Tool Usage Guide
The Tool system is a core component of the tRPC-Agent-Go framework, enabling Agents to interact with external services and functions. The framework supports multiple tool types, including Function Tools and external tools integrated via the MCP (Model Context Protocol) standard.
Overview
🎯 Key Features
- 🔧 Multiple Tool Types: Supports Function Tools and MCP standard tools.
- 🌊 Streaming Responses: Supports both real-time streaming responses and normal responses.
- ⚡ Parallel Execution: Tool invocations support parallel execution to improve performance.
- 🔄 MCP Protocol: Full support for STDIO, SSE, and Streamable HTTP transports.
- 🔁 Tool Call Retry: Supports retrying callable tool calls in LLMAgent and Graph ToolsNode.
- 🛠️ Configuration Support: Provides configuration options and filter support.
- 🧹 Arguments Repair: Optionally enable
agent.WithToolCallArgumentsJSONRepairEnabled(true)to best-effort repairtool_callsarguments, improving robustness for tool execution and external parsing.
Core Concepts
🔧 Tool
A Tool is an abstraction of a single capability that implements the tool.Tool interface. Each Tool provides specific functionality such as mathematical calculation, search, time query, etc.
Recommendation (always configure name and description)
- name (required): Used by the model to precisely select and invoke the tool. Keep it stable, unique, and descriptive (prefer
snake_case), and avoid name collisions across Tools/ToolSets. - description (required): Used by the model to understand what the tool does, when to use it, and any constraints. Missing or vague descriptions will noticeably reduce tool-call accuracy and stability.
For Function Tools, set these via
function.WithName(...)/function.WithDescription(...). For custom Tools, setName/Descriptionon thetool.Declarationreturned byDeclaration().
📦 ToolSet
A ToolSet is a collection of related tools that implements the tool.ToolSet interface. A ToolSet manages the lifecycle of tools, connections, and resource cleanup.
Relationship between Tool and ToolSet:
- One "Tool" = one concrete capability (e.g., calculator).
- One "ToolSet" = a group of related Tools (e.g., all tools provided by an MCP server).
- An Agent can use multiple Tools and multiple ToolSets simultaneously.
🌊 Streaming Tool Support
The framework supports streaming tools to provide real-time responses:
Streaming tool characteristics:
- 🚀 Real-time responses: Data is returned progressively without waiting for the complete result.
- 📊 Large data handling: Suitable for scenarios such as log queries and data analysis.
- ⚡ User experience: Provides instant feedback and progress display.
Tool Types
| Tool Type | Definition | Integration Method |
|---|---|---|
| Function Tools | Tools implemented by directly calling Go functions | Tool interface, in-process calls |
| Agent Tool (AgentTool) | Wrap any Agent as a callable tool | Tool interface, supports streaming inner forwarding |
| DuckDuckGo Tool | Search tool based on DuckDuckGo API | Tool interface, HTTP API |
| MCP ToolSet | External toolset based on MCP protocol | ToolSet interface, multiple transports |
📖 Related docs: For Agent Tool and Transfer Tool used in multi-Agent collaboration, see the Multi-Agent System document.
Function Tools
Function Tools implement tool logic directly via Go functions and are the simplest tool type.
Basic Usage
Input Schema and field descriptions
For Function Tools, the input req is automatically converted into a JSON Schema (so the model can understand the expected arguments). Add field descriptions via struct tags:
- Field name: use
json:"..."as the schema property name. - Field description (recommended): use
jsonschema:"description=..."to populateproperties.<field>.description. - Note: the
jsonschematag uses comma,as the separator, so the description value must not contain,; otherwise it will be parsed as multiple tag items. - Compatibility:
description:"..."is also supported for legacy code. If bothjsonschema:"description=..."anddescription:"..."are present, thejsonschemadescription wins. - More flexible schema: if you need full control over the input schema (e.g. complex JSON Schema constraints), use
function.WithInputSchema(customInputSchema)to bypass auto-generation.
Streaming Tool Example
Access Tool Call ID inside Tool implementations
When the model emits a tool_call, the framework injects that call's
tool_call_id into the tool execution context.Context before your tool
starts running.
This means the framework does support reading the current tool call ID directly inside your own Tool implementation.
