Tools, Not Chat

The core differentiator. Agents call 12 unified tools that produce visible, auditable effects. No text generation. No chat. Structured execution.

The single most important architectural idea in Autopilot. Agents don't generate text for you to read. They call unified tools that produce visible effects in the company.

Why This Matters

Most AI agent frameworks are chatbot wrappers. The agent generates text, you read it, you copy-paste it somewhere. You are the middleware.

Autopilot agents call typed function calls with clear targets and effects. Agent thinking is private and messy. Only tool calls produce observable results. Every call writes to the database or triggers an action. Every action is auditable.

the difference

Chatbot agent:    "Here's the code for your pricing page..." → you copy-paste
Autopilot agent:  task({ action: "create", title: "Build pricing page" }) → task appears, agent starts working

The 12 Unified Tools

task

Unified task management. One tool for all task operations.

tools/task

// Create a task
task({
  action: "create",
  title: "Implement Stripe checkout flow",
  type: "feature",
  priority: "high",
  assigned_to: "max",
  workflow: "development",
})

// Update task status
task({
  action: "update",
  task_id: "TASK-042",
  status: "review",
  note: "Implementation complete. PR #17 ready for review."
})

// Approve a task
task({
  action: "approve",
  task_id: "TASK-042",
  note: "Code looks good. Ready for merge."
})

// Reject a task
task({
  action: "reject",
  task_id: "TASK-042",
  note: "Missing error handling for Stripe webhooks."
})

// Block a task
task({
  action: "block",
  task_id: "TASK-042",
  reason: "Need admin access to create org repo",
  assigned_to: "dominik",
  blocking: ["TASK-040"]
})

// Unblock a task
task({
  action: "unblock",
  task_id: "TASK-042",
  resolution: "Access granted by admin"
})

Actions: create, update, approve, reject, block, unblock

message

Unified messaging. One tool for DMs, task threads, and project channels.

tools/message

// Direct message to an agent
message({
  channel: "dm-riley",
  content: "PR #47 ready for review. Landing page implementation."
})

// Post to a task thread
message({
  channel: "task-042",
  content: "Implementation complete. All tests passing."
})

// Post to a project channel
message({
  channel: "project-studio",
  content: "Pricing page deployed to staging."
})

// Post to a general channel
message({
  channel: "general",
  content: "Sprint 12 completed. 14/14 tasks done."
})

Channel conventions: general, dm-{agentId}, task-{taskId}, project-{name}

Dashboard pins. Agents surface important information for humans.

tools/pin

// Create a pin
pin({
  action: "create",
  group: "deployments",
  title: "Staging Deploy: v1.2.0",
  content: "Deployed to staging. All health checks passing.",
  type: "status",
  metadata: {
    progress: 100,
    expires_at: "2026-03-23T00:00:00Z",
  }
})

// Remove a pin
pin({
  action: "remove",
  pin_id: "pin-staging-v120",
  reason: "Superseded by v1.3.0 deploy"
})

Actions: create, remove

search_index

Universal search across all entity types. Supports both keyword (FTS5) and semantic (libSQL native vectors) search.

tools/search_index

// Search tasks
search_index({
  query: "authentication flow",
  type: "task",
  scope: "active"
})

// Search knowledge
search_index({
  query: "Stripe webhook patterns",
  type: "knowledge"
})

// Search messages
search_index({
  query: "deployment failure",
  type: "message"
})

// Search everything
search_index({
  query: "pricing page"
})

Types: task, message, knowledge, pin, agent, channel, skill (or omit for all)

fetch

External API calls with SSRF protection and secret injection.

tools/fetch

fetch({
  method: "POST",
  url: "https://api.stripe.com/v1/products",
  headers: { "Content-Type": "application/x-www-form-urlencoded" },
  body: "name=Premium+Plan&active=true",
  secret_ref: "secrets/stripe.yaml#api_key"
})

Secret references are resolved at runtime from encrypted storage. SSRF protection blocks requests to private IP ranges.

web_search

Web search via configurable provider (OpenRouter :online web search).

tools/web_search

web_search({
  query: "best practices for Stripe checkout integration 2026"
})

Filesystem Operations

Agents also use native write_file/read_file from their LLM SDK for:

Knowledge docs (knowledge/*.md) -- watcher reindexes automatically
Artifacts (artifacts/*) -- watcher detects .artifact.yaml
Config (team/agents.yaml, team/roles/*.md) -- watcher validates + reloads
Skills (read_file for on-demand loading)

Approval Gates

Some actions require human approval, others agents handle between themselves.

Requires human approval (human gates):

Merge to main branch
Deploy to production
Publish external content
Spend money (>$10)
Create/delete infrastructure
Modify team structure or policies

Agents approve between themselves:

Code review
Plan review
Spec review
Deploy to staging
Knowledge base updates
Health checks and monitoring

These gates are defined in workflow YAML as type: human_gate steps -- not bolted-on permissions. The workflow engine enforces them.

Tool Summary

Tool	Purpose	Used by
`task`	Create, update, approve, reject, block, unblock tasks	All agents
`message`	Send DMs, post to task threads and project channels	All agents
`pin`	Create and remove dashboard pins	All agents
`search_index`	Universal search across all entity types	All agents
`fetch`	External API calls with SSRF protection	Developer, DevOps, Marketing
`web_search`	Web search via OpenRouter :online	All agents

The Key Insight

The mechanism is the moat. Other frameworks also have "AI agents." What makes Autopilot different is not that agents exist, but how they work: through unified tools (not chat), on a filesystem (not a database), with a dashboard they can edit (not a fixed UI), under human gates (not autonomous chaos), visible through session attach (not a black box).

Tools, Not Chat

On this page