component	(from # Title or filename)
Usercmd_deploy-staging.md	/cmd:deploy-staging	Deploy to Staging
Usercmd_security-review.md	/cmd:security-review	Security Code Review

Example

Creating a command:

You: Create a slash command called "security-review" that reviews code for vulnerabilities

Agent creates .stakpak/commands/Usercmd_security-review.md:

# Security Code Review

Review the provided code for security vulnerabilities. Focus on:

1. Input validation and sanitization
2. Authentication and authorization flaws
3. Injection vulnerabilities (SQL, XSS, command injection)
4. Sensitive data exposure
5. Security misconfigurations

Provide specific line numbers and remediation suggestions.

Using the command:
Select /cmd:security-review from the dropdown and the prompt content is sent to the agent.

Changes

Core Implementation

• tui/src/services/commands.rs — scan_custom_commands() with Usercmd_ prefix, get_helper_commands() merge logic, command execution fallback
• tui/src/app/types.rs — CustomCommand struct, HelperEntry enum with display field for distinct visual presentation
• tui/src/app.rs — AppState.custom_commands storage, get_helper_commands() wrapper

TUI Integration

• tui/src/services/helper_dropdown.rs — Updated to use display() for rendering commands
• tui/src/services/helper_block.rs — Helper command rendering
• tui/src/services/file_search.rs — Dynamic reload on / trigger, filter matches both command ID and display string
• tui/src/event_loop.rs — Custom commands refresh handling

System Prompt

• libs/api/src/local/hooks/file_scratchpad_context/system_prompt.txt — Added instructions for creating user commands

Documentation

• docs/rfcs/rfc_extend_commands.md — Updated RFC with implementation details, file references, message display behavior

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature (non-breaking change that adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update
• Refactoring (no functional changes)
• Performance improvement