tools

package
v0.1.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 15, 2026 License: MIT Imports: 63 Imported by: 0

Documentation

Overview

Package tools — archive.go implements archive_inspect / archive_extract (plan §2 P1). Goal: let the LLM enumerate and selectively extract zip / tar / tar.gz archives with zero external dependencies, while preventing the well-known attack surface (path traversal, zipbomb, symlink races, etc.).

archive_inspect: read-only, no approval; returns entry list + total size. archive_extract: side effects, requires approval; atomic via staging dir.

Both tools support .zip, .tar, .tar.gz, .tgz. Other formats return a clear error; archive_extract intentionally rejects encrypted zips rather than silently skipping entries.

Package tools — doc_extract.go implements four document-extraction convenience tools: pdf_to_text, docx_to_text, xlsx_to_text, pptx_to_text. Each tool shells out to an external "primary" extractor (poppler / pandoc / xlsx2csv) and falls back to a zero-dependency unzip + raw-XML strip path when the primary is missing, so the LLM can read common Office formats in a single turn regardless of host setup.

Design notes:

  • All four tools are read-only and never require approval. They run only trusted binaries (no user-supplied argv) with a fixed argument slice; paths are resolved through cwdctx.ResolveFilesystemPath, mirroring the archive_inspect / archive_extract pattern.
  • Output is capped at maxDocExtractRunes runes (defined below) measured via utf8.RuneCountInString; truncated output gets a "[Truncated: ...]" tail marker so the LLM knows the result is partial.
  • Primary tools that aren't installed produce a structured install hint rather than a hard error — the agent falls through to the unzip fallback for Office formats, or surfaces the hint to the user for PDF (no zero-dep PDF text extractor in the Go stdlib).
  • exec.Command is invoked with a fixed argv slice for every path. We never construct a shell command string from user input, so the well-known "$(...)" / "; rm -rf /" attack surface does not apply here.

Index

Constants

View Source 
const (
	DefaultAPIWidth  = 1280
	DefaultAPIHeight = 800

	// TargetRawImageBytes is the raw-bytes ceiling we aim for before base64.
	// Base64 inflates by 4/3, so 3.75 MB raw → 5 MB encoded. We leave 4 KB of
	// headroom under client.MaxInlineImageBase64Bytes because Anthropic's
	// boundary check is `> 5242880 bytes` and the exact-equal case has been
	// observed to fail on whitespace/padding edge cases.
	TargetRawImageBytes = (5*1024*1024 - 4096) * 3 / 4 // 3,929,088 → base64 ≈ 5,238,784

	// CompressionMaxDimension caps the longest edge after first-pass resize.
	CompressionMaxDimension = 2000

	// CompressionFallbackDimension kicks in if the JPEG quality ladder can't
	// reach TargetRawImageBytes at CompressionMaxDimension.
	CompressionFallbackDimension = 1000
)
View Source 
const MaxImagePixelBudget = 64_000_000

MaxImagePixelBudget is the upper bound on Width*Height accepted by compressImage before any pixel buffer is allocated. 64 MP matches Anthropic's documented single-image dimension cap (8000×8000) — anything larger would be rejected upstream anyway. Without this guard, a 30 MB PNG header claiming 100000×100000 px would allocate ~40 GB of RGBA inside image.Decode before downscaleToFit ever runs. The DoS surface is real because CompressInlineImageSource accepts cloud-pushed inline base64.

View Source 
const MaxInlineBase64InputBytes = 30 * 1024 * 1024

MaxInlineBase64InputBytes guards CompressInlineImageSource against very large base64 inputs from cloud/Desktop. Without this, a 50 MB base64 string would allocate ~37 MB just to decode before we discover the image is undecodable. The wire-time sanitizer (Layer 2) will replace anything over the inline cap with a placeholder anyway, so failing fast here is safe.

Variables

View Source 
var ErrPathTraversal = errors.New("archive entry would escape staging directory")

ErrPathTraversal indicates an archive entry's resolved path escapes the staging directory. The check is staging-prefix-based (see plan §2 P1 rationale: failed-extract cleanup only nukes staging, so the isolation boundary is staging — not dest).

Functions

func AXServerPaths 

func AXServerPaths() (binPath, bundlePath string, err error)

AXServerPaths returns the binary path and (optionally) the .app bundle path. If bundlePath is non-empty, use LaunchServices + socket mode. If bundlePath is empty, use exec.Command + stdin/stdout with binPath.

func AXSocketPath 

func AXSocketPath() string

AXSocketPath returns the Unix socket path for bundled mode.

func ApplyToolFilter 

func ApplyToolFilter(reg *agent.ToolRegistry, agentDef ...*agents.Agent) *agent.ToolRegistry

ApplyToolFilter applies the agent's tool allow/deny filter to a registry. Returns a new filtered registry, or the original if no filter applies.

func CaptureAndEncode 

func CaptureAndEncode(maxDim int) (string, agent.ImageBlock, error)

CaptureAndEncode takes a fullscreen screenshot (-x flag for no sound), resizes, and base64-encodes. Returns the file path and encoded image block.

func ClampCoordinates 

func ClampCoordinates(x, y, maxW, maxH int) (int, int)

ClampCoordinates ensures coordinates are within display bounds (0 to max-1).

func CleanupOrphanedChromedp 

func CleanupOrphanedChromedp()

CleanupOrphanedChromedp kills any Chrome processes started by chromedp from previous daemon runs that weren't properly cleaned up (e.g. force-kill, crash). Safe to call at daemon startup before registering tools.

func CleanupPlaywrightReconnect 

func CleanupPlaywrightReconnect(ctx context.Context, mcpMgr *mcp.ClientManager)

CleanupPlaywrightReconnect runs after a supervisor-driven reconnect. Hides Chrome so the persistent connection doesn't steal focus. Chrome stays minimized/hidden in all modes — Playwright operates via CDP.

func CloneWithRuntimeConfig 

func CloneWithRuntimeConfig(reg *agent.ToolRegistry, cfg *config.Config) *agent.ToolRegistry

CloneWithRuntimeConfig returns a registry clone with session-scoped local tool settings applied. Tools with per-run mutable state (BashTool, CloudDelegateTool) are deep-copied so concurrent routes don't share mutable fields.

func CompleteRegistration 

func CompleteRegistration(ctx context.Context, gw *client.GatewayClient, cfg *config.Config, baseReg *agent.ToolRegistry, agentDef ...*agents.Agent) (*agent.ToolRegistry, *mcp.ClientManager, func(), error)

CompleteRegistration connects MCP servers and gateway tools on top of a base local-only registry, then applies per-agent tool filtering. The filter runs AFTER all tool sources are registered so it applies to MCP and gateway tools too. The returned cleanup function closes MCP connections.

func CompressInlineImageSource added in v0.1.9 

func CompressInlineImageSource(src *client.ImageSource) *client.ImageSource

CompressInlineImageSource takes an already-base64-encoded image block source and returns either the same source (if under the inline cap) or a recompressed one. Used by `daemon.resolveContentBlocks` so cloud/Desktop pushing inline image content blocks doesn't bypass Layer 1.

