Skip to main content
AKOS
Using the App

Tools

Configure sandbox guardrails, manage the egress allow-list, view tool call activity, and connect MCP servers.

The Tools screen brings together every runtime policy and activity feed related to tool execution. It is split into two groups in the section rail: Guardrails (configuration) and Activity (live logs).

Guardrails

Sandbox

The Sandbox section controls how agent tool calls are isolated at runtime:

  • Sandbox mode — enable or disable the sandbox for tool execution. When enabled, tool calls run in an isolated environment that restricts access to the host system.
  • Network policy — whether sandboxed tools can make outbound network calls.
  • Filesystem policy — which directories sandboxed tools may read from or write to.
  • Resource limits — CPU time and memory limits for sandboxed executions.

Changes here affect all subsequent tool calls in the workspace.

Egress

The Egress section is the outbound network allow-list editor. When egress enforcement is enabled (configured in the workspace security settings), every outbound HTTP/HTTPS call an agent makes is checked against this list.

Rules list Each rule shows:

  • A pattern (exact host or glob, for example *.openai.com).
  • The action: allow or deny.
  • An optional label for documentation purposes.
  • A decision feed showing recent egress decisions matched against this rule.

Adding a rule Click Add rule, enter the host pattern, choose allow or deny, and save. Rules are evaluated top-to-bottom; the first matching rule wins.

Decision feed Below the rules list, a live feed shows recent egress decisions: the URL requested, the rule that matched, and whether it was allowed or blocked.

Activity

Tool calls

The Tool calls section shows a chronological log of every tool invocation in the workspace. Each row shows:

  • The tool ID (for example, http.get, sql.query, slack.send).
  • The agent and run that made the call.
  • Input and output summaries.
  • Duration and status (success / error).

Click a row to expand the full input/output payload.

MCP

The MCP (Model Context Protocol) section shows connected MCP servers. AKOS can expose its tool catalog to external MCP clients, and can also connect to external MCP servers to use their tools.

AKOS as an MCP server AKOS exposes a built-in MCP server at agentskit-os mcp-serve (CLI) or via the configured stdio transport. The server exposes all registered tools and agents as MCP tools. Connected external MCP clients see the full tool catalog.

External MCP servers Add external MCP server endpoints here. Registered servers are available as tool sources for agents and flows. Each entry shows the server URL, connection status, and the tools it exposes.

Previous

Assets

Next

Evals

On this page

Tools · AKOS