Tools

July 8, 2026 · View on GitHub

Tools are functions the model can call to interact with your system — reading files, running commands, searching the web, and more. You don't call tools directly; the model decides which tools to use based on your request.

How It Works

  1. You give the model a task (e.g., "find all TODO comments in the project")
  2. The model picks the right tools (e.g., search_file_content)
  3. LLxprt Code shows you what the tool wants to do and asks for confirmation (for write operations)
  4. The tool runs and the model uses the output to continue

Built-in Tools

File System

ToolWhat It Does
read_fileRead a file's contents
read_line_rangeRead specific lines from a file
read_many_filesRead multiple files by glob pattern
write_fileCreate or overwrite a file
edit / replaceReplace text in a file
ast_editAST-aware edit with syntax validation
insert_at_lineInsert content at a specific line
delete_line_rangeDelete a range of lines
apply_patchApply a unified diff patch
globFind files matching a pattern
list_directoryList directory contents
search_file_contentSearch file contents with regex (ripgrep)
ast_grepSearch code by AST structure
structural_analysisMulti-hop code analysis (callers, callees, references)
ast_read_fileRead file with AST context extraction

Shell

ToolWhat It Does
run_shell_commandExecute a shell command

The shell tool is the only tool that can reach outside your workspace. All file system tools are constrained to the workspace directory. This is why sandboxing matters — the shell tool can install packages, modify system files, or do anything your user account can do.

Web

ToolWhat It Does
exa_web_searchSearch the web via Exa AI (recommended)
direct_web_fetchFetch and convert a URL to text/markdown
codesearchSearch for code snippets, APIs, documentation

Memory and Context

ToolWhat It Does
save_memorySave facts to long-term memory (project or global)

See Memory for details on how memory works.

Agents and Tasks

ToolWhat It Does
taskLaunch a subagent to handle a subtask
list_subagentsList available subagent configurations
check_async_tasksCheck status of background tasks
todo_read / todo_write / todo_pauseManage structured task lists

MCP (Model Context Protocol)

MCP servers add third-party tools. See MCP Servers.

Approvals and Policies

By default, the model must ask permission before:

  • Writing, editing, or deleting files
  • Running shell commands
  • Making web requests

You control this through policies (in settings.json or ~/.llxprt/policies/):

{
  "policies": {
    "allow-write": true,
    "allow-shell": true
  }
}

Or use --yolo at startup to auto-approve everything (not recommended outside sandboxes):

llxprt --yolo

The /permissions command shows the current approval state.

Enabling and Disabling Tools

Restricting to Specific Tools

Use coreTools in settings.json to allow only specific tools:

{
  "coreTools": ["read_file", "search_file_content", "glob", "list_directory"]
}

When coreTools is set, any tool not in the list is disabled. If coreTools is not set, all tools are available (the default).

Shell Command Restrictions

You can restrict the shell tool to specific commands:

{
  "coreTools": ["ShellTool(npm test)", "ShellTool(npm run lint)", "read_file"]
}

This allows only npm test and npm run lint as shell commands.

Workspace Boundaries

All file system tools (read, write, edit, search, glob) are restricted to your workspace directory. They cannot access files outside the project root.

The shell tool is the exception — it can run any command your user account can. If this concerns you:

  • Use sandboxing to run in a container
  • Use coreTools to restrict shell commands
  • Review shell commands when prompted for approval