Skip to main content

Tool System

TinyElf's tool system is managed by ToolRegistry for tool registration and execution, and TinyElfToolRegistryBuilder is responsible for building the complete tool set when a session starts. Each tool implements the ITool interface.

Tool Registration Flow

graph TB
Builder["TinyElfToolRegistryBuilder<br/>buildToolRegistry()"] --> Reg["ToolRegistry"]

Builder -->|"1. FileSystem"| FS["createFileSystemTools()<br/>Read, Write, Edit, ListDir, Glob, Grep"]
Builder -->|"2. Shell"| Shell["ShellTool<br/>Bash"]
Builder -->|"3. Web Search"| WS["setupWebSearch()<br/>WebSearch / NativeSearch"]
Builder -->|"4. Web Fetch"| WF["createWebFetchTool()<br/>WebFetch + summarizer"]
Builder -->|"5. Skills"| SK["SkillsTool + ReadSkillTool<br/>list_skills, read_skill"]
Builder -->|"6. SkillHub"| SH["SkillHubSearchTool + InstallTool<br/>skillhub_search, skillhub_install"]
Builder -->|"7. Sub-Agent"| SA["SpawnTool<br/>spawn_agent"]
Builder -->|"8. Sub-Agent Query"| SAQ["SubagentListTool + StatusTool"]
Builder -->|"9. Slash Command"| CMD["SlashCommandTool<br/>slash_command"]
Builder -->|"10. MCP"| MCP["loadMcpTools() + loadDirectMcpTools()<br/>mcp__*"]
Builder -->|"11. Session"| SS["SessionsSpawn/List/Send/History"]
Builder -->|"12. Control"| Ctrl["NotifyTool + SessionsYieldTool"]

FS --> Reg
Shell --> Reg
WS --> Reg
WF --> Reg
SK --> Reg
SH --> Reg
SA --> Reg
SAQ --> Reg
CMD --> Reg
MCP --> Reg
SS --> Reg
Ctrl --> Reg

ITool Interface

interface ITool {
readonly name: string; // unique tool name (function_calling use)
readonly description: string; // LLM-readable description
readonly parameters: JsonSchema; // JSON Schema parameter definition
execute(params: Record<string, unknown>): Promise<string>;
}

ToolRegistry

class ToolRegistry {
register(tool: ITool): void;
registerAll(tools: ITool[]): void;
unregister(name: string): boolean;
get(name: string): ITool | undefined;
has(name: string): boolean;
getAll(): ITool[];
getNames(): string[];
getDefinitions(): ToolDefinition[]; // OpenAI function_calling format
createFiltered(allowedNames: string[]): ToolRegistry;
execute(toolCallId, toolName, params): Promise<ToolCallResult>;
}

Execution Flow

  1. Look up tool → return error if not found (list available tools)
  2. Parameter type conversion → handle common LLM type errors (string → number etc.)
  3. Required parameter validation → return error if missing
  4. Call tool.execute(params)
  5. Output truncation → truncate over maxChars (default 50KB) and add (truncated) mark
  6. Error output append hint → [Analyze the error above and try a different approach.]

Tool Filtering

createFiltered() creates a new ToolRegistry instance containing only whitelisted tools. Used for:

  • plan mode limited to read-only tools
  • Agent config allowedTools field
  • Slash command allowed-tools metadata

Complete Tool Table

FileSystem Tools

ToolClassSensitivityParametersDescription
ReadReadFileToolSafepath, offset?, limit?Read file content, supports partial read
WriteWriteFileToolSensitivepath, contentWrite file (create or overwrite)
EditEditFileToolSensitivepath, old_string, new_string, replace_all?Precise string replacement
ListDirListDirToolSafepathList directory contents
GlobGlobToolSafepattern, path?File name pattern matching
GrepGrepToolSafepattern, path?, include?File content search

FileSystem tool features:

  • Path sandbox: all paths resolved relative to workspace root
  • restrictToWorkspace config controls whether workspace-outside access allowed
  • Read auto-truncates large files (>128KB), >10MB requires offset/limit

Shell Tool

ToolClassSensitivityParametersDescription
BashShellToolSensitivecommandExecute shell command

Shell tool security features:

  • Command blacklist (critical deny patterns): rm -rf /, format, mkfs, diskpart etc.
  • High-risk command warnings: sudo, curl | sh, permission changes
  • Workspace-outside path detection
  • Output limit: 100KB
  • Timeout: default 2 minutes, configurable via execTimeout

Web Tools

ToolClassSensitivityParametersDescription
WebSearchWebSearchServiceToolSafequery, count?Web search
WebFetchWebFetchToolSafeurl, prompt?, raw?Fetch web content

WebFetch features:

  • Use Readability to extract article body
  • HTML → Markdown conversion (Turndown)
  • Content over 4KB auto-summarized using background model
  • 30-second timeout, max 5MB response

Web search three-tier fallback:

  1. Native search (Anthropic/OpenAI/Gemini/xAI built-in)
  2. WebSearchService (Tavily/Jina/Searxng)
  3. Unavailable

Sub-Agent Tools

ToolClassSensitivityParametersDescription
spawn_agentSpawnToolSensitiveprompt, agent?, model?, background?, maxIterations?, permissionMode?, tools?Launch sub-Agent
subagent_listSubagentListToolSafeNoneList active sub-Agents
subagent_statusSubagentStatusToolSaferunIdQuery sub-Agent status

Session Tools

ToolClassSensitivityParametersDescription
SessionsSpawnSessionsSpawnToolSensitiveprompt, agentId?, title?Create new session
SessionsListSessionsListToolSafelimit?, offset?List sessions
SessionsSendSessionsSendToolSensitivesessionId, messageSend message to session
SessionsHistorySessionsHistoryToolSafesessionId, limit?View session history
SessionsYieldSessionsYieldToolSafemessageEnd Agent loop and return message

Skills Tools

ToolClassSensitivityParametersDescription
list_skillsSkillsToolSafeNoneList all available skills
read_skillReadSkillToolSafenameRead skill content
skillhub_searchSkillHubSearchToolSafequerySearch community skills
skillhub_installSkillHubInstallToolSafeskillIdInstall community skill

MCP Tools

ToolClassSensitivityParametersDescription
mcp__<server>__<tool>Dynamically generatedSensitiveDefined by MCP serverExternal MCP tools

MCP tools are loaded via three approaches:

  1. User MCP (mcpServerIds) — connect user-configured stdio/http/sse servers in Settings → MCP via McpService
  2. Built-in MCP (auto-assembled via McpProviderRegistry) — all built-in MCP handlers in-process, SDK wrapped via createSdkMcpServer, TinyElf registers as ITool, CLI accesses via central BuiltinMcpHttpServer HTTP bridge. Each agent's visible MCP determined by Provider's isEligible(ctx) (no longer walks builtinMcpServers field in Agent config — field deleted in cleanup-legacy-mcp (2026-05-19))
  3. Direct MCP (directMcpServers) — pre-parsed stdio MCP declared in Agent config (user scenarios like calling local Python tools)

Control Tools

ToolClassSensitivityParametersDescription
NotifyNotifyToolSafetitle, body?Send desktop notification
slash_commandSlashCommandToolSafecommand, args?Execute Slash command

Tool Sensitivity Classification

private static readonly SAFE_TOOLS = new Set([
'Read', 'ListDir', 'Glob', 'Grep',
'WebSearch', 'WebFetch',
'list_skills', 'read_skill',
'Notify', 'SessionsYield', 'SessionsHistory',
]);

Classification rules:

  • In SAFE_TOOLS set → never requires confirmation
  • In acceptEdits mode, Write and Edit also don't require confirmation
  • All other tools (including MCP tools) → require confirmation

Tool Inheritance

Sub-Agents can inherit some tools from parent Agent:

const inheritableToolNames = new Set([
'list_skills', 'read_skill', 'slash_command'
]);
// + all MCP tools starting with mcp__

Key Files

FilePathDescription
ITool interfacetinyelf/tools/ToolInterface.tsTool base interface
ToolRegistrytinyelf/tools/ToolRegistry.tsTool registry
ToolRegistryBuildertinyelf/TinyElfToolRegistryBuilder.tsTool builder
FileSystemToolstinyelf/tools/FileSystemTools.tsFileSystem tools
ShellTooltinyelf/tools/ShellTool.tsShell tool
WebToolstinyelf/tools/WebTools.tsWebFetch
WebSearchServiceTooltinyelf/tools/WebSearchServiceTool.tsWebSearch
SpawnTooltinyelf/tools/SpawnTool.tsSub-Agent tool
SessionToolstinyelf/tools/SessionTools.tsSession management tools
SkillsTooltinyelf/tools/SkillsTool.tsSkills tool
SkillHubToolstinyelf/tools/SkillHubTools.tsSkillHub tools
McpToolAdaptertinyelf/tools/McpToolAdapter.tsMCP tool adaptation
NotifyTooltinyelf/tools/NotifyTool.tsNotify tool
YieldTooltinyelf/tools/YieldTool.tsLoop termination tool
SubagentToolstinyelf/tools/SubagentTools.tsSub-Agent query tools
SlashCommandTooltinyelf/tools/SlashCommandTool.tsSlash command

All paths relative to packages/desktop/app/main/services/agent-core/engine/.

Extension Points

  • New tool: implement ITool interface → register in TinyElfToolRegistryBuilder
  • Modify sensitivity: add/remove in TinyElfAgentLoop.SAFE_TOOLS set
  • Custom tool inheritance: modify inheritableToolNames set
  • MCP tool loading: adapt new MCP transport via McpToolAdapter
ModulePathRelationship
TinyElfAgentLooptinyelf/TinyElfAgentLoop.tsTool execution caller
ExecutionFirewallplatform/security/ExecutionFirewall.tsFileSystem tool path check
McpServicecapabilities/tools/mcp-users/McpService.tsMCP tool source
SkillsLoadertinyelf/skills/SkillsLoader.tsSkills tool dependency
SubagentManagertinyelf/tools/SpawnTool.tsspawn_agent dependency