Tools
Manage the tools an LLM can use.
Tools allow the LLM to perform actions in your codebase. Anthracode comes with a set of built-in tools — including additional power tools not in upstream Anthracode — and you can extend it with custom tools or MCP servers.
By default, all tools are enabled and don’t need permission to run. You can control tool behavior through permissions.
Use the permission field to control tool behavior. You can allow, deny, or require approval for each tool.
{
"permission": { "edit": "deny", "bash": "ask", "webfetch": "allow" }}You can also use wildcards to control multiple tools at once. For example, to require approval for all tools from an MCP server:
{
"permission": { "mymcp_*": "ask" }}Learn more about configuring permissions.
Here are all the built-in tools available in Anthracode.
Execute shell commands in your project environment.
{
"permission": { "bash": "allow" }}This tool allows the LLM to run terminal commands like npm install, git status, or any other shell command.
Modify existing files using exact string replacements.
{
"permission": { "edit": "allow" }}This tool performs precise edits to files by replacing exact text matches. It’s the primary way the LLM modifies code.
Create new files or overwrite existing ones.
{
"permission": { "edit": "allow" }}Use this to allow the LLM to create new files. It will overwrite existing files if they already exist.
Read file contents from your codebase.
{
"permission": { "read": "allow" }}This tool reads files and returns their contents. It supports reading specific line ranges for large files.
Search file contents using regular expressions.
{
"permission": { "grep": "allow" }}Fast content search across your codebase. Supports full regex syntax and file pattern filtering.
Find files by pattern matching.
{
"permission": { "glob": "allow" }}Search for files using glob patterns like **/*.js or src/**/*.ts. Returns matching file paths sorted by modification time.
Interact with your configured LSP servers to get code intelligence features like definitions, references, hover info, and call hierarchy.
{
"permission": { "lsp": "allow" }}Supported operations include goToDefinition, findReferences, hover, documentSymbol, workspaceSymbol, goToImplementation, prepareCallHierarchy, incomingCalls, and outgoingCalls.
To configure which LSP servers are available for your project, see LSP Servers.
Apply patches to files.
{
"permission": { "edit": "allow" }}This tool applies patch files to your codebase. Useful for applying diffs and patches from various sources.
When handling tool.execute.before or tool.execute.after hooks, check input.tool === "apply_patch" (not "patch").
apply_patch uses output.args.patchText instead of output.args.filePath. Paths are embedded in marker lines within patchText and are relative to the project root (for example: *** Add File: src/new-file.ts, *** Update File: src/existing.ts, *** Move to: src/renamed.ts, *** Delete File: src/obsolete.ts).
Load a skill (a SKILL.md file) and return its content in the conversation.
{
"permission": { "skill": "allow" }}Launch a subagent to handle complex, multi-step tasks in a separate session. This is how agents delegate work to specialized subagents.
{
"permission": { "task": "allow" }}| Parameter | Description |
|---|---|
description | Short (3–5 word) description of the task |
prompt | The task instructions for the subagent |
subagent_type | Which specialized agent to use (explore, tester, code-reviewer, refactor, security, architect, general) |
Supports running multiple subagents in parallel — call task multiple times in one turn to dispatch independent work simultaneously.
Learn more about agents and the available subagent types.
Manage todo lists during coding sessions.
{
"permission": { "todowrite": "allow" }}Creates and updates task lists to track progress during complex operations. The LLM uses this to organize multi-step tasks.
Fetch web content.
{
"permission": { "webfetch": "allow" }}Allows the LLM to fetch and read web pages. Useful for looking up documentation or researching online resources.
Search the web for information.
{
"permission": { "websearch": "allow" }}Performs web searches using Exa AI to find relevant information online. Useful for researching topics, finding current events, or gathering information beyond the training data cutoff.
No API key is required — the tool connects directly to Exa AI’s hosted MCP service without authentication.
Ask the user questions during execution.
{
"permission": { "question": "allow" }}This tool allows the LLM to ask the user questions during a task. It’s useful for:
- Gathering user preferences or requirements
- Clarifying ambiguous instructions
- Getting decisions on implementation choices
- Offering choices about what direction to take
Each question includes a header, the question text, and a list of options. Users can select from the provided options or type a custom answer. When there are multiple questions, users can navigate between them before submitting all answers.
These tools are built into Anthracode and are not available in upstream Anthracode.
Use ripgrep-based regex patterns to extract structural information (functions, classes, imports, variables).
{
"permission": { "ast": "allow" }}ast uses language-aware regex patterns rather than a full parser. Supported operations: find_definitions, find_references, list_symbols. Supported languages: TypeScript, JavaScript, Python, Go, Rust. Unlisted languages fall back to TypeScript patterns — results may be less accurate for those.
Save and restore named file snapshots within a session.
