BMO exposes dozens of built-in tools to the agent. Use
options.disabled_tools to hide built-ins globally, [agents.<id>.tools] to
shape one agent’s tool set, and [permissions].allowed_tools only to skip
permission prompts for named tools.
Use this page to answer two questions: which capability exists, and which
boundary controls it. If a tool is missing in the TUI, check session mode,
tool-gates, disabled tools, and permissions before assuming the implementation
is absent.
Implementation drift check: when adding a tool, register it in
internal/agent/tool_descriptors.go and add or extend a row in this reference (or
open a follow-up to generate the table from the registry). Quick audit:
rg 'Name: [a-z0-9_]+ToolName' internal/agent/tool_descriptors.go vs the
tables below.
Command palette: press ctrl+p (or type /) and switch to the Tools tab to see the current tool set (after mode/tool-gate).
Chat: run /tools to browse the tool list, /capabilities for a compact summary, or /agent_kinds for the configured kind registry (see Agent kinds).
internal/agent/tool_descriptors.go is the canonical source for tool
taxonomy. Tools tagged workflow are non-primitive; everything else
defaults to primitive. Legacy multiplex tools that used the convenience
tag are removed from the registry (use split primitives — see
tools-workflows.md. Related composition
primitives such as spawn_agent stay primitives. For when to
use workflow-tagged tools vs composing primitives, see
tools-workflows.md.
Tool gates and session modes are part of the tool contract. If a needed tool is
blocked, treat that as a real boundary: switch to the smallest suitable mode
and retry the blocked action rather than routing around the boundary with a
broader tool.
sequenceDiagram
autonumber
participant Operator
participant Palette as Command palette
participant TUI as BMO TUI
participant Registry as Tool registry
participant Gates as Mode and policy gates
participant Agent as Current agent
Operator->>Palette: ctrl+p or /
Palette->>TUI: request Tools tab
TUI->>Registry: read registered tools and descriptors
Registry-->>TUI: names, descriptions, tags, input hints
TUI->>Gates: apply session mode, disabled_tools, permissions
Gates-->>TUI: effective tool set and blocked reasons
TUI-->>Palette: searchable tools list
Operator->>Palette: filter or select tool
Palette->>Agent: insert tool-aware prompt or action
Agent->>Gates: propose tool call
Gates-->>Agent: allow, ask approval, or refuse
Safety note: checkpoint undo operations can run git reset --hard against
the repository. Inspect the target checkpoint and preserve any work you want to
keep before confirming an undo.
The agent registry exposes the checkpoint_* verbs below for the session
checkpoint store. Older internal helper implementations still exist in test
coverage, but integrations should use the registered checkpoint_* surface.
Tool
Description
checkpoint_create
Create a named session checkpoint for the current or specified session
checkpoint_list
List saved session checkpoints for the current or specified session
checkpoint_get
Fetch one saved session checkpoint by ID
checkpoint_update
Rename an existing session checkpoint
checkpoint_restore
Restore a session to a saved checkpoint
checkpoint_delete
Delete a saved session checkpoint
checkpoint_undo
Undo the last auto-checkpoint git commit(s) with git reset --hard HEAD~N; defaults to 1 step and requires confirm: true
Cancel the current session run or a specific session’s run
list_agent_runs
List persisted agent runs from the durable run ledger. Optional session_id filters a single row’s session_id; optional family_session_id returns parent and child run rows in one list (session_id or parent_session_id match — same idea as /debugger and GET /v1/agent-runs?family_session_id=…). If both are set, family_session_id wins for the session filter. MCP:bmo_list_agent_runs (opt-in via exposed_tools) returns the same JSON as GET /v1/agent-runs (full run records).
get_session_phases
Read the latest persisted per-turn phase timeline for a session (same source as TUI gloss). This is not a live process list; for in-flight coordination signals see the TUI Activity row when enabled. Integrators:/gloss is a view over this ledger—prefer get_session_phases, get_agent_run, and get_agent_run_events for automation rather than parsing gloss output.