If decoding fails (corrupt base64 or undecodable image), or if the input exceeds MaxInlineBase64InputBytes, the original source is returned unchanged — the wire-time sanitizer (Layer 2) will replace it with a text placeholder if it's still oversize. Failures log a warning so silent oversize-image drops are diagnosable.

func DetectMemoryIntents added in v0.1.6 

func DetectMemoryIntents(ctx context.Context, llm client.LLMClient, query string, opts ...MemoryIntentOptions) ([]memory.QueryIntent, client.Usage)

DetectMemoryIntents compiles a user message into QueryIntent values. Deterministic relationship patterns bypass the helper; otherwise the helper model is invoked as a forced tool_use call (schema-enforced).

func EncodeImage 

func EncodeImage(path string) (agent.ImageBlock, error)

EncodeImage reads an image file and returns it as a base64-encoded ImageBlock. If the file's raw bytes exceed TargetRawImageBytes, it's recompressed (decode → resize → JPEG quality ladder) so the base64 output fits under client.MaxInlineImageBase64Bytes.

func EncodeImageBytes added in v0.1.9 

func EncodeImageBytes(data []byte, mediaType string) (agent.ImageBlock, error)

EncodeImageBytes is like EncodeImage but takes the bytes directly instead of reading from a file path. Used by attachment paths where the bytes are already in memory. mediaType is the source format hint; the output may be different ("image/jpeg") if compression triggered.

func ExecGhosttyScript 

func ExecGhosttyScript(script string) error

func ExpandHome 

func ExpandHome(path string) string

ExpandHome expands a leading ~ in a path to the user's home directory. Returns the path unchanged if it doesn't start with ~.

func ExtractGatewayTools 

func ExtractGatewayTools(reg *agent.ToolRegistry) []agent.Tool

ExtractGatewayTools returns all *ServerTool entries from a registry.

func ExtractPostOverlays 

func ExtractPostOverlays(full, baseline *agent.ToolRegistry) []agent.Tool

ExtractPostOverlays returns tools in full that are not in baseline, not *MCPTool, and not *ServerTool.

func GetScreenDimensions 

func GetScreenDimensions() (width, height int, err error)

GetScreenDimensions returns the logical screen dimensions (points, not physical pixels) of the main display. Uses Quartz CGDisplayPixelsWide/High which returns the coordinate space that CGEvent mouse clicks operate in. Falls back to system_profiler parsing.

func GhosttyAvailable 

func GhosttyAvailable() bool

func GhosttyWorkspaceScript 

func GhosttyWorkspaceScript(shanBinary string, agentNames []string) string

func IsCommandConcurrencySafe added in v0.1.10 

func IsCommandConcurrencySafe(command string) bool

IsCommandConcurrencySafe reports whether a bash command string is safe to run concurrently with other bash invocations in the same agent turn. It is intentionally conservative: any shell metacharacter, any unknown leading token, or any unrecognized subcommand pattern returns false.

func NewMemoryPreflight added in v0.1.6 

func NewMemoryPreflight(q MemoryPreflightQuerier, llm client.LLMClient) agent.MemoryPreflightFunc

NewMemoryPreflight builds the default fail-silent implicit memory preflight.

func NewScheduleTools 

func NewScheduleTools(mgr *schedule.Manager) []agent.Tool

func RebuildRegistryForHealth 

func RebuildRegistryForHealth(
	baseline *agent.ToolRegistry,
	gatewayOverlay []agent.Tool,
	postOverlays []agent.Tool,
	healthStates map[string]mcp.ServerHealth,
	mcpMgr *mcp.ClientManager,
	supervisor *mcp.Supervisor,
) *agent.ToolRegistry

RebuildRegistryForHealth creates a new registry from cached layers, including tools from MCP servers. Healthy servers' tools work directly. Disconnected servers with cached tools are included with an on-demand reconnect capability (via supervisor) so the LLM can trigger reconnect only when it actually invokes a browser tool. When Playwright tools are present (healthy or cached), the legacy browser tool is removed.

func RegisterAll 

func RegisterAll(gw *client.GatewayClient, cfg *config.Config, agentDef ...*agents.Agent) (*agent.ToolRegistry, *[]*skills.Skill, *mcp.ClientManager, func(), error)

RegisterAll registers local tools, connects MCP servers, and then fetches server-side tools from the gateway. Local tools take priority, then MCP, then gateway. If agentDef is non-nil, tool filtering and MCP scoping are applied per-agent. The returned cleanup function must be called on shutdown.

func RegisterAllWithBaseline 

func RegisterAllWithBaseline(gw *client.GatewayClient, cfg *config.Config, agentDef ...*agents.Agent) (
	baseline *agent.ToolRegistry,
	reg *agent.ToolRegistry,
	skillsPtr *[]*skills.Skill,
	mcpMgr *mcp.ClientManager,
	cleanup func(),
	err error,
)

RegisterAllWithBaseline is like RegisterAll but also returns the baseline (local-only) registry separately, for use by the MCP health supervisor's registry rebuild.

func RegisterCloudDelegate 

func RegisterCloudDelegate(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config, handler agent.EventHandler, agentName, agentPrompt string)

RegisterCloudDelegate registers the cloud_delegate tool if cloud is enabled.

func RegisterEditImageTool added in v0.1.4 

func RegisterEditImageTool(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config)

RegisterEditImageTool registers the edit_image tool. Same gating as generate_image: needs the gateway client (for the shared *http.Client) and a configured API key — without a key, /api/v1/images/edits will 401. The edit endpoint requires image_urls under https://static.kocoro.ai/, so register alongside generate_image and publish_to_web (the two ways to produce CDN URLs the LLM can feed in).

func RegisterGenerateImageTool added in v0.1.4 

func RegisterGenerateImageTool(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config)

RegisterGenerateImageTool registers the generate_image tool. Same gating as publish_to_web: needs the gateway client (for the shared *http.Client) and a configured API key — without a key, /api/v1/images/generations will 401.

func RegisterListPublishedFilesTool added in v0.1.9 

func RegisterListPublishedFilesTool(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config)

RegisterListPublishedFilesTool registers the read-only list_my_published_files tool. Same gating as publish_to_web — it talks to the same /api/v1/uploads collection, so without cloud.enabled + api_key the endpoint returns 401. Tool is read-only and does not require approval.

