Toolbox¶

Scan all available bash skills for sandbox requirements defined in SKILL.md.

This manually scans the search paths (mirroring ToolLoader defaults) and parses the '## Requires Sandbox' section from SKILL.md files.

Parameters:

Collect all sandbox dependencies from an agent and its tools.

This function performs static analysis on an agent's tools to determine which sandboxes are required. It checks for __sandbox_requirements__ metadata on: - Direct tool functions (decorated with @requires_sandbox) - Toolset instances (including MCP toolsets, returned by get_toolset() functions decorated with @requires_sandbox) - AgentTools (agents wrapped as tools, recursively) - Sub-agents (recursively)

Parameters:

Returns:

Universal decorator for declaring sandbox dependencies.

This decorator works for both: - Tool functions: Only marks the function with metadata - Toolset factories: Marks function AND injects metadata into returned instance

The decorator is purely declarative - it does not create or fetch sandboxes. It only adds __sandbox_requirements__ metadata for static analysis via collect_sandbox_dependencies().

Parameters:

Returns:

Decorator to wrap tool functions with error handling.

Catches all exceptions and returns a formatted error message with backtrace. Works for both sync and async functions.

Returns:

Build complete instruction with optional conversation history.

Parameters:

Returns:

Agent ensemble is a tool that allows launching multiple agents, each with a different model, to perform a task. The agent will then aggregate the results from the agents and return the final result.

Before calling this tool, you must call get_available_agents_for_ensemble and get_available_models FIRST to get the allowed agents and models, as the allowed agents and models may change over time.

Launch multiple agents in parallel, each with its own instruction and model. call this tool when you have multiple tasks to complete, for example, you have different approaches to solve the task, you can use this tool to try different approaches in parallel. - instructions: list of per-agent instructions - model_names: list of per-agent model names (same length as instructions) - agent_name: target agent to launch (must be in safe agents list) - history_passed_in: whether to include folded history in each instruction

Examples:

1) Two tasks on the same model instructions = [ "Summarize repo READMEs", "Extract CVEs from logs", ] model_names = [ "openai/gpt-5", "openai/gpt-5", ]

2) Three tasks with mixed models instructions = [ "Generate remediation plan", "List risky endpoints from code", "Draft incident report", ] model_names = [ "anthropic/claude-sonnet-4-20250514", "openai/gpt-5", "openai/gpt-5", ]

real instructions should be more specific and detailed, not just a general task description.

If you have a complaint, you should call this tool to complain about it. E.g., if a tool is hard to use, if a file or folder is supposed to be there but is not, etc. We will take your complaint into consideration and improve the tooling. If there is a description that contradicts with the reality, you should call this tool to complain about it. Note that the task description is always correct, and there is definitely a way to complete it,you should not complain about it.

Returns:

Call this to query another model as a consultant to help you solve the task, you should call this frequently to get an idea of how to solve the task.

Returns:

Flag the unjustified claims in the history, this is done by another model

Returns:

Get or create an AigiseSession for the given session ID.

Get the available agents for the ensemble. Uses AgentEnsembleManager to discover static subagents, agent tools, and dynamic agents. Only agents whose tools are all covered by THREAD_SAFE_TOOLS are considered safe for ensemble.

Note that maybe there are no agents that are suitable for the current task, you should create a dynamic subagent that is suitable for the current task and then call it by agent_ensemble tool. Pick up thread-safe tools for dynamic agents if you want to create one for the current task.

Returns:

Get the available models configured for ensemble use.

Returns:

If you have multiple intereting points or suspicious things to explore, you can call this tool to note them down so that you don't forget them.

Returns:

If you have want to do some planning, do not output the plan in plain text, call this tool to do the planning.

Returns:

Decorator to wrap tool functions with error handling.

Catches all exceptions and returns a formatted error message with backtrace. Works for both sync and async functions.

Returns:

If you have want to do some reasoning, do not output the reasoning in plain text, call this tool to do the reasoning.

