title: Agentic Space Factory
emoji: 🏭
colorFrom: blue
colorTo: purple
sdk: gradio
app_file: app.py
python_version: '3.11'
pinned: false
hf_oauth: true
hf_oauth_expiration_minutes: 480
hf_oauth_scopes:
- read-repos
- write-repos
- manage-repos
- gated-repos
- inference-api
- jobs
Agentic Space Factory — V4 Pi Gist Recipe
This version validates the safe foundation for a Hugging Face-native “Agentic Space Factory”.
It now supports two phases:
Phase 1:
Gradio Space OAuth user
→ launch Hugging Face Job with the user's OAuth token
→ mount private Storage Bucket
→ write run state/events/report
→ read run status back in the orchestrator UI
Phase 2.1:
Gradio Space OAuth user
→ launch Hugging Face Job
→ create private target Gradio Space in the user's namespace
→ upload app.py / requirements.txt / README.md
→ validate the live Space through gradio_client
→ write run state/events/report to the Bucket
The configured bucket is:
hf://buckets/fffiloni/space-factory-runs
What this version does
- Enables Hugging Face OAuth in a Gradio Space.
- Requests the
jobsscope, plus repo/inference scopes needed by later phases. - Launches CPU Hugging Face Jobs using
huggingface_hub.run_job. - Mounts
fffiloni/space-factory-runsas/outputin the Job. - Passes the OAuth token to the Job as an encrypted secret, not as a CLI argument.
- Phase 1 writes these files in the bucket:
runs/<run_id>/state.json
runs/<run_id>/events.jsonl
runs/<run_id>/report.md
- Phase 2.1 additionally creates a private target Space and stores:
runs/<run_id>/target_space.json
runs/<run_id>/generated/app.py
runs/<run_id>/generated/requirements.txt
runs/<run_id>/generated/README.md
runs/<run_id>/tests/api_schema.json
runs/<run_id>/tests/test_result.json
What this version does not do yet
- It does not run Pi yet.
- It does not analyze model cards yet.
- It does not configure ZeroGPU yet.
- It does not publish anything publicly.
- It does not overwrite existing target Spaces.
Those are intentionally left for the next increments once OAuth → Jobs → Bucket → private Space creation → live API validation is confirmed.
Configuration
Default values are in src/config.py.
You can override them with Space variables:
SPACE_FACTORY_BUCKET_SOURCE=fffiloni/space-factory-runs
SPACE_FACTORY_BUCKET_MOUNT=/output
SPACE_FACTORY_JOB_FLAVOR=cpu-basic
SPACE_FACTORY_JOB_TIMEOUT=15m
SPACE_FACTORY_JOB_IMAGE=python:3.12
For Phase 2.1, a 15-minute timeout is usually enough for a tiny Gradio Space. Increase it if Space builds are slow.
Local notes
OAuth injection only works inside a Hugging Face Space with hf_oauth: true.
For local UI development, the app can render, but launching a Job requires a real OAuth token passed by Gradio in a Space.
Security posture
- No global admin token is required.
- The user's OAuth token is used only to launch the Job and is passed to the Job as a secret.
- The worker script never prints the token.
- The target bucket should remain private.
- Phase 2.1 target Spaces are private by default.
- Raw traces and future Pi sessions must stay private by default.
Phase 3 — Pi smoke test
- Phase 4 — Pi gist recipe
This phase installs @mariozechner/pi-coding-agent inside the HF Job, configures Pi with Hugging Face Inference Providers using the OAuth token, and asks Pi to make one safe edit to a generated Gradio app before creating the private target Space.
Expected run artifacts:
runs/<run_id>/generated/app.py
runs/<run_id>/logs/pi_output.txt
runs/<run_id>/traces/raw/*.jsonl
runs/<run_id>/traces/redacted/*.jsonl
runs/<run_id>/tests/test_result.json
The target Space remains private by default. Success is only declared after the live Gradio API returns the expected Pi-modified output.
Phase 4
Phase 4 asks Pi to follow the HF Spaces Agent Quickstart gist and use the hf CLI inside an HF Job to create/upload a private Space. The wrapper independently validates the live Gradio API before reporting success.