16 built-in tools for file operations, shell execution, search, web access, git, sandbox, subagent delegation

Tools

A3S Code ships with 16 built-in tools. All tools execute in-process via native Rust implementations.

File Operations

`read`

Read file contents with line numbers. Supports offset and limit for large files.

{
  "file_path": "src/main.rs",
  "offset": 0,
  "limit": 100
}

`write`

Create or overwrite a file. Automatically creates parent directories.

{
  "file_path": "src/config.rs",
  "content": "pub struct Config {\n    pub port: u16,\n}\n"
}

`edit`

Replace a specific string in a file. Useful for targeted modifications.

{
  "file_path": "src/main.rs",
  "old_string": "fn main() {",
  "new_string": "fn main() -> Result<()> {"
}

`patch`

Apply a unified diff patch. Best for complex multi-line edits.

{
  "file_path": "src/lib.rs",
  "diff": "--- a/src/lib.rs\n+++ b/src/lib.rs\n@@ -1,3 +1,4 @@\n+use anyhow::Result;\n use std::io;\n"
}

Search

`grep`

Search file contents using ripgrep patterns. Supports regex, globs, and context lines.

{
  "pattern": "fn.*async",
  "path": "src/",
  "glob": "*.rs",
  "context": 2
}

`glob`

Find files matching a glob pattern.

{
  "pattern": "src/**/*.rs"
}

`ls`

List directory contents with file sizes and types.

{
  "path": "src/"
}

Shell

`bash`

Execute shell commands. Commands run in the session's workspace directory.

{
  "command": "cargo test --lib -- test_name"
}

Security: Use Permission System to control bash access.

Web

`web_fetch`

Fetch content from a URL. Returns text content extracted from HTML.

{
  "url": "https://docs.rs/tokio/latest/tokio/"
}

`web_search`

Search the web using multiple search engines.

{
  "query": "rust async trait object",
  "engine": "google"
}

Direct Tool Execution

Call tools directly on the session without going through the LLM:

// Convenience wrappers
const content = await session.readFile('src/main.rs');
const output = await session.bash('cargo test --lib');
const files = await session.glob('**/*.rs');
const matches = await session.grep('fn main');

// Generic tool call
const result = await session.tool('edit', {
  file_path: 'src/main.rs',
  old_string: 'fn main() {',
  new_string: 'fn main() -> Result<()> {',
});
console.log(`[${result.exitCode}] ${result.output}`);

# Convenience wrappers
content = session.read_file("src/main.rs")
output = session.bash("cargo test --lib")
files = session.glob("**/*.rs")
matches = session.grep("fn main")

# Generic tool call with dict args
result = session.tool("edit", {
    "file_path": "src/main.rs",
    "old_string": "fn main() {",
    "new_string": "fn main() -> Result<()> {"
})
print(f"[{result['exit_code']}] {result['output']}")

Execute Git operations with auto-install support. If git is not available, downloads and installs it automatically to ~/.local/git/bin/ on Windows, macOS, and Linux — no package manager required.

Supports full git operations: status, log, branch, checkout, diff, stash, remote, and worktree.

{
  "command": "status"
}

{
  "command": "worktree",
  "subcommand": "list"
}

{
  "command": "worktree",
  "subcommand": "create",
  "name": "feature-auth",
  "path": "/repo/wt-feature-auth"
}

See Git Worktree Example for full multi-language examples.

Subagent Delegation

`task`

Delegate work to a specialized child agent. The child agent runs in its own session with its own conversation history. See Subagents for details.

{
  "description": "Write unit tests for the auth module",
  "prompt": "Create comprehensive tests for src/auth.rs covering all edge cases"
}

`parallel_task`

Delegate multiple tasks to subagents concurrently. Each task runs in parallel with its own agent instance.

{
  "tasks": [
    {
      "agent": "general",
      "prompt": "Analyze security in auth module"
    },
    {
      "agent": "general",
      "prompt": "Review performance in database layer"
    }
  ]
}

`run_team`

Coordinate a Lead → Worker → Reviewer team to tackle goals that require decomposition, execution, and quality review. The Lead breaks the goal into a task list; Workers claim and execute tasks in parallel; the Reviewer approves or rejects each result.

{
  "goal": "Audit the authentication module for security issues",
  "lead_agent": "general",
  "worker_agent": "general",
  "reviewer_agent": "general",
  "max_steps": 10
}

All agent type fields default to "general". Only goal is required.

`Skill`

Invoke skills as first-class tools with skill-based tool access control. When a skill is invoked, the agent temporarily gains access to the skill's allowed tools and receives the skill's instruction prompt.

{
  "skill_name": "code-review",
  "args": "Review src/auth.rs for security issues"
}

This enforces skill-based access patterns and prevents agents from bypassing skills to directly access underlying tools. See Skills for details.

Sandbox Routing (Optional)

There is no standalone sandbox tool. Instead, bash transparently routes through an A3S Box MicroVM when the session has a BashSandbox handle configured:

SessionOptions::new().with_sandbox_handle(Arc::new(my_box_impl))

The workspace is mounted at /workspace inside the VM. See Isolation → MicroVM Sandbox for SandboxConfig fields and the full BashSandbox trait definition.

File Version History

All file-modifying tools (write, edit, patch) automatically capture a snapshot before making changes. You can:

View the diff between versions
Restore any previous version
Track all modifications made during a session

The file history maintains up to 500 snapshots per session.

Extending with Custom Tools

Beyond built-in tools, A3S Code supports external tool integration via:

MCP — Connect external tool servers via Model Context Protocol (JSON-RPC 2.0, stdio + HTTP+SSE)
Custom Tool Trait — Implement the Tool trait in Rust and register with ToolRegistry

See MCP for external tool integration examples.

Tools

On this page