Tools - Herm

Every deployment ships with a built-in toolset the agent can use autonomously. You control what’s available: built-in tools can be toggled per deployment, and custom tools — the things your product does — are added through MCP servers.

Available tools

The built-in toolset includes the following tools. All are enabled by default on every deployment.

Tool	Name	Description
Shell	`shell`	Execute commands in the deployment’s sandbox
Read	`read_file`	Read a file from the workspace
Write	`write_file`	Write a file to the workspace
Edit	`edit_file`	Perform string replacements in a file
Web search	`web_search`	Search the web for information
Browser	`browser`	Navigate pages, click, fill forms, and extract content
Subagents	`subagents`	Spawn isolated workers for parallel or scoped tasks

Shell and file access are confined to the deployment’s container — see Setup for the isolation model. When a tool produces very large output, it’s written to a file in the workspace and the model receives a truncated preview with the file path.

Configuring the toolset

Built-in tools are toggled per deployment with the Tools API. A disabled tool is invisible to the agent — it isn’t listed, so the model can’t attempt it.

Disabling specific tools

await herm.tools.update("dep_7xK9s2", "browser", { enabled: false });
await herm.tools.update("dep_7xK9s2", "web_search", { enabled: false });

Auditing what’s enabled

const { data } = await herm.tools.list("dep_7xK9s2");

for (const tool of data) {
  console.log(`${tool.name} (${tool.origin}): ${tool.enabled}`);
}

Custom tools

Custom tools extend the agent with your product’s capabilities. In Herm, custom tools are served over MCP — you expose them from a server you run, register the server on the deployment, and the agent calls them like any built-in:

const deployment = await herm.deployments.create({
  customer_id: "cus_123",
  name: "Acme Creative Agent",
  system_prompt: "You are Acme's media generation agent.",
  mcp_servers: [
    {
      name: "prism-media",
      url: "https://api.prismvideos.com/mcp",
      tools: ["search_models", "generate_image", "generate_video"],
    },
  ],
});

See MCP for registration, allowlists, and authentication.

Best practices for custom tool definitions

Write rich descriptions. Tool selection quality tracks description quality more than anything else. Cover what the tool does, when to use it (and when not to), what each parameter controls, and known limitations — several sentences per tool, not one.
Prefer fewer, broader tools. Group related operations behind one tool with an action parameter instead of shipping create_x, update_x, delete_x separately. A smaller surface is easier for the model to navigate.
Namespace tool names by resource. ads_search, drive_list — unambiguous selection as your toolset grows.
Return high-signal results. Stable, semantic identifiers and only the fields the agent needs for its next step. Bloated responses burn context and bury what matters.

Connector tools

Integrations to third-party services your customers already use (ads platforms, drives, email) light up when their credentials are present in secrets. The agent gets the connector’s tools with user-scoped credentials at runtime — raw tokens never enter the sandbox. See Setup → Secrets.

Steering consequential tools

When steering is enabled, the agent pauses before consequential actions and surfaces a steering_request event on the SSE stream — your UI shows the user exactly what’s about to happen, and the run continues with their decision. Use this for tools that send, post, spend, or delete.

​Available tools

​Configuring the toolset

​Disabling specific tools

​Auditing what’s enabled

​Custom tools

​Best practices for custom tool definitions

​Connector tools

​Steering consequential tools