Every tool grouped by area, with the gates that protect it.
Every tool input is a strict zod schema. Every tool output follows the envelope shape. Reflective dispatchers (*_call_*) apply a readonly verb gate (Get/Has/Is/Does/Can/Will/Network always allowed; others require agent_api_readonly=false).
| Tool | Purpose |
|---|
health | Liveness probe + version + uptime |
list_resources | Every registered resource with state |
get_resource_state | One resource's state + filesystem path |
read_file | Read from any resource; offset + length for windowed reads of large files |
list_dir | List a resource's files/folders; recursive:true returns the file tree (skips node_modules / dot-dirs) |
find_files | Glob a resource (server/**/*.lua, **/*.vue) matched against the path relative to its root |
search_code | Grep a resource for a substring or regex; returns file/line/text. Scope with path; skips binaries |
get_resource_manifest | Parse fxmanifest.lua into structured metadata (fx_version, game, version, script/files/dependency lists) |
tail_console | Recent lines from the in-memory ring buffer; filterable by since_ts or channel |
scan_errors | Scan the console for SCRIPT ERRORs / Lua tracebacks / JS exceptions → structured { message, frames: [{resource,file,line}] }; filter by resource / sinceTs |
list_exports | A resource's exports (manifest-declared + runtime-enumerable) — discovery for call_export |
call_export | Invoke any started resource's server export exports[resource][name](...args); readonly verb gate + agent_api_export_blocked_methods blocklist |
server_metrics | Server health snapshot: uptime, online players, resource counts by state, agent_api host process memory |
list_plugins | Loader snapshot — which plugins enabled, which tools each added |
| Tool | Purpose | Gated by |
|---|
write_file | Write inside a configured write root | readonly |
edit_file | Surgical str-replace in an existing file (unique-match guard, replaceAll) — cheaper/safer than a full rewrite | readonly + write root + extension |
multi_edit | Apply many edits across several files of a resource in one call; validated in memory first, written all-or-nothing | readonly + write root + extension |
delete_file | Delete one file (refuses directories and blocked segments) | readonly + write root |
move_file | Move/rename a file within a resource (createDirs, overwrite) | readonly + write root + extension |
wait_for_console | Block until a console line matches pattern (or timeoutMs); pair with ensure/restart to catch the banner or an error. matched:false on timeout is not an error | — |
create_resource | Scaffold fxmanifest.lua + server.lua + README.md | readonly |
refresh_resources | ExecuteCommand("refresh") + capture window | ACE command.refresh |
ensure_resource | ensure <name>, wait for state started, return logs | ACE + per-resource lock |
start_resource / stop_resource / restart_resource | Lifecycle verbs | ACE + lock + self-target guard |
run_command | Allowlisted console command (refresh, players, say <text>, lifecycle verbs) | ACE + parsed allowlist |
run_shell | Allowlisted shell binary inside a resource folder (on Windows it spawns through a shell so .cmd shims — npm/npx/vite — run, and rejects shell metacharacters in args). Bundled rtk is allowlisted; useRtk:true wraps the command as rtk <command> <args> for compressed output. Output keeps the first + last 32 KB per stream | readonly + shell allowlist + sandboxed cwd |
The opt-in chat command /agent_test_optin lets a player join the test subject pool. TTL: agent_api_test_session_ttl_seconds. Pool size: agent_api_test_max_subjects.
| Tool | Purpose |
|---|
list_players | Opted-in players with TTL countdown + active-subject flag |
register_test_subject | Move opted-in player into the active pool |
unregister_test_subject | Remove from active pool (opt-in preserved) |
get_player_state | Run predefined client probes (entity, ped, meta, optional inventory) |
trigger_client_event | Fire any net event at one subject |
send_chat | Push a chat:addMessage line to one subject |
wait_for_client_event | Block until matching net event (optional fromSubject filter) |
Run any FiveM native by name. Read-only verbs always pass; mutators need readonly=false; some natives are hard-blocked.
| Tool | Purpose |
|---|
server_call_native | Invoke any server-side global function by name; hard-blocks DropPlayer/ExecuteCommand/StopResource/StartResource/BanPlayer/etc |
server_list_natives | Enumerate server global function names; filter by substring |
client_call_native | Invoke any client native on one active subject. Special arg tokens $ped, $player, $serverId, $vehicle, $lastVehicle, $coords, $heading are resolved client-side |
client_list_natives | Enumerate client global function names on the subject |
| Tool | Purpose |
|---|
screenshot_nui | Capture the FiveM CEF NUI via CDP at http://localhost:13172. mode = isolate | clip | full. With resource + default isolate, hides sibling iframes for a clean capture and restores them after |
delete_screenshot | Remove a screenshot under dist/screenshots/ (sandboxed) |
Drive the live NUI over the same CDP connection (no Playwright). Pass resource to target that resource's iframe — the tool resolves that frame and evaluates inside an isolated world, so selectors hit the resource's own DOM even though it's a cross-origin iframe of the CEF root page. The NUI must be open.
| Tool | Purpose |
|---|
nui_eval | Run a JS expression in the NUI and return its value (returnByValue) |
nui_click | Click a DOM element by CSS selector; returns { found } |
nui_fill | Set an input/textarea value and dispatch input/change (Vue/React-safe) |
nui_get | Read an element's text / value / bounding rect / outerHTML |
Detects es_extended. Always exposes:
| Tool | Purpose |
|---|
esx_list_players | All online ESX players (identifier, money, accounts, job) |
esx_get_player | Snapshot one xPlayer by server id |
esx_list_shared_methods | Discover every callable method on the ESX shared object |
esx_list_player_methods | Discover every method on a specific xPlayer (e.g. getInventory) |
esx_call_shared | Reflective: call ESX.<method>(...args) |
esx_call_player | Reflective: call xPlayer.<method>(...args) |
With readonly=false, also:
| Tool | Purpose |
|---|
esx_add_money | Add to a money account (cash / bank / black_money) |
esx_set_job | Assign job + grade |
Detects ox_lib. Uses @overextended/ox_lib/server for typed access.
| Tool | Purpose |
|---|
oxlib_notify | Push an ox_lib UI notification to one player |
oxlib_trigger_client_callback | Round-trip request/response via lib.callback |
oxlib_check_dependency | versionCheck("resource@x.y.z") |
oxlib_list_methods | Enumerate exported functions + namespaces |
oxlib_call | Reflective dotted-path invocation (addAce, cache.serverId, etc.) |
Detects oxmysql. Uses @overextended/oxmysql for typed access. Defaults to SELECT-only; expand via agent_api_plugin_oxmysql_readonly=false and agent_api_plugin_oxmysql_allow_statements.
| Tool | Purpose |
|---|
oxmysql_query | oxmysql.query returning a rows array (auto-trimmed to rowLimit, default 100) |
oxmysql_scalar | oxmysql.scalar returning the first column of the first row |
oxmysql_execute | oxmysql.rawExecute for INSERT/UPDATE/DELETE/DDL when allowed |
oxmysql_schema | Read-only information_schema introspection: tables → columns (name, type, key, nullable, default). Scope with table |
oxmysql_migrate | Run a DDL statement (gated like oxmysql_execute) and optionally return the resulting table schema via verifyTable |
| Tool | Purpose |
|---|
scaffold_fivem_resource_workflow | Mandatory pre-flight for new-resource intent. Returns the full grill workflow text. Engineered description so the agent auto-calls it before create_resource / write_file |
list_preferences | The user's saved development preferences (structure / coding / ui-design) + optional example folder each points at. The grill calls this first; a reminder is auto-injected into create_resource / scaffold_fivem_resource_workflow results. Managed from the dashboard Preferences tab |
list_skills | User-uploaded custom skills with their trigger tools/categories and markdown body. A matching skill is auto-injected into the result of any tool call it's bound to. Managed from the dashboard Skills tab |
A per-resource task board the agent publishes for a human to watch, plus a queue of human-issued requests aimed back at the agent. Surfaced in the dashboard Sessions tab. Safe in readonly mode (writes only dashboard state).
| Tool | Purpose |
|---|
track_work | Set the current task and/or todo list for a resource's session. A session is auto-seeded when create_resource runs |
track_get | Read one session (by resource) or all sessions — useful to recover the plan after a context reset |
get_requests | List pending dashboard requests ({ id, resource, path|null, prompt }; all:true for history). A null path targets the whole resource. Pending count is auto-injected into other tool results so the agent notices them |
resolve_request | Mark a request done, with an optional note |