This is especially useful when you want to:
- create unique state keys for concurrent calls to the same tool
- attach a stable identifier to logs, metrics, or traces
- launch a child Agent inside the tool and tell your UI which
tool_callthat child Agent belongs to
Today this mechanism applies to:
- regular function tools in LLMAgent
- streamable tools in LLMAgent
- tool execution in GraphAgent tools nodes
- Tool callbacks and plugins as well
The simplest form
Call tool.ToolCallIDFromContext(ctx) inside the tool:
If all you need is per-call logging, metrics, or Invocation State, this is usually enough.
For a runnable end-to-end example, see examples/toolcallid.
When the Tool also launches a child Agent
There are two different kinds of identifiers here:
tool_call_id: identifies one model-issued tool callInvocationID/ParentInvocationID: identify parent-child Agent runs
If your goal is "show the child Agent output under the specific tool card in the UI", keep both layers:
- Read the current
tool_call_idwithtool.ToolCallIDFromContext(ctx) - Read the parent Invocation with
agent.InvocationFromContext(ctx) - Create the child Invocation with
parentInv.Clone(...) - Put the
tool_call_idinto the child InvocationRunOptions.RuntimeState - In the renderer, use:
InvocationID/ParentInvocationIDfor the execution tree- the propagated
tool_call_idfor the originating tool card
Example (assuming childAgent is an existing runnable child Agent):
Copy RuntimeState before writing to it. Invocation.Clone(...)
does not deep-copy the map, so mutating a reused map would also
mutate the parent Invocation.
Inside the child Agent, if you need to read the originating tool call ID again, read it from runtime state:
Recommended pattern
- If you only need the identifier for the current tool call, use
tool.ToolCallIDFromContext(ctx) - If you need to represent "which child Agent belongs to which parent
execution", rely on
InvocationID/ParentInvocationID - If the UI must also attach that child subtree back to a specific tool
card, propagate
tool_call_idexplicitly throughRuntimeStateor custom event metadata - If you are using
AgentTool, the framework already maintains parent-child Invocation linkage viaInvocation.Clone(...). In many UIs that is already enough. Propagatetool_call_idonly when you need the extra tool-card association
One subtle caveat
The framework injects tool_call_id before tool execution.
However, if a BeforeTool callback replaces the context with a brand-new
bare context, downstream tool code will no longer see that ID.
So if you replace the context inside callbacks, make sure you preserve the existing context values you still need.
Built-in Tools
Tool Call Retry
When a tool call may fail because of a transient issue, you can configure retry for it, for example:
- a temporary network issue;
- a short timeout;
- an intermittent failure from an external service.
This feature is disabled by default. It currently applies only to CallableTool, and StreamableTool is not retried yet. When enabled, the framework retries only the current tool call. It does not rerun the whole Agent or the whole Graph workflow.
Basic Configuration
Common fields:
MaxAttempts: Total attempt count, including the first call.InitialInterval: Delay before the second attempt.BackoffFactor: Multiplier for backoff growth.MaxInterval: Upper bound for the delay.Jitter: Whether to enable jitter.
Default Retry Rules
If you do not provide RetryOn, the framework uses tool.DefaultRetryOn(...).
The default rule is conservative and retries only common transient errors, such as:
io.EOFio.ErrUnexpectedEOF- timeout / temporary errors reported through
net.Error
It does not retry context.Canceled, context.DeadlineExceeded, or result-level failures by default.
Custom Retry Rules
If the default rule is not enough, you can customize the decision with RetryOn. A common pattern is to reuse tool.DefaultRetryOn(...) first, then add your own conditions:
tool.RetryInfo carries the current call information, such as tool name, attempt number, raw error, and result-level failure flag, so you can make your retry decision in one place.
Enable It in LLMAgent
Runnable example:
Enable It in Graph
Runnable example:
DuckDuckGo Search Tool
The DuckDuckGo tool is based on the DuckDuckGo Instant Answer API and provides factual and encyclopedia-style information search capabilities.
Basic Usage
Advanced Configuration
Claude Code ToolSet
tool/claudecode provides a code-oriented ToolSet that exposes a Claude Code-style tool surface inside the framework. It covers file editing, repository search, command execution, and web retrieval, and can be attached directly to LLMAgent or other runtimes. If your goal is to invoke the local Claude Code CLI and consume its execution trace and tool events, see the Claude Code Agent guide.
By default, claudecode exposes a core set of workflow tools: Bash, TaskStop, TaskOutput, Read, Glob, Grep, WebFetch, and WebSearch. When read-only mode is disabled, it also exposes Write, Edit, and NotebookEdit.
