Tool Usage Guide
The Tool system is a core component of the tRPC-Agent-Go framework, enabling Agents to interact with external services and functions. The framework supports multiple tool types, including Function Tools and external tools integrated via the MCP (Model Context Protocol) standard.
Overview
🎯 Key Features
- 🔧 Multiple Tool Types: Supports Function Tools and MCP standard tools.
- 🌊 Streaming Responses: Supports both real-time streaming responses and normal responses.
- ⚡ Parallel Execution: Tool invocations support parallel execution to improve performance.
- 🔄 MCP Protocol: Full support for STDIO, SSE, and Streamable HTTP transports.
- 🔁 Tool Call Retry: Supports retrying callable tool calls in LLMAgent and Graph ToolsNode.
- 🛠️ Configuration Support: Provides configuration options and filter support.
- 🧹 Arguments Repair: Optionally enable
agent.WithToolCallArgumentsJSONRepairEnabled(true)to best-effort repairtool_callsarguments, improving robustness for tool execution and external parsing.
Core Concepts
🔧 Tool
A Tool is an abstraction of a single capability that implements the tool.Tool interface. Each Tool provides specific functionality such as mathematical calculation, search, time query, etc.
Recommendation (always configure name and description)
- name (required): Used by the model to precisely select and invoke the tool. Keep it stable, unique, and descriptive (prefer
snake_case), and avoid name collisions across Tools/ToolSets. - description (required): Used by the model to understand what the tool does, when to use it, and any constraints. Missing or vague descriptions will noticeably reduce tool-call accuracy and stability.
For Function Tools, set these via
function.WithName(...)/function.WithDescription(...). For custom Tools, setName/Descriptionon thetool.Declarationreturned byDeclaration().
🛡️ Tool Metadata and Permission Policy
Tool metadata is an optional description of execution behavior. It does not
change the core tool.Tool interface.
Use metadata when a host, policy, or UI needs to understand whether a tool is read-only, destructive, concurrency-safe, search/read-oriented, open-world, or has an advisory result size limit.
Direct MCP ToolSet tools also publish metadata from explicit MCP annotations:
| MCP annotation | ToolMetadata field |
|---|---|
readOnlyHint |
ReadOnly |
destructiveHint |
Destructive |
openWorldHint |
OpenWorld |
Only explicit MCP hints are mapped. If an MCP server omits
destructiveHint or openWorldHint, the framework keeps the Go zero value
(false) in ToolMetadata. This differs from MCP's default hint semantics,
where destructiveHint defaults to true for non-read-only tools and
openWorldHint defaults to true. ToolMetadata uses plain bool fields,
so it cannot distinguish "missing" from "explicit false". If your policy must
follow MCP's default semantics, treat non-read-only MCP tools conservatively
unless your application has another trust signal.
MCP annotations do not have matching fields for SearchOrRead or
ConcurrencySafe. The framework also does not treat readOnlyHint or
idempotentHint as a concurrency-safety signal.
Permission policy is checked after the model requests a tool, after JSON repair and before-tool callbacks have finalized arguments, and immediately before the framework executes it:
Tools can also enforce their own rule by implementing tool.PermissionChecker.
The tool-level checker runs before the per-run policy, and the first non-allow
decision wins. Tools without their own checker are still evaluated by the
per-run policy when one is configured. If neither a tool checker nor a per-run
policy exists, the legacy allow-by-default behavior is preserved.
Decision behavior:
tool.AllowPermission(): execute the tool.tool.DenyPermission(reason): skip execution and return a structureddeniedtool result to the model.tool.AskPermission(reason): skip execution and return a structuredapproval_requiredtool result to the model.
If your application has an approval UI, ask the user inside the policy and
return tool.AllowPermission() only after approval. The framework does not
invent a UI flow for ask.
Keep the boundaries clear:
agent.WithToolFilter(...): controls which tools are visible to the model.agent.WithToolExecutionFilter(...): leaves selected visible tool calls for the caller to execute externally.agent.WithToolPermissionPolicy(...): checks permission for every tool the framework is about to execute.- Tool callbacks and guardrail plugins still work for authorization, audit, and review workflows. Use the permission policy for simple deterministic allow/deny/ask checks.
📦 ToolSet
A ToolSet is a collection of related tools that implements the tool.ToolSet interface. A ToolSet manages the lifecycle of tools, connections, and resource cleanup.
Relationship between Tool and ToolSet:
- One "Tool" = one concrete capability (e.g., calculator).
- One "ToolSet" = a group of related Tools (e.g., all tools provided by an MCP server).
- An Agent can use multiple Tools and multiple ToolSets simultaneously.
🌊 Streaming Tool Support
The framework supports streaming tools to provide real-time responses:
Streaming tool characteristics:
- 🚀 Real-time responses: Data is returned progressively without waiting for the complete result.
- 📊 Large data handling: Suitable for scenarios such as log queries and data analysis.
- ⚡ User experience: Provides instant feedback and progress display.
Tool Types
| Tool Type | Definition | Integration Method |
|---|---|---|
| Function Tools | Tools implemented by directly calling Go functions | Tool interface, in-process calls |
| Agent Tool (AgentTool) | Wrap any Agent as a callable tool | Tool interface, supports streaming inner forwarding |
| DuckDuckGo Tool | Search tool based on DuckDuckGo API | Tool interface, HTTP API |
| MCP ToolSet | External toolset based on MCP protocol | ToolSet interface, multiple transports |
📖 Related docs: For Agent Tool and Transfer Tool used in multi-Agent collaboration, see the Multi-Agent System document.
Function Tools
Function Tools implement tool logic directly via Go functions and are the simplest tool type.
Basic Usage
Input Schema and field descriptions
For Function Tools, the input req is automatically converted into a JSON Schema (so the model can understand the expected arguments). Add field descriptions via struct tags:
- Field name: use
json:"..."as the schema property name. - Field description (recommended): use
jsonschema:"description=..."to populateproperties.<field>.description. - Note: the
jsonschematag uses comma,as the separator, so the description value must not contain,; otherwise it will be parsed as multiple tag items. - Compatibility:
description:"..."is also supported for legacy code. If bothjsonschema:"description=..."anddescription:"..."are present, thejsonschemadescription wins. - More flexible schema: if you need full control over the input schema (e.g. complex JSON Schema constraints), use
function.WithInputSchema(customInputSchema)to bypass auto-generation.
