File and shell tools
These tools let Okami read, edit and execute commands inside the workspace. They are small, auditable and protected by grounding, sandboxing and checkpoints.
params read_file safe Reads capped text and marks the file as known. write_file sensitive Creates/overwrites a file. Existing files must be read first. edit_file sensitive Exact old → new replacement; requires a unique match or replace_all. list_dir safe Lists a workspace directory. find_files safe Fuzzy filename search ignoring case, hyphen, underscore and spaces. run_shell dangerous Runs a command under sandbox: timeout, output cap, sanitized env and Docker when configured.
Grounding and checkpoints
write_file and edit_file refuse blind edits. Before mutation, the gateway snapshots the prior state so okami rollback N can undo recent writes.
Sandbox and secrets
- Shell commands run with sanitized env.
- Read-only mode blocks effective commands.
- Sensitive paths such as
.env,.ssh,.aws,.pemand.keyare blocked unless yolo. - Docker backend gives real isolation.