The following table lists the tools currently exposed by claudecode:
| Tool | Description |
|---|---|
Bash |
Executes local shell commands. |
TaskStop |
Stops a background task started by Bash. |
TaskOutput |
Reads the current or final output of a background task. |
Read |
Reads file contents. |
Glob |
Finds files by path pattern. |
Grep |
Searches repository content. |
WebFetch |
Fetches the content of a specific URL. |
WebSearch |
Performs an open web search. |
Write |
Creates a file or overwrites a file with complete contents. Only exposed when read-only mode is disabled. |
Edit |
Performs targeted replacement in an existing text file. Only exposed when read-only mode is disabled. |
NotebookEdit |
Edits .ipynb files at the cell level. Only exposed when read-only mode is disabled. |
Basic Usage
llmagent.WithToolSets(...) attaches these tools as a ToolSet. Calling Tools() returns the flattened list of individual tools.
Common Options
The main tool/claudecode options focus on working directory, read-only mode, and web behavior:
| Option | Description |
|---|---|
WithName(name) |
Overrides the ToolSet name. The default name is claudecode. |
WithBaseDir(dir) |
Sets the base directory used by file, search, and command execution tools. |
WithReadOnly(readOnly) |
Removes Write, Edit, and NotebookEdit when enabled. |
WithMaxFileSize(size) |
Limits the maximum readable file size. |
WithWebFetchOptions(opts) |
Configures domain policy, timeout, and content handling for WebFetch. |
WithWebSearchOptions(opts) |
Configures backend, paging, and request options for WebSearch. |
WithBaseDir defines the working scope for Read, Write, Edit, Glob, and Grep, and also determines the default working directory for Bash. When read-only mode is enabled, the toolset keeps only read, search, command, and web capabilities. When read-only mode is disabled, it also exposes Write, Edit, and NotebookEdit.
MCP Tools
MCP (Model Context Protocol) is an open protocol that standardizes how applications provide context to LLMs. MCP tools are based on JSON-RPC 2.0 and provide standardized integration with external services for Agents.
MCP ToolSet Features:
- 🔗 Unified interface: All MCP tools are created via
mcp.NewMCPToolSet(). - ✅ Explicit initialization:
(*mcp.ToolSet).Init(ctx)lets you fail fast on MCP connection / tool loading errors during startup. - 🚀 Multiple transports: Supports STDIO, SSE, and Streamable HTTP.
- 🔧 Tool filters: Supports including/excluding specific tools.
Basic Usage
ToolSet Lifecycle and Ownership
The ToolSet interface explicitly includes Close(). That means the
party that creates a ToolSet is also responsible for releasing the
connections, sessions, caches, and other resources it owns.
Important ownership boundaries:
llmagent.WithToolSets(...)only attaches aToolSetto an Agent for use. It does not transfer ownership.LLMAgent.AddToolSet(...),LLMAgent.RemoveToolSet(...), andLLMAgent.SetToolSets(...)only change which tools the Agent exposes. They do not automatically callClose()on replaced or removed ToolSets.runner.NewRunner(...)andrunner.NewRunnerWithAgentFactory(...)likewise do not automatically reclaim a ToolSet just because an Agent uses it.
Recommended patterns:
- Long-lived ToolSet: create it at startup, optionally call
Init(ctx), reuse it across many runs, and close it during application shutdown. - Per-request ToolSet: create it only for the current run, then clean it up explicitly when that run finishes.
If your goal is only to let a ToolSet fetch the latest tool list on
each run, prefer llmagent.WithRefreshToolSetsOnRun(true). That refreshes
ToolSet.Tools(ctx) per run, but it does not recreate or close the
ToolSet instance itself.
Transport Configuration
MCP ToolSet supports three transports via the Transport field:
1. STDIO Transport
Communicates with external processes via standard input/output. Suitable for local scripts and CLI tools.
2. SSE Transport
Uses Server-Sent Events for communication, supporting real-time data push and streaming responses.
3. Streamable HTTP Transport
Uses standard HTTP for communication, supporting both regular HTTP and streaming responses.
Session Reconnection Support
MCP ToolSet supports automatic session reconnection to recover from server restarts or session expiration.
Reconnection Features:
- 🔄 Auto Reconnect: Automatically recreates session when connection loss or expiration is detected
- 🎯 Independent Retries: Each tool call gets independent reconnection attempts
- 🛡️ Conservative Strategy: Only triggers reconnection for clear connection/session errors to avoid infinite loops
Dynamic MCP Tool Discovery (LLMAgent Option)
For MCP ToolSets, the list of tools on the server side can change over
time (for example, when a new MCP tool is registered). To let an
LLMAgent automatically see the latest tools from a ToolSet on each
run, use llmagent.WithRefreshToolSetsOnRun(true) together with
WithToolSets.