Streaming Tool Example
Access Tool Call ID inside Tool implementations
When the model emits a tool_call, the framework injects that call's
tool_call_id into the tool execution context.Context before your tool
starts running.
This means the framework does support reading the current tool call ID directly inside your own Tool implementation.
This is especially useful when you want to:
- create unique state keys for concurrent calls to the same tool
- attach a stable identifier to logs, metrics, or traces
- launch a child Agent inside the tool and tell your UI which
tool_callthat child Agent belongs to
Today this mechanism applies to:
- regular function tools in LLMAgent
- streamable tools in LLMAgent
- tool execution in GraphAgent tools nodes
- Tool callbacks and plugins as well
The simplest form
Call tool.ToolCallIDFromContext(ctx) inside the tool:
If all you need is per-call logging, metrics, or Invocation State, this is usually enough.
For a runnable end-to-end example, see examples/toolcallid.
When the Tool also launches a child Agent
There are two different kinds of identifiers here:
tool_call_id: identifies one model-issued tool callInvocationID/ParentInvocationID: identify parent-child Agent runs
If your goal is "show the child Agent output under the specific tool card in the UI", keep both layers:
- Read the current
tool_call_idwithtool.ToolCallIDFromContext(ctx) - Read the parent Invocation with
agent.InvocationFromContext(ctx) - Create the child Invocation with
parentInv.Clone(...) - Put the
tool_call_idinto the child InvocationRunOptions.RuntimeState - In the renderer, use:
InvocationID/ParentInvocationIDfor the execution tree- the propagated
tool_call_idfor the originating tool card
Example (assuming childAgent is an existing runnable child Agent):
Copy RuntimeState before writing to it. Invocation.Clone(...)
does not deep-copy the map, so mutating a reused map would also
mutate the parent Invocation.
Inside the child Agent, if you need to read the originating tool call ID again, read it from runtime state:
Recommended pattern
- If you only need the identifier for the current tool call, use
tool.ToolCallIDFromContext(ctx) - If you need to represent "which child Agent belongs to which parent
execution", rely on
InvocationID/ParentInvocationID - If the UI must also attach that child subtree back to a specific tool
card, propagate
tool_call_idexplicitly throughRuntimeStateor custom event metadata - If you are using
AgentTool, the framework already maintains parent-child Invocation linkage viaInvocation.Clone(...). In many UIs that is already enough. Propagatetool_call_idonly when you need the extra tool-card association
One subtle caveat
The framework injects tool_call_id before tool execution.
However, if a BeforeTool callback replaces the context with a brand-new
bare context, downstream tool code will no longer see that ID.
So if you replace the context inside callbacks, make sure you preserve the existing context values you still need.
Built-in Tools
Tool Call Retry
When a tool call may fail because of a transient issue, you can configure retry for it, for example:
- a temporary network issue;
- a short timeout;
- an intermittent failure from an external service.
This feature is disabled by default. It currently applies only to CallableTool, and StreamableTool is not retried yet. When enabled, the framework retries only the current tool call. It does not rerun the whole Agent or the whole Graph workflow.
Basic Configuration
Common fields:
MaxAttempts: Total attempt count, including the first call.InitialInterval: Delay before the second attempt.BackoffFactor: Multiplier for backoff growth.MaxInterval: Upper bound for the delay.Jitter: Whether to enable jitter.
Default Retry Rules
If you do not provide RetryOn, the framework uses tool.DefaultRetryOn(...).
The default rule is conservative and retries only common transient errors, such as:
io.EOFio.ErrUnexpectedEOF- timeout / temporary errors reported through
net.Error
It does not retry context.Canceled, context.DeadlineExceeded, or result-level failures by default.
Custom Retry Rules
If the default rule is not enough, you can customize the decision with RetryOn. A common pattern is to reuse tool.DefaultRetryOn(...) first, then add your own conditions:
tool.RetryInfo carries the current call information, such as tool name, attempt number, raw error, and result-level failure flag, so you can make your retry decision in one place.
Enable It in LLMAgent
Runnable example:
Enable It in Graph
Runnable example:
DuckDuckGo Search Tool
The DuckDuckGo tool is based on the DuckDuckGo Instant Answer API and provides factual and encyclopedia-style information search capabilities.
Basic Usage
Advanced Configuration
Claude Code ToolSet
tool/claudecode provides a code-oriented ToolSet that exposes a Claude Code-style tool surface inside the framework. It covers file editing, repository search, command execution, and web retrieval, and can be attached directly to LLMAgent or other runtimes. If your goal is to invoke the local Claude Code CLI and consume its execution trace and tool events, see the Claude Code Agent guide.
By default, claudecode exposes a core set of workflow tools: Bash, TaskStop, TaskOutput, Read, Glob, Grep, WebFetch, and WebSearch. When read-only mode is disabled, it also exposes Write, Edit, and NotebookEdit.
The following table lists the tools currently exposed by claudecode:
| Tool | Description |
|---|---|
Bash |
Executes local shell commands. |
TaskStop |
Stops a background task started by Bash. |
TaskOutput |
Reads the current or final output of a background task. |
Read |
Reads file contents. |
Glob |
Finds files by path pattern. |
Grep |
Searches repository content. |
WebFetch |
Fetches the content of a specific URL. |
WebSearch |
Performs an open web search. |
Write |
Creates a file or overwrites a file with complete contents. Only exposed when read-only mode is disabled. |
Edit |
Performs targeted replacement in an existing text file. Only exposed when read-only mode is disabled. |
NotebookEdit |
Edits .ipynb files at the cell level. Only exposed when read-only mode is disabled. |
Basic Usage
llmagent.WithToolSets(...) attaches these tools as a ToolSet. Calling Tools() returns the flattened list of individual tools.
Common Options
The main tool/claudecode options focus on working directory, read-only mode, and web behavior:
| Option | Description |
|---|---|
WithName(name) |
Overrides the ToolSet name. The default name is claudecode. |
WithBaseDir(dir) |
Sets the base directory used by file, search, and command execution tools. |
WithReadOnly(readOnly) |
Removes Write, Edit, and NotebookEdit when enabled. |
WithMaxFileSize(size) |
Limits the maximum readable file size. |
WithWebFetchOptions(opts) |
Configures domain policy, timeout, and content handling for WebFetch. |
WithWebSearchOptions(opts) |
Configures backend, paging, and request options for WebSearch. |
WithBaseDir defines the working scope for Read, Write, Edit, Glob, and Grep, and also determines the default working directory for Bash. When read-only mode is enabled, the toolset keeps only read, search, command, and web capabilities. When read-only mode is disabled, it also exposes Write, Edit, and NotebookEdit.
