A broad, governed tool surface
Tools are grouped by intent. Scope locks and policy apply before execution — the catalog below is representative, not exhaustive.
- Lower risk
Read & open files
Inspect source with path-aware scope checks.
Filesystem
- Medium
Write & patch files
Atomic edits with post-write verification.
Filesystem
- Lower risk
Search the codebase
Fast text and semantic discovery across the repo.
Search & index
- Lower risk
Structured grep
Regex-friendly search with result caps.
Search & index
- Lower risk
Glob & list paths
Discover files by pattern without walking blindly.
Search & index
- Higher risk
Shell commands
Policy-scored commands with deny-by-default patterns.
Shell & process
- Lower risk
Git status & diff
See working tree state before proposing commits.
Git
- Medium
Commit & branch helpers
Scoped git operations with audit-friendly logs.
Git
- Medium
HTTP fetch
Retrieve public URLs with SSRF protections.
Network & fetch
- Medium
MCP tool call
Invoke connected servers with capability checks.
Network & fetch
- Lower risk
Diagnostics bridge
Surface editor or LSP signals after edits.
IDE & workspace
- Lower risk
Index & embeddings
Refresh retrieval views when files change.
Search & index
- Medium
Run tests
Targeted test invocation with timeouts.
Shell & process
- Higher risk
Deploy hooks
Trigger approved pipelines or release steps.
Deploy & ops
- Medium
Browser automation
Controlled navigation for UI verification.
Network & fetch
- Medium
Notebook edit
Cell-aware edits for data science workflows.
IDE & workspace
- Medium
Parallel tool batch
Independent calls grouped for throughput.
Meta & orchestration
- Lower risk
Session memory
Recall user-approved facts across turns.
Meta & orchestration
- Lower risk
Plan & checkpoint
Structured steps with resume metadata.
Meta & orchestration
- Medium
Delegated task
Spawn scoped sub-runs with budgets.
Meta & orchestration
- Lower risk
Audit & evidence
Record gate-aligned artifacts for releases.
Meta & orchestration