Tool Execution
Cluster Build can execute tools on your behalf — reading files, running commands, and editing code.
Tool Execution
The Cluster Build agent can call a set of built-in tools to interact with your system. Every destructive tool requires your approval by default — the CLI shows you exactly what it wants to do and you choose whether to allow it.
Available Tools
File operations
| Tool | Description |
|---|---|
read | Read the contents of a file |
write | Write a file (create or overwrite) |
edit | Targeted search-and-replace edits in a file |
multiedit | Batch of edits applied atomically to one file |
ls | List files in a directory |
Search
| Tool | Description |
|---|---|
grep | Content search across files (powered by ripgrep) |
glob | File pattern matching (e.g. **/*.ts) |
Shell & jobs
| Tool | Description |
|---|---|
bash | Run shell commands. Long-running commands can be launched as background jobs |
job_output | Fetch output from a background job |
job_kill | Terminate a background job |
Web
| Tool | Description |
|---|---|
web_search | Search the web |
web_fetch | Fetch and extract content from a URL |
download | Download a file from a URL |
Developer tools
| Tool | Description |
|---|---|
lsp_diagnostics | Read LSP diagnostics for the current project |
lsp_references | Find references to a symbol via LSP |
lsp_restart | Restart the language server |
code_sandbox | Execute code in an isolated sandbox |
Browser (headless)
When the browser is enabled the agent can drive a headless browser with screenshot, click, type, evaluate, and content extraction actions.
Interaction
| Tool | Description |
|---|---|
ask_user_question | Pause and ask you a clarifying question |
Approval Flow
By default, the agent asks for confirmation before running any tool that modifies your system (write, edit, bash, etc.). Read-only tools like read, grep, and glob run automatically.
To skip approvals entirely — for example, during a long unattended task — pass the --dangerously-allow-all flag when starting the session:
cluster --dangerously-allow-allUse this with care. The agent can run any bash command and edit any file you have access to.