{
"permission": { "checkpoint": "allow" }}Critical for autonomous refactoring loops: save before changes, restore if tests fail.
| Action | Description |
|---|---|
save | Snapshot specified files (or all source files if no paths given) |
restore | Write saved file contents back to disk |
list | Show all checkpoints for this session |
diff | Show lines added/removed since a named checkpoint |
Checkpoints are session-scoped and stored in memory — they do not persist between sessions.
Search-replace text across multiple files matching a glob pattern.
{
"permission": { "multi_edit": "allow" }}Use this for codebase-wide renames or replacements in a single tool call instead of editing files one by one. Supports dry_run: true to preview changes before applying.
Run TypeScript type checking and return a structured list of errors and warnings.
{
"permission": { "typecheck": "allow" }}Uses the project’s typecheck script if one exists in package.json, otherwise falls back to tsc --noEmit. Returns structured file:line:col: TSxxxx: message output.
Run tests and return structured pass/fail output.
{
"permission": { "test_runner": "allow" }}Runs bun test and parses the summary line into structured metadata (passed, failed, total, duration_ms). Supports test name filtering via pattern and custom timeout_ms.
Create an isolated git worktree on a new branch for the current session.
{
"permission": { "worktree_enter": "allow" }}Creates a worktree at ../.ac-worktrees/<name> on a new branch anthracode/wt-<name>. Allows making changes without affecting the main working tree. One worktree per session.
Exit the active worktree for this session.
{
"permission": { "worktree_exit": "allow" }}| Action | Description |
|---|---|
remove | Delete the worktree directory and branch (discard changes) |
keep | Preserve the branch for manual merge |
Execute Python, Node.js, or Bun code and return the output.
{
"permission": { "repl": "allow" }}Stateless — each call is a fresh process. Supports timeout_ms (default: 30 000, max: 120 000). Use for quick calculations, data transformations, and testing logic without creating a file.
| Language | Runtime |
|---|---|
python | python3 (Linux/macOS) or python (Windows) |
node | node -e |
bun | bun run --eval |
Edit a Jupyter notebook (.ipynb) cell.
{
"permission": { "notebook_edit": "allow" }}| Operation | Description |
|---|---|
replace | Overwrite cell source; clears outputs and execution_count for code cells (default) |
insert | Insert a new cell after the specified cell (or append if cell_id omitted) |
delete | Remove a cell |
Cells are identified by 0-based numeric index ("0", "1") or cell UUID. Writes standard 2-space indented JSON.
Full-text search across the entire session history, including messages compacted away by context window management.
{
"permission": { "recall": "allow" }}Uses BM25 full-text search to rank matching excerpts by relevance. Essential for finding specific file paths, error strings, or instructions that were summarized during context compaction.
Learn more about how the recall tool works with context compaction.
Write durable information to the 4-tier memory system that persists across sessions.
{
"permission": { "memory_write": "allow" }}| Parameter | Description |
|---|---|
scope | project, user, session, agents, agents-global, index, index-global, decision |
content | Text content to persist |
append | When true (default), adds timestamped entry; false replaces the file |
slug | For decision scope only: kebab-case filename |
Learn more about the 4-tier memory system.
Pause execution for a specified duration.
{
"permission": { "sleep": "allow" }}| Parameter | Description |
|---|---|
duration_ms | Milliseconds to pause (max: 30000) |
reason | Optional human-readable explanation for the pause |
Use for waiting between polling loops, deliberate pacing, or retry backoff. For longer waits, call sleep multiple times.
Execute PowerShell commands. Available on any platform with PowerShell 7+ (pwsh) or Windows PowerShell (powershell) installed.
{
"permission": { "powershell": "allow" }}The tool prefers pwsh (PowerShell 7+) over powershell (Windows PowerShell) when both are available. Follows the same shell rules as bash but with PowerShell syntax, pipeline chain operators (&&, ||), and cmdlet conventions.
Anthracode includes six PTY (pseudo-terminal) tools for managing long-running processes: pty_exec, pty_start, pty_read, pty_send, pty_list, and pty_stop. PTY sessions run through an isolated host process by default, so native terminal crashes do not take down the main agent. Tools that start or execute commands use the terminal_start permission, and pty_stop uses terminal_stop. The remaining tools (pty_list, pty_read, pty_send) have no permission gate.
{
"permission": { "terminal_start": "allow", "terminal_stop": "allow" }}Learn more about PTY terminal tools.
Custom tools let you define your own functions that the LLM can call. These are defined in your config file and can execute arbitrary code.
Learn more about creating custom tools.
MCP (Model Context Protocol) servers allow you to integrate external tools and services. This includes database access, API integrations, and third-party services.
Learn more about configuring MCP servers.
Internally, tools like grep and glob use ripgrep under the hood. By default, ripgrep respects .gitignore patterns, which means files and directories listed in your .gitignore will be excluded from searches and listings.
To include files that would normally be ignored, create a .ignore file in your project root. This file can explicitly allow certain paths.
!node_modules/!dist/!build/For example, this .ignore file allows ripgrep to search within node_modules/, dist/, and build/ directories even if they’re listed in .gitignore.