Tools¶
Custom tools the agents can call during reasoning. Tools live alongside
the built-in catalog (in swarm/tools/diagnostic.py and
swarm/tools/management.py) and are loaded per tenant at agent boot.
Route: /tools
Role gating: read for all; create / edit / delete require admin.
Tool types¶
OpenRemedy ships two custom tool types. The historical
python_script type is disabled for security reasons (no safe
lightweight sandbox for arbitrary Python on the API container).
shell_command¶
Operator-defined shell template, executed via Ansible's shell module
on the target server.
| Field | Purpose |
|---|---|
command |
Template string. Operator-controlled shell features (|, &&, redirects) work as written. |
become |
Run with sudo. |
timeout |
Seconds, default 30. |
{{var}} placeholders are filled with LLM-supplied parameter values.
Each value is shlex.quoted before substitution, so injection like
{{name}} = "nginx; rm -rf /" becomes the literal argument
'nginx; rm -rf /' and cannot break out of its slot.
http_request¶
Outbound HTTP call.
| Field | Purpose |
|---|---|
method |
GET, POST, PUT, etc. |
url |
Template URL |
headers |
Template-rendered key/value map |
body |
Template-rendered request body |
timeout |
Seconds, default 10 |
Before the request is sent, the resolved URL host is checked against a
block list: RFC1918 (10/8, 172.16/12, 192.168/16), loopback
(127/8, ::1), link-local / cloud metadata (169.254/16), and IPv6
ULA / link-local. Header values containing CRLF are rejected. TLS
verification is enabled.
Table columns¶
- Name.
- Description.
- Type badge (
shell_commandorhttp_request). - Risk level.
- Enabled toggle.
Create / edit modal¶
| Field | Purpose |
|---|---|
| Name | Tool name shown to the agent |
| Description | Helps the LLM decide when to call this tool |
| Type | shell_command or http_request |
| Risk level | low / medium / high — drives the approval gate |
| Definition JSON | Type-specific template (see above) |
| Parameters JSON Schema | Describes the args the LLM must fill |
Built-in diagnostic verbs¶
The agent's run_diagnostic_command function accepts a fixed enum of
verbs. Free-form shell is not accepted.
| Verb | Effect |
|---|---|
docker_disk_usage |
docker system df |
docker_container_list |
docker ps |
docker_container_inspect |
docker container inspect <arg> (regex-validated, shlex-quoted) |
top_snapshot |
top -bn1 \| head -n <arg> (1–100 lines) |
process_list_filter |
ps aux \| grep <arg> \| grep -v grep (regex-validated, shlex-quoted) |
Other built-in tools include check_service, check_port,
check_systemd_unit, read_log, check_process_details,
check_resource_trends, check_recent_changes,
gather_server_facts, plus the management tools (record_event,
update_incident_status, propose_recipe, execute_recipe,
escalate_to_human, etc.).
Related routes¶
agents.md— agents call tools during reasoningmarketplace.md— installable tool bundles