pickled

Toolsets

Configure the tool path each matrix cell uses to reach an answer.

Toolsets name a tool configuration the matrix can iterate over. Three shapes ship today.

none (controlled baseline)

toolsets:
  none: {}

Source content is injected directly into the agent's prompt. The citation contract applies when requiredSources is set: the agent must cite at least one of the required source IDs.

web (Claude Code)

toolsets:
  web:
    webSearch: true
    webFetch: true

The cell scopes the SDK's built-in tool set to exactly [WebSearch, WebFetch], so default Read, Edit, and Bash cannot leak as a fallback. Source is NOT injected; the prompt is rewritten to name the active source as the discovery target. Tool-use provenance: the cell passes only if the agent invokes at least one of the configured web tools.

mcp (Claude Code, generic)

toolsets:
  context7_mcp:
    mcpServers:
      context7:
        type: http
        url: https://mcp.context7.com/mcp
        headers:
          CONTEXT7_API_KEY: ${CONTEXT7_API_KEY}

The toolset name (context7_mcp here) is user-chosen; Pickled has no server-specific knowledge. Any MCP server reachable via stdio, http, or sse can be declared the same way. The cell sets tools: [] (built-ins disabled) and allowedTools: ["mcp__<server>__*"] (auto-permission). Provenance accepts any invocation of mcp__<server>__* for any configured server.

${UPPER_SNAKE_CASE} values in pickled.yml are expanded from process.env at load, so secrets stay out of the config file. Bun auto-loads .env.

What "provenance" means

For non-none cells, the cell label promises "the agent reached this answer via the configured tool path." If the agent answers from model prior knowledge without invoking any of the configured tools, the cell is hard-vetoed to NO with confidence 0, regardless of whether the response happens to satisfy expected.includes/excludes. The cell label has to be honest.

Mixed shapes are rejected

Declaring both webSearch/webFetch flags and mcpServers on the same toolset is a load-time error: Pickled cannot attribute provenance honestly across both. Declare separate toolsets per shape.

Interface restriction

The web and mcp shapes run on claude-code interfaces only today. Other providers (Codex CLI, Anthropic API direct) land per release.

pickled.yml reference

Every field the loader accepts, with the rules each one enforces.

On this page

none (controlled baseline)web (Claude Code)mcp (Claude Code, generic)What "provenance" meansMixed shapes are rejectedInterface restriction