Tools

Tools are the capabilities you grant to each agent. An agent can only use tools listed in its allowedTools array. Omit the field to give the agent no tools beyond its LLM.

Core tools

These tools are always available when included in allowedTools. They require no additional setup.

Tool	Description
`read`	Read file contents
`write`	Create or overwrite a file
`edit`	Apply targeted edits to a file
`bash`	Execute shell commands
`glob`	Find files by pattern
`grep`	Search file contents with regex
`ls`	List directory contents
`http_fetch`	Make HTTP requests and return the response body
`http_download`	Download a file from a URL to disk
`register_outcome`	Report a structured result back to the orchestrator
`vault_get`	Retrieve a secret from the Polpo vault
`vault_list`	List available secrets in the vault

Extended tools

Extended tools are organized by category. Use wildcards to grant an entire category, or pick individual tools.

browser_* — Browser automation

browser_navigate, browser_click, browser_type, browser_screenshot, browser_evaluate, browser_closeHeadless browser control powered by Playwright. Pair with browserProfile on the agent for persistent sessions.

email_* — Email

email_send, email_read, email_listSend and read emails. Use emailAllowedDomains on the agent to restrict outbound recipients.

image_* — Image generation and editing

image_generate, image_editGenerate and modify images via connected image providers.

audio_* — Audio

audio_transcribe, audio_generateTranscribe audio files or generate speech from text.

excel_* — Spreadsheets

excel_read, excel_writeRead from and write to .xlsx files.

pdf_* — PDF

pdf_read, pdf_extractRead PDF content and extract structured data.

docx_* — Word documents

docx_read, docx_writeRead and create .docx files.

search_* — Web search

search_webWeb search powered by Exa. Returns ranked results with snippets.

whatsapp_* — WhatsApp

whatsapp_send, whatsapp_readSend and receive WhatsApp messages.

phone_* — Phone calls

phone_callPlace voice calls via VAPI integration.

memory_* — Memory

memory_get, memory_save, memory_append, memory_updateRead and write to the agent’s persistent memory. See Memory.

Configuring `allowedTools`

List exact tool names or use * wildcards to match categories:

{
  "name": "writer",
  "allowedTools": ["read", "write", "edit", "glob"]
}

Wildcards expand at runtime. Adding "browser_*" grants access to every browser tool, including any added in future releases. Be explicit if you need fine-grained control.

Path sandboxing

The allowedPaths field restricts which files an agent can read and write. Paths are relative to the project root.

{
  "name": "frontend-dev",
  "allowedTools": ["read", "write", "edit", "bash", "glob", "grep"],
  "allowedPaths": ["src/client", "src/shared", "public"]
}

When allowedPaths is set, any file operation outside those directories is rejected. If omitted, the agent can access any file within the project.

Getting Started

Platform

Agents

Orchestration

Core tools

Extended tools

Configuring `allowedTools`

Path sandboxing

Getting Started

Platform

Agents

Orchestration

​Core tools

​Extended tools

​Configuring allowedTools

​Path sandboxing

Core tools

Extended tools

Configuring `allowedTools`

Path sandboxing