// Execution Management (XEM)

Ecosystem Tools

A static snapshot of the canonical tool names the XEM agent registers at startup. Names use snake_case (git_diff, prometheus_query, psql_query) and pass verbatim to tools/call. Authoritative source is XEMCanonicalToolNames.swift.

Overview

Tools register as a single set from ExecToolsBundle.allTools(). There is no per-bundle enrollment surface; capability gating is per-agent and per-tool, not per-bundle. For the live runtime list, call xem_list_tools; to resolve a specific endpoint, call xem_resolve_endpoint.

Approval-gated and destructive tools are flagged inline. The authoritative flags live in XEMCanonicalToolDescriptors; consult that source before relying on annotations here.

Last verified: 2026-05-20 against XEMCanonicalToolNames.expected (217 tools).

Git

  • git_branch_create, Create a branch
  • git_branch_list, List branches
  • git_diff, Show working tree diff
  • git_log, Show commit history
  • git_merge, Merge a branch
  • git_tag_list, List tags

GitHub

  • gh_pr_create, Create a pull request
  • gh_pr_list, List pull requests

Observability

  • prometheus_query, Execute a PromQL query
  • prometheus_labels, List Prometheus label names
  • grafana_dashboard_list, List Grafana dashboards

Alertmanager

  • alertmanager_alert_list, List active alerts
  • alertmanager_silence_create, Create a silence

HTTP / REST

  • http_get, Perform an HTTP GET request
  • http_post, Perform an HTTP POST request
  • http_put, Perform an HTTP PUT request
  • http_patch, Perform an HTTP PATCH request
  • http_delete, Perform an HTTP DELETE request

Database

  • psql_query, Execute a PostgreSQL query
  • psql_tables, List PostgreSQL tables
  • mysql_query, Execute a MySQL query
  • redis_get, Read a Redis key
  • redis_keys_scan, Scan Redis keyspace by pattern

Infrastructure as Code

  • terraform_plan, Generate a Terraform plan
  • terraform_apply, Apply a Terraform plan (destructive, approval-gated)
  • terraform_output, Read Terraform outputs
  • terraform_state_list, List resources in Terraform state
  • kustomize_build, Render a kustomize overlay

Vault / Secrets

  • vault_secret_list, List secrets at a path
  • vault_secret_metadata, Read secret metadata
  • vault_token_lookup, Inspect a Vault token

Read-only. The XEM inventory does not include a Vault write tool.

etcd

  • etcd_get, Read a key
  • etcd_member_list, List cluster members
  • etcd_endpoint_health, Check endpoint health

Read-only. The XEM inventory does not include an etcd write tool.

Container Runtime

  • container_image_inspect, Inspect a container image
  • container_image_list, List container images
  • container_image_pull, Pull a container image
  • container_image_rm, Remove a container image (destructive)
  • container_inspect, Inspect a container
  • container_logs, Stream container logs
  • container_ps, List running containers
  • container_restart, Restart a container (destructive)
  • container_rm, Remove a container (destructive)
  • container_start, Start a container
  • container_stats, Show container resource usage
  • container_stop, Stop a container (destructive)
  • crictl_inspect, Inspect a CRI container
  • crictl_ps, List CRI containers
  • virsh_list, List libvirt domains

Log Aggregation

  • loki_query, Execute a LogQL query
  • elasticsearch_search, Search Elasticsearch indices
  • elasticsearch_cluster_health, Report Elasticsearch cluster health

Incident Management

  • pagerduty_incident_list, List PagerDuty incidents
  • pagerduty_incident_acknowledge, Acknowledge a PagerDuty incident

Opsgenie is supported as a notification channel only, not as a XEM tool.