func RegisterLocalTools 

func RegisterLocalTools(cfg *config.Config, secretsStore *skills.SecretsStore) (*agent.ToolRegistry, *[]*skills.Skill, func())

RegisterLocalTools registers only the local tools. If cfg is non-nil, extra safe commands from permissions.allowed_commands are passed to the BashTool so they skip approval. Returns the registry and a cleanup function that shuts down any active tool resources (e.g. browser process).

func RegisterMemoryTool added in v0.0.98 

func RegisterMemoryTool(reg *agent.ToolRegistry, svc MemoryQuerier, fallback FallbackQuery)

RegisterMemoryTool registers the memory_recall tool. svc may be nil when the daemon's memory service failed to start, when memory.provider is disabled, or in CLI/TUI attach paths where AttachPolicy returned ready=false. fallback must always be supplied so the tool can degrade gracefully.

func RegisterPublishTool added in v0.1.3 

func RegisterPublishTool(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config)

RegisterPublishTool registers the publish_to_web tool. It needs the gateway client (for the shared *http.Client) and a configured API key — without a key, /api/v1/uploads will reject every call with 401, so we skip rather than register a tool that can only fail.

func RegisterRetractPublishedFileTool added in v0.1.9 

func RegisterRetractPublishedFileTool(reg *agent.ToolRegistry, gw *client.GatewayClient, cfg *config.Config)

RegisterRetractPublishedFileTool registers the destructive retract_published_file tool. Same gating as publish_to_web. Tool requires approval but is intentionally NOT on the high-risk DisallowsAutoApproval denylist — retract destroys public content rather than creating it, so always_allow is a legitimate user choice (see plan Q2).

func RegisterServerTools 

func RegisterServerTools(ctx context.Context, gw *client.GatewayClient, reg *agent.ToolRegistry) error

RegisterServerTools fetches server-side tools from the gateway and appends entries to the provided registry. Only allowlisted tools are registered; others are skipped (still available via cloud_delegate). Local tools always keep priority.

func RegisterSessionSearch 

func RegisterSessionSearch(reg *agent.ToolRegistry, mgr *session.Manager)

RegisterSessionSearch registers the session_search tool if a manager is available.

func ResizeImage 

func ResizeImage(path string, maxDim int) error

ResizeImage resizes an image so its longest edge is at most maxDim pixels. Uses macOS sips command.

func ResolveMCPContext 

func ResolveMCPContext(cfg *config.Config, agentDef ...*agents.Agent) string

ResolveMCPContext builds the MCP context string scoped to the agent's servers. If the agent has no MCP config, falls back to global servers.

func ScaleCoordinates 

func ScaleCoordinates(apiX, apiY, apiW, apiH, screenW, screenH int) (int, int)

ScaleCoordinates maps coordinates from API space to logical screen space.

func SetGhosttyTabAppearance 

func SetGhosttyTabAppearance(agentName string)

func SetRegistrySkills 

func SetRegistrySkills(reg *agent.ToolRegistry, s []*skills.Skill)

SetRegistrySkills updates the use_skill tool in a registry to point to the given skills slice. Returns the skills pointer for the caller to keep in sync. This is safe for concurrent use because it creates a new use_skill tool instance.

func WithFilePreview added in v0.0.97 

func WithFilePreview(ctx context.Context, b *FilePreviewBridge) context.Context

WithFilePreview attaches a bridge to ctx so MCPTool (and any other file://-capable interceptor) can locate it per-run without global state.

func WithNotifyHandler added in v0.0.93 

func WithNotifyHandler(ctx context.Context, h NotifyHandler) context.Context

WithNotifyHandler returns a context carrying a NotifyHandler. The daemon runner attaches one per run so that notify tool calls from scheduled or interactive agents can be routed through the Desktop's UNUserNotificationCenter with correct app attribution and click-through.

Types

type AXClient 

type AXClient struct {
	// contains filtered or unexported fields
}

AXClient manages a persistent ax_server process and multiplexes requests by ID. Multiple goroutines can call Call() concurrently.

Two transport modes:

  • Bundled: ax_server is inside a .app bundle, launched via LaunchServices (`open -a`), communicates over a Unix domain socket. Required for TCC permission attribution on macOS.
  • Fallback: ax_server is a bare binary, launched via exec.Command, communicates over stdin/stdout pipes. Used for dev, npm, and CLI.

func SharedAXClient 

func SharedAXClient() *AXClient

SharedAXClient returns the process-wide singleton AXClient. Both the tools (accessibility, computer, wait) and daemon permission endpoints must use the same instance, because the socket server accepts only one client at a time.

func (*AXClient) Call 

func (c *AXClient) Call(ctx context.Context, method string, params any) (json.RawMessage, error)

Call sends a request and waits for the response.

func (*AXClient) Close 

func (c *AXClient) Close()

Close terminates the ax_server process and cleans up resources.

func (*AXClient) Ensure 

func (c *AXClient) Ensure(ctx context.Context) error

Ensure starts the ax_server process if not already running.

type AXError 

type AXError struct {
	Code    int    `json:"code"`
	Message string `json:"message"`
}

AXError is an error returned by ax_server.

type AXRequest 

type AXRequest struct {
	ID     int64  `json:"id"`
	Method string `json:"method"`
	Params any    `json:"params"`
}

AXRequest is a JSON-RPC request sent to ax_server.

type AXResponse 

type AXResponse struct {
	ID     int64           `json:"id"`
	Result json.RawMessage `json:"result,omitempty"`
	Error  *AXError        `json:"error,omitempty"`
}

AXResponse is a JSON-RPC response from ax_server.

type AccessibilityTool 

type AccessibilityTool struct {
	// contains filtered or unexported fields
}

func (*AccessibilityTool) Info 

func (t *AccessibilityTool) Info() agent.ToolInfo

func (*AccessibilityTool) IsReadOnlyCall 

func (t *AccessibilityTool) IsReadOnlyCall(argsJSON string) bool

func (*AccessibilityTool) RequiresApproval 

func (t *AccessibilityTool) RequiresApproval() bool

func (*AccessibilityTool) Run 

func (t *AccessibilityTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type AppleScriptTool 

type AppleScriptTool struct{}

func (*AppleScriptTool) Info 

func (t *AppleScriptTool) Info() agent.ToolInfo

func (*AppleScriptTool) IsReadOnlyCall 

func (t *AppleScriptTool) IsReadOnlyCall(string) bool

func (*AppleScriptTool) RequiresApproval 

func (t *AppleScriptTool) RequiresApproval() bool

func (*AppleScriptTool) Run 

func (t *AppleScriptTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ArchiveEntry added in v0.1.6 

type ArchiveEntry struct {
	Name     string `json:"name"`
	Size     int64  `json:"size"`
	IsDir    bool   `json:"is_dir"`
	Mode     string `json:"mode,omitempty"`
	Symlink  string `json:"symlink_target,omitempty"`
	Skipped  string `json:"skipped_reason,omitempty"`
	Modified string `json:"modified,omitempty"`
}