Todo Tool
The Todo tool gives an Agent a structured, persistent checklist for multi-step work. The model calls todo_write to publish or update its current plan; the list is persisted on the session, surfaced to the frontend in the tool result, and (by default) followed by a short nudge that reminds the model to keep marking items as it goes.
Reach for it when:
- the task spans several non-trivial steps and the model tends to drop one;
- the user (or a downstream UI) needs visible progress while the agent works;
- the same conversation may pause for input and later pick the plan back up.
Basic Usage
todo.DefaultToolPrompt is a ready-made system-instruction snippet that teaches the model when to call todo_write and how to phrase items. You can replace it with your own copy; the runtime checks below stay the same.
Hard Compliance
todo_write is advisory by default: the model can still decide to stop while items remain open. If an agent must finish the list before producing a final response, install the todoenforcer extension:
The extension contributes both todo_write and todo_declare_blocker; do not also pass a separate todo.New() through WithTools. To reuse tool/todo options such as WithStateKeyPrefix, WithClearOnAllDone, or WithNudgeHook, construct the tool yourself and pass it with todoenforcer.WithTodoTool(todo.New(...)). todo_declare_blocker is the escape hatch for objective blockers such as missing permissions, credentials, infrastructure, or user decisions.
Tool Result
todo_write returns a structured result instead of free-form text, so any caller — terminal, AG-UI, a custom HTTP frontend — can render the same data without parsing prose:
Todos and OldTodos ride directly on the tool-result event, so an AG-UI client (or any frontend that consumes tool_call_result) can decode them and render both the new state and the diff without going back to the session store. The terminal demo in examples/todo/ inlines a small ASCII formatter; rich frontends are free to render the same structured data in whatever style fits.
Cross-turn Persistence and Branch Isolation
Each write is published as a session state delta, so the list survives across Runner.Run calls and across processes when the session service is durable.
The list is keyed by Invocation.Branch, which defaults to the agent's name when no explicit branch has been set (so a sub-agent or agent-tool reads and writes its own list and never overwrites the parent's plan). For the basic wiring above (llmagent.New("todo-assistant", ...)) the canonical read is therefore:
If you have configured a custom branch (for example via WithInvocationBranch, or by running this Agent as a sub-agent of a parent), pass that branch value instead. An empty branch only reads the top-level slot when Invocation.Branch was explicitly set to "".
Input Validation
Every call is validated against the rules below; if any rule fails the call is rejected and the session state is not modified:
- The
todosfield is required and must be an array. A missing field or a literalnullis rejected — it is not silently treated as "clear all". To clear the list, send{"todos": []}. - Every item must carry a non-empty
content, a non-emptyactiveForm, and a validstatus(pending/in_progress/completed). - At most one item may be
in_progressat a time. contentstrings must be unique across the list (exact match — no trim / case-fold / unicode normalisation).
Stylistic guidance — for example "keep exactly one item in_progress while actively working", item phrasing, or when todo_write is worth a call — lives in todo.DefaultToolPrompt rather than in these checks, so you can adjust the prompt for your domain or model family without changing the tool.
Customization
A complete runnable demo of the base tool, including the multi-turn pause/resume scenario and an ASCII renderer, lives in examples/todo/. A side-by-side enforcement demo lives in examples/todoenforcer/.
MCP Tools
MCP (Model Context Protocol) is an open protocol that standardizes how applications provide context to LLMs. MCP tools are based on JSON-RPC 2.0 and provide standardized integration with external services for Agents.
MCP ToolSet Features:
- 🔗 Unified interface: All MCP tools are created via
mcp.NewMCPToolSet(). - ✅ Explicit initialization:
(*mcp.ToolSet).Init(ctx)lets you fail fast on MCP connection / tool loading errors during startup. - 🚀 Multiple transports: Supports STDIO, SSE, and Streamable HTTP.
- 🔧 Tool filters: Supports including/excluding specific tools.
Basic Usage
MCP Annotations and Permission Metadata
When a remote MCP server returns tool annotations from tools/list, direct
MCP ToolSet tools implement tool.MetadataProvider. Permission policies can
read req.Metadata.ReadOnly, req.Metadata.Destructive, and
req.Metadata.OpenWorld without inspecting MCP-specific data structures.
The mapping uses the tool snapshot returned by tools/list. Refreshing a
ToolSet rebuilds the framework tool list rather than mutating existing
mcpTool instances. If future code adds in-place hot updates from MCP
ToolListChangedNotification, metadata reads should be checked again for
thread safety.
ToolSet Lifecycle and Ownership
The ToolSet interface explicitly includes Close(). That means the
party that creates a ToolSet is also responsible for releasing the
connections, sessions, caches, and other resources it owns.
Important ownership boundaries:
llmagent.WithToolSets(...)only attaches aToolSetto an Agent for use. It does not transfer ownership.LLMAgent.AddToolSet(...),LLMAgent.RemoveToolSet(...), andLLMAgent.SetToolSets(...)only change which tools the Agent exposes. They do not automatically callClose()on replaced or removed ToolSets.runner.NewRunner(...)andrunner.NewRunnerWithAgentFactory(...)likewise do not automatically reclaim a ToolSet just because an Agent uses it.
Recommended patterns:
- Long-lived ToolSet: create it at startup, optionally call
Init(ctx), reuse it across many runs, and close it during application shutdown. - Per-request ToolSet: create it only for the current run, then clean it up explicitly when that run finishes.
If your goal is only to let a ToolSet fetch the latest tool list on
each run, prefer llmagent.WithRefreshToolSetsOnRun(true). That refreshes
ToolSet.Tools(ctx) per run, but it does not recreate or close the
ToolSet instance itself.
Transport Configuration
MCP ToolSet supports three transports via the Transport field:
1. STDIO Transport
Communicates with external processes via standard input/output. Suitable for local scripts and CLI tools.
2. SSE Transport
Uses Server-Sent Events for communication, supporting real-time data push and streaming responses.
3. Streamable HTTP Transport
Uses standard HTTP for communication, supporting both regular HTTP and streaming responses.
Per-Request HTTP Headers
For SSE and Streamable HTTP transports, mcp.WithHTTPBeforeRequest from the
upstream MCP client can inject headers for each outgoing MCP request from the
current call context. This is useful when one long-lived MCP ToolSet serves
multiple logged-in users and each tool call needs a user-specific token or
signature. Pass the hook through WithMCPOptions:
Static headers configured through ConnectionConfig.Headers are applied
first; the before-request hook runs on every HTTP request and can override
those values for the same header name.
If you mount that ToolSet through llmagent.WithToolSets(...) and need
initialize / tools/list to also observe request-scoped headers, pair it
with llmagent.WithRefreshToolSetsOnRun(true) or pre-load tools with
toolSet.Tools(ctx) and pass them via llmagent.WithTools(...).
Session Reconnection Support
MCP ToolSet supports automatic session reconnection to recover from server restarts or session expiration.
Reconnection Features:
- 🔄 Auto Reconnect: Automatically recreates session when connection loss or expiration is detected
- 🎯 Independent Retries: Each tool call gets independent reconnection attempts
- 🛡️ Conservative Strategy: Only triggers reconnection for clear connection/session errors to avoid infinite loops
Dynamic MCP Tool Discovery (LLMAgent Option)
For MCP ToolSets, the list of tools on the server side can change over
time (for example, when a new MCP tool is registered). To let an
LLMAgent automatically see the latest tools from a ToolSet on each
run, use llmagent.WithRefreshToolSetsOnRun(true) together with
WithToolSets.
LLMAgent configuration example
When WithRefreshToolSetsOnRun(true) is enabled:
- Each time the LLMAgent builds its tool list for a run, it calls
ToolSet.Tools(ctx)again, using the current run context. - If the MCP server adds or removes tools, the next run of this LLMAgent will use the updated tool list automatically.
- If you query tools outside a run (for example, by calling
agent.Tools()directly), the LLMAgent usescontext.Background().
This option focuses on dynamic discovery of tools. If you also need
ToolSets to honor a specific context for initialization or tool
discovery without refreshing the tool list on every run, keep using the
pattern shown in the examples/mcptool/http_headers example, where you
manually call toolSet.Tools(ctx) and pass the tools via WithTools.
Common pitfalls:
WithRefreshToolSetsOnRun(true)refreshes the tool list, not the ToolSet instance itself. It does not automatically create, replace, or close ToolSets for you.tools/calluses the current run context, but if you callagent.Tools()outside a run, the ToolSet will seecontext.Background().- If
initialize/tools/listmust strictly use a custom context (for example, per-request auth headers or tracing values), the safer pattern is usually to calltoolSet.Tools(ctx)yourself and inject the resulting tools viaWithTools(...).
MCP Broker (On-Demand MCP Discovery)
In addition to expanding remote MCP tools into first-class Tools, the
framework also provides another integration style:
tool/mcpbroker.
The core idea of mcpbroker is:
- do not expose every remote MCP tool up front
- expose only a very small broker surface first
- let the model discover and call remote MCP tools only when needed
This is a better fit when the remote MCP surface is large, but a single request usually needs only a small subset of that surface.
When to Use MCP Broker
Use mcpbroker when:
- an MCP server exposes many tools and you do not want to send the full tool surface to the model on every turn
- some tools are long-tail or backup capabilities rather than hot-path tools
- a Skill, System Prompt, or User Prompt reveals an MCP endpoint that should be connected dynamically
- you want a smaller and more stable initial tool surface
Keep using mcp.NewMCPToolSet() when:
- the capability is high-frequency, stable, and already known
- you want remote MCP tools to become first-class Tools directly
- you care more about shorter execution paths and stronger schema-level constraints
The two patterns can be mixed:
- use
MCP ToolSetfor hot-path capabilities - use
mcpbrokerfor long-tail or dynamically discovered capabilities
How It Differs from MCP ToolSet
The main difference is when remote MCP tools become visible:
MCP ToolSet- performs
initialize + tools/list - expands remote MCP tools into model-visible Tools
- maps explicit remote MCP safety annotations into
PermissionRequest.Metadata
- performs
mcpbroker- initially exposes only 4 broker tools
- the model discovers servers, then tools, then inspects selected schemas, then calls a concrete tool
- exposes broker tools such as
mcp_call; remote tool annotations are not automatically reflected inPermissionRequest.Metadata
You can think of them as:
MCP ToolSet: directly mount remote toolsmcpbroker: discover remote tools on demand
Typical trade-offs:
MCP ToolSet: faster and more strongly constrained, but larger tool surfacemcpbroker: lighter on context and better for long-tail / dynamic capabilities, but usually slower because discovery adds extra steps
Basic Integration
Server Description
The Description field on ConnectionConfig provides a capability
summary for the MCP server, helping the model decide which server to
explore at the mcp_list_servers stage. The output includes the
description:
This is analogous to the description field on an OpenAI tool namespace:
the model can read it at the mcp_list_servers step and decide which
server to explore next, without needing to mcp_list_tools every server
one by one. The more servers you have, or the less self-explanatory the
server names are, the more valuable this description becomes.
The field is optional. When omitted, the output simply does not include
a description property, and existing behavior is unchanged.
Today mcpbroker is a tool-layer integration. Unlike Skill, it
does not automatically inject routing guidance into the system prompt.
If you want the model to behave more predictably, it is still useful to
add a small amount of business-level instruction such as:
- when to list named servers first
- when to use
mcp_list_toolsfirst - when to expand selected tools with
mcp_inspect_tools - when to prefer broker over direct tools
The 4 Model-Visible Broker Tools
The model only sees these 4 tools:
mcp_list_serversmcp_list_toolsmcp_inspect_toolsmcp_call
The recommended flow is usually:
mcp_list_servers()to inspect named servers already known to the brokermcp_list_tools(selector)to inspect a server or ad-hoc MCP endpoint with lightweight summariesmcp_inspect_tools(selector, tools[])to expand schema for only the selected toolsmcp_call(selector, arguments)to call one concrete MCP tool
So instead of seeing the entire remote tool surface immediately, the model explores it progressively through the broker.
Selector Mental Model
mcpbroker intentionally avoids a mixed input model like
server_name + tool_name + url. Instead it uses a unified selector:
- In
mcp_list_tools:- named server:
local_stdio_code - ad-hoc URL:
https://example.com/mcp
- named server:
- In
mcp_call:- named tool:
local_stdio_code.add - ad-hoc URL tool:
https://example.com/mcp.add
- named tool:
If an ad-hoc HTTP endpoint would make dot-based selectors ambiguous, mcpbroker
also supports:
https://example.com/mcp#tool=add
Remote MCP tool parameters always go into:
mcp_call(..., arguments={...})
and not into top-level wrapper fields.
Progressive Discovery Flow
- start with
mcp_list_toolsfor lightweight summaries - only use
mcp_inspect_toolswhen preparing to call a specific tool
Compared with sending every full schema up front, this is usually more friendly to tight context budgets.
Dynamic URL and Skill Scenarios
mcpbroker supports ad-hoc HTTP MCP targets:
WithAllowAdHocHTTP(true) makes selector model-controlled input for
HTTP(S) MCP targets. In production, validate or allowlist the URL, domain, and
path before treating ad-hoc HTTP as a trusted integration path.
In practice, dynamic connection still requires some information source to tell the model:
- that this MCP endpoint exists
- what it roughly does
- which URL should be used
That source can be:
- a System Prompt
- a User Prompt
- a Skill
- a knowledge source
In other words, mcpbroker solves “how to connect / inspect / call”.
It does not solve “why would the model think of connecting to this MCP
in the first place”.
This makes mcpbroker a natural companion to Skills. Some Skills only
need a dedicated MCP capability while that Skill is relevant, so those
MCP tools do not need to stay exposed as global tools for the whole
conversation. Other Skills may reveal an incremental MCP endpoint that
is only known after the Skill is loaded. In both cases, the Skill can
act as the information source, while mcpbroker handles the dynamic
connection and progressive tool/schema disclosure.
See:
examples/mcpbroker/basic
That example includes:
- a named local MCP server
- a Skill that reveals a remote streamable HTTP MCP endpoint
- a model flow like
skill_load -> mcp_list_tools -> mcp_inspect_tools -> mcp_call
Auth Hooks (Per-Run Header Injection)
For HTTP MCP targets, mcpbroker also provides runtime auth hooks:
WithHTTPHeaderInjector(...)WithErrorInterceptor(...)
These hooks are useful when:
- you do not want the model to provide
Authorizationitself - you need to inject a user-specific token on every request
- you want business code to wrap 401/403 responses into clearer errors
Example:
The key design point is:
- the model chooses the
selector - business code resolves headers from
ctx mcpbrokerdoes not manage a full OAuth session state machine
When WithAllowAdHocHTTP(true) is enabled, URL selectors may come from
model-visible context. Split the responsibilities:
HTTPHeaderInjectoronly decides whether and to whom sensitive headers should be injected. Usereq.IsAdHocandreq.BaseURLto filter at a coarse level (e.g. returnnilfor unknown base URLs so tokens are not leaked to untrusted targets).- URL allowlists / domain checks and other network egress policy belong in
tmcp.WithHTTPBeforeRequestreturned fromWithClientOptionsProvider. See the next section.
See:
examples/mcpbroker/authhooks
Client options (WithClientOptionsProvider)
Beyond header injection and error interception, WithClientOptionsProvider runs after target resolution and WithHTTPHeaderInjector, but before the underlying trpc-mcp-go client is created. Business code returns tmcp.ClientOption / tmcp.StdioClientOption values.
- Order: default HTTP headers (including injected headers) are applied first; provider HTTP options are appended next, so hooks like
WithHTTPBeforeRequestcan enforce URL policy, audit, or override headers. ClientOptionsRequest: includesSelector,ServerName,Origin(mcpbroker.OriginCode/mcpbroker.OriginAdhoc),TargetType,Phase(e.g.mcpbroker.PhaseListTools),ToolName(formcp_call), and a defensive copy ofConfigfor this call.- Return values:
(nil, nil)means “no extra options”; a non-nilerroraborts before connect (good for URL deny contracts). - stdio: for named stdio targets, populate
ClientOptions.Stdio(e.g.WithStdioCapabilities).
There is no built-in URL blocklist (to avoid accidental breakage); use tmcp.WithHTTPBeforeRequest (or similar) inside the provider when you need egress control.
Example (illustrative):
Agent Tool (AgentTool)
AgentTool lets you expose an existing Agent as a tool to be used by a parent Agent. Compared with a plain function tool, AgentTool provides:
- ✅ Reuse: Wrap complex Agent capabilities as a standard tool
- 🌊 Streaming: Optionally forward the child Agent’s streaming events inline to the parent flow
- 🧭 Control: Options to skip post-tool summarization and to enable/disable inner forwarding
Basic Usage
Streaming Inner Forwarding
When WithStreamInner(true) is enabled, AgentTool forwards child Agent events
to the parent flow as they happen:
- Forwarded items are actual
event.Eventinstances, carrying incremental text inchoice.Delta.Content - To avoid duplication, the child Agent’s final full message is not forwarded again; it is aggregated into the final
tool.responsecontent for the next LLM turn (to satisfy providers requiring tool messages) - UI guidance: show forwarded child deltas; avoid printing the aggregated final
tool.responsecontent unless debugging WithInnerTextMode(agenttool.InnerTextModeExclude)lets you keep inner tool progress visible while suppressing forwarded child assistant text. This is useful when an outer coordinator will produce the final user-facing answer.
Example: Only show tool fragments when needed to avoid duplicates
Tool Result Response Modes
AgentTool always executes the child Agent as an event stream. The response mode only controls the value returned to the parent Agent as the tool result. It does not change child session storage, event filter keys, or inner streaming.
By default, AgentTool preserves its legacy behavior: every non-empty assistant
message emitted by the child Agent is appended into one tool-result string.
This is useful for compatibility, but it can be surprising for long-running
child Agents that emit progress, drafts, or intermediate assistant messages.
Those intermediate assistant messages can become part of the parent Agent's
tool.response.
Use WithResponseMode(agenttool.ResponseModeFinalOnly) when the child Agent is
used as an isolated worker and the parent Agent should only see the child's
final answer:
In final-only mode, AgentTool:
- ignores partial assistant chunks
- ignores non-assistant messages, empty assistant messages, and tool messages
- returns the last complete child assistant message
- returns an empty string when the child Agent completes without a complete assistant message
- still returns child Agent errors as
agent error: ...
This is different from WithSkipSummarization(true). WithSkipSummarization
controls whether the parent flow performs an extra outer summarization call
after the tool response. WithResponseMode controls what the tool response
contains in the first place.
