Using meith

Tools & permissions

Every major action in meith routes through a shared tool registry, so you stay in control of what touches your machine.

One shared tool registry

The visual interface, the terminal command, plugins, and agents all act through a single tool registry that lives in the desktop main process. Tools declare their capabilities upfront — things like reading state, writing files, controlling the browser, starting processes, making network requests, or performing destructive actions.

Tools available out of the box

A default meith desktop build registers these tool groups before any plugin is installed. Agents receive the same live catalog in their system prompt, generated from registry.describe(), so the names below are the built-in surface they can request immediately.

Group	What it covers	Built-in tools
App diagnostics	Inspect app state, logs, health, instances, screenshots, debug mode, and bug reports.	`app_get_stateapp_get_logsapp_list_instancesapp_healthapp_screenshotapp_set_debug_modeapp_export_bug_report`
Browser control	Open, focus, navigate, inspect, automate, screenshot, and debug browser tabs.	`get_tabsget_active_tabopen_browser_tabnavigatego_backgo_forwardrefreshfocus_browser_tabclose_browser_tabbrowser_use_startbrowser_use_endget_browser_stateclick_elementtype_textscroll_pagesend_keyscdp_commandget_console_logsget_network_logstake_screenshot`
Spaces & workspace tabs	Manage spaces plus editor, terminal, agent, and preview tabs inside them.	`list_spacescreate_spaceupdate_spaceswitch_spaceclose_spaceopen_workspace_tabset_workspace_tab_fileset_workspace_tab_terminalfocus_workspace_tabclose_workspace_tab`
Projects	Detect, open, generate, prewarm, allocate, configure, run, and stop projects.	`project_listproject_detectproject_openproject_start_dev_serverproject_stop_dev_serverproject_runproject_set_run_configproject_list_templatesproject_createproject_create_pluginproject_prewarmproject_prewarm_statusproject_allocate`
Files & diagnostics	List, read, search, edit, undo, and inspect TypeScript or JavaScript diagnostics.	`workspace_list_filesworkspace_read_fileworkspace_searchworkspace_write_fileworkspace_apply_patchworkspace_undoget_diagnostics`
Git	Inspect a project's working-tree changes as structured per-file diffs with +/- line counts.	`git_diff`
Processes & terminals	Create terminals, manage dev servers, inspect process trees, and read or stream logs.	`create_terminallist_terminalswrite_terminalresize_terminalkill_terminalclose_terminalget_terminal_snapshotstart_dev_serverlist_dev_serversstop_dev_serverget_process_treeget_process_logsattach_process_logs`
Storage	Inspect durable storage collections and export persisted state for backup or debugging.	`storage_list_collectionsstorage_read_collectionstorage_export_state`
Plugins	Install, grant, enable, open, list, and uninstall controlled plugin tabs.	`list_pluginsinstall_pluginapprove_plugin_grantsset_plugin_enabledopen_plugin_tabuninstall_plugin`
Settings	Read and patch global app settings such as auto-run and the default package manager.	`get_app_settingsset_app_settings`

Plugin tools do not expand the host catalog

Plugins run as web apps in controlled browser tabs. They can request access to approved host tools through window.meithPlugin, but they do not add arbitrary new tools to the main-process registry.

Who is trusted, and who isn't

The renderer is fully trusted as part of the core app. Agents and plugins face strict limits:

read-only actions execute without interruption,
file writes, browser control, process starts, and destructive actions require explicit permission or an approved grant,
the host resolves plugin identity directly from the plugin tab itself, ignoring whatever data the plugin sends,
plugin tabs only access the window.meithPlugin APIs you specifically approve.

Permission prompts

When an agent or plugin requests a privileged action, meith pauses and asks. You can Allow once, Always allow (creating a standing grant), or Deny. Grants are scoped and can be revisited later.

Audited by default

Every call through the registry is validated against the tool's declared capabilities and audited — so nothing slips through unchecked.

For developers

The full wire protocol, result envelopes, capabilities, timeouts, and caller policies are documented in the developer reference: Tool protocol and Adding tools.