ArchiveEntry is the metadata we surface to the LLM for both inspect and extract responses. Permissions are surfaced as octal string for readability.

type ArchiveExtractTool added in v0.1.6 

type ArchiveExtractTool struct{}

func (*ArchiveExtractTool) Info added in v0.1.6 

func (t *ArchiveExtractTool) Info() agent.ToolInfo

func (*ArchiveExtractTool) IsReadOnlyCall added in v0.1.6 

func (t *ArchiveExtractTool) IsReadOnlyCall(string) bool

func (*ArchiveExtractTool) RequiresApproval added in v0.1.6 

func (t *ArchiveExtractTool) RequiresApproval() bool

func (*ArchiveExtractTool) Run added in v0.1.6 

func (t *ArchiveExtractTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ArchiveFormat added in v0.1.6 

type ArchiveFormat string

ArchiveFormat enumerates supported archive types. 

const (
	ArchiveZip   ArchiveFormat = "zip"
	ArchiveTar   ArchiveFormat = "tar"
	ArchiveTarGz ArchiveFormat = "tar.gz"
)

type ArchiveInspectTool added in v0.1.6 

type ArchiveInspectTool struct{}

func (*ArchiveInspectTool) Info added in v0.1.6 

func (t *ArchiveInspectTool) Info() agent.ToolInfo

func (*ArchiveInspectTool) IsReadOnlyCall added in v0.1.6 

func (t *ArchiveInspectTool) IsReadOnlyCall(string) bool

func (*ArchiveInspectTool) RequiresApproval added in v0.1.6 

func (t *ArchiveInspectTool) RequiresApproval() bool

func (*ArchiveInspectTool) Run added in v0.1.6 

func (t *ArchiveInspectTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type BashTool 

type BashTool struct {
	ExtraSafeCommands []string
	CWD               string // working directory for commands; if empty and no session CWD is set, bash runs in an isolated temp dir (NOT the process cwd)
	MaxOutput         int    // max output chars; 0 = use default 30000
	// DefaultTimeoutSecs is the fallback timeout (in seconds) when the
	// per-call `timeout` arg is absent or zero. 0 = use built-in default 120.
	// Wired from config.Tools.BashTimeout by register.go.
	DefaultTimeoutSecs int
	// MaxTimeoutSecs is the hard ceiling for per-call timeout. 0 = use
	// built-in default 600. Wired from config.Tools.BashMaxTimeout by
	// register.go. Clamping is logged so operators can discover when their
	// configured timeout was capped.
	MaxTimeoutSecs int
	// SecretsStore, when set, supplies per-skill API keys as env vars
	// for skills activated via use_skill in the current run. Values are
	// fetched lazily at execution time and scoped to bash child processes
	// only — they never enter prompt context or session transcripts.
	SecretsStore *skills.SecretsStore
	// ConcurrencyEnabled gates IsConcurrencySafeCall — when true (the
	// Phase C default since 2026-05-15) bash invocations that pass the
	// static read-only analyzer can share a concurrent batch with other
	// tools. When false, the method always returns false so the agent
	// loop's partition dispatcher keeps bash on its historical size-1
	// serial path. Wired from config.AgentConfig.BashConcurrencyEnabled
	// by register.go (RegisterLocalTools + CloneWithRuntimeConfig).
	ConcurrencyEnabled bool
	// contains filtered or unexported fields
}

Bash has a bespoke `description` schema (more detailed than the shared agent.DescriptionFieldSpec used by other tools) because it landed first (PR 4). The wider rollout to file_read / file_write / http / browser / process / etc. completed in PR 7 via the shared helper; bash kept its original wording to avoid invalidating the prompt cache. Future schema cleanup can converge bash onto the shared spec if a cache-rebuild cost is acceptable.

func (*BashTool) Info 

func (t *BashTool) Info() agent.ToolInfo

func (*BashTool) IsConcurrencySafeCall added in v0.1.10 

func (t *BashTool) IsConcurrencySafeCall(argsStr string) bool

IsConcurrencySafeCall reports whether this specific bash invocation is safe to run concurrently with other tool calls. Gated by ConcurrencyEnabled — when on (the Phase C default since 2026-05-15), delegates to the pure analyzer IsCommandConcurrencySafe. When off, returns false unconditionally so the dispatcher matches pre-Phase-A serial behavior.

Parse failures and unknown JSON shapes default to false (fail-closed).

func (*BashTool) IsReadOnlyCall 

func (t *BashTool) IsReadOnlyCall(string) bool

func (*BashTool) IsSafe 

func (t *BashTool) IsSafe(command string) bool

func (*BashTool) IsSafeArgs 

func (t *BashTool) IsSafeArgs(argsJSON string) bool

func (*BashTool) RequiresApproval 

func (t *BashTool) RequiresApproval() bool

func (*BashTool) Run 

func (t *BashTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type BrowserTool 

type BrowserTool struct {
	// contains filtered or unexported fields
}

func (*BrowserTool) Cleanup 

func (t *BrowserTool) Cleanup()

Cleanup shuts down the browser. Safe to call multiple times.

func (*BrowserTool) Info 

func (t *BrowserTool) Info() agent.ToolInfo

func (*BrowserTool) IsReadOnlyCall 

func (t *BrowserTool) IsReadOnlyCall(string) bool

func (*BrowserTool) RequiresApproval 

func (t *BrowserTool) RequiresApproval() bool

func (*BrowserTool) Run 

func (t *BrowserTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ClipboardTool 

type ClipboardTool struct{}

func (*ClipboardTool) Info 

func (t *ClipboardTool) Info() agent.ToolInfo

func (*ClipboardTool) IsReadOnlyCall 

func (t *ClipboardTool) IsReadOnlyCall(argsJSON string) bool

func (*ClipboardTool) RequiresApproval 

func (t *ClipboardTool) RequiresApproval() bool

func (*ClipboardTool) Run 

func (t *ClipboardTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type CloudDelegateTool 

type CloudDelegateTool struct {
	// contains filtered or unexported fields
}

func NewCloudDelegateTool 

func NewCloudDelegateTool(gw *client.GatewayClient, apiKey string, timeout time.Duration, handler agent.EventHandler, agentName, agentPrompt string) *CloudDelegateTool

func (*CloudDelegateTool) Info 

func (t *CloudDelegateTool) Info() agent.ToolInfo

func (*CloudDelegateTool) IsReadOnlyCall 

func (t *CloudDelegateTool) IsReadOnlyCall(string) bool

func (*CloudDelegateTool) IsSafeArgs 

func (t *CloudDelegateTool) IsSafeArgs(_ string) bool

func (*CloudDelegateTool) RequiresApproval 

func (t *CloudDelegateTool) RequiresApproval() bool

func (*CloudDelegateTool) Run 

func (t *CloudDelegateTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

func (*CloudDelegateTool) SetAgentContext 

func (t *CloudDelegateTool) SetAgentContext(name, prompt string)

