execute() method.
Base interface
ToolResult contains text and optionally a base64 image.
Registry
ToolRegistry owns:
- Registration by name.
- OpenAI tool conversion.
- Costly-tool filtering.
- Policy allowlist filtering.
- JSON argument parsing.
- Error capture.
- Log-safe argument summaries.
Registry construction
build_tool_registry() registers always-on local tools first, then optional surfaces based on settings:
- Core read/local tools.
- Filesystem tools under sandbox roots.
- Network/browser tools.
- OS/operator tools.
- Agent tools.
- MCP tools.
Approvals
ApprovalManager creates server-side pending approvals. Risky tools cannot rely on a model-provided confirmed=true field; the runtime checks the approval record.
Examples requiring approval:
- Overwrite-sensitive writes.
- Permanent deletion.
- Browser downloads/uploads.
- Shell commands.
- UI actions.
- LaunchAgent management.
- MCP calls.
- Agent delegation.