Tools are how an agent acts on the world — fetching a page, searching,
sending mail, querying a database, generating a document. AiHummer ships a rich
built-in catalog and a Tool Runtime that enables tools when they are
configured, reloads them without a restart, gates the risky ones behind human
approval, and can lock egress entirely in air-gapped mode.
This page covers how the runtime behaves and lists the built-ins. For the
full reference, see the tools catalog.
How the Tool Runtime behaves
Enable-on-config. A tool becomes available only when its prerequisite
configuration is present — usually an environment variable pointing at the
service it needs. No config, no tool.
Hot reload. Tool enablement applies hot, without restarting the
gateway, so you can turn capabilities on and off at runtime.
Approval gate. Risky tools can be placed behind a human-in-the-loop
approval gate via AIHUMMER_APPROVAL_TOOLS. A rejected call is not
executed.
Air-gapped mode. Setting AIHUMMER_AIRGAPPED=1 blocks model-controlled
public egress, for sovereign or isolated deployments.
[!WARNING]
code_exec is off by default on shared hosts. Enable it only where the
sandbox and host are acceptable for running model-authored code, and consider
putting it behind the approval gate.
Built-in tools
Tool
What it does
Enable with
web_fetch
Fetch a URL (SSRF-guarded)
on by default
http_request
Make an HTTP request (SSRF-guarded)
on by default
web_search
Web search via SearXNG
SEARXNG_URL
browser
Drive a real browser over CDP
CLOAKBROWSER_CDP_URL
computer
Computer-use over CDP
CLOAKBROWSER_CDP_URL
filesystem_read
Read files in a sandboxed root
AIHUMMER_FS_ROOT
db_query
Read-only database query
AIHUMMER_DB_QUERY_DSN
mail
Send/receive mail (SMTP/IMAP)
mail credentials (vault)
code_exec
Run code in a sandbox (off by default on shared hosts)
AIHUMMER_CODE_EXEC
doc_generate
Generate CSV/TSV/XLSX documents
on by default
tts
Text-to-speech
TTS sidecar
image_generate / edit_image
Generate and edit images
configured image backend
github_get_file
Fetch a file from GitHub
on by default
generate_pairing_code
Issue a device pairing code
on by default
search_knowledge / deep_research
Knowledge retrieval and multi-step research
knowledge base
Bitrix24 CRM / task / calendar
Bitrix24 CRM, task and calendar actions
Bitrix24 plugin
1C (БИТ.ФИНАНС OData)
1C БИТ.ФИНАНС access over OData
1C OData config
[!NOTE]
web_fetch and http_request are SSRF-guarded — they refuse requests to
internal addresses and other unsafe targets, so a model cannot use them to
reach your private network.
Enabling tools
Most tools turn on when you provide their configuration. Common switches:
SEARXNG_URL=http://localhost:8888 # web_searchCLOAKBROWSER_CDP_URL=http://localhost:9222 # browser + computerAIHUMMER_FS_ROOT=/srv/agent-files # filesystem_read (sandboxed root)AIHUMMER_DB_QUERY_DSN=postgres://... # db_query (read-only)AIHUMMER_CODE_EXEC=1 # code_exec (sandboxed)AIHUMMER_APPROVAL_TOOLS=mail,code_exec # require approval for these toolsAIHUMMER_AIRGAPPED=1 # block model-controlled public egress
[!TIP]
Use AIHUMMER_APPROVAL_TOOLS to require approval for anything with a side
effect — sending mail, running code — while leaving read-only tools ungated.
Where to next
See the full per-tool reference in the
tools catalog.
**Tools** are how an agent acts on the world — fetching a page, searching,
sending mail, querying a database, generating a document. AiHummer ships a rich
**built-in catalog** and a **Tool Runtime** that enables tools when they are
configured, reloads them without a restart, gates the risky ones behind human
approval, and can lock egress entirely in air-gapped mode.
