AiHummer
English
Log in
v1.0.x
{ }Swagger

Tools

v1.0.x · updated 2026-06-26

Tools are how an agent acts on the world — fetching a page, searching, sending mail, querying a database, generating a document. AiHummer ships a rich built-in catalog and a Tool Runtime that enables tools when they are configured, reloads them without a restart, gates the risky ones behind human approval, and can lock egress entirely in air-gapped mode.

This page covers how the runtime behaves and lists the built-ins. For the full reference, see the tools catalog.

How the Tool Runtime behaves

  • Enable-on-config. A tool becomes available only when its prerequisite configuration is present — usually an environment variable pointing at the service it needs. No config, no tool.
  • Hot reload. Tool enablement applies hot, without restarting the gateway, so you can turn capabilities on and off at runtime.
  • Approval gate. Risky tools can be placed behind a human-in-the-loop approval gate via AIHUMMER_APPROVAL_TOOLS. A rejected call is not executed.
  • Air-gapped mode. Setting AIHUMMER_AIRGAPPED=1 blocks model-controlled public egress, for sovereign or isolated deployments.

[!WARNING] code_exec is off by default on shared hosts. Enable it only where the sandbox and host are acceptable for running model-authored code, and consider putting it behind the approval gate.

Built-in tools

Tool What it does Enable with
web_fetch Fetch a URL (SSRF-guarded) on by default
http_request Make an HTTP request (SSRF-guarded) on by default
web_search Web search via SearXNG SEARXNG_URL
browser Drive a real browser over CDP CLOAKBROWSER_CDP_URL
computer Computer-use over CDP CLOAKBROWSER_CDP_URL
filesystem_read Read files in a sandboxed root AIHUMMER_FS_ROOT
db_query Read-only database query AIHUMMER_DB_QUERY_DSN
mail Send/receive mail (SMTP/IMAP) mail credentials (vault)
code_exec Run code in a sandbox (off by default on shared hosts) AIHUMMER_CODE_EXEC
doc_generate Generate CSV/TSV/XLSX documents on by default
tts Text-to-speech TTS sidecar
image_generate / edit_image Generate and edit images configured image backend
github_get_file Fetch a file from GitHub on by default
generate_pairing_code Issue a device pairing code on by default
search_knowledge / deep_research Knowledge retrieval and multi-step research knowledge base
Bitrix24 CRM / task / calendar Bitrix24 CRM, task and calendar actions Bitrix24 plugin
1C (БИТ.ФИНАНС OData) 1C БИТ.ФИНАНС access over OData 1C OData config

[!NOTE] web_fetch and http_request are SSRF-guarded — they refuse requests to internal addresses and other unsafe targets, so a model cannot use them to reach your private network.

Shared skills

A skill is a reusable instruction (a prompt fragment) that can be attached to agents. The library lives on the admin UI’s “Shared skills” page: to create one, a name and the text are enough — the identifier (slug) is derived automatically. Skills shipped by the vendor out of the box carry an “Out of the box” badge; they can be disabled but stay listed. Attached skills are rendered into the stable prefix of the agent’s system prompt.

Enabling tools

Most tools turn on when you provide their configuration. Common switches:

SEARXNG_URL=http://localhost:8888          # web_search
CLOAKBROWSER_CDP_URL=http://localhost:9222 # browser + computer
AIHUMMER_FS_ROOT=/srv/agent-files          # filesystem_read (sandboxed root)
AIHUMMER_DB_QUERY_DSN=postgres://...        # db_query (read-only)
AIHUMMER_CODE_EXEC=1                         # code_exec (sandboxed)
AIHUMMER_APPROVAL_TOOLS=mail,code_exec       # require approval for these tools
AIHUMMER_AIRGAPPED=1                          # block model-controlled public egress

[!TIP] Use AIHUMMER_APPROVAL_TOOLS to require approval for anything with a side effect — sending mail, running code — while leaving read-only tools ungated.

Where to next