Tools

Tools are typed capabilities a selected Agent may call. They are not raw plugin config and they are not a second setup system. Normal setup starts from Agents, select the Agent, then open Agent > Tools. That page decides which discovered tools this Agent may use. Credentials and domain controls stay on the owning surfaces.

Setup Ownership

Need	Use
Allow or deny tools for an Agent	Agent > Tools
Web/search, GitHub, Gmail, media	Agent > Services
Chat delivery and channel actions	Agent > Channels
Skill instructions and deps	Agent > Skills
Wallet approvals and signing	Wallets
Mining start/stop/capital/claims	Mining
Marketplace offers and orders	Marketplace
Device pairing and diagnostics	Advanced > Nodes

Agent > Tools should answer: “May this Agent use this capability?” It should not collect API keys, wallet approvals, mining capital, channel credentials, or plugin install settings.

Tool Families

Family	Examples	Main docs
Runtime and files	`exec`, `process`, `read`, `write`, `edit`, `apply_patch`	Exec, Files
Web and browser	`web_search`, `web_fetch`, `browser`	Web, Browser
Messaging	`message`, polls, reactions, threads	Channels
Sessions and Agents	`sessions_*`, `agents_list`, subagents, ACP	Subagents
Tasks	scheduled task and run controls	Automation
Nodes and media	canvas, camera, screen, audio, location, notifications	Nodes
Review and output	`diff_view`, text-to-speech, reactions, thinking levels	Diff Viewer
Workflow helpers	LLM Task and task/workflow orchestration	LLM Task, Tasks

Tool Policy

Tool policy can be global or per-Agent.

{
  tools: {
    profile: "coding",
    deny: ["group:runtime"],
  },
  agents: {
    list: [
      {
        id: "support",
        tools: {
          profile: "messaging",
          allow: ["slack"],
        },
      },
    ],
  },
}

Profiles:

Profile	Meaning
`minimal`	Only basic session status.
`coding`	File, runtime, web, session, memory, and media tools.
`messaging`	Message and session tools.
`full`	No profile restriction.

Groups:

Group	Includes
`group:runtime`	`exec`, `process`, `code_execution`
`group:fs`	`read`, `write`, `edit`, `apply_patch`
`group:sessions`	session list/history/send/spawn/yield/status and sub-agents
`group:memory`	memory search/read tools
`group:web`	`web_search`, `web_fetch`, `x_search`
`group:ui`	browser, canvas, diff view
`group:automation`	task/gateway automation controls
`group:messaging`	message tool
`group:nodes`	paired node tools
`group:agents`	agent list and plan update tools
`group:media`	image, music, video, and text-to-speech tools
`group:fased`	all built-in Fased tools except provider plugin tools

Provider-specific policy can only narrow access:

{
  tools: {
    profile: "coding",
    byProvider: {
      anthropic: { profile: "minimal" },
    },
  },
}

Boundaries

A denied tool is not sent to the model provider.
A skill teaches the Agent how to use tools; it does not grant tool access.
A plugin may register tools; installing a plugin does not automatically grant every Agent access to those tools.
Wallet, mining, marketplace, and node actions keep their own approval and policy gates.
apply_patch is available only when enabled and allowed for compatible model paths.
Host or node exec needs approvals unless the operator deliberately changes that policy.

Start Here

Exec Tool

Shell execution, background processes, node execution, and approvals.

Web Tools

Search and fetch setup through Agent Services.

Browser

Managed browser profiles, snapshots, screenshots, and UI actions.

Skills

Instructions, dependency checks, templates, and per-Agent skill access.

​Tools

​Setup Ownership

​Tool Families

​Tool Policy

​Boundaries

​Start Here