SetAgentContext updates the agent identity forwarded to Shannon Cloud. Used in daemon mode where the agent isn't known at registration time.

func (*CloudDelegateTool) SetHandler 

func (t *CloudDelegateTool) SetHandler(h agent.EventHandler)

SetHandler updates the event handler. Used when the handler isn't available at registration time (e.g., TUI creates handler per-run).

type ComputerTool 

type ComputerTool struct {
	// contains filtered or unexported fields
}

func (*ComputerTool) Info 

func (t *ComputerTool) Info() agent.ToolInfo

func (*ComputerTool) IsReadOnlyCall 

func (t *ComputerTool) IsReadOnlyCall(string) bool

func (*ComputerTool) NativeToolDef 

func (t *ComputerTool) NativeToolDef() *client.NativeToolDef

func (*ComputerTool) RequiresApproval 

func (t *ComputerTool) RequiresApproval() bool

func (*ComputerTool) Run 

func (t *ComputerTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type DirectoryListTool 

type DirectoryListTool struct{}

func (*DirectoryListTool) Info 

func (t *DirectoryListTool) Info() agent.ToolInfo

func (*DirectoryListTool) IsReadOnlyCall 

func (t *DirectoryListTool) IsReadOnlyCall(string) bool

func (*DirectoryListTool) IsSafeArgs 

func (t *DirectoryListTool) IsSafeArgs(argsJSON string) bool

func (*DirectoryListTool) IsSafeArgsWithContext 

func (t *DirectoryListTool) IsSafeArgsWithContext(ctx context.Context, argsJSON string) bool

func (*DirectoryListTool) RequiresApproval 

func (t *DirectoryListTool) RequiresApproval() bool

func (*DirectoryListTool) Run 

func (t *DirectoryListTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type DocxToTextTool added in v0.1.6 

type DocxToTextTool struct{}

func (*DocxToTextTool) Info added in v0.1.6 

func (t *DocxToTextTool) Info() agent.ToolInfo

func (*DocxToTextTool) IsReadOnlyCall added in v0.1.6 

func (t *DocxToTextTool) IsReadOnlyCall(string) bool

func (*DocxToTextTool) RequiresApproval added in v0.1.6 

func (t *DocxToTextTool) RequiresApproval() bool

func (*DocxToTextTool) Run added in v0.1.6 

func (t *DocxToTextTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type EditImageTool added in v0.1.4 

type EditImageTool struct {
	// contains filtered or unexported fields
}

func NewEditImageTool added in v0.1.4 

func NewEditImageTool(client imageEdit) *EditImageTool

func (*EditImageTool) Info added in v0.1.4 

func (t *EditImageTool) Info() agent.ToolInfo

func (*EditImageTool) IsSafeArgs added in v0.1.4 

func (t *EditImageTool) IsSafeArgs(string) bool

IsSafeArgs always returns false: edit_image side-effects (a permanent public URL plus paid quota consumption) are never auto-approvable.

func (*EditImageTool) RequiresApproval added in v0.1.4 

func (t *EditImageTool) RequiresApproval() bool

func (*EditImageTool) Run added in v0.1.4 

func (t *EditImageTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type FallbackQuery added in v0.0.98 

type FallbackQuery interface {
	SessionKeyword(ctx context.Context, query string, limit int) ([]any, error)
	MemoryFileSnippet(ctx context.Context, query string) (string, error)
}

FallbackQuery is the legacy memory recall path the tool falls back to when the structured memory service (Kocoro Cloud memory sidecar) is unavailable. Daemon supplies an adapter wired to session.Manager.Search + a MEMORY.md grep; CLI/TUI supplies the same against their local resources.

type FileEditTool 

type FileEditTool struct{}

func (*FileEditTool) Info 

func (t *FileEditTool) Info() agent.ToolInfo

func (*FileEditTool) IsReadOnlyCall 

func (t *FileEditTool) IsReadOnlyCall(string) bool

func (*FileEditTool) RequiresApproval 

func (t *FileEditTool) RequiresApproval() bool

func (*FileEditTool) Run 

func (t *FileEditTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type FilePreviewBridge added in v0.0.97 

type FilePreviewBridge struct {
	// contains filtered or unexported fields
}

FilePreviewBridge serves local files over a short-lived loopback HTTP endpoint so browser-automation tools (notably Playwright) can preview them even when file:// is on their protocol deny-list.

Design invariants:

  • Bound to 127.0.0.1 only. Never publicly reachable.
  • ALLOWLISTED paths only. RewriteFileURL rejects paths outside an explicitly configured set of allowed roots or allowed files. A bridge with no allowlist rejects everything — fail-closed default. This matches the file-access boundary of other agent tools: the model can't escalate its reach by routing through the browser.
  • Random 16-byte hex token per file; URL path is /<token>/<name>. Requests for unknown tokens → 404.
  • Lazy server start on first registration; idempotent for the same file path. Server is torn down via Close(), wired to session close.

The model never sees the file:// URL after interception; the rewritten http://127.0.0.1:<port>/<token>/<name> URL is opaque to it, preventing the model from constructing unauthorized paths. Combined with the allowlist, this means the worst a compromised/misused browser_navigate call can do is re-read a file the agent was already authorized to access via normal tools.

func FilePreviewFrom added in v0.0.97 

func FilePreviewFrom(ctx context.Context) *FilePreviewBridge

FilePreviewFrom retrieves the per-run bridge, or nil if none attached.

func NewFilePreviewBridge added in v0.0.97 

func NewFilePreviewBridge() *FilePreviewBridge

NewFilePreviewBridge creates an unstarted bridge with an empty allowlist. Callers MUST configure it via AllowRoot / AllowFile before any rewrite will succeed. The daemon runner does this per-session from sessionCWD + user-attached paths.

func (*FilePreviewBridge) Active added in v0.0.97 

func (b *FilePreviewBridge) Active() bool

Active reports whether the bridge has a running server. Used by tests to distinguish "never started" (no file:// ever passed through) from "started then closed".

func (*FilePreviewBridge) AllowFile added in v0.0.97 

func (b *FilePreviewBridge) AllowFile(path string)

AllowFile whitelists an exact file path (after symlink resolution).

func (*FilePreviewBridge) AllowRoot added in v0.0.97 

func (b *FilePreviewBridge) AllowRoot(dir string)

AllowRoot whitelists a directory subtree. All regular files at or below this directory (after symlink resolution on BOTH sides) become eligible for rewrite. Non-absolute or unresolvable paths are silently ignored (defense-in-depth — never widen the set on bad input).

func (*FilePreviewBridge) Close added in v0.0.97 

func (b *FilePreviewBridge) Close() error

Close tears down the HTTP server and clears the token map. Safe to call multiple times. Intended to be wired to session close.

func (*FilePreviewBridge) RewriteFileURL added in v0.0.97 

func (b *FilePreviewBridge) RewriteFileURL(fileURL string) (string, error)

RewriteFileURL takes a file:// URL, registers its target on the bridge (starting the HTTP server on first call), and returns the rewritten http://127.0.0.1:<port>/<token>/<name> URL. Percent-decodes UTF-8 paths (so file:///path/with%20space or non-ASCII paths work).

Returns an error for: non-file scheme, empty path, path that cannot be resolved to a regular file, or listener startup failure. The original URL should be left intact on error so the downstream MCP call surfaces the original "file:// blocked" error as before.

type FileReadTool 

type FileReadTool struct{}

func (*FileReadTool) Info 

func (t *FileReadTool) Info() agent.ToolInfo

func (*FileReadTool) IsReadOnlyCall 

func (t *FileReadTool) IsReadOnlyCall(string) bool

func (*FileReadTool) IsSafeArgs 

func (t *FileReadTool) IsSafeArgs(argsJSON string) bool

func (*FileReadTool) IsSafeArgsWithContext 

func (t *FileReadTool) IsSafeArgsWithContext(ctx context.Context, argsJSON string) bool

func (*FileReadTool) RequiresApproval 

func (t *FileReadTool) RequiresApproval() bool

func (*FileReadTool) Run 

func (t *FileReadTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type FileWriteTool 

type FileWriteTool struct{}

func (*FileWriteTool) Info 

func (t *FileWriteTool) Info() agent.ToolInfo

func (*FileWriteTool) IsReadOnlyCall 

func (t *FileWriteTool) IsReadOnlyCall(string) bool

func (*FileWriteTool) RequiresApproval 

func (t *FileWriteTool) RequiresApproval() bool

func (*FileWriteTool) Run 

func (t *FileWriteTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type GenerateImageTool added in v0.1.4 

type GenerateImageTool struct {
	// contains filtered or unexported fields
}

func NewGenerateImageTool added in v0.1.4 

func NewGenerateImageTool(client imageGen) *GenerateImageTool

func (*GenerateImageTool) Info added in v0.1.4 

func (t *GenerateImageTool) Info() agent.ToolInfo

func (*GenerateImageTool) IsSafeArgs added in v0.1.4 

func (t *GenerateImageTool) IsSafeArgs(string) bool

IsSafeArgs always returns false: generate_image side-effects (a permanent public URL plus paid quota consumption) are never auto-approvable.

func (*GenerateImageTool) RequiresApproval added in v0.1.4 

func (t *GenerateImageTool) RequiresApproval() bool

func (*GenerateImageTool) Run added in v0.1.4 

func (t *GenerateImageTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type GhosttyTool 

type GhosttyTool struct {
	// contains filtered or unexported fields
}

GhosttyTool exposes Ghostty terminal control as an agent tool.

func (*GhosttyTool) Info 

func (t *GhosttyTool) Info() agent.ToolInfo

func (*GhosttyTool) IsReadOnlyCall 

func (t *GhosttyTool) IsReadOnlyCall(string) bool

func (*GhosttyTool) RequiresApproval 

func (t *GhosttyTool) RequiresApproval() bool

func (*GhosttyTool) Run 

func (t *GhosttyTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type GlobTool 

type GlobTool struct{}

func (*GlobTool) Info 

func (t *GlobTool) Info() agent.ToolInfo

func (*GlobTool) IsReadOnlyCall 

func (t *GlobTool) IsReadOnlyCall(string) bool

func (*GlobTool) IsSafeArgs 

func (t *GlobTool) IsSafeArgs(argsJSON string) bool

IsSafeArgs and IsSafeArgsWithContext must inspect the SAME (root, pattern) pair that Run will actually scan. If they only looked at args.Path, a caller could smuggle an absolute directory into args.Pattern (e.g. {"pattern":"/etc/*.conf"}), pass the safe-check with path="." ("safe, under session CWD"), and then have Run split the pattern and scan the smuggled root. Both entry points run through normalizeGlobTarget so there is exactly one notion of "real target".

func (*GlobTool) IsSafeArgsWithContext 

func (t *GlobTool) IsSafeArgsWithContext(ctx context.Context, argsJSON string) bool

func (*GlobTool) RequiresApproval 

func (t *GlobTool) RequiresApproval() bool

func (*GlobTool) Run 

func (t *GlobTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type GrepTool 

type GrepTool struct{}

func (*GrepTool) Info 

func (t *GrepTool) Info() agent.ToolInfo

func (*GrepTool) IsReadOnlyCall 

func (t *GrepTool) IsReadOnlyCall(string) bool

func (*GrepTool) IsSafeArgs 

func (t *GrepTool) IsSafeArgs(argsJSON string) bool

func (*GrepTool) IsSafeArgsWithContext 

func (t *GrepTool) IsSafeArgsWithContext(ctx context.Context, argsJSON string) bool

func (*GrepTool) RequiresApproval 

func (t *GrepTool) RequiresApproval() bool

func (*GrepTool) Run 

func (t *GrepTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type HTTPTool 

type HTTPTool struct{}

func (*HTTPTool) Info 

func (t *HTTPTool) Info() agent.ToolInfo

func (*HTTPTool) IsReadOnlyCall 

func (t *HTTPTool) IsReadOnlyCall(string) bool

func (*HTTPTool) IsSafeArgs 

func (t *HTTPTool) IsSafeArgs(argsJSON string) bool

func (*HTTPTool) RequiresApproval 

func (t *HTTPTool) RequiresApproval() bool

func (*HTTPTool) Run 

func (t *HTTPTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ListPublishedFilesTool added in v0.1.9 

type ListPublishedFilesTool struct {
	// contains filtered or unexported fields
}

func NewListPublishedFilesTool added in v0.1.9 

func NewListPublishedFilesTool(client listUploader) *ListPublishedFilesTool

func (*ListPublishedFilesTool) Info added in v0.1.9 

func (t *ListPublishedFilesTool) Info() agent.ToolInfo

func (*ListPublishedFilesTool) IsReadOnlyCall added in v0.1.9 

func (t *ListPublishedFilesTool) IsReadOnlyCall(string) bool

IsReadOnlyCall lets the agent loop batch this with other read-only tools (file_read, grep, directory_list, etc.) in parallel rather than serializing against any write-effect call. The List endpoint is pure GET and idempotent.

func (*ListPublishedFilesTool) RequiresApproval added in v0.1.9 

func (t *ListPublishedFilesTool) RequiresApproval() bool

func (*ListPublishedFilesTool) Run added in v0.1.9 

func (t *ListPublishedFilesTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type MCPTool 

type MCPTool struct {
	// contains filtered or unexported fields
}

MCPTool wraps an MCP server tool as a local agent.Tool.

func NewMCPTool 

func NewMCPTool(serverName string, tool mcpproto.Tool, manager *mcp.ClientManager) *MCPTool

NewMCPTool creates a tool adapter for an MCP server tool.

func (*MCPTool) Info 

func (t *MCPTool) Info() agent.ToolInfo

func (*MCPTool) RequiresApproval 

func (t *MCPTool) RequiresApproval() bool

func (*MCPTool) Run 

func (t *MCPTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

func (*MCPTool) SetSupervisor 

func (t *MCPTool) SetSupervisor(sup *mcp.Supervisor)

SetSupervisor enables on-demand reconnect: if CallTool fails and the server is disconnected, ProbeNow triggers reconnect and the call is retried once.

func (*MCPTool) ToolSource 

func (t *MCPTool) ToolSource() agent.ToolSource

ToolSource implements agent.ToolSourcer for deterministic tool ordering.

type MemoryAppendTool 

type MemoryAppendTool struct{}

MemoryAppendTool appends entries to the agent's MEMORY.md via BoundedAppend, preventing concurrent sessions from clobbering each other's writes and overflowing to detail files when the line limit is reached. The memory directory is read from context (set by AgentLoop.Run).

func (*MemoryAppendTool) Info 

func (t *MemoryAppendTool) Info() agent.ToolInfo

func (*MemoryAppendTool) IsReadOnlyCall 

func (t *MemoryAppendTool) IsReadOnlyCall(string) bool

func (*MemoryAppendTool) RequiresApproval 

func (t *MemoryAppendTool) RequiresApproval() bool

func (*MemoryAppendTool) Run 

func (t *MemoryAppendTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type MemoryIntentOptions added in v0.1.6 

type MemoryIntentOptions struct {
	ForceHelper bool
	Trace       *agent.MemoryPreflightTrace
}

type MemoryPreflightQuerier added in v0.1.6 

type MemoryPreflightQuerier interface {
	Status() memory.ServiceStatus
	QueryBatch(ctx context.Context, intents []memory.QueryIntent) []memory.QueryResult
}

MemoryPreflightQuerier is satisfied by memory.Service and memory.AttachedQuerier.

type MemoryQuerier added in v0.0.98 

type MemoryQuerier interface {
	Status() memory.ServiceStatus
	Query(ctx context.Context, intent memory.QueryIntent) (*memory.ResponseEnvelope, memory.ErrorClass, error)
}

MemoryQuerier is the subset of *memory.Service the tool consumes. Pulled out as an interface so tests can substitute a stub. The real memory.Service satisfies it via Status() and Query(ctx, intent).

type MemoryTool added in v0.0.98 

type MemoryTool struct {
	Service  MemoryQuerier
	Fallback FallbackQuery
}

MemoryTool exposes memory_recall to the agent loop. Service may be nil when the daemon's memory.Service failed to start, when provider is disabled, or in CLI/TUI attach paths where AttachPolicy returned ready=false. Fallback must always be supplied.

func (*MemoryTool) Info added in v0.0.98 

func (t *MemoryTool) Info() agent.ToolInfo

func (*MemoryTool) IsReadOnlyCall added in v0.0.98 

func (t *MemoryTool) IsReadOnlyCall(string) bool

func (*MemoryTool) RequiresApproval added in v0.0.98 

func (t *MemoryTool) RequiresApproval() bool

func (*MemoryTool) Run added in v0.0.98 

func (t *MemoryTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type NotifyHandler added in v0.0.93 

type NotifyHandler func(title, body string, sound bool) bool

NotifyHandler delivers a notify tool call through an attached daemon client (typically the Desktop app) instead of shelling out to osascript. It returns true when the notification was delivered — in which case the tool skips the osascript fallback — and false when no client is attached, which tells the tool to fall back to osascript for headless mode.

func NotifyHandlerFrom added in v0.0.93 

func NotifyHandlerFrom(ctx context.Context) NotifyHandler

NotifyHandlerFrom returns the NotifyHandler from ctx, or nil if none is set.

type NotifyTool 

type NotifyTool struct{}

func (*NotifyTool) Info 

func (t *NotifyTool) Info() agent.ToolInfo

func (*NotifyTool) IsReadOnlyCall 

func (t *NotifyTool) IsReadOnlyCall(string) bool

func (*NotifyTool) RequiresApproval 

func (t *NotifyTool) RequiresApproval() bool

func (*NotifyTool) Run 

func (t *NotifyTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type PDFToTextTool added in v0.1.6 

type PDFToTextTool struct{}

func (*PDFToTextTool) Info added in v0.1.6 

func (t *PDFToTextTool) Info() agent.ToolInfo

func (*PDFToTextTool) IsReadOnlyCall added in v0.1.6 

func (t *PDFToTextTool) IsReadOnlyCall(string) bool

func (*PDFToTextTool) RequiresApproval added in v0.1.6 

func (t *PDFToTextTool) RequiresApproval() bool

func (*PDFToTextTool) Run added in v0.1.6 

func (t *PDFToTextTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type PptxToTextTool added in v0.1.6 

type PptxToTextTool struct{}

func (*PptxToTextTool) Info added in v0.1.6 

func (t *PptxToTextTool) Info() agent.ToolInfo

func (*PptxToTextTool) IsReadOnlyCall added in v0.1.6 

func (t *PptxToTextTool) IsReadOnlyCall(string) bool

func (*PptxToTextTool) RequiresApproval added in v0.1.6 

func (t *PptxToTextTool) RequiresApproval() bool

func (*PptxToTextTool) Run added in v0.1.6 

func (t *PptxToTextTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ProcessTool 

type ProcessTool struct{}

func (*ProcessTool) Info 

func (t *ProcessTool) Info() agent.ToolInfo

func (*ProcessTool) IsReadOnlyCall 

func (t *ProcessTool) IsReadOnlyCall(string) bool

func (*ProcessTool) IsSafeArgs 

func (t *ProcessTool) IsSafeArgs(argsJSON string) bool

func (*ProcessTool) RequiresApproval 

func (t *ProcessTool) RequiresApproval() bool

func (*ProcessTool) Run 

func (t *ProcessTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type PublishToWebTool added in v0.1.3 

type PublishToWebTool struct {
	// contains filtered or unexported fields
}

func NewPublishToWebTool added in v0.1.3 

func NewPublishToWebTool(client uploader, extAllowlist map[string]bool) *PublishToWebTool

