Agent Tools
Current runtime tools exposed to workspace agents
This page describes the current tool surface exposed to agents at runtime.
Tool availability depends on two things:
- the authenticated caller for the chat
- whether the chat has a resolved workspace context
Current runtime tools
| Tool | Requires | What it does |
|---|---|---|
bash | built-in builder agent | Executes shell commands inside an in-memory sandbox. When AI Gateway auth is configured, curl can call the configured allow-list with server-side header transforms. |
readFile | built-in builder agent | Reads files from the bash sandbox, including /workspace/SKILL.md. |
writeFile | built-in builder agent | Writes files inside the bash sandbox, including edits to /workspace/SKILL.md during the current agent run. |
get_data_definitions | data.read | Lists data definitions in the current workspace. By default it returns compact summaries (handle, name, url, description); pass includeFields: true to get full definitions with fields and metadata. |
list_data_records | data.read | Lists records for one data definition with pagination, filtering, and sorting. |
query_data_records | data.read | Same record-query surface as list_data_records, exposed under an explicit query-oriented name. |
create_data_records | data.write | Creates one or more records in a data definition. |
update_data_records | data.write | Updates one or more existing records by id. |
delete_data_records | data.write | Soft-deletes one or more existing records by id. |
workspace_access_unavailable | no workspace context | Returns a structured error when the chat does not have a resolved workspace context. |
Capability flags on agents
Agent definitions also store capability flags.
| Capability flag | Meaning today |
|---|---|
objectsAccess | Represents structured workspace-object access. The current runtime tools on this page are the active object/data tools. |
webAccess | Stored on the agent definition, but the bash sandbox tools are currently reserved for the built-in builder agent. |
browserAccess | Stored on the agent definition, but not currently exposed as a runtime tool in this tool set. |
Permission model
- Session users get the same data read/write access they already have in the workspace.
- API-key-backed callers get tools only for the permissions granted to that key.
- Agents do not get broader access than the authenticated caller for the chat.
See also: