Misar IO Docs

Tools

Complete reference for all 33+ tools available to the Misar Code agent across file system, search, git, IDE, and agent control categories.

Overview

The Misar Code agent uses a rich set of tools to interact with your workspace. Tools are invoked automatically based on your request — you do not call them directly. This page documents every available tool so you know exactly what the agent can do.

Run /explore to enter read-only mode, which disables all write and destructive tools for safe codebase exploration.

File System (11 tools)

| Tool | Description | |------|-------------| | list_dir | List files and directories at a given path | | read_file | Read the full contents of a file | | read_range | Read a specific line range from a file | | write_file | Create or overwrite a file with new content | | replace_in_file | Apply a targeted string replacement inside a file | | apply_patch | Apply a unified diff patch to one or more files | | create_dir | Create a new directory (including nested paths) | | remove | Delete a file or directory | | move | Move or rename a file or directory | | copy | Copy a file or directory to a new location | | stat | Get metadata for a file (size, modified time, type) |

Search (5 tools)

| Tool | Description | |------|-------------| | search | Full-text search across the workspace | | grep | Regex pattern search in files | | glob | Find files matching a glob pattern | | find_related_files | Locate files related to a given symbol or path | | repo_map | Generate a high-level map of repository structure |

Git (6 tools)

| Tool | Description | |------|-------------| | git_status | Show current working tree status | | git_diff | Show diffs (staged, unstaged, or between commits) | | git_log | Show commit history | | git_commit | Create a commit with a message | | git_create_branch | Create and switch to a new branch | | git_push | Push commits to a remote |

The agent follows safe git practices by default: it will not force-push to main/master and will not skip hooks. It will ask for confirmation before destructive git operations.

IDE Integration (5 tools)

| Tool | Description | |------|-------------| | list_open_editors | List all currently open editor tabs | | get_selection | Get the currently selected text in the active editor | | get_active_editor | Get the active file path and cursor position | | get_diagnostics | Read VS Code error and warning diagnostics | | run_tests | Run the workspace test suite and capture output |

Web (3 tools)

| Tool | Description | |------|-------------| | web_fetch | Fetch the content of a URL (proxied through the backend) | | web_search | Search the web for current information | | query_documentation | Query official documentation for a library or API |

Notebook (2 tools)

| Tool | Description | |------|-------------| | notebook_read | Read cells and outputs from a Jupyter notebook | | notebook_edit | Edit cells in a Jupyter notebook |

Git Worktree (2 tools)

| Tool | Description | |------|-------------| | enter_worktree | Create and switch into a git worktree for isolated work | | exit_worktree | Exit a worktree and return to the main workspace |

Plan (1 tool)

| Tool | Description | |------|-------------| | write_plan | Write a numbered execution plan for review before implementation |

Agent Control (12 tools)

| Tool | Description | |------|-------------| | enter_plan_mode | Switch to plan-only mode; the agent proposes steps without executing them | | exit_plan_mode | Exit plan mode and begin execution | | save_memory | Persist a note to .misar/MEMORY.md for future sessions | | todo_write | Write a structured task list for tracking subtasks | | todo_read | Read the current task list | | ask_user | Pause and ask the user a clarifying question | | spawn_agent | Launch a sub-agent for a parallel or delegated subtask | | send_message | Send a message to a running sub-agent | | task_output | Read output from a completed sub-agent task | | task_stop | Stop a running sub-agent | | invoke_skill | Run a user-defined .skill slash command | | set_config | Update a Misar Code configuration setting at runtime | | list_available_tools | List all tools the agent currently has access to |

Tool Safety

Command Execution

The run_command tool uses execFile (not a shell) to prevent shell injection attacks. A blocklist prevents execution of known dangerous operations including:

  • rm -rf / and similar destructive recursive deletes
  • shutdown, reboot, halt
  • dd if= targeting block devices
  • mkfs and disk-formatting commands
  • Commands targeting /etc/passwd, /etc/shadow, or /boot

Even with these protections, review agent-proposed commands before approving them. The agent will always ask for confirmation before running commands that modify system state outside the project directory.

Permission Model

Tools are gated by a permission system:

  • Always allowed — read-only tools (read_file, list_dir, git_status, etc.) run without prompting
  • Needs approval — write tools prompt once per session unless you add them to alwaysAllowed
  • Pattern grants — use glob patterns like run_command:git * to pre-approve a class of commands
  • Explore mode/explore overrides all permissions to read-only for the session