- Web Search runs a search-engine query and returns ranked results.
- Web Fetch retrieves the contents of a specific URL.
Web Search
Web Search is a server-side tool executed by your inference provider, not by the desktop app. Availability depends on which provider you’ve configured:| Provider | Web Search |
|---|---|
| Google Cloud Vertex AI | Available |
| Azure Foundry | Available |
| Amazon Bedrock | Not available |
| Gateway | Available if your gateway implements Anthropic’s web_search server tool |
managedMcpServers and disable the built-in tool (below).
Web Fetch
Web Fetch runs inside the Cowork sandbox VM on the user’s device. Every fetch is checked against the sandbox network allowlist before the request leaves the VM. By default, the sandbox can reach only your inference provider’s endpoint, so Web Fetch will fail for any other host unless you’ve allowed it. To permit fetches:| Goal | Set coworkEgressAllowedHosts to |
|---|---|
| Allow specific domains | ["docs.example.com", "*.your-org.com"] |
| Allow all hosts (no sandbox filtering) | ["*"] |
| Block all fetches | [] and add "WebFetch" to disabledBuiltinTools |
*.example.com matches a.example.com and a.b.example.com, but not example.com).
coworkEgressAllowedHosts controls the sandbox boundary. Your perimeter firewall is a separate, outer layer, so a host allowed in the sandbox still won’t be reachable if your corporate network blocks it. See Telemetry and egress for the distinction.curl or pip install from the agent’s shell), not just the Web Fetch tool.
Disabling web tools
To remove web tools entirely, add them todisabledBuiltinTools:
coworkEgressAllowedHosts empty, the agent has no path to the public internet from inside the sandbox. It can still read and write local files, run code against them, and call any MCP servers you’ve provisioned. See the Locked down profile.