Complete reference for all 33+ tools available to the Misar Code agent across file system, search, git, IDE, and agent control categories.

Overview

The Misar Code agent uses a rich set of tools to interact with your workspace. Tools are invoked automatically based on your request — you do not call them directly. This page documents every available tool so you know exactly what the agent can do.

Run /explore to enter read-only mode, which disables all write and destructive tools for safe codebase exploration.

File System (11 tools)

Tool	Description
`list_dir`	List files and directories at a given path
`read_file`	Read the full contents of a file
`read_range`	Read a specific line range from a file
`write_file`	Create or overwrite a file with new content
`replace_in_file`	Apply a targeted string replacement inside a file
`apply_patch`	Apply a unified diff patch to one or more files
`create_dir`	Create a new directory (including nested paths)
`remove`	Delete a file or directory
`move`	Move or rename a file or directory
`copy`	Copy a file or directory to a new location
`stat`	Get metadata for a file (size, modified time, type)

Search (5 tools)

Tool	Description
`search`	Full-text search across the workspace
`grep`	Regex pattern search in files
`glob`	Find files matching a glob pattern
`find_related_files`	Locate files related to a given symbol or path
`repo_map`	Generate a high-level map of repository structure

Git (6 tools)

Tool	Description
`git_status`	Show current working tree status
`git_diff`	Show diffs (staged, unstaged, or between commits)
`git_log`	Show commit history
`git_commit`	Create a commit with a message
`git_create_branch`	Create and switch to a new branch
`git_push`	Push commits to a remote

The agent follows safe git practices by default: it will not force-push to main/master and will not skip hooks. It will ask for confirmation before destructive git operations.

IDE Integration (5 tools)

Tool	Description
`list_open_editors`	List all currently open editor tabs
`get_selection`	Get the currently selected text in the active editor
`get_active_editor`	Get the active file path and cursor position
`get_diagnostics`	Read VS Code error and warning diagnostics
`run_tests`	Run the workspace test suite and capture output

Web (3 tools)

Tool	Description
`web_fetch`	Fetch the content of a URL (proxied through the backend)
`web_search`	Search the web for current information
`query_documentation`	Query official documentation for a library or API

Notebook (2 tools)

Tool	Description
`notebook_read`	Read cells and outputs from a Jupyter notebook
`notebook_edit`	Edit cells in a Jupyter notebook

Git Worktree (2 tools)

Tool	Description
`enter_worktree`	Create and switch into a git worktree for isolated work
`exit_worktree`	Exit a worktree and return to the main workspace

Plan (1 tool)

Tool	Description
`write_plan`	Write a numbered execution plan for review before implementation

Agent Control (12 tools)

Tool	Description
`enter_plan_mode`	Switch to plan-only mode; the agent proposes steps without executing them
`exit_plan_mode`	Exit plan mode and begin execution
`save_memory`	Persist a note to `.misar/MEMORY.md` for future sessions
`todo_write`	Write a structured task list for tracking subtasks
`todo_read`	Read the current task list
`ask_user`	Pause and ask the user a clarifying question
`spawn_agent`	Launch a sub-agent for a parallel or delegated subtask
`send_message`	Send a message to a running sub-agent
`task_output`	Read output from a completed sub-agent task
`task_stop`	Stop a running sub-agent
`invoke_skill`	Run a user-defined `.skill` slash command
`set_config`	Update a Misar Code configuration setting at runtime
`list_available_tools`	List all tools the agent currently has access to

Tool Safety

Command Execution

The run_command tool uses execFile (not a shell) to prevent shell injection attacks. A blocklist prevents execution of known dangerous operations including:

rm -rf / and similar destructive recursive deletes
shutdown, reboot, halt
dd if= targeting block devices
mkfs and disk-formatting commands
Commands targeting /etc/passwd, /etc/shadow, or /boot

Even with these protections, review agent-proposed commands before approving them. The agent will always ask for confirmation before running commands that modify system state outside the project directory.

Permission Model

Tools are gated by a permission system:

Always allowed — read-only tools (read_file, list_dir, git_status, etc.) run without prompting
Needs approval — write tools prompt once per session unless you add them to alwaysAllowed
Pattern grants — use glob patterns like run_command:git * to pre-approve a class of commands
Explore mode — /explore overrides all permissions to read-only for the session