Returns:

Extract tool names from agent instance

Extract tool names from agent metadata config

Return (matched, score, matched_keywords, matched_fields).

Normalize keyword input into a list of non-empty strings.

Call a sub-agent as a tool - Agent as a Tool pattern. You should first list the existing sub-agents before trying to call one.

This supports both dynamic agents and the current agent's subagents (only LlmAgent types).

This treats the sub-agent as a specialized tool that can process natural language requests and return structured results.

Parameters:

Returns:

If you have a complaint, you should call this tool to complain about it. E.g., if a tool is hard to use, if a file or folder is supposed to be there but is not, etc. We will take your complaint into consideration and improve the tooling. If there is a description that contradicts with the reality, you should call this tool to complain about it. Note that the task description is always correct, and there is definitely a way to complete it,you should not complain about it.

Returns:

Dynamically create a sub-agent with specified tools and instructions. You should first list the existing sub-agents before creating a new one.

IMPORTANT: - A subagent's capabilities come from two sources: 1) Python tools/toolsets: determined by tools_list (plus a small set of default baseline tools injected automatically, see below). 2) Bash tools: determined by enabled_skills (which controls which bash_tools/* skills are loaded for the subagent). - enabled_skills can be empty. If it is empty/None, the subagent may not have any bash tools available. Choose it carefully based on what the subagent needs to do. - tools_list must NOT be empty. If it is empty, this tool will return an error and no subagent will be created. - Default baseline tools (always injected): run_terminal_command, list_background_tasks, get_background_task_output, wait_for_background, complain.

Parameters:

Returns:

Get or create an AigiseSession for the given session ID.

Retrieve the output and exit code from a specific background task.

Use this tool after launching a command with background=True or a command has been sent to the background. If the command already finished the helper returns the full logs and cleans up the underlying temp files; otherwise, it streams the current log buffer without interrupting the running process.

Parameters:

Returns:

List all active sub-agents, loading persistent agents on demand.

This function: 1. Loads persisted agents on demand using caller's tools 2. Returns information about all dynamically created agents (both in-memory and restored)

List all background tasks and their current status.

This tool allows the agent to check the status of background tasks before making the next decision. It's particularly useful for: - Checking if fuzzing campaigns have completed - Monitoring long-running compilation or build processes - Verifying any task started with background=True parameter

Parameters:

Returns:

Execute arbitrary bash inside the specified sandbox.

This behaves like a one-off terminal session: any bash syntax, pipes, or scripts listed via list_available_scripts can be invoked.

Command syntax and escaping rules (what the model should assume): - Write command exactly as you would type it in bash. Pipes (|), redirection (>, 2>&1), chaining (&&, ;), subshells ($(...)), and quoting all work normally. - Do NOT wrap your command in bash -c or bash -lc. The backend already executes your command via bash (and sources /shared/bashrc if present). Wrapping again usually adds unnecessary quoting/escaping pitfalls. - No extra escaping is required by the backend. The backend does NOT wrap your string into a fragile bash -c '...' one-liner; instead it writes your command verbatim into a temporary script and executes it with bash. This is newline-safe and preserves quotes as-is. - The command runs as a non-interactive process (no TTY, no persistent shell session). If you see output like mesg: ttyname failed: Inappropriate ioctl for device, it's a benign warning from shell init logic; the command can still succeed. - Stdout/stderr are captured and returned (and for background=True, you can retrieve them later via get_background_task_output).

Parameters:

Returns:

Decorator to wrap tool functions with error handling.

Catches all exceptions and returns a formatted error message with backtrace. Works for both sync and async functions.

Returns:

Search sub-agent pool by keywords in name/description and return metadata.

This searches across: - Dynamic subagents in the current AIgiSE session (including persisted metadata) - ADK subagents attached to the current caller agent via sub_agents

Parameters:

Returns:

Block until a background task finishes or the wait times out.

Parameters:

Returns: