High-risk tools in Crow

Trigger an immediate recheck of one watch. Returns once the request is queued (the fetch may still be running).

Start or stop HAR (HTTP Archive) recording to capture all network requests. Useful for API discovery.

Execute JavaScript in the page context and return the result.

Start/restart the browser and connect via CDP. Returns the VNC URL. Pass proxy_url to route through a proxy (recreates the container — set BEFORE navigating; save sessions first).

Navigate to a URL. Waits for page load. Injects stealth scripts.

Wait for an element to reach a state (appear, hide, attach, detach). Robust alternative to fixed sleeps for flaky/dynamic pages.

Pause automation and display a message. Waits until the user signals to continue (call again with resume=true).

Trigger an immediate feed refresh for one or all sources

Start a multi-agent team on a complex goal (research, multi-step analysis, code work). Runs in the BACKGROUND and returns a job id immediately — ack to the user, then check crow...

Start playback of an item on a Plex client. Lists available clients if no client_id is provided.

Execute a named pipeline immediately. Pipelines are predefined multi-agent workflows (e.g. memory-consolidation, daily-summary). Returns a job ID — poll with crow_orchestrate_st...

Run the full tax calculation and return a summary with audit trail.

Manually trigger a prune of cached remote audio files older than N days. Default retention is 14 days (7 days on Pi-class hosts). Rate-limited: 2/hour.

Stop the currently-playing audio stream on the paired glasses and clear any queued tracks. This is a hard stop with no resume. For temporary pause, use fw_pause instead.

Mint an ephemeral guest session (no learner profile, no memories, no transcripts, no artifact save). 30-min cap. Returns a direct short URL + preview cookie (no redemption code ...

Mint a new kiosk session for a learner and return a redemption code (NOT the raw token). The QR/URL carries the code; the token is issued as an HttpOnly cookie on redemption. Ad...

Mint sessions for multiple learners sharing a batch_id. Returns an array of redemption codes for a printable QR sheet. Admin-only.

Enable or disable AdGuard Home protection. Disabling stops ALL DNS filtering until re-enabled — clients will resolve via upstream with no blocking.

Validate and apply the current Caddyfile via Caddy

Block requests whose URL contains any of the given substrings (ads/trackers/images) via raw CDP Fetch. Speeds pages up and lowers detection surface. Call with action=

Capture network responses (incl. JSON bodies) via raw CDP — the fastest way to find a site

Trigger a file download by clicking an element, and save it to the host at ~/.crow/browser-downloads/. Uses a container bind mount + CDP download behavior.

Extract a (possibly paywalled) article by trying a fallback ladder: live page → archive.today → Wayback → 12ft.io. Each candidate is loaded IN the stealth browser and parsed wit...

Ask paired glasses to capture a still photo. Returns a hint string — the photo itself arrives asynchronously on the bundle

Confirm the user

End a glasses note session. Runs summarization + action-item extraction via the configured AI provider, prepends a

Remote control a Jellyfin playback session: play/pause, stop, seek, skip, volume

Transport controls: play/pause, stop, seek, skip, volume. Use command + optional value.

Play a library item by ID, or a direct file/URL. Specify media_type + id for library items, or file for direct playback.

Transport controls for Plex playback: play, pause, stop, skip, seek, volume

Re-embed memories to fix stale embeddings (e.g. after content updates or after enabling semantic search). Optionally filter by category, id list, or re-embed all memories.

Route to external integration tools (Trello, Canvas, Slack, etc.) and remote Crow instances. Use crow_discover with category

Instance-wide block of a remote domain (all actors/libraries from that domain become unreachable). QUEUED — does not apply until an operator confirms in the Nest panel within 72...

Block a single user (by full actor handle @user@server). Inline; rate-limited: 5/hour.

Skip to the next track in the album queue on the glasses. If no tracks remain, playback stops.

Pause the currently-playing audio stream on the glasses. Playback can be resumed with fw_resume.

Play a Funkwhale track on the paired glasses / phone speaker. Takes a track UUID from fw_search. Returns a streaming envelope that the meta-glasses voice loop intercepts; the LL...

Play every track of an album sequentially through the paired glasses speaker. Takes the album

Block an entire remote instance (no federation, no fetched content). Admin-only; QUEUED — requires operator confirmation in the Nest panel.

Join a room by ID or alias. If the room lives on another server, Dendrite federates the join (may take several seconds). Rate-limited: 30/hour.

Send a text (or notice, or HTML-formatted) message to a room. Rate-limited: 20/hour.

Activate a server

Inject cookies into the current context (e.g. a copied session). Each cookie needs name, value, and either url or domain+path.

Click an element with position randomization for stealth.

Fill form fields with human-like typing. Accepts a map of selector -> value pairs.

Auto-scroll an infinite-scroll / lazy-load page, collecting items each pass. Stops when no new items load or max_scrolls is hit.

Set extra HTTP headers (e.g. User-Agent, Referer) for all subsequent requests in this context. Apply BEFORE navigating.

Immediately publish a single post to Reddit. Requires confirmation.

Generate GeoJSON from a SQL query result that includes lat/lng columns. Returns a FeatureCollection for use in maps.

Send a text line to be spoken through paired glasses. Requires the user to have at least one glasses device paired and online. Returns a hint string only — the panel handles del...

Screen control. ALWAYS call this tool when the user wants to: open/play/watch/search something, close a window, pause, resume, mute, or unmute. NEVER describe what you would do ...

Resume paused audio playback on the glasses.

INTERNAL: redeem a one-shot code for a session token. The /kiosk/r/:code HTTP handler calls this server-side. Uses UPDATE...RETURNING so a race produces exactly one winner; expi...

Clear an idle-locked session without ending it. Admin-only.