LLMAgent configuration example
When WithRefreshToolSetsOnRun(true) is enabled:
- Each time the LLMAgent builds its tool list for a run, it calls
ToolSet.Tools(ctx)again, using the current run context. - If the MCP server adds or removes tools, the next run of this LLMAgent will use the updated tool list automatically.
- If you query tools outside a run (for example, by calling
agent.Tools()directly), the LLMAgent usescontext.Background().
This option focuses on dynamic discovery of tools. If you also need
ToolSets to honor a specific context for initialization or tool
discovery without refreshing the tool list on every run, keep using the
pattern shown in the examples/mcptool/http_headers example, where you
manually call toolSet.Tools(ctx) and pass the tools via WithTools.
Common pitfalls:
WithRefreshToolSetsOnRun(true)refreshes the tool list, not the ToolSet instance itself. It does not automatically create, replace, or close ToolSets for you.tools/calluses the current run context, but if you callagent.Tools()outside a run, the ToolSet will seecontext.Background().- If
initialize/tools/listmust strictly use a custom context (for example, per-request auth headers or tracing values), the safer pattern is usually to calltoolSet.Tools(ctx)yourself and inject the resulting tools viaWithTools(...).
MCP Broker (On-Demand MCP Discovery)
In addition to expanding remote MCP tools into first-class Tools, the
framework also provides another integration style:
tool/mcpbroker.
The core idea of mcpbroker is:
- do not expose every remote MCP tool up front
- expose only a very small broker surface first
- let the model discover and call remote MCP tools only when needed
This is a better fit when the remote MCP surface is large, but a single request usually needs only a small subset of that surface.
When to Use MCP Broker
Use mcpbroker when:
- an MCP server exposes many tools and you do not want to send the full tool surface to the model on every turn
- some tools are long-tail or backup capabilities rather than hot-path tools
- a Skill, System Prompt, or User Prompt reveals an MCP endpoint that should be connected dynamically
- you want a smaller and more stable initial tool surface
Keep using mcp.NewMCPToolSet() when:
- the capability is high-frequency, stable, and already known
- you want remote MCP tools to become first-class Tools directly
- you care more about shorter execution paths and stronger schema-level constraints
The two patterns can be mixed:
- use
MCP ToolSetfor hot-path capabilities - use
mcpbrokerfor long-tail or dynamically discovered capabilities
How It Differs from MCP ToolSet
The main difference is when remote MCP tools become visible:
MCP ToolSet- performs
initialize + tools/list - expands remote MCP tools into model-visible Tools
- performs
mcpbroker- initially exposes only 4 broker tools
- the model discovers servers, then tools, then inspects selected schemas, then calls a concrete tool
You can think of them as:
MCP ToolSet: directly mount remote toolsmcpbroker: discover remote tools on demand
Typical trade-offs:
MCP ToolSet: faster and more strongly constrained, but larger tool surfacemcpbroker: lighter on context and better for long-tail / dynamic capabilities, but usually slower because discovery adds extra steps
Basic Integration
Server Description
The Description field on ConnectionConfig provides a capability
summary for the MCP server, helping the model decide which server to
explore at the mcp_list_servers stage. The output includes the
description:
This is analogous to the description field on an OpenAI tool namespace:
the model can read it at the mcp_list_servers step and decide which
server to explore next, without needing to mcp_list_tools every server
one by one. The more servers you have, or the less self-explanatory the
server names are, the more valuable this description becomes.
The field is optional. When omitted, the output simply does not include
a description property, and existing behavior is unchanged.
Today mcpbroker is a tool-layer integration. Unlike Skill, it
does not automatically inject routing guidance into the system prompt.
If you want the model to behave more predictably, it is still useful to
add a small amount of business-level instruction such as:
- when to list named servers first
- when to use
mcp_list_toolsfirst - when to expand selected tools with
mcp_inspect_tools - when to prefer broker over direct tools
The 4 Model-Visible Broker Tools
The model only sees these 4 tools:
mcp_list_serversmcp_list_toolsmcp_inspect_toolsmcp_call
The recommended flow is usually:
mcp_list_servers()to inspect named servers already known to the brokermcp_list_tools(selector)to inspect a server or ad-hoc MCP endpoint with lightweight summariesmcp_inspect_tools(selector, tools[])to expand schema for only the selected toolsmcp_call(selector, arguments)to call one concrete MCP tool
So instead of seeing the entire remote tool surface immediately, the model explores it progressively through the broker.
