# Configure Tools Source: https://docs.generalaugment.com/guides/configure-tools/ Description: Curate generated tools for safer and better agent behavior. Generated OpenAPI tools are intentionally conservative: - `GET` becomes read and auto-executes. - `POST`, `PUT`, and `PATCH` become write and require approval. - `DELETE` becomes destructive and is disabled by default. ## Toggle tools ```bash genaug tools list --project health-agent genaug tools toggle delete_account --project health-agent --disable genaug tools toggle log_symptom --project health-agent --enable ``` Before launch, verify the generated policy from both directions: ```bash genaug onboarding verify --project health-agent --json ``` Expected proof: - read tools remain enabled and low risk; - write tools require approval unless you intentionally changed the policy; - destructive tools are disabled until explicitly enabled; - trace or audit rows show only the expected tool calls. ## Configure discovery Use project `tool_discovery` to control how Hermes sees larger tool catalogs: ```yaml behavior: tool_discovery: mode: auto direct_schema_tool_limit: 10 max_search_results: 5 ``` `auto` is the default for most apps. Use `always` for broad OpenAPI/MCP catalogs where Hermes should search the catalog before executing a selected tool. Use `direct` only for small, intentionally scoped tool sets. ```bash genaug tools discovery --project demo-agent --mode auto --direct-schema-tool-limit 10 --max-search-results 5 ``` For broad catalogs, keep tool descriptions operational: what the tool does, when Hermes should use it, required inputs, side effects, approval or retry behavior, and common failure modes. General Augment uses those descriptions for discovery and ranking, then routes execution through the same allowlist, credential, identity, approval, audit, timeout, and metering checks. Tools outside the project allowlist are not discoverable or executable even when they exist in the global catalog. ## Edit YAML `genaug integrate` writes generated OpenAPI definitions as separate files under `tools/.yaml`. Review and edit those files before `genaug deploy` when you need to tighten descriptions, risk levels, or approval policy: ```yaml id: log_symptom name: Log Symptom enabled: true risk_level: medium requires_approval: true description: Record a symptom entry after the user confirms the date, severity, and notes. ``` ## Add MCP servers ```yaml tools: mcp: - name: github url: https://mcp.github.com/v1 auth: ${{ credentials.github_token }} ``` Related: [security](/guides/security/) and [API reference](/api/).