xllama / wiki / tools

Tools, consent & undo

Tools let the model work on your real project. Safe reads run directly; file mutations, shell commands and MCP calls pass through consent controls.

Built-in tools

ToolConsentPurpose
read_fileNoRead a UTF-8 file
list_filesNoList by glob
grepNoRegex search
write_fileYesCreate or overwrite
edit_fileYesTargeted fuzzy-tolerant edit
bashYesRun a shell command
web_searchNoSearch via DuckDuckGo
web_fetchNoFetch a URL as text

Consent

Y — ONCE

Allow this single call.

A — SESSION

Always allow this tool for the current session.

N — DENY

Reject the call and tell the model.

/ALLOW

Allow all tools for the current session.

Privilege escalation guard

The bash tool refuses sudo, su, doas, pkexec, run0 and sudoedit as a hard policy—even when /allow is active—so an agent cannot obtain root on a computer or phone.

Diffs and undo

write_file and edit_file are recorded in an in-memory journal. Every change renders as a colored diff card with added and removed counts.

/undo   # restore the previous content or remove a newly-created file