NewPublishToWebTool constructs the tool with the given uploads client and the effective extension allowlist. Pass nil for extAllowlist to use the default set unmodified.

func (*PublishToWebTool) Info added in v0.1.3 

func (t *PublishToWebTool) Info() agent.ToolInfo

func (*PublishToWebTool) IsSafeArgs added in v0.1.3 

func (t *PublishToWebTool) IsSafeArgs(string) bool

IsSafeArgs always returns false: publish_to_web side-effects (a permanent public URL) are never auto-approvable, no matter the args.

func (*PublishToWebTool) RequiresApproval added in v0.1.3 

func (t *PublishToWebTool) RequiresApproval() bool

func (*PublishToWebTool) Run added in v0.1.3 

func (t *PublishToWebTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type RetractPublishedFileTool added in v0.1.9 

type RetractPublishedFileTool struct {
	// contains filtered or unexported fields
}

func NewRetractPublishedFileTool added in v0.1.9 

func NewRetractPublishedFileTool(client retractUploader) *RetractPublishedFileTool

func (*RetractPublishedFileTool) Info added in v0.1.9 

func (t *RetractPublishedFileTool) Info() agent.ToolInfo

func (*RetractPublishedFileTool) RequiresApproval added in v0.1.9 

func (t *RetractPublishedFileTool) RequiresApproval() bool

func (*RetractPublishedFileTool) Run added in v0.1.9 

func (t *RetractPublishedFileTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ScheduleTool 

type ScheduleTool struct {
	// contains filtered or unexported fields
}

func (*ScheduleTool) Info 

func (t *ScheduleTool) Info() agent.ToolInfo

func (*ScheduleTool) IsReadOnlyCall 

func (t *ScheduleTool) IsReadOnlyCall(string) bool

func (*ScheduleTool) RequiresApproval 

func (t *ScheduleTool) RequiresApproval() bool

func (*ScheduleTool) Run 

func (t *ScheduleTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ScreenshotTool 

type ScreenshotTool struct{}

func (*ScreenshotTool) Info 

func (t *ScreenshotTool) Info() agent.ToolInfo

func (*ScreenshotTool) IsReadOnlyCall 

func (t *ScreenshotTool) IsReadOnlyCall(string) bool

func (*ScreenshotTool) RequiresApproval 

func (t *ScreenshotTool) RequiresApproval() bool

func (*ScreenshotTool) Run 

func (t *ScreenshotTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ServerTool 

type ServerTool struct {
	// contains filtered or unexported fields
}

ServerTool wraps a server-side tool schema and proxies execution through the gateway's /api/v1/tools/{name}/execute endpoint.

func NewServerTool 

func NewServerTool(schema client.ServerToolSchema, gateway *client.GatewayClient) *ServerTool

func (*ServerTool) Info 

func (t *ServerTool) Info() agent.ToolInfo

func (*ServerTool) RequiresApproval 

func (t *ServerTool) RequiresApproval() bool

RequiresApproval returns false — the server enforces its own access control.

func (*ServerTool) Run 

func (t *ServerTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

func (*ServerTool) ToolSource 

func (t *ServerTool) ToolSource() agent.ToolSource

ToolSource implements agent.ToolSourcer for deterministic tool ordering.

type SessionSearchTool 

type SessionSearchTool struct {
	// contains filtered or unexported fields
}

func (*SessionSearchTool) Info 

func (t *SessionSearchTool) Info() agent.ToolInfo

func (*SessionSearchTool) IsReadOnlyCall 

func (t *SessionSearchTool) IsReadOnlyCall(string) bool

func (*SessionSearchTool) RequiresApproval 

func (t *SessionSearchTool) RequiresApproval() bool

func (*SessionSearchTool) Run 

func (t *SessionSearchTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type SystemInfoTool 

type SystemInfoTool struct{}

func (*SystemInfoTool) Info 

func (t *SystemInfoTool) Info() agent.ToolInfo

func (*SystemInfoTool) IsReadOnlyCall 

func (t *SystemInfoTool) IsReadOnlyCall(string) bool

func (*SystemInfoTool) RequiresApproval 

func (t *SystemInfoTool) RequiresApproval() bool

func (*SystemInfoTool) Run 

func (t *SystemInfoTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type ThinkTool 

type ThinkTool struct{}

ThinkTool lets the model reason or plan before acting. The model calls this tool instead of outputting plan text, giving the loop an explicit continuation signal (stop_reason: tool_use) rather than relying on text heuristics.

func (*ThinkTool) Info 

func (t *ThinkTool) Info() agent.ToolInfo

func (*ThinkTool) IsReadOnlyCall 

func (t *ThinkTool) IsReadOnlyCall(string) bool

func (*ThinkTool) RequiresApproval 

func (t *ThinkTool) RequiresApproval() bool

func (*ThinkTool) Run 

func (t *ThinkTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

func (*ThinkTool) SkillExempt added in v0.1.3 

func (t *ThinkTool) SkillExempt() bool

SkillExempt opts think out of skill allowed-tools restriction. Pure reasoning, no I/O — restricting it would only force the model to substitute plan text into its assistant message, which is strictly worse for the loop.

type WaitTool 

type WaitTool struct {
	// contains filtered or unexported fields
}

WaitTool wraps the ax_server wait_for method.

func (*WaitTool) Info 

func (t *WaitTool) Info() agent.ToolInfo

func (*WaitTool) IsReadOnlyCall 

func (t *WaitTool) IsReadOnlyCall(string) bool

func (*WaitTool) RequiresApproval 

func (t *WaitTool) RequiresApproval() bool

func (*WaitTool) Run 

func (t *WaitTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

type XlsxToTextTool added in v0.1.6 

type XlsxToTextTool struct{}

func (*XlsxToTextTool) Info added in v0.1.6 

func (t *XlsxToTextTool) Info() agent.ToolInfo

func (*XlsxToTextTool) IsReadOnlyCall added in v0.1.6 

func (t *XlsxToTextTool) IsReadOnlyCall(string) bool

func (*XlsxToTextTool) RequiresApproval added in v0.1.6 

func (t *XlsxToTextTool) RequiresApproval() bool

func (*XlsxToTextTool) Run added in v0.1.6 

func (t *XlsxToTextTool) Run(ctx context.Context, argsJSON string) (agent.ToolResult, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.