Example with both settings:
Child Agent Context Visibility
AgentTool runs the child Agent by reusing the current invocation and session. It helps to separate the nearby concepts first:
| Concept | What it does | What it does not do |
|---|---|---|
FilterKey |
Labels which conversation view an event belongs to; the content processor uses it to decide which historical messages enter a model request | It is not a permission boundary or a separate storage unit |
Branch |
Records the Agent execution lineage, mainly for traces and cross-Agent message projection | It usually does not directly decide what history AgentTool can read |
HistoryScope |
Controls how AgentTool builds the child Agent FilterKey |
It does not shape the tool result and does not change the child Agent tool surface |
MessageFilterMode |
A higher-level LLMAgent/GraphAgent preset that combines time filtering and FilterKey filtering |
Most AgentTool users do not need to configure it directly |
For historical reasons, BranchFilterMode contains the word Branch, but for
current-version events it compares Event.FilterKey with the current
invocation FilterKey. Legacy events written before FilterKey existed may
still fall back to Event.Branch for compatibility.
AgentTool currently has two history scopes:
HistoryScopeIsolated(default): the child Agent uses an independentFilterKey, such asmath-specialist-<uuid>(a new child key is generated on every call). With normal Runner-generated events, the child sees only the current tool arguments and does not inherit parent Agent history. Child events are still stored in the same session, but under a separate view.- If you want the same AgentTool to be called multiple times while the child
Agent continues from its own prior execution history, enable
WithPersistentHistory*underHistoryScopeIsolated(see Options below). This switches the child key to a stable value (for exampleagenttool:math-specialist:default) so the child context becomes continuous.
- If you want the same AgentTool to be called multiple times while the child
Agent continues from its own prior execution history, enable
HistoryScopeParentBranch: the child Agent uses a sub-key under the parent key, such asassistant/math-specialist-<uuid>. The default prefix matching treats ancestors and descendants as the same lineage. This means the child can see parent history, and the parent may also see child events in later context. This mode is for shared-lineage collaboration; it is not a snapshot mode that reads parent history while hiding child details from the parent.
In practice:
- Use the default
HistoryScopeIsolatedwhen the child Agent should do independent work and return only its tool result to the parent. Pass any required context explicitly in the tool arguments. - Use
HistoryScopeParentBranchwhen the child Agent should continue, edit, or refine prior parent output, and it is acceptable for parent and child events to share one lineage.
HistoryScope only controls historical visibility. These behaviors do not
change when you switch history scope:
WithResponseModestill controls which child assistant content becomes the tool result.WithSkipSummarizationstill controls whether the parent flow performs an extra outer summarization call after the tool result.- The child Agent still inherits the current invocation's session, plugins, and
RunOptionsthroughInvocation.Clone(...); start a separate application run when you need true background isolation. - If business code manually appends events with an empty
FilterKey, those events may be visible from multiple views for compatibility. Prefer setting explicit app-prefixedFilterKeyvalues for custom events.
Options
-
WithSkipSummarization(bool):
- false (default): Allow an additional summarization/answer call after the tool result
- true: Skip the outer summarization LLM call once the tool returns
-
WithStreamInner(bool):
- true: Forward child Agent events to the parent flow (recommended: enable
GenerationConfig{Stream: true}for both parent and child Agents) - false: Treat as a callable-only tool, without inner event forwarding
- true: Forward child Agent events to the parent flow (recommended: enable
-
WithInnerTextMode(InnerTextMode):
InnerTextModeInclude: (effective default) forward child assistant text when inner streaming is enabledInnerTextModeExclude: suppress forwarded child assistant text while keeping inner tool calls, tool completions, and the aggregated final tool response
-
WithResponseMode(ResponseMode):
ResponseModeDefault(default): keep legacy concatenation of child assistant messages into the tool resultResponseModeFinalOnly: return only the last complete child assistant message as the tool result
-
WithPersistentHistory() / WithPersistentHistoryKey(string) / WithPersistentHistoryKeyFunc(...):
- Purpose: use a stable child
FilterKeyunderHistoryScopeIsolatedso the child Agent can read its own history across multiple AgentTool calls within the same session (instead of starting from a fresh UUID key every time). - Default key:
agenttool:<toolName>:default(intentionally avoids/so it does not accidentally fall under the parent's prefix/subtree filters). - Advanced: use
WithPersistentHistoryKey(...)orWithPersistentHistoryKeyFunc(...)to shard different tasks onto different keys and avoid interleaving history when multiple tasks share one tool. - Notes:
- This is not a permission boundary. If the parent uses
BranchFilterModeAll/ an empty key, or you design keys that create a prefix relationship such asparent/..., parent context may still include child events. - Whether the child can see earlier history also depends on the child Agent message filter/timeline settings (defaults include history; "current request/invocation only" modes will limit cross-call visibility even with a stable key).
- Currently supported only for
agenttool.NewTool(agent). It is ignored byagenttool.NewDynamicTool()(dynamic tools are intentionally short-lived and memoryless). - Incompatible with
HistoryScopeParentBranch: when both are set, the framework ignores persistent history and uses theparent/child-uuidsemantics.
- This is not a permission boundary. If the parent uses
- Complete example: see
examples/agenttool/(use-persistent-child-history/-persistent-child-key).
- Purpose: use a stable child
- WithHistoryScope(HistoryScope):
HistoryScopeIsolated(default): Use an independent childFilterKey; the child usually sees only the current tool arguments and does not inherit parent history.HistoryScopeParentBranch: Use a hierarchicalFilterKeyin the formparent/child-uuid. Parent and child events share one lineage, and prefix matching can include either side in the other's context. Typical use cases: edit, optimize, or continue previous output.
Example:
Notes
- Completion signaling: Tool response events are marked
RequiresCompletion=true; Runner sends completion automatically - De-duplication: When inner deltas are forwarded, avoid printing the aggregated final
tool.responsetext again by default - Progress-only UX: combine
WithStreamInner(true)withWithInnerTextMode(agenttool.InnerTextModeExclude)when users should see inner progress without seeing duplicated child prose - Model compatibility: Some providers require a tool message after tool_calls; AgentTool automatically supplies the aggregated content
- Child context isolation and tool-result shaping are separate concerns.
