Control which orchestrator tools are available. The risk level sets an automatic threshold; whitelist and blacklist let you fine-tune individual tools beyond that.
Low tools are read-only and sandboxed (web search, project file reads, HA status checks). Medium tools write to local data or send notifications to you (cron jobs, scratch, task management). High tools affect external systems or the host (shell exec, email, device control, service restart).
The Auto column below shows each tool's status at your current max risk level. Use the override column to force-include or force-exclude individual tools.
Some tools require explicit confirmation before executing. Override the defaults here. Tools requiring confirmation by default: {{ confirm_required_tools }}
{{ confirm_required_tools }}
One tool name per line. These tools skip the confirmation prompt.
These tools are always blocked regardless of risk policy.