Selector Mental Model
mcpbroker intentionally avoids a mixed input model like
server_name + tool_name + url. Instead it uses a unified selector:
- In
mcp_list_tools:- named server:
local_stdio_code - ad-hoc URL:
https://example.com/mcp
- named server:
- In
mcp_call:- named tool:
local_stdio_code.add - ad-hoc URL tool:
https://example.com/mcp.add
- named tool:
If an ad-hoc HTTP endpoint would make dot-based selectors ambiguous, mcpbroker
also supports:
https://example.com/mcp#tool=add
Remote MCP tool parameters always go into:
mcp_call(..., arguments={...})
and not into top-level wrapper fields.
Progressive Discovery Flow
- start with
mcp_list_toolsfor lightweight summaries - only use
mcp_inspect_toolswhen preparing to call a specific tool
Compared with sending every full schema up front, this is usually more friendly to tight context budgets.
Dynamic URL and Skill Scenarios
mcpbroker supports ad-hoc HTTP MCP targets:
WithAllowAdHocHTTP(true) makes selector model-controlled input for
HTTP(S) MCP targets. In production, validate or allowlist the URL, domain, and
path before treating ad-hoc HTTP as a trusted integration path.
In practice, dynamic connection still requires some information source to tell the model:
- that this MCP endpoint exists
- what it roughly does
- which URL should be used
That source can be:
- a System Prompt
- a User Prompt
- a Skill
- a knowledge source
In other words, mcpbroker solves “how to connect / inspect / call”.
It does not solve “why would the model think of connecting to this MCP
in the first place”.
This makes mcpbroker a natural companion to Skills. Some Skills only
need a dedicated MCP capability while that Skill is relevant, so those
MCP tools do not need to stay exposed as global tools for the whole
conversation. Other Skills may reveal an incremental MCP endpoint that
is only known after the Skill is loaded. In both cases, the Skill can
act as the information source, while mcpbroker handles the dynamic
connection and progressive tool/schema disclosure.
See:
examples/mcpbroker/basic
That example includes:
- a named local MCP server
- a Skill that reveals a remote streamable HTTP MCP endpoint
- a model flow like
skill_load -> mcp_list_tools -> mcp_inspect_tools -> mcp_call
Auth Hooks (Per-Run Header Injection)
For HTTP MCP targets, mcpbroker also provides runtime auth hooks:
WithHTTPHeaderInjector(...)WithErrorInterceptor(...)
These hooks are useful when:
- you do not want the model to provide
Authorizationitself - you need to inject a user-specific token on every request
- you want business code to wrap 401/403 responses into clearer errors
Example:
The key design point is:
- the model chooses the
selector - business code resolves headers from
ctx mcpbrokerdoes not manage a full OAuth session state machine
When WithAllowAdHocHTTP(true) is enabled, URL selectors may come from
model-visible context. In production, validate req.IsAdHoc and req.BaseURL
inside your HTTPHeaderInjector before returning sensitive headers.
See:
examples/mcpbroker/authhooks
Agent Tool (AgentTool)
AgentTool lets you expose an existing Agent as a tool to be used by a parent Agent. Compared with a plain function tool, AgentTool provides:
- ✅ Reuse: Wrap complex Agent capabilities as a standard tool
- 🌊 Streaming: Optionally forward the child Agent’s streaming events inline to the parent flow
- 🧭 Control: Options to skip post-tool summarization and to enable/disable inner forwarding
Basic Usage
Streaming Inner Forwarding
When WithStreamInner(true) is enabled, AgentTool forwards child Agent events
to the parent flow as they happen:
- Forwarded items are actual
event.Eventinstances, carrying incremental text inchoice.Delta.Content - To avoid duplication, the child Agent’s final full message is not forwarded again; it is aggregated into the final
tool.responsecontent for the next LLM turn (to satisfy providers requiring tool messages) - UI guidance: show forwarded child deltas; avoid printing the aggregated final
tool.responsecontent unless debugging WithInnerTextMode(agenttool.InnerTextModeExclude)lets you keep inner tool progress visible while suppressing forwarded child assistant text. This is useful when an outer coordinator will produce the final user-facing answer.