get_agent_run_events
List ordered events for one persisted agent run (includes bash runtime seam kinds sandbox_exec_started, local_shell_started, background_job_started when recorded, alongside phases, tools, etc.)
get_agent_run
Get one persisted agent run plus derived artifacts
update_agent_run
Update a persisted agent run by run_id; currently supports action: "cancel" for active runs
fork_agent_run
Fork a run at a checkpoint-backed step into a new branch session
delete_agent_run
Delete a persisted agent run and its events from the ledger
Ledger bootstrap: Durable run rows need a data directory with bmo.db and a configured run store (normal bmo / bmo serve app with SQLite). The OpenAI-compat ledger path additionally requires [options.openai_compat]. When the store is not configured, list/get return errors consistent with the topic. See Durable run ledger.
Status/inspection tools are available so agents can understand host runtime
state. Mutating process-lifecycle tools are high-risk and default off:
set BMO_ENABLE_PROCESS_LIFECYCLE_TOOLS in the BMO process environment to
register them.
Read or write curated BMO config keys and refresh provider metadata (multiplexed: one tool, seven actions). Use actioncheck, list, get, set, unset (or delete), reload, or update_providers. Covers the writable Settings dialog/runtime knobs plus curated model selectors; update_providers folds in bmo update-providers; writes go to the user config file and reload live config when runtime reload is available.
get_config
Sanitized raw config inventory; use get_config_status for layered-config posture and bmo config explain for field provenance
config_check
Check whether a curated config key is set
config_list
List all curated config keys with current values
config_get
Read one curated config value
config_set
Set a curated config value
config_unset
Unset a curated config key (restore default)
config_reload
Reload config from disk
config_update_providers
Refresh provider metadata
config_status
Compatibility text-line summary for existing agents; prefer get_config_status for structured layered-config status
get_config_status
Structured layered-config status shared with bmo config show-config-status, /config-status, GET /v1/config-status, and MCP
get_provider_auth_wizard
Provider OAuth bootstrap status and bmo auth <platform> commands (TUI: Manage Providers)
Return the current working directory, data directory, and loaded config path/dir
list_projects
List tracked BMO projects from the shared global projects registry (same data as bmo projects --json)
logs_report
Return structured log entries from the current project’s bmo.log file
stats_report
Return the same usage and audit stats JSON as bmo stats --json
capabilities
Return BMO’s short in-chat capability summary
list_agent_kinds
List configured agent kinds from effective merged config (prompt id, mesh capability tags, explicit allowlist counts)—registry scope, not the same as capabilities
list_tool_capabilities
List the currently allowed tools for the active agent (name + description)
list_models
List configured models and availability from the current config
runtime_features
List runtime feature flags and availability details from the current instance
session_observability
Read the session-summary member of the run-observability family for one session family: bounded recent run usage, token/cost totals, performance, interruptibility, and adaptive decision trace parity (same JSON as GET /v1/sessions/{id}/observability when bmo serve / bmo up has wired the HTTP server; optional recent_runs_limit matches the HTTP query param)
run_cue_ledger
Read the cue-oriented member of the run-observability family for one session family: active actors, cue state, expected next action, expected evidence, and recovery controls (same JSON family as GET /v1/sessions/{id}/run-cue-ledger)
inspect_run_trace
Read the trace-lens member of the run-observability family for one run in the current session family: ordered tool-call-only events, outcome, and duration metadata (same JSON as GET /v1/agent-runs/{run_id}/trace when the caller supplies or inherits session scope; use get_agent_run_events for the broader event stream)
session_diagnose
Context-budget and resume-health breakdown for one session (same JSON as bmo session diagnose --format=json; MCP parity: bmo_session_diagnose when listed in options.mcp_server.exposed_tools)
workspace_snapshot
Return the current workspace environment snapshot, including observer slices, optional heat-map hints, and optional environment_fields (v2: linear TTL–decayed marker intensity, optional half-life via bmo_field_half_life_seconds on leave_marker payloads, optional global session/path depositions, optional bmo_field_weight_permille) when [options.workspace_environment_fields] is enabled
workspace_claim
Acquire, release, list, or negotiate path-scoped shared-workspace claims. Soft claims are advisory; hard claims block overlapping mutation tools from other sessions until release, yield, expiry, or negotiation.