WithHistoryScope(agenttool.HistoryScopeIsolated)controls what the child can read.WithResponseMode(agenttool.ResponseModeFinalOnly)controls what the parent receives as the tool result. HistoryScopeParentBranchis shared lineage, not snapshot isolation. If child details should not appear in later parent context, keep the defaultHistoryScopeIsolatedand pass the needed context through tool arguments.WithSkipSummarization(true)only skips the extra outer summarization LLM call. It does not maketool.responsea final assistant response; keep consuming untilrunner.completionif you need the real terminal signal
Dynamic AgentTool
agenttool.NewTool(agent) is a good fit when the tool is backed by one clear
specialist Agent. In that case, the application constructs the Agent first
including its model, tools, skills, permissions, and runtime policy, then exposes
that Agent as a tool to the parent.
Use agenttool.NewDynamicTool() when the application cannot predefine every
specialist role, and the parent Agent should choose a tool subset or per-call
instruction for each task. It exposes a model-facing tool named dynamic_agent
by default. Calling this tool does not create arbitrary Go objects and does not
select one pre-registered Agent by name; it runs one short-lived child Agent
invocation within a boundary defined by application code.
Typical setup:
By default, dynamic_agent derives its capability boundary from the parent
Agent's currently available user tools. The model can pass tools to narrow the
child Agent's tools for this call. If tools is omitted, the child may use all
tools inside the boundary. dynamic_agent itself, transfer_to_agent, and
caller-executed external tools are not selectable for the child.
The default model-facing arguments are:
request: Required task description. The default history scope isHistoryScopeIsolated, so include the context the child needs inrequest.instruction: Optional role, constraints, or execution guidance for this child invocation.tools: Optional exact tool names allowed for this invocation. An empty array means the child receives no user tools.
If the default parent-derived boundary is not the right business boundary, set a template Agent or explicit maximum capability surface in code:
WithTemplateAgent is a code-side boundary, not a model parameter. The model
cannot use dynamic_agent to choose arbitrary Agents, models, or executors. It
can only fill request, optionally set instruction, and optionally narrow the
tools/skills subset inside the boundary configured by the developer.
Common options:
WithName(name): change the model-facing tool name. This only applies toNewDynamicTool; regularNewTool(agent)always uses the wrapped Agent'sInfo().Name.WithTemplateAgent(agent): set the dynamic child Agent template, commonly used to fix the model, executor, callbacks, permission policy, and other runtime boundaries.WithCapabilityTools(tools): set the maximum tool surface the model may choose from. When omitted, it is derived from the parent Agent's effective user tools for the current run. When set, the tool names are enumerated in thetoolsschema so the model selects from a known set instead of guessing strings (the parent-derived surface andWithCapabilityProviderare resolved per call and are not enumerated).WithCapabilitySkills(repo): set the maximum skill repository the model may choose from. When omitted, it is derived from the parent Agent's effective skill repository for the current run.WithExposeToolSelection(false): hide thetoolsfield from the model. The child still receives the code-defined tool surface, but the model cannot narrow it.WithExposeSkillSelection(true): expose theskillsfield to the model. This is disabled by default because skill execution usually depends on deployment environment and code executor availability.WithExposeInstruction(false): hide theinstructionfield from the model.WithRequestDescription/WithInstructionDescription/WithToolsDescription/WithSkillsDescription: customize field descriptions using business-specific wording so the model fills arguments more reliably.
Take extra care when exposing skills. Dynamic AgentTool checks whether selected
skill names exist in the boundary repository. If the child has no available code
executor and a selected skill may require running code, the tool result includes a
warning. In production, prefer defining the executable range in code with
WithCapabilitySkills and a template Agent before exposing the skills field to
the model.
Dynamic AgentTool has a different boundary from the other multi-Agent mechanisms:
| Mechanism | What the model chooses | Lifetime | Control |
|---|---|---|---|
agenttool.NewTool(agent) |
one fixed tool entrypoint | per tool call | returns a tool result to the parent Agent |
transfer_to_agent |
one registered sub-agent | target Agent continues the current turn | hands off control |
agenttool.NewDynamicTool() |
request, instruction, and a tools/skills subset for this call |
per tool call | returns a tool result to the parent Agent |
If the same specialist Agent is exposed through both WithSubAgents and
agenttool.NewTool(agent), the parent model sees two different paths:
transfer_to_agent and a regular AgentTool. The framework can run this, but the
developer should explain when to use each path in the instruction or tool
description, or expose only one path. A dynamic_agent child does not receive
transfer_to_agent, but regular AgentTools are treated as user tools. If a
dynamic child should not call other AgentTools, narrow the boundary with
WithCapabilityTools or a runtime ToolFilter.
Tool Integration and Usage
Create an Agent and Integrate Tools
MCP Tool Filters
MCP ToolSets support filtering tools at creation time. It's recommended to use the unified tool.FilterFunc interface:
Per-Run Tool Filtering
- Option one: Per-run tool filtering enables dynamic control of tool availability for each
runner.Runinvocation without modifying Agent configuration. This is a "soft constraint" mechanism for optimizing token consumption and implementing role-based tool access control. apply to all agents - Option two: Configure the runtime filtering function through 'llmagent. WhatToolFilter' to only apply to the current agent Key Features:
- 🎯 Per-Run Control: Independent configuration per invocation, no Agent modification needed
- 💰 Cost Optimization: Reduce tool descriptions sent to LLM, lowering token costs
- 🛡️ Smart Protection: Framework tools (
transfer_to_agent,knowledge_search, optionalawait_user_reply) automatically preserved, never filtered - 🔧 Flexible Customization: Support for built-in filters and custom FilterFunc
Tool Search (Automatic Tool Selection)
In addition to rule-based filtering (Tool Filter), the framework provides Tool Search: before each main model call, it runs a lightweight “tool selection” step to shrink the available tool set to TopK (for example, 3 tools), then sends only those tools to the main model. This typically reduces token usage (especially PromptTokens) when the full tool list is large.
Trade-offs to keep in mind:
- Latency: Tool Search adds extra work (another LLM call and/or embedding + vector search), so end-to-end latency may increase.
- Prompt caching: the tool list can change every turn, which may reduce prompt caching hit rate on some providers.
How it differs from Tool Filter:
- Tool Filter: you (or your business logic) decide which tools are allowed/blocked (access control / cost control).
- Tool Search: the framework picks tools automatically based on the current user query (automation / cost optimization).
They can be combined: use Tool Filter for permissions/allow-lists first, then use Tool Search to select TopK from the remaining tools.
Two strategies:
- LLM Search: put the candidate tool list (name + description) into the prompt and ask an LLM to output the selected tool names.
- Pros: no vector store needed; simple to adopt.
- Cons: the prompt cost grows roughly linearly with the number/length of tool descriptions, and repeats every turn.