This page covers how the runtime behaves and lists the built-ins. For the
full reference, see the [tools catalog](/en/v1.0/reference/tools-catalog).
## How the Tool Runtime behaves
- **Enable-on-config.** A tool becomes available only when its prerequisite
configuration is present — usually an environment variable pointing at the
service it needs. No config, no tool.
- **Hot reload.** Tool enablement applies **hot**, without restarting the
gateway, so you can turn capabilities on and off at runtime.
- **Approval gate.** Risky tools can be placed behind a human-in-the-loop
approval gate via `AIHUMMER_APPROVAL_TOOLS`. A rejected call is **not**
executed.
- **Air-gapped mode.** Setting `AIHUMMER_AIRGAPPED=1` blocks model-controlled
public egress, for sovereign or isolated deployments.
> [!WARNING]
> `code_exec` is **off by default** on shared hosts. Enable it only where the
> sandbox and host are acceptable for running model-authored code, and consider
> putting it behind the approval gate.
## Built-in tools
| Tool | What it does | Enable with |
|---|---|---|
| `web_fetch` | Fetch a URL (SSRF-guarded) | on by default |
| `http_request` | Make an HTTP request (SSRF-guarded) | on by default |
| `web_search` | Web search via SearXNG | `SEARXNG_URL` |
| `browser` | Drive a real browser over CDP | `CLOAKBROWSER_CDP_URL` |
| `computer` | Computer-use over CDP | `CLOAKBROWSER_CDP_URL` |
| `filesystem_read` | Read files in a sandboxed root | `AIHUMMER_FS_ROOT` |
| `db_query` | Read-only database query | `AIHUMMER_DB_QUERY_DSN` |
| `mail` | Send/receive mail (SMTP/IMAP) | mail credentials (vault) |
| `code_exec` | Run code in a sandbox (off by default on shared hosts) | `AIHUMMER_CODE_EXEC` |
| `doc_generate` | Generate CSV/TSV/XLSX documents | on by default |
| `tts` | Text-to-speech | TTS sidecar |
| `image_generate` / `edit_image` | Generate and edit images | configured image backend |
| `github_get_file` | Fetch a file from GitHub | on by default |
| `generate_pairing_code` | Issue a device pairing code | on by default |
| `search_knowledge` / `deep_research` | Knowledge retrieval and multi-step research | knowledge base |
| Bitrix24 CRM / task / calendar | Bitrix24 CRM, task and calendar actions | Bitrix24 plugin |
| 1C (БИТ.ФИНАНС OData) | 1C БИТ.ФИНАНС access over OData | 1C OData config |
> [!NOTE]
> `web_fetch` and `http_request` are **SSRF-guarded** — they refuse requests to
> internal addresses and other unsafe targets, so a model cannot use them to
> reach your private network.
## Enabling tools
Most tools turn on when you provide their configuration. Common switches:
```bash
SEARXNG_URL=http://localhost:8888 # web_search
CLOAKBROWSER_CDP_URL=http://localhost:9222 # browser + computer
AIHUMMER_FS_ROOT=/srv/agent-files # filesystem_read (sandboxed root)
AIHUMMER_DB_QUERY_DSN=postgres://... # db_query (read-only)
AIHUMMER_CODE_EXEC=1 # code_exec (sandboxed)
AIHUMMER_APPROVAL_TOOLS=mail,code_exec # require approval for these tools
AIHUMMER_AIRGAPPED=1 # block model-controlled public egress
```
> [!TIP]
> Use `AIHUMMER_APPROVAL_TOOLS` to require approval for anything with a side
> effect — sending mail, running code — while leaving read-only tools ungated.
## Where to next
- See the full per-tool reference in the
[tools catalog](/en/v1.0/reference/tools-catalog).
- Understand the loop that calls these tools in
[Orchestration & sub-agents](/en/v1.0/concepts/orchestration-subagents).
- Ground tool answers in your documents with
[Knowledge / RAG](/en/v1.0/concepts/knowledge-rag).
AiHummer