leave_marker
Create, list, or delete workspace stigmergy markers used for handoffs and warnings
fleet_regulation_status
Return bounded fleet-regulation aggregates and the current recommendation/proposal state
quality_gates_posture
Read metadata-only Quality Gates posture: armed surfaces, actions, judge model status, fail-open/fail-block policy, and recent decision counts
get_adaptive_orchestration
Read adaptive orchestration parity JSON for the session (same payload as MCP bmo_get_adaptive_orchestration; requires options.adaptive_orchestration.enabled)
get_compaction_reactions
Read bounded compaction reaction gate telemetry for the session plus streaming semantic quality-gate metadata when the session compactor has observed it (same source as the TUI /compaction-reactions inspector)
describe_context
Read a panoramic context snapshot for the session: token budget, effective pruning flags, memory configuration, compaction-reaction summary, shared session compaction posture, and codebase_context counts/status (same source as the TUI /context hub). Optional refresh_codebase_context: true runs an auxiliary snapshot walk subject to options.codebase_context.min_refresh_interval_seconds
eval_shadow_summary
Return the bounded eval-shadow posture summary across recent runs, scorecards, latest timestamps, and proposal state so prompt and orchestration changes are measurable without enumerating raw artifacts
Requires options.operating_packs = true in config and a session pack controller. Parity for the read-only JSON snapshot is documented in Operating mode parity.
Tool
Description
session_set_pack
Activate an operating pack for the current session (preset id from options.operating_mode_presets or pack name/path). HTTP parity: POST /v1/session-operating-mode (Bearer auth; same fields as tool JSON).
session_clear_pack
Clear the active operating pack for the session. HTTP parity: DELETE /v1/session-operating-mode?session_id=….
session_list_packs
List discoverable operating packs for the workspace
session_get_active_pack
Return details for the session’s active pack, if any
get_operating_mode
Return redacted posture JSON: session_id, enabled, state, active_operating_pack, operating_mode_preset_id, optional pack_manifest_path, diagnostics, and active-pack counts (same object as GET /v1/session-operating-mode and MCP bmo_get_operating_mode)
In the TUI, ctrl+enter or /enqueue queues user text for the turn after the current run completes. The queue_enqueue tool uses the same coordinator queue (not the same contract as send_message, which injects into the transcript with permission flow). Technical detail: prompt-queue-parity.md.
Tool
Description
create_session
Create a new session
switch_session
Switch the active session
list_sessions
List known sessions
get_session
Read one session’s metadata
update_session
Update editable session metadata
delete_session
Delete a session
send_message
Inject a user message into the current or a specified session. Content is persisted as given; for maintained review prompts, use view on the workspace-root prompt corpus (../docs/prompts/<file>.md from agent-cli/bmo/, applied from agent-cli root).
get_message
Get one message by ID
list_messages
List messages in the current session
session_search
Search prior session transcripts or list recent sessions
update_message
Update editable message fields
delete_message
Delete a message
get_prompt_queue_status
Inspect the current queued-prompt state
queue_enqueue
Enqueue a prompt to run after the current turn completes (TUI ctrl+enter / /enqueue parity)
Requires options.edit_capsules = true and a wired edit-capsule service. HTTP list/create/update/delete for capsules is documented under Edit capsules (HTTP) (Bearer auth; POST starts a capsule only and does not mirror the full create_edit_capsule tool flow).
Read or mutate the shared session-mode status family: current mode, reachable modes, deferred mode-change posture, and the latest bounded autoselect/manual-override fact for the session
set_session_model
Switch the current session to a configured model
set_reasoning_effort
Update the current model’s reasoning-effort setting when supported
These tools are tagged workflow in the registry (multi-step or bundled
behavior). Everything else defaults to primitive. Multiplex tools such as
contract_obligations, fleet_policy, legacy workflow_checkpoint,
daemon_control, autopilot_control, and memory_projection_update are not registered;
use the split primitives listed in the split-primitives section.
