Tool Overview
Each tool gets a purpose-built widget: diffs render as diffs, search results group by file with line numbers, bash shows exit codes, todos become checklists.
| Tool | Effect class | Description |
|---|---|---|
read | Read | Read a file (or a line range). Large files return a symbol outline first. |
write | Write | Create a new file with atomic write semantics. |
edit | Write | Apply targeted text substitutions to an existing file; renders a diff. |
bash | Shell | Run a shell command inside the sandbox; shows exit code + output. |
grep | Read | Regex search across files, grouped by file with line numbers. |
glob | Read | Find files by glob pattern. |
list_dir | Read | List a directory with type, size, and name. |
find_definition | Read | Locate a symbol definition across the codebase. |
web_fetch | Network | Fetch a URL (capped output) for docs and APIs. |
web_search | Network | Search the web and return result snippets. |
todo | Pure | Maintain a session todo / plan list, rendered as a checklist. |
diagnostics | Shell | Run the project's build/lint and surface errors and warnings. |
git_status | Read | Show branch, staged/unstaged changes, untracked files. |
git_diff | Read | Show a diff (unstaged, staged, or a ref range). |
git_log | Read | Show commit history. |
git_commit | Write | Stage files and create a commit. |
remember / forget | Pure | Persist or remove durable facts across sessions. |
ℹNoteThe effect class determines which permission profile auto-runs the tool. Pure and Read tools run automatically in every profile; Write, Shell, and Network are gated by your profile.
Compile-time enforcement
Each tool's effect set is declared at compile time and checked against the permission matrix via static_assert. A tool can't accidentally gain a side effect that the policy doesn't account for — the build catches it.