Slack

  • slack_channel_history, Read Slack channel history
  • slack_post_message, Post a Slack message

Linux Host Diagnostics

  • linux_chmod, Change file mode (destructive)
  • linux_chown, Change file ownership (destructive)
  • linux_cp, Copy files
  • linux_cpu_info, Read CPU information
  • linux_directory_list, List directory entries
  • linux_directory_size, Compute directory size
  • linux_disk_usage, Report disk usage
  • linux_dns_resolve, Resolve a hostname
  • linux_env_print, Print environment variables
  • linux_file_hash, Hash a file
  • linux_file_read, Read a file
  • linux_file_stat, Stat a file
  • linux_find_files, Find files by pattern
  • linux_host_overview, Summarize host state
  • linux_hostname, Read system hostname
  • linux_ip_address_show, Show IP addresses
  • linux_ip_route_show, Show IP routes
  • linux_journalctl_read, Read systemd journal
  • linux_mv, Move or rename a file (destructive)
  • linux_ping_host, Ping a host
  • linux_process_kill, Send a signal to a process (destructive)
  • linux_process_list, List processes
  • linux_ss_sockets, List sockets via ss
  • linux_systemctl_disable, Disable a systemd unit (destructive)
  • linux_systemctl_enable, Enable a systemd unit (destructive)
  • linux_systemctl_list_units, List systemd units
  • linux_systemctl_reload, Reload a systemd unit
  • linux_systemctl_restart, Restart a systemd unit (destructive)
  • linux_systemctl_start, Start a systemd unit
  • linux_systemctl_status, Read systemd unit status
  • linux_systemctl_stop, Stop a systemd unit (destructive)
  • linux_tar_create, Create a tar archive
  • linux_tar_extract, Extract a tar archive (destructive)
  • linux_traceroute, Trace a network route
  • linux_uptime, Read system uptime
  • dmesg, Read kernel ring buffer
  • lsof, List open files
  • ss, Show socket statistics
  • strace, Trace system calls

Destructive Shell

  • shell_exec_irreversible, Execute an arbitrary shell command on the agent host. Destructive and approval-gated; intended only as an escape hatch when no scoped tool covers the operation. Prefer the scoped linux_*, container_*, or k8s_* tools whenever possible.

TLS / Certificate

  • tls_connect, Open a TLS connection and report handshake
  • certificate_expiry, Report certificate expiry for a host
  • openssl_verify, Verify a certificate chain via openssl

AWS

  • aws_cloudwatch_get_metric_stats, Read CloudWatch metric statistics
  • aws_ec2_describe_instances, Describe EC2 instances
  • aws_ec2_describe_security_groups, Describe EC2 security groups
  • aws_ec2_reboot_instances, Reboot EC2 instances (destructive)
  • aws_ec2_start_instances, Start EC2 instances
  • aws_ec2_stop_instances, Stop EC2 instances (destructive)
  • aws_eks_list_clusters, List EKS clusters
  • aws_iam_list_users, List IAM users
  • aws_logs_tail, Tail CloudWatch Logs
  • aws_rds_describe_db_instances, Describe RDS instances
  • aws_s3_cp, Copy objects to or from S3
  • aws_s3_list_buckets, List S3 buckets

Azure

  • az_aks_list, List AKS clusters
  • az_aks_nodepool_list, List AKS node pools
  • az_keyvault_list, List Key Vaults
  • az_monitor_metrics_list, List Azure Monitor metrics
  • az_resource_group_list, List resource groups
  • az_sql_server_list, List Azure SQL servers
  • az_storage_account_list, List storage accounts
  • az_vm_list, List virtual machines
  • az_vm_power_state, Read VM power state
  • az_vm_start, Start a virtual machine
  • az_vm_stop, Stop a virtual machine (destructive)
  • az_vm_restart, Restart a virtual machine (destructive)

GCP

  • gcloud_compute_instances_list, List Compute Engine instances
  • gcloud_compute_instances_start, Start a Compute Engine instance
  • gcloud_compute_instances_stop, Stop a Compute Engine instance (destructive)
  • gcloud_compute_networks_list, List VPC networks
  • gcloud_container_clusters_list, List GKE clusters
  • gcloud_iam_list_service_accounts, List IAM service accounts
  • gcloud_logging_read, Read Cloud Logging entries
  • gcloud_projects_list, List GCP projects
  • gcloud_pubsub_list_topics, List Pub/Sub topics
  • gcloud_redis_instances_list, List Memorystore Redis instances
  • gcloud_sql_instances_list, List Cloud SQL instances
  • gcloud_storage_buckets_list, List Cloud Storage buckets

