Tools - Polpo

Tools are the capabilities you grant to each agent. An agent can only use tools listed in its allowedTools array. Omit the field to give the agent no tools beyond its LLM.

Core tools

These tools are always available when included in allowedTools. They require no additional setup.

Tool	Description
`read`	Read file contents
`write`	Create or overwrite a file
`edit`	Apply targeted edits to a file
`bash`	Execute shell commands
`glob`	Find files by pattern
`grep`	Search file contents with regex
`ls`	List directory contents
`http_fetch`	Make HTTP requests and return the response body
`http_download`	Download a file from a URL to disk
`register_outcome`	Report a structured result back to the orchestrator
`vault_get`	Retrieve a secret from the Polpo vault
`vault_list`	List available secrets in the vault

Extended tools

Extended tools are organized by category. Use wildcards to grant an entire category, or pick individual tools.

browser_* — Browser automation (18 tools)

browser_navigate, browser_snapshot, browser_click, browser_fill, browser_type, browser_press, browser_screenshot, browser_get, browser_select, browser_hover, browser_scroll, browser_wait, browser_eval, browser_close, browser_back, browser_forward, browser_reload, browser_tabsHeadless browser control powered by Playwright. Pair with browserProfile on the agent for persistent sessions.

email_* — Email (8 tools)

email_send, email_draft, email_read, email_list, email_search, email_count, email_verify, email_download_attachmentSend, read, and search emails. Use emailAllowedDomains on the agent to restrict outbound recipients.

image_* — Image generation and analysis

image_generate, image_analyzeGenerate images via connected providers or analyze existing images.

video_* — Video generation

video_generateGenerate videos via connected providers.

audio_* — Audio

audio_transcribe, audio_speakTranscribe audio files or generate speech from text.

excel_* — Spreadsheets (4 tools)

excel_read, excel_write, excel_query, excel_infoRead, write, query, and inspect .xlsx files.

pdf_* — PDF (4 tools)

pdf_read, pdf_create, pdf_merge, pdf_infoRead PDF content, create new PDFs, merge files, and extract metadata.

docx_* — Word documents

docx_read, docx_createRead and create .docx files.

search_* — Web search

search_web, search_find_similarWeb search powered by Exa. Returns ranked results with snippets, or finds pages similar to a given URL.

phone_* — Phone calls (7 tools)

phone_call, phone_get_call, phone_list_calls, phone_hangup, phone_setup_inbound, phone_get_inbound_config, phone_disable_inboundPlace and manage voice calls via VAPI integration.

memory_* — Memory

memory_get, memory_save, memory_append, memory_updateRead and write to the agent’s persistent memory. See Memory.

Configuring `allowedTools`

List exact tool names or use * wildcards to match categories:

{
  "name": "writer",
  "allowedTools": ["read", "write", "edit", "glob"]
}

Wildcards expand at runtime. Adding "browser_*" grants access to every browser tool, including any added in future releases. Be explicit if you need fine-grained control.

Path sandboxing

The allowedPaths field restricts which files an agent can read and write. Paths are relative to the project root.

{
  "name": "frontend-dev",
  "allowedTools": ["read", "write", "edit", "bash", "glob", "grep"],
  "allowedPaths": ["src/client", "src/shared", "public"]
}

When allowedPaths is set, any file operation outside those directories is rejected. If omitted, the agent can access any file within the project.

​Core tools

​Extended tools

​Configuring allowedTools

​Path sandboxing

Core tools

Extended tools

Configuring `allowedTools`

Path sandboxing