Tools: Built-in
Corral ships with built-in tools that give agents the ability to read and write files, execute code, query Microsoft Graph, render rich content, and create sub-assistants. These are available to every agent without additional configuration.
File System Tools
Agents can read, write, list, check, and delete files in the virtual file system.
| Tool | What It Does |
|---|---|
file_read | Read the contents of a file |
file_write | Write content to a file (creates or overwrites) |
file_list | List files and directories at a path |
file_exists | Check whether a file exists |
file_delete | Delete a file |
File System Scopes
The virtual file system has four scopes, each with a different lifetime:
| Scope | Path | Lifetime | Purpose |
|---|---|---|---|
| Workspace | /workspace/ | Persistent | User files that survive across conversations (default) |
| Session | /session/ | Conversation-scoped | Temporary data for the current conversation |
| Config | /config/ | Read-only | App configuration files set by admins |
| Temp | /tmp/ | Request-scoped | Ephemeral scratch space |
File changes are broadcast to connected clients in real time — when an agent writes a file, the user sees it appear in the workspace panel immediately.
Code Execution Tools
Agents can execute code in a sandboxed environment.
| Tool | What It Does |
|---|---|
code_execute | Run code in a sandboxed container and return output |
code_capabilities | Report what the execution environment supports |
Execution Environment
- Runtime: Bash 5.x with coreutils
- Pre-installed: curl, wget, jq, git
- Timeout: 60 seconds default, 220 seconds maximum
- Isolation: Azure Container Apps Dynamic Sessions — each execution runs in an isolated container
- File access: Files from the workspace are automatically staged into the execution environment
The code execution sandbox is completely isolated from the Corral platform and your Azure resources. Agents cannot use code execution to access infrastructure, databases, or services — only to process data and return results.
Microsoft Graph Tools
Agents can interact with Microsoft Graph to query users, groups, and email.
| Tool | What It Does |
|---|---|
graph_query_users | Search for users in your Entra ID directory |
graph_get_user | Get details for a specific user |
graph_list_groups | List groups in your directory |
graph_list_group_members | List members of a specific group |
graph_list_messages | List email messages |
graph_move_message | Move an email to a different folder |
graph_mark_read | Mark an email as read |
graph_send_message | Send an email |
graph_query | Run an arbitrary Microsoft Graph query |
Graph tools use delegated permissions — they act on behalf of the signed-in user and respect that user’s existing access controls. An agent can only access what the user themselves could access.
This section is a work in progress.
Rich Content Tools
Agents can render visual content that displays in the canvas.
| Tool | What It Does |
|---|---|
render_chart | Generate a chart visualization |
render_mermaid | Render a Mermaid diagram |
Rich content renders in the canvas panel alongside the conversation.
Agent Composition Tools
| Tool | What It Does |
|---|---|
create_sub_assistant | Create a new sub-assistant with its own workspace, file system, and conversation state |
See Assistants & Sub-Assistants → for how sub-assistants work.
Data Retrieval Tools
| Tool | What It Does |
|---|---|
query_stored_result | Retrieve a previously stored tool result by reference (used for large results that were tiered to storage) |
current_documents | Access documents attached to the current conversation |
Tool Loading Modes
Built-in tools can be loaded in two modes:
- Prebuilt — all available tools are loaded at the start of every turn. The agent can use any tool at any time.
- Dynamic — tools are selected based on the incoming message. Only relevant tools are loaded, reducing context window usage.
The default Core Assistant uses prebuilt loading with dynamic tool selection available.