Workbooks Documentation

Workbooks Documentation

Discovery

Toolkit Discovery

A toolkit is a workbook tagged :toolkit:. The runtime discovers toolkits by querying for all workbooks in scope with that tag using OQL.parse_headlines, then reading their :PROPERTIES: drawers to build the manifest.

What is a toolkit

A toolkit is a .org file that describes a CLI tool (or set of tools) the agent loop can invoke via the shell tool. The :toolkit: tag on the top heading signals that this workbook is not just a document — it is an executable interface.

Toolkits are CLIs on PATH plus skill files (Org documents that describe the CLI's subcommands and expected outputs). Agents discover them, read the skill files, and call the CLIs. No new ToolRegistry entries, no special agent APIs — just shell calls.

Manifest properties

The top-level heading of a toolkit carries all discovery metadata in its :PROPERTIES: drawer:

PropertyRequiredDescription
EXECyesPath or name of the CLI binary to invoke
BUILD_SRCnoSource file or directory to compile this toolkit
BUILD_LANGnoLanguage of BUILD_SRC (e.g. rust, zig)
CAPSnoSpace-separated capability tags (e.g. read write network)
CLI_BINnoExplicit binary name on PATH (if different from EXEC)
ARG_MODEnopositional or flags (default: positional)
SHA256noExpected SHA-256 of the compiled binary (integrity check)

Example: 

* My Toolkit :toolkit:
  :PROPERTIES:
  :EXEC:      my-tool
  :CAPS:      read network
  :CLI_BIN:   my-tool
  :ARG_MODE:  flags
  :END:

** Usage
   Describe subcommands here. Agents read this section to know how to call the tool.

Discovery flow

  1. Workbooks.Toolkits (runtime/host/toolkits.ex) calls OQL.parse_headlines on all .org files in the toolkit search path.

  2. Headings with :toolkit: in their tags are collected.

  3. Their :PROPERTIES: drawers are read to build Manifest structs.

  4. wb toolkit list shows the discovered manifests.

  5. Agents receive the manifest list at session start and use it to decide which CLIs are available.

Security model

Toolkits are read-only by default. The manifests are loaded and inspected, but the EXEC binary is not run unless WB_TOOLKIT_EXEC=1 is set in the environment. This prevents accidental or malicious toolkit execution when the runtime is in inspection mode. 

WB_TOOLKIT_EXEC=1 wb run "use my-tool to process data.org"

SHA256 integrity checking: if SHA256 is set in the manifest, the runtime verifies the compiled binary against it before execution. A mismatch causes the toolkit to be marked as unavailable.

Toolkit search path

By default the runtime searches:

  1. ./toolkits/ — local toolkits in the current workdir

  2. ~/.workbooks/toolkits/ — user-level toolkits

  3. Any paths in WB_TOOLKIT_PATH (colon-separated)

Listing and inspecting toolkits

wb toolkit list          # all discovered toolkits
wb toolkit show my-tool  # detail for a specific toolkit
wb toolkit install <url> # clone a toolkit from a git URL

wb toolkit show prints the full manifest including CAPS, EXEC, and the skill text the agent would read.

Progressive disclosure

Toolkits that follow the progressive-disclosure pattern expose subcommands as level-2 headings in the toolkit .org file. Each heading describes a subcommand, its args, and its expected output format. Agents read the heading content to understand how to call the tool without needing to parse --help output. 

* my-tool :toolkit:
  :PROPERTIES:
  :EXEC: my-tool
  :END:

** process <file>
   Processes an org file. Outputs JSON to stdout.

   Expected output:
   #+begin_src json
   {"status": "ok", "records": [...]}

#+endsrc