Tools
Custom tools and built-in diagnostic verbs.
Custom tools the agents can call during reasoning. Tools live alongside
the built-in catalog (in swarm/tools/diagnostic.py and
swarm/tools/management.py) and are loaded per tenant at agent boot.
Route: /tools
Role gating: read for all; create / edit / delete require admin.
Tool types
OpenRemedy ships two custom tool types. The historical
python_script type is disabled for security reasons (no safe
lightweight sandbox for arbitrary Python on the API container).
shell_command
Operator-defined shell template, executed via Ansible's shell module
on the target server.
| Field | Purpose |
|---|---|
command | Template string. Operator-controlled shell features (` |
become | Run with sudo. |
timeout | Seconds, default 30. |
{{var}} placeholders are filled with LLM-supplied parameter values.
Each value is shlex.quoted before substitution, so injection like
{{name}} = "nginx; rm -rf /" becomes the literal argument
'nginx; rm -rf /' and cannot break out of its slot.
http_request
Outbound HTTP call.
| Field | Purpose |
|---|---|
method | GET, POST, PUT, etc. |
url | Template URL |
headers | Template-rendered key/value map |
body | Template-rendered request body |
timeout | Seconds, default 10 |
Before the request is sent, the resolved URL host is checked against a
block list: RFC1918 (10/8, 172.16/12, 192.168/16), loopback
(127/8, ::1), link-local / cloud metadata (169.254/16), and IPv6
ULA / link-local. Header values containing CRLF are rejected. TLS
verification is enabled.
Table columns
- Name.
- Description.
- Type badge (
shell_commandorhttp_request). - Risk level.
- Enabled toggle.
Create / edit modal
| Field | Purpose |
|---|---|
| Name | Tool name shown to the agent |
| Description | Helps the LLM decide when to call this tool |
| Type | shell_command or http_request |
| Risk level | low / medium / high — drives the approval gate |
| Definition JSON | Type-specific template (see above) |
| Parameters JSON Schema | Describes the args the LLM must fill |
Built-in diagnostic verbs
The agent's run_diagnostic_command function accepts a fixed enum of
verbs. Free-form shell is not accepted.
| Verb | Effect |
|---|---|
docker_disk_usage | docker system df |
docker_container_list | docker ps |
docker_container_inspect | docker container inspect <arg> (regex-validated, shlex-quoted) |
top_snapshot | top -bn1 | head -n <arg> (1–100 lines) |
process_list_filter | ps aux | grep <arg> | grep -v grep (regex-validated, shlex-quoted) |
Other built-in tools include check_service, check_port,
check_systemd_unit, read_log, check_process_details,
check_resource_trends, check_recent_changes,
gather_server_facts, plus the management tools (record_event,
update_incident_status, propose_recipe, execute_recipe,
escalate_to_human, etc.).
Related routes
- agents — agents call tools during reasoning
- marketplace — installable tool bundles