Web & research

Most coding agents are blind to the internet. Excalibur's are not: governed web tools and a multi-source research pipeline are built in — free and unlimited by default, with citations, provenance and anti-injection. No key required.

The web tools

The agent reaches for these on its own when a task needs current or external information; you can also call them directly.

• web_fetch — read a URL into clean Markdown (HTML → main content, PDFs included).
• web_search — search the live web. Free by default via SearXNG (auto-provisioned if Docker is present) or DuckDuckGo — no account, no quota. Bring an Exa / Tavily / Brave key only if you want it.
• web_extract — pull structured data (give a JSON shape) out of a page.
• web_crawl — a bounded, polite crawl across a site or sitemap.

excalibur web fetch https://example.com/docs       # a real page → clean text
excalibur search "rate limiting best practices"    # free, no key

Research — cited, fact-checked answers

excalibur research "<question>" (or just ask a research-shaped question in the shell) runs a native pipeline: search → fetch top sources → adversarially verify each claim with sub-agents → synthesize a cited answer. Every fact carries its URL, timestamp and a content hash in the Claim Ledger, so the answer is auditable — not a confident guess.

excalibur research "How do competing tools handle inline autocomplete models?"

Governed by default

Web access runs under the same safety floor as everything else — a network policy you control, an SSRF guard (loopback / private-range / metadata endpoints are blocked, even via DNS rebinding or odd encodings), a polite rate limit + robots.txt, and an anti prompt-injection scan of fetched content before it reaches the model. Every egress is audited in the session log. See Safety.

MCP, too

Beyond the built-in web tools, any MCP server's tools flow to the agent first-class — add one from the signed registry, with OAuth where needed.