Example: Only show tool fragments when needed to avoid duplicates
Options
-
WithSkipSummarization(bool):
- false (default): Allow an additional summarization/answer call after the tool result
- true: Skip the outer summarization LLM call once the tool returns
-
WithStreamInner(bool):
- true: Forward child Agent events to the parent flow (recommended: enable
GenerationConfig{Stream: true}for both parent and child Agents) - false: Treat as a callable-only tool, without inner event forwarding
- true: Forward child Agent events to the parent flow (recommended: enable
-
WithInnerTextMode(InnerTextMode):
InnerTextModeInclude: (effective default) forward child assistant text when inner streaming is enabledInnerTextModeExclude: suppress forwarded child assistant text while keeping inner tool calls, tool completions, and the aggregated final tool response
- WithHistoryScope(HistoryScope):
HistoryScopeIsolated(default): Keep the child Agent fully isolated; it only sees the current tool arguments (no inherited history).HistoryScopeParentBranch: Inherit parent conversation history by using a hierarchical filter keyparent/child-uuid. This allows the content processor to include parent events via prefix matching while keeping child events isolated under a sub-branch. Typical use cases: “edit/optimize/continue previous output”.
Example:
Notes
- Completion signaling: Tool response events are marked
RequiresCompletion=true; Runner sends completion automatically - De-duplication: When inner deltas are forwarded, avoid printing the aggregated final
tool.responsetext again by default - Progress-only UX: combine
WithStreamInner(true)withWithInnerTextMode(agenttool.InnerTextModeExclude)when users should see inner progress without seeing duplicated child prose - Model compatibility: Some providers require a tool message after tool_calls; AgentTool automatically supplies the aggregated content
WithSkipSummarization(true)only skips the extra outer summarization LLM call. It does not maketool.responsea final assistant response; keep consuming untilrunner.completionif you need the real terminal signal
Tool Integration and Usage
Create an Agent and Integrate Tools
MCP Tool Filters
MCP ToolSets support filtering tools at creation time. It's recommended to use the unified tool.FilterFunc interface:
Per-Run Tool Filtering
- Option one: Per-run tool filtering enables dynamic control of tool availability for each
runner.Runinvocation without modifying Agent configuration. This is a "soft constraint" mechanism for optimizing token consumption and implementing role-based tool access control. apply to all agents - Option two: Configure the runtime filtering function through 'llmagent. WhatToolFilter' to only apply to the current agent Key Features:
- 🎯 Per-Run Control: Independent configuration per invocation, no Agent modification needed
- 💰 Cost Optimization: Reduce tool descriptions sent to LLM, lowering token costs
- 🛡️ Smart Protection: Framework tools (
transfer_to_agent,knowledge_search, optionalawait_user_reply) automatically preserved, never filtered - 🔧 Flexible Customization: Support for built-in filters and custom FilterFunc
Tool Search (Automatic Tool Selection)
In addition to rule-based filtering (Tool Filter), the framework provides Tool Search: before each main model call, it runs a lightweight “tool selection” step to shrink the available tool set to TopK (for example, 3 tools), then sends only those tools to the main model. This typically reduces token usage (especially PromptTokens) when the full tool list is large.
Trade-offs to keep in mind:
- Latency: Tool Search adds extra work (another LLM call and/or embedding + vector search), so end-to-end latency may increase.
- Prompt caching: the tool list can change every turn, which may reduce prompt caching hit rate on some providers.
How it differs from Tool Filter:
- Tool Filter: you (or your business logic) decide which tools are allowed/blocked (access control / cost control).
- Tool Search: the framework picks tools automatically based on the current user query (automation / cost optimization).
They can be combined: use Tool Filter for permissions/allow-lists first, then use Tool Search to select TopK from the remaining tools.
Two strategies:
- LLM Search: put the candidate tool list (name + description) into the prompt and ask an LLM to output the selected tool names.
- Pros: no vector store needed; simple to adopt.
- Cons: the prompt cost grows roughly linearly with the number/length of tool descriptions, and repeats every turn.
- Knowledge Search: rewrite the query with an LLM, then use embeddings + vector search to find relevant tools.
- Pros: you don’t need to send the full tool list to the selection LLM every turn; and tool embeddings are cached within the same
ToolKnowledgeinstance (so tools are not re-embedded repeatedly). - Note: the query is still embedded each turn (a fixed per-turn cost).
- Pros: you don’t need to send the full tool list to the selection LLM every turn; and tool embeddings are cached within the same
Basic