In 2026, Hugging Face engineers shipped two real AI coding agents. Moon Bot is a Slack-native coding agent with persistent memory built on the Pi SDK and HF Buckets, using memory.json capped at 200 interactions Hugging Face. The second is a teaching skills layer that fixed frontier model errors on AWS SageMaker cloud deploys HF dwarez.
TL;DR
– Moon Bot: a Slack-native coding agent with persistent memory, built on the Pi SDK and HF Buckets Hugging Face.
– The SageMaker test: a frontier model deployed a month-old model to a container it can’t run — a written skills file fixed it HF dwarez.
– The rule: memory plus written procedure beat a bigger model. Target-tracking autoscaling of 1–2 instances proved it.
Inside the Moon Bot project: an assistant that lives in Slack
Published June 24, 2026 Hugging Face, the Hugging Face post “Building Moon Bot” describes an always-on assistant. The team built it because they live in Slack. Answering a question meant context-switching across Elasticsearch, MongoDB, the IDE, and GitHub, each with its own auth.
The bot collapses all of it into a single Slack thread. That removes the need to open four separate systems for a single answer.
Why Slack beats a new dashboard
If you have ever lost ten minutes just to confirm which dashboard holds a metric, that pain is the whole motivation. Moon Bot meets engineers where they already are instead of asking them to learn a new interface.
Adoption came from removing the context switch, not adding a feature. For example, the pre-bot workflow required separate logins to four systems: Elasticsearch for logs, MongoDB for stats, the IDE for code, and GitHub for PRs.
Specifically, the bot replaces those four auth flows with one @Moon Bot mention in a channel. A single mention returns the same data the four logins previously guarded.
The concrete setup
Moon Bot is a Slack bot powered by the Pi coding agent SDK. It runs in a Kubernetes pod with privileged internal network access. It uses HuggingFace Buckets as a persistent memory store and can query Elasticsearch logs, pull MongoDB stats, browse the Hub codebase, and open GitHub PRs Hugging Face.
The bot responds to @Moon Bot mentions in channels or to direct messages. Each Slack thread gets its own independent, stateful Pi agent session that includes full tool-call history.
That means it can remember what it helped with last week. The session does not vanish when the underlying process restarts.
Specifically, the pod runs with privileged internal network access so it can reach internal services securely. For example, a thread about a production incident keeps its full tool-call history across a daily rolling deploy.
Memory files that survive daily restarts
On every pod restart — a daily rolling deploy or a crash — Moon Bot resumes exactly where it left off. It reads three files from a private HF Bucket. The file sessions/
The file thread-map.json maps Slack thread timestamps to session files. A new message reconnects to the right conversation.
The file memory.json is a rolling log of the last 200 interactions across all threads, exposed to the LLM as a searchable memory tool. That 200-interaction window lets the bot answer “how many Pro users signed up last month?” as a one-line Slack message Hugging Face.
Support staff could ask about user-facing behavior without touching a terminal. For example, the sessions/
A conversation from three days ago resumes without data loss. Specifically, thread-map.json uses Slack thread timestamps as keys to locate the correct session file.
The payoff in daily use
Because Moon Bot already held the Elasticsearch and MongoDB connections, asking for a signup count became one Slack message. It replaced a half-dozen dashboard logins. Engineers could query codebases they did not know well without leaving the chat.
That is the win that gets a tool adopted: it meets people where they already are. For instance, a support engineer asked “how many Pro users signed up last month?” and received a one-line answer from the 200-interaction memory.json window.
Such as that example shows, the bot removed the need to open a MongoDB console or run a custom query. The memory.json cap of 200 interactions provided a searchable cross-thread memory for the LLM.
The harder lesson: agents fail on the new stuff
The second post, published July 7, 2026 HF dwarez, is the more useful one for anyone planning to hand agents real work. A Hugging Face engineer asked the most popular coding agents to deploy a model to Amazon SageMaker.
Those agents were led by Claude Code running Opus 4.8. The Hub’s own agent-usage data Hugging Face says this is what most people use with Hugging Face.
The request was the kind a teammate would actually send: deploy a small Qwen model from an internal app, write the plan to a file, and keep a log of every action.
Failure scales with model age
The agent does not fail the same way twice. How badly it fails tracks how new the model is.
For Qwen/Qwen3-0.6B — on the Hub since April 2025, an eternity in this space — it produced a working but quietly fragile endpoint HF dwarez. For google/diffusiongemma-26B-A4B-it, published in June 2026 and less than a month old, it handed back a confident deployment script.
The script used a serving container that cannot run that kind of model at all. The engineer had to discover that mismatch himself.
The same pattern showed up elsewhere on the Hub in July 2026. NVIDIA’s Isaac GR00T 1.7 open VLA model landed in LeRobot on July 8, 2026 NVIDIA on HF.
An agent asked to wire it into a training pipeline would hit the same knowledge gap because the model is weeks old. Specifically, the Qwen model from April 2025 is over 14 months old by July 2026, yet still produced a fragile endpoint.
For example, the diffusiongemma model from June 2026 was under 30 days old when tested, leading to a container mismatch.
What the stock agent got wrong
To give the stock agent its due, it did a lot right unprompted. It read the local AWS config to find the account and region. It wrote out a plan and waited before touching anything.
It looked for an existing execution role rather than creating one, and kept a clean log of every command. Judged purely on the endpoint it ended with, you would call it a success.