Tool
Description
agent
Run a child task agent with its default tool set.
spawn_agents_on_csv
Fan out agents over CSV rows; each row becomes an isolated job.
Unified v2 workflow tool family for defining, starting, and checkpointing multi-step workflows.
execute_dag
Execute a validated A2A DAG with checkpoint support.
orchestrate_workflow
Execute a DAG of A2A invocations with checkpoint support.
deploy_agent
Build, push, and deploy an agent image (multi-step deploy workflow).
deploy_fleet
Deploy multiple agents from a fleet specification (multi-step fleet deploy workflow).
Staged workflow uses set_plan_artifact, get_workflow_phase, get_plan, clear_plan, return_to_plan, and approve_plan (all primitive in the registry). There is no submit_plan tool; approve with /approve or approve_plan.
Bundled pipelines (primitive taxonomy, multi-step runtime):run_recipe and summarize_session are primitive in registry taxonomy but internally run multi-step pipelines (RegistryRuntimeShapeBundledPipeline). They are not tagged workflow.
Workflow-tools inspect family: Use bmo config show-workflow-tools for the config-only grouped view, /workflow-tools for the live TUI report, get_workflow_tools_status for the agent-native JSON surface, GET /v1/workflow-tools for HTTP, and bmo_get_workflow_tools_status for MCP. The shared snapshot keeps workflow-tagged tools, bundled-pipeline primitives, and staged-workflow controls separate with bounded availability reasons.
Primitive-tools inspect family: Use bmo config show-primitive-tools for the config-only grouped view, /primitive-tools for the TUI grouped report, get_primitive_tools_status for the agent-native JSON surface, GET /v1/primitive-tools for HTTP, and bmo_get_primitive_tools_status for MCP. The shared snapshot keeps direct single-action primitives, bundled-pipeline primitives, and gated/runtime-sensitive primitives separate, and includes bounded recent primitive-family activity from the shared execution boundary.
Delegate to a remote A2A agent: agent_card_url, deployed agent_name, or capability (mesh resolve + invoke; multi-candidate transport fallback). Continues via task_id / context_id. See A2A.
delete_a2a_task
Delete an A2A task by ID
execute_dag
Execute a validated A2A DAG with checkpoint support
orchestrate_workflow
Execute a DAG of A2A agent invocations with dependency tracking, parallel fanout, and template interpolation
save_workflow_template
Save a named DAG workflow template for later reuse
name_path is the human-readable semantic path for a symbol within a
file, such as Coordinator.Run. It is the default selector to copy out
of discovery results.
symbol_key is the more precise selector when the runtime surfaces it. It
is intended for duplicate, overloaded, or otherwise ambiguous symbol
paths.
Prefer exact semantic selectors over reconstructing symbol names from raw
source text.
Semantic renames can touch more than one file because the language server
may return declaration and reference edits together. BMO routes those edits
through the same permission, staging, history, and reflection pipeline as
other write tools. When staging is enabled, review the staged batch first
and then accept or reject it like any other grouped edit.
There is no dedicated file_picker or open_editor tool. File attachment and
file-editing parity is achieved through send_message, view, edit,
write, and apply_patch, which operate directly on workspace paths.
Plugin management has agent parity through plugin_list,
plugin_install, plugin_update, and plugin_remove. The mutating plugin
tools still require approval because they change the shared plugin directory.
bmo auth <platform> is intentionally human-only bootstrap. It requires browser or
device-code handoff, so agents should surface the need to re-authenticate
rather than trying to complete the login flow themselves.
Process-lifecycle mutation is gated rather than broadly available. Agents may
inspect process-backed state (daemon_status, autopilot_status,
schedule_inspect) by default. Starting/stopping/restarting long-lived
processes requires operator opt-in with BMO_ENABLE_PROCESS_LIFECYCLE_TOOLS
before daemon_restart, autopilot_up, or autopilot_down are registered.
