Skip to main content

Built-in Tools

The Society's instruments. Each one scoped. Each one accountable.


Overview

The Agenthood maintains a core tool registry. Every tool is:

  • Named — a clear, single-purpose identifier
  • Scoped — available only to members whose role requires it
  • Capped — subject to per-session usage limits
  • Logged — every invocation recorded for audit

No member has access to every tool. A member that needs a tool outside its scope
must escalate to the Orchestrator, which routes to the appropriate member.


Tool Registry

File Operations

ToolDescriptionScope
file.readRead file contentsAll members
file.writeWrite or overwrite a fileArchitect, Tester, Herald, Librarian, Scribe
file.editTargeted string replacement in a fileArchitect, Tester, Herald, Librarian, Scribe
file.deleteDelete a file (requires approval)Architect only
file.listList directory contentsAll members
file.searchGlob pattern file searchAll members

Code Intelligence

ToolDescriptionScope
code.grepRipgrep content search with regexAll members
code.symbolsExtract symbols, functions, classesReviewer, Architect, Debugger
code.analysisFull codebase structural analysisArchitect, Reviewer
code.diagnosticsRead linter/compiler diagnosticsReviewer, Debugger, Doorman

Terminal

ToolDescriptionScope
terminal.runExecute a shell commandTester, Debugger, Doorman
terminal.deepLong-running process with streaming outputDebugger only

Git

ToolDescriptionScope
git.diffShow staged or unstaged changesScribe, Reviewer, Doorman
git.logCommit history with formattingScribe, Herald, Doorman
git.statusWorking tree statusAll members
git.branchList, create, switch branchesArchitect, Doorman
git.commitCreate a commit (requires approval)Scribe only
git.pushPush to remote (requires approval)Herald only
git.tagCreate a version tag (requires approval)Herald only

Search & Knowledge

ToolDescriptionScope
search.webWeb search for current informationArchitect, Auditor, Librarian
search.vectorSemantic search across indexed codebaseAll members
search.hybridVector + keyword + temporal decayArchitect, Reviewer, Librarian

Debug

ToolDescriptionScope
debug.stacktraceParse and analyze a stack traceDebugger only
debug.variablesInspect runtime variable stateDebugger only
debug.evaluateEvaluate an expression in debug contextDebugger only
debug.controlStep/continue/pause debuggerDebugger only

Memory & State

ToolDescriptionScope
memory.readRead from persistent project/user memoryAll members
memory.writeWrite to persistent memoryAll members
tasks.readRead current task listAll members
tasks.writeUpdate task statusAll members
thinkChain-of-thought reasoning scratchpadAll members

External (MCP)

ToolDescriptionScope
mcp.*Dynamically loaded MCP server toolsPer connector configuration

Safety Caps

Every tool invocation counts against session limits enforced by the SafetyGuard:

LimitDefaultMaximum
Total stream events2,00010,000
Total tool invocations4002,000
Session runtime10 minutes60 minutes
File edits per file8
Terminal commands10
Web searches8

When a cap is reached:

  1. The member is notified with remaining budget
  2. The member completes its current step cleanly
  3. Control returns to the Orchestrator
  4. The human is informed and can extend limits or resume

Loop detection: If the same file is edited 4+ times in a session, the SafetyGuard
alerts the member and requires it to justify continued editing or stop.


Permission Profiles and Tools

Tool CategoryRestrictedStandardTrusted
File read
File write/edit✅ (diff review)✅ (auto-approve)
File delete✅ (approval)✅ (approval)
Terminal (safe)
Terminal (dangerous)✅ (approval)✅ (approval)
Terminal (catastrophic)
Git commit/push✅ (approval)✅ (approval)
Web search
MCP tools

Catastrophic commands are blocked universally:
rm -rf /, mkfs, dd if=/dev/zero, DROP DATABASE, force push to main.


Tool Audit Log

Every tool invocation is logged with:

  • Timestamp
  • Member that invoked it
  • Tool name and parameters
  • Result (success / error / blocked)
  • Session and task ID

The audit log is stored in .agenthood/audit.log and rotated at 1,000 entries.
The Auditor can query it. The human can always read it.