CortexPrism ships with 60+ built-in tools available to all agents. Tools are registered via registerAllBuiltins() and gated through the security policy validator before execution. An additional 60 Chrome Bridge tools are dynamically registered from the chrome-bridge MCP server.
| Tool | Description |
|---|
file_read | Read file contents; auto-extracts PDF text; language detection for 40+ languages |
file_read_enhanced | Enhanced reader with language detection, binary detection, large file warnings |
file_write | Write or overwrite a file |
file_edit | Exact string replacements in files |
file_patch | Apply unified diff patches |
file_delete | Delete a file or directory |
file_rename | Rename or move a file |
file_copy | Copy files or directories with overwrite protection |
file_move | Move files/directories with overwrite protection |
file_list | List directory contents with type markers |
file_tree | Recursive tree view of directories |
file_info | File/directory metadata (size, type, timestamps) |
file_search | Regex search across file contents |
file_glob | Find files matching glob patterns |
file_undo | Undo the last file change |
file_redo | Redo a previously undone file change |
file_diff | Show differences between files |
All file tools support workspace: "agent"/"global" parameter for scoped operations. File edits are auto-committed to git with undo/redo support.
Shell (1)
| Tool | Description |
|---|
shell | Execute local shell commands — gated by policy validator and optional human approval |
Safety: Default deny rules block rm -rf /, fork bombs, direct disk writes, chmod 777 /.
| Tool | Description |
|---|
web_search | Web search via DuckDuckGo |
web_search_enhanced | Multi-provider search with intelligent fallback (Brave → Tavily → DuckDuckGo) |
web_fetch | Fetch URL content as cleaned plain text (strips HTML, scripts, styles) |
web_fetch_enhanced | Enhanced fetch with HTML-to-Markdown, retry with exponential backoff |
brave_search | Web search via Brave Search API |
tavily_search | Web search via Tavily API |
serpapi_search | Web search via SerpAPI |
firecrawl | Web scraping via Firecrawl |
docs_search | Official library documentation search via Context7 (25+ libraries, 24h caching) |
Code Execution (1)
| Tool | Description |
|---|
code_exec | Run code in isolated Docker/gVisor containers with resource limits |
Supports Python, JavaScript, TypeScript, Bash, Ruby, Go, Rust. Network disabled by default. Auto-fix loop: LLM receives error feedback and retries (up to 4 rounds).
Browser Automation (1)
| Tool | Description |
|---|
browser | Headless Playwright-powered browser automation — navigate, click, type, screenshot, snapshot, evaluate, wait |
Configurable timeout (30s). Actions gated through security supervisor for sensitive operations. Base64 PNG screenshot output and accessibility snapshots.
| Tool | Description |
|---|
git_push | Stage, commit, and push to remote |
github_pr_create | Create a pull request |
github_pr_list | List pull requests |
github_issue_create | Create an issue |
github_issue_list | List issues |
| Tool | Description |
|---|
code_index | Full repository indexing with incremental sync and file change detection |
code_search_symbol | FTS5-backed symbol search across projects |
code_trace_path | Bidirectional call graph traversal with depth limits and hotspot analysis |
code_get_architecture | System architecture diagram extraction (layers, modules, dependencies) |
code_analyze_impact | Blast radius analysis (callers, callees, dead code detection, complexity) |
code_list_projects | Project registry with language stats and node/edge counts |
code_pilot | Token-optimized context builder with AST-aware pruning, budget slider, and file filtering |
Uses tree-sitter WASM parser for 12 languages with active tree-sitter parsers (40+ file extension mappings).
Computer Use (GUI Automation) (1)
| Tool | Description |
|---|
computer | GUI automation — screenshot, click, type, key, scroll, mouse_move, drag, and 15+ actions |
Requires xvfb, xdotool, scrot on Linux. All actions gated through policy validator; sensitive data auto-blocked.
| Tool | Description |
|---|
sub_agent | Spawn a typed child agent (11 types: Explorer, Coder, Researcher, Planner, Generalist, Security Auditor, Debugger, Architect, DevOps Engineer, Data Analyst, UI/UX Designer) |
node_dispatch | Dispatch tasks to remote distributed nodes |
mcp_agent | Invoke external MCP agents via the MCP gateway with tool call routing |
| Tool | Description |
|---|
memory_note | Persist notes to episodic memory |
memory_search | Search across episodic, semantic, reflection, and graph memory with hybrid (keyword + vector) search |
| Tool | Description |
|---|
db_query | Read-only database querying across cortex/memory/lens/plugins/session databases |
json_query | JSONPath-like expression support ($.property, $.array[0], $.array[*], $.**) |
regex_utils | Regular expression utilities — match, replace, test, split, exec |
env_manager | Environment variable management with whitelist-based set security |
code_snippet | Code block extraction from markdown with line numbers and language detection |
structured_extract | LLM-powered entity/relationship extraction with JSON-Schema validation |
image_analyze | Multimodal image analysis via 18+ LLM providers |
schedule | Cron-based job scheduling with full lifecycle (create/list/cancel/status/due) |
| Tool | Description |
|---|
load_skill | Load a skill by name (auto-records usage for quality tracking) |
skill_read | Read/List skills with lifecycle and origin filtering |
skill_write | Create/update/delete/merge/promote/deprecate skills with 8 operations |
| Tool | Description |
|---|
speak | Text-to-speech via configured TTS provider |
listen | Speech-to-text via configured STT provider |
| Tool | Description |
|---|
dashboard_manage | CRUD operations on dashboard widgets (list, add, remove, update) |
| Tool Prefix | Description |
|---|
chrome_* | 60 real-browser automation tools via Chrome DevTools Protocol (CDP) — navigation, interaction, DOM inspection, network monitoring, screenshots, audits, state management |
Chrome Bridge tools are dynamically registered from the chrome-bridge MCP server and passed through the same multi-layer security validation as all other tools.
Every tool implements:
interface Tool {
definition: ToolDefinition;
execute(args: Record<string, unknown>, ctx: ToolContext): Promise<ToolCallResult>;
}
interface ToolDefinition {
name: string;
description: string;
params: ToolParam[];
capabilities: ToolCapability[];
}
Security & Policy Validation
Every tool call passes through the security system before execution:
Agent → Tool Intent → Policy Validator → (Sensitive Data?) → LLM Supervisor → Human Approval → Executor
- Policy validator — regex allow/deny rules evaluated against every shell command, file path, and network request
- LLM supervisor — sensitive data access (memory_search, db_query, browser screenshots) requires approval from a fast LLM with decision caching and human escalation
- Human approval — CLI prompts and Web UI modal for uncertain/unapproved access requests
See Also