Skip to main content
The harness exposes a local tool registry. Each tool is classified as read-only or mutating so permission modes can make reliable decisions. Each entry is a capability in the broader registry — it also declares a group, network usage, scope requirements, and audit behavior. Roles grant capabilities by group, and the full normalized schema lives in the Capabilities reference.

Tool classes

Diff previews

File write tools produce a diff preview before permission decisions. This keeps risky changes inspectable before approval.

View tools locally

The command shows registered tools and whether each one mutates state.
Tool mutability is data in the registry. Voss should not infer safety from a tool name alone. Inspect the full capability surface with voss capabilities list and voss capabilities inspect <name>.