- Knowledge Search: rewrite the query with an LLM, then use embeddings + vector search to find relevant tools.
- Pros: you don’t need to send the full tool list to the selection LLM every turn; and tool embeddings are cached within the same
ToolKnowledgeinstance (so tools are not re-embedded repeatedly). - Note: the query is still embedded each turn (a fixed per-turn cost).
- Pros: you don’t need to send the full tool list to the selection LLM every turn; and tool embeddings are cached within the same
Basic Usage (LLM Search)
Tool Search can be used either as a Runner plugin or as a per-agent callback.
Option A: Runner Plugin
Option B: Per-Agent BeforeModel Callback
Register Tool Search as a BeforeModel callback. It will mutate req.Tools
before the main model call:
Basic Usage (Knowledge Search)
Create a ToolKnowledge (embedder + vector store) and enable it via toolsearch.WithToolKnowledge(...):
Token Usage (Optional)
Tool Search stores usage in context.Context, which you can use for metrics/cost analysis:
Basic Usage
1. Exclude Specific Tools (Exclude Filter)
Use blacklist approach to exclude unwanted tools:
2. Include Only Specific Tools (Include Filter)
Use whitelist approach to allow only specified tools:
3. Custom Filtering Logic (Custom FilterFunc)
Implement custom filter function for complex filtering logic:
4. Per-Agent Filtering
Use agent.InvocationFromContext to implement different tool sets for different Agents:
Complete Example: See examples/toolfilter/ directory
Smart Filtering Mechanism
The framework automatically distinguishes user tools from framework tools, filtering only user tools:
| Tool Category | Includes | Filtered? |
|---|---|---|
| User Tools | Tools registered via WithToolsTools registered via WithToolSets |
✅ Subject to filtering |
| Framework Tools | transfer_to_agent (multi-Agent coordination)knowledge_search (knowledge base retrieval)agentic_knowledge_searchawait_user_reply (one-shot follow-up routing, when enabled) |
❌ Never filtered, auto-preserved |
Example:
await_user_reply for Follow-Up Turns
await_user_reply is an optional framework tool. Enable it with
llmagent.WithAwaitUserReplyTool(true) when an Agent may ask the user for
missing information and you want the next user message to resume at that same
Agent.
Use it together with runner.WithAwaitUserReplyRouting(true):
The route is one-shot: Runner consumes it on the next user turn and then clears it automatically.
Important Notes
⚠️ Security Notice: Per-run tool filtering is a "soft constraint" primarily for optimization and user experience. Tools must still implement their own authorization logic:
Manual Tool Execution (Interrupt Tool Calls)
By default, when the model returns tool_calls, the framework executes those
tools automatically, then sends the tool results back to the model.
In some systems, you may want the caller (for example, a client, an upstream
service, or an external tool runtime such as Model Context Protocol (MCP)) to
execute tools instead. You can interrupt tool execution with
agent.WithExternalTools(...) or agent.WithToolExecutionFilter(...).
Key idea:
agent.WithToolFilter(...)controls tool visibility (what the model can see and call).agent.WithToolExecutionFilter(...)controls tool execution (what the framework will auto-run after the model requests it).agent.WithAdditionalTools(...)appends temporary tools for one run.agent.WithExternalTools(...)appends temporary tools and marks them as caller-executed.
Basic Flow
- Run the agent with
WithExternalToolsso the model can see caller-owned tools. - Read
tool_callsfrom the model response. - Execute the tool externally.
- Send a
role=toolmessage back so the model can continue.
If the tool is already registered on the Agent with llmagent.WithTools(...)
and only its per-run execution policy should change, continue to use
agent.WithToolExecutionFilter(...). WithExternalTools is better for AG-UI,
browser, mobile, or upstream-service callers that declare tools dynamically on
each request. The AG-UI runner maps request input.Tools to WithExternalTools
by default. If an external tool has the same name as an existing tool, the
existing tool wins; the external declaration does not override or intercept it.
This includes tools registered on the Agent and tools added with
WithAdditionalTools.
Complete example: examples/toolinterrupt/
Reason: LLMs may know about tool existence and usage from context or memory and attempt to call them. Tool filtering reduces this possibility but cannot completely prevent it.
Parallel Tool Execution
Graph workflows can also enable parallelism for a Tools node:
Parallel execution effect:
Dynamic ToolSet Management (Runtime)
WithToolSets is a static configuration: it wires ToolSets when constructing the Agent. In many real‑world scenarios you also need to add, remove, or replace ToolSets at runtime without recreating the Agent.
LLMAgent exposes three methods for this:
AddToolSet(toolSet tool.ToolSet)— add or replace a ToolSet byToolSet.Name().RemoveToolSet(name string) bool— remove all ToolSets whoseName()matchesname.SetToolSets(toolSets []tool.ToolSet)— replace all ToolSets with the provided slice.
These methods are concurrency‑safe and automatically recompute:
- Aggregated tools (direct tools + ToolSets + knowledge tools + skill tools)
- User tool tracking (used by the smart filtering logic above)
One important lifecycle detail:
AddToolSetdoes not automatically close a replaced ToolSet.RemoveToolSetdoes not automatically close a removed ToolSet.SetToolSetsdoes not automatically close ToolSets from the previous slice.
If you created those ToolSet instances, you still need to close them explicitly at the right time.
Typical usage pattern:
Runtime ToolSet updates integrate seamlessly with the tool filtering logic described earlier:
- Tools coming from
WithToolsor any ToolSet (including dynamically added ones) are treated as user tools and are subject toWithToolFilterand per‑run filters. - Framework tools such as
transfer_to_agent,knowledge_search,agentic_knowledge_search, and optionalawait_user_replyremain never filtered and are always available.
Tool Call Arguments Auto Repair
Some models may emit non-strict JSON arguments for tool_calls (for example, unquoted object keys or trailing commas), which can break tool execution or external parsing.
Tool call arguments auto repair is useful when the caller needs to parse toolCall.Function.Arguments outside the framework, or when tools require strictly valid JSON input.
When agent.WithToolCallArgumentsJSONRepairEnabled(true) is enabled in runner.Run, the framework will attempt to repair toolCall.Function.Arguments on a best-effort basis.
Quick Start
Environment Setup
Simple Example
Run the Examples
Summary
The Tool system provides rich extensibility for tRPC-Agent-Go, supporting Function Tools, the DuckDuckGo Search Tool, and MCP protocol tools.