The crew
Tools
Every agent gets a curated toolset. The coding tools come from the underlying pi SDK; the rest are Brigade-native. Mutating or privileged tools are owner-gated — either refused wholesale for non-owner peers, or gated per action so reads stay visible while writes do not.
The catalog#
| Group | Tools |
|---|---|
| Coding (pi SDK) | read, write, edit, bash, grep, find, ls |
| Memory | recall_memory, read_memory, write_memory, manage_memory |
| Sub-agents | spawn_agent, spawn_agents |
| Cross-session | sessions_send, sessions_spawn, sessions_list, sessions_history |
| Crew management | agents_list, manage_agent, manage_skill, manage_provider, manage_access, manage_channel_access, org |
| Scheduling | cron |
| Web | web_search, fetch_url, browser |
| Connectors | composio, oauth_authorize |
| Generation | generate_image |
| Channels | send_message, send_media |
Some tools only appear when their prerequisite is present: org when cfg.org is set, cron and the sub-agent tools when their service/context is available, and the channel send tools when a channel is linked. web_search resolves whichever provider you have configured and falls back to keyless DuckDuckGo, so it is available out of the box; browser (Playwright) is on by default unless you disable it. The coding findis Brigade's own Windows-safe implementation rather than the pi built-in.
Two gate postures#
Privileged tools refuse non-owner peers in one of two ways:
- Blanket owner-only — the tool is not offered to peers at all. Correct when every action is privileged (e.g.
manage_agent,manage_skill). - Per-call ownership gate — the tool is offered, but branches inside on whether the caller is the owner. This gives per-action granularity:
cron listis visible to a peer, butcron addis not. Memory tools, the channel send tools, andcronwork this way.
The bash tool is additionally gated by a per-agent approval allowlist — see Security & privacy.
Web tools are open by default
web_search, fetch_url, and browser are not owner-only — any caller can use them. Reads from the web are not privileged actions; writing to your machine or your accounts is.