Read-only skills

These are the operations the Admin Assistant uses to inspect your workspace. They never change anything, so they run in any session — including a session where the Allow changes toggle is off. The Planner, Reviewer, and Knowledge agents use these tools to understand the current configuration before any change is drafted.

All read-only tools return configuration code and metadata only. They never read the contents of your data — search results, file bodies, or messages.

Inspecting configuration

Each surface has a list tool (returns a summary of every item) and, where the item has a code body, a read tool (returns the full exported source for one item). The exported source is the same text the workspace-definitions zip produces, so it round-trips through the workspace's own importer.

Graph and schema

Tool	What it returns
`introspect-schema`	Node types, edge types, and their fields.
`introspect-node-stats`	Node counts and basic statistics per type.

Code surfaces

Tool	What it returns
`introspect-endpoints`	All code endpoints: path, access mode, read-only flag, compile status.
`introspect-endpoint-read`	Full exported source of one endpoint.
`introspect-tools` / `introspect-tools-overview`	All AI tools: name, description, access mode, icon.
`introspect-tool-read`	Full exported source of one AI tool.
`introspect-agents`	All agents: name, description, output schema, tool set.
`introspect-agent-read`	Full export of one agent (system prompt + attributes + tool edges).
`introspect-prompt-templates`	All AI prompt templates and their `${variable}` references.
`introspect-prompt-template-read`	Full export of one prompt template.
`introspect-scheduled-tasks`	All scheduled tasks: type, schedule, status, last run, errors.
`introspect-scheduled-task-read`	Full code of one scheduled task.
`introspect-data-connectors`	Data-connector scheduled tasks and their connector type.
`introspect-entity-post-processing`	Entity post-processing scripts per entity type.
`introspect-entity-post-processing-read`	Full source of one post-processing script.

Indexes, NLP, and search

Tool	What it returns
`introspect-indexes`	All registered indexes: type, node type, run state, nodes indexed.
`introspect-index-read`	Full definition of one index (code for custom indexes).
`introspect-nlp-spotters`	Node-derived NLP spotters.
`introspect-nlp-pattern-spotters`	NLP pattern spotters and their pattern counts.
`introspect-nlp-pipelines`	NLP pipelines: language, model count, description.
`introspect-nlp-linking`	Entity-to-node linking configurations.
`introspect-search-config`	Search facet and synonym configuration.
`introspect-search-replacements`	Forced search replacement patterns.
`introspect-embeddings`	File-indexing and embedding preferences (never includes API keys).

Settings and access

Tool	What it returns
`introspect-ui-settings`	Front-end interface settings — feature toggles and branding flags, never secrets.
`introspect-access-groups`	Access groups, including which are admin groups.

Operations and history

Tool	What it returns
`introspect-metrics`	Endpoint and AI-tool metrics (last hour / 24 hours) — call counts, latency, error rate.
`introspect-exceptions`	Recently recorded exceptions, useful for debugging the effect of a recent change.
`introspect-audit-history`	Recent commits on the configuration-tracking git repository: who changed what, when.

Code and documentation helpers

These help the assistant read code and understand the APIs available inside a code surface, without changing anything.

Tool	What it does
`code-docs`	Returns Markdown API documentation for a type.
`code-scope-docs`	Returns the documentation for a code-execution scope (e.g. what's available inside an endpoint or AI tool).
`code-read`	Reads a code body.
`code-list-entities`	Lists the entities (types/members) available in a scope.
`code-get-documentation`	Fetches documentation for a specific symbol.
`code-compile`	Compiles a draft against the matching execution scope and returns diagnostics — used to check code before proposing it. Writes nothing.
`code-format`	Formats C# with the same Roslyn formatter the admin editor uses.
`code-history-list`	Lists past versions of a code node (when it changed, by whom, how much).
`code-history-read`	Returns the before/after code for one history entry.

Why "read-only" matters

The Reviewer and Knowledge agents are given only read-only tools. Because they cannot write or stage changes, they cannot work around a security finding or alter the configuration while explaining it — a deliberate boundary in how the assistant is built.

Next steps

Change skills — the propose, apply, and verify operations that do modify configuration.
Examples — read-only questions you can ask, like "which endpoints are public?" or "what changed in the last day?".