knewstimek/agent-tool

Quick Start

1. Download the binary for your OS below
2. Run agent-tool install (or agent-tool install claude)
3. Restart your IDE
4. Done — all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download → install → restart flow automatically.

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode (recommended):

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. Do NOT use built-in Read, Edit, Write, Grep, or Glob. agent-tool preserves file encoding and respects .editorconfig indentation settings. When spawning subagents, instruct them to use agent-tool MCP tools too.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New in v0.6.0

9 New Tools (32 → 41 total)

| Tool | Description |
|------|-------------|
| Copy | Copy files/directories with atomic write and permission preservation |
| MultiRead | Read multiple files in a single call (reduces API round-trips, max 50) |
| RegexReplace | Regex find-and-replace across files/directories with capture groups |
| YAMLQuery | Query YAML files with dot-notation paths |
| TOMLQuery | Query TOML files with dot-notation paths (datetime, int64 support) |
| TLSCheck | Check TLS certificate details (subject, expiry, SANs, cipher) |
| DNSLookup | DNS record lookup (A/AAAA/MX/CNAME/TXT/NS/SOA) with DoH |
| MySQL | Execute SQL queries on MySQL/MariaDB (table-formatted output) |
| Redis | Execute Redis commands with TLS support (dangerous commands blocked) |

Security

• DLP (Data Loss Prevention): Outbound POST/PUT/PATCH bodies are scanned for sensitive data (PEM private keys, AWS access keys, GitHub/GitLab tokens, Slack tokens, .env file dumps) and blocked before transmission
• SSRF Policy: Per-protocol private IP control (allow_http_private, allow_mysql_private, allow_redis_private, allow_ssh_private). Cloud metadata IPs always blocked. DNS rebinding TOCTOU prevention
• ECH/DoH Global Toggle: enable_doh and enable_ech configurable via set_config (default ON, per-request override still works)
• Prompt Injection Warnings: Every private IP connection shows a security warning visible to both user and AI agent

SSH Improvements

• PuTTY PPK Support: SSH/SFTP now accept PuTTY private key files (v2 and v3) in addition to PEM and OpenSSH formats. Auto-detected — no configuration needed
• SSRF Protection: SSH and SFTP connections (including JumpHost) now go through SSRF checks

Install Permission Levels

Three levels of auto-approval for agent-tool install:

| Level | Flag | Description |
|-------|------|-------------|
| Full (default) | (none) | All tools auto-approved (mcp__agent-tool__* wildcard) |
| Safe | --safe-approve | Only 29 local-only tools auto-approved (no SSH, HTTP, DB, bash) |
| None | --no-auto-approve | No auto-approval — every tool call requires manual confirmation |

agent-tool install                  # full (default)
agent-tool install --safe-approve   # safe tools only
agent-tool install --no-auto-approve # manual approval