OpenStack

  • openstack_flavor_list, List flavors
  • openstack_flavor_show, Show a flavor
  • openstack_floatingip_create, Allocate a floating IP
  • openstack_floatingip_delete, Release a floating IP (destructive)
  • openstack_image_list, List images
  • openstack_image_upload, Upload an image
  • openstack_image_delete, Delete an image (destructive)
  • openstack_keypair_list, List keypairs
  • openstack_keypair_create, Create a keypair
  • openstack_keypair_delete, Delete a keypair (destructive)
  • openstack_network_list, List networks
  • openstack_router_list, List routers
  • openstack_router_create, Create a router
  • openstack_router_delete, Delete a router (destructive)
  • openstack_security_group_list, List security groups
  • openstack_server_list, List servers
  • openstack_server_show, Show a server
  • openstack_server_create, Create a server
  • openstack_server_delete, Delete a server (destructive)
  • openstack_server_reboot, Reboot a server (destructive)
  • openstack_server_resize, Resize a server (destructive)
  • openstack_server_start, Start a server
  • openstack_server_stop, Stop a server (destructive)
  • openstack_stack_list, List Heat stacks
  • openstack_stack_show, Show a Heat stack
  • openstack_stack_create, Create a Heat stack
  • openstack_stack_delete, Delete a Heat stack (destructive)
  • openstack_subnet_list, List subnets
  • openstack_volume_list, List volumes
  • openstack_volume_create, Create a volume
  • openstack_volume_delete, Delete a volume (destructive)
  • openstack_volume_attach, Attach a volume
  • openstack_volume_extend, Extend a volume
  • openstack_volume_snapshot_list, List volume snapshots
  • openstack_volume_snapshot_create, Create a volume snapshot

Kubernetes

  • k8s_get_namespaces, List namespaces
  • k8s_get_nodes, List nodes
  • k8s_get_pods, List pods
  • k8s_get_deployments, List deployments
  • k8s_get_services, List services
  • k8s_get_ingress, List ingresses
  • k8s_get_configmaps, List configmaps
  • k8s_get_secrets, List secrets
  • k8s_get_events, List events
  • k8s_describe_pod, Describe a pod
  • k8s_logs, Read pod logs
  • k8s_exec, Execute a command in a pod (approval-gated)
  • k8s_label_pod, Label a pod
  • k8s_annotate_pod, Annotate a pod
  • k8s_apply_manifest, Apply an inline manifest
  • k8s_apply_from_file, Apply a manifest from a file
  • k8s_delete_pod, Delete a pod (destructive)
  • k8s_delete_resource, Delete an arbitrary resource (destructive)
  • k8s_cordon_node, Cordon a node (destructive)
  • k8s_uncordon_node, Uncordon a node
  • k8s_drain_node, Drain a node (destructive)
  • k8s_scale_deployment, Scale a deployment
  • k8s_restart_deployment, Restart a deployment (destructive)
  • k8s_rollout_status, Read rollout status
  • k8s_rollout_history, Read rollout history
  • k8s_rollout_undo, Roll back a deployment (destructive)
  • k8s_top_cluster, Cluster-wide resource usage
  • k8s_top_nodes, Per-node resource usage
  • k8s_top_pods, Per-pod resource usage
  • k8s_wait, Wait on a resource condition

Helm / ArgoCD

  • helm_list, List Helm releases
  • helm_history, Show Helm release history
  • argocd_app_list, List ArgoCD applications
  • argocd_app_sync, Sync an ArgoCD application

Agentic Primitives

  • auto_fork_branch, Fork an execution branch
  • emit_execution_artifact, Emit an execution artifact
  • recall_execution_memory, Recall prior execution memory
  • save_execution_memory, Persist execution memory
  • request_operator_decision, Request an operator decision (approval-gated)
  • request_subplan, Request a subplan
  • rerank_operational_context, Rerank operational context
  • x_deep_think, Deep reasoning primitive

XEM Self-Introspection

  • xem_list_tools, Live list of registered tools
  • xem_resolve_endpoint, Resolve an endpoint by name
  • xem_self_diagnose, Run agent self-diagnosis
  • xem_test_credential, Test a stored credential