The trouble was in what it left behind: a README that recommended a serving stack different from what actually ran, no autoscaling, and no monitoring HF dwarez. Those gaps are exactly what breaks a real deployment weeks later.
For example, the stock agent’s README pointed to TGI while the live endpoint used vLLM. Specifically, it omitted the three CloudWatch alarms that the skilled version later added for latency, errors, and overhead.
The skills layer fix
The fix was not a smarter model. It was a skills layer — explicit, reviewable instructions the agent could read.
Once the engineer gave the agent a set of written skills, it became consistent across every model. The side-by-side difference is stark.
The stock agent tried TGI first, hit a health-check failure, then moved to vLLM. The skilled agent chose vLLM before any resource was created HF dwarez.
The stock agent set no autoscaling; the skilled agent set target-tracking with 1–2 instances. That bound instance count to a concrete range the stock agent never defined.
What the skilled agent added
The skilled agent added three CloudWatch alarms for latency, errors, and overhead, where the stock agent had none. The skilled agent resolved the image URI from AWS’s DLC catalog with a fallback when ECR was denied, instead of discovering by trial and error.
Its plan and scripts agreed with what actually ran. The stock README recommended TGI and Python 3.13.
The skilled agent also ran teardown and verified the resources were gone. Skills give that knowledge a home.
They let the agent stay general while the deployment procedure stays current, reviewable, and shared HF dwarez. For instance, the skilled agent’s target-tracking autoscaling kept instance count between 1 and 2, a concrete bound the stock agent never set.
Such as the image URI resolution from the DLC catalog shows, the skills file provided a fallback path when ECR access was denied. The SageMaker post ends with the author promising follow-ups that teach agents to do real AI work on other clouds.
Each one is a written procedure version-controlled like code. That is the deeper shift: skills are documentation an agent can execute, not prompt magic.
The pattern that actually transfers
Strip the specifics and two rules fall out of both examples. Neither team treated the model as the product.
The product was the scaffolding: a bucket for memory, a skills file for procedure, a Slack thread for the interface.
Rule 1: persistent memory the agent controls
Moon Bot’s entire reliability comes from treating session state as a file it owns. It does not vanish on restart.
The sessions/
Specifically, the memory.json cap of 200 interactions provides a searchable cross-thread memory. For example, a pod crash triggers a re-download of sessions/
Rule 2: write the operational knowledge down
The SageMaker story proves that frontier models guess confidently and wrongly on anything outside their training data. The gap between stock agent and skilled agent had almost nothing to do with how smart the model is HF dwarez.
A skills file is cheaper than a bigger model and more reliable. For example, the written skills turned a deployment of google/diffusiongemma-26B-A4B-it from a broken container choice into a vLLM endpoint with 3 alarms.
Specifically, the file instructed the agent to skip TGI entirely, saving the health-check failure cycle the stock agent hit.
Real AI Coding Agents Production 2026: How to try this yourself
You do not need Hugging Face’s scale to copy the shape. A minimal version starts with the interface and the storage pattern.
Start with interface and storage
Pick the interface first: Slack or Discord, not a new dashboard nobody will open. Moon Bot won at adoption because it lived where the team already was.
Persist sessions to cheap storage using the sessions/
For example, start with a single Slack channel and one read-only Elasticsearch connection. Specifically, map each thread to a session file using the thread-map.json approach so restarts reconnect correctly.
Write runbooks as skills
For agents touching infra, write the runbook as a skill before you let them deploy. Capture the correct container, region, and teardown steps in a file it reads.
The SageMaker post shows this turns a fragile one-off into a repeatable, reviewable operation HF dwarez. Start with one model you deploy often, such as Qwen/Qwen3-0.6B, and write down exactly what correct looks like.
Specifically, the runbook should state vLLM as the serving stack and define target-tracking at 1–2 instances. Such as the SageMaker skilled agent did, include a teardown step that verifies resources are gone.
Gate the blast radius. Both examples assume privileged access, which is a real security choice.
Begin with read-only connections and a human in the loop on any write. Then widen permissions only after the skills file has earned it.
The honest caveat
These are two internal and community examples from one ecosystem, not a survey. The SageMaker author is explicit that he picked a strong baseline HF dwarez.
If a frontier model is this shaky unaided, a smaller one will not do better. His results are closer to a best case than a worst one.
Both examples assume you are comfortable giving an agent privileged internal access. That is a real security decision, not a default you should flip on blindly.
For example, the Moon Bot pod runs with privileged internal network access in Kubernetes. Specifically, that means the agent can reach MongoDB and GitHub PRs, a scope that must be audited before production use.
FAQ
Can I build a Moon Bot for my own team? The pattern — a coding-agent SDK behind a chat interface, with session state in object storage — is portable. The hard part is the internal tool connections such as logs, DB, and code search; start with one read-only source so a mistake cannot do damage.
Why did the cloud-deploy agent fail on new models? Because the agent’s training data predates them. It guessed a serving container from pattern rather than fact for google/diffusiongemma-26B-A4B-it published June 2026.
The fix was a written skills file describing the correct stack, which any model can follow. Are AI coding agents safe near production yet? In these examples, only once they had persistent memory and a written procedure.
Unaided, even a frontier model produced differently-broken results each run. Treat the scaffolding, not the model, as the safety layer.
Bottom line: teams shipping real AI coding agents in 2026 win on memory and written procedure, not model choice. Start by persisting sessions to object storage using the sessions/
