Tools

Tools are the actions an agent can perform. Most tools come from MCP servers bound to the agent; a few additional ones come from the sandbox when code execution is enabled.

How tools flow through the runtime

1. The backend connects to every MCP server bound to the agent
2. For each server it calls tools/list and receives the tool schemas
3. It filters the list using the agent’s tool settings (disabled tools are removed; “needs approval” tools are marked as HITL interrupts)
4. If the sandbox is on, it appends create_sandbox, connect_sandbox, and the standard file-ops tools (ls, read_file, write_file, edit_file, glob, grep, execute)
5. If subagents are attached, it wraps each one as a tool
6. The resulting toolset is handed to the LLM via LangGraph

Tool discovery

Tool schemas are fetched from the MCP server when you bind or Sync tools on an agent-server binding. They are not re-fetched on every message — this avoids the ~15 s deadlock some servers exhibit when they hold the Streamable HTTP GET stream open before responding to tools/list.

Use Sync tools on the agent page whenever the underlying MCP server publishes new tools or changes descriptions.

Tool calls in chat

Every tool call appears in the thread as an expandable block showing:

• The tool name and the MCP server it belongs to
• The input arguments the LLM passed
• The result the server returned (or the error, if it failed)
• Whether the call was auto-approved or user-approved

Errors are surfaced inline. The LLM sees the error string as the tool result and decides whether to retry, call a different tool, or explain the problem to the user.

Next

• Tool Settings — per-tool approval rules
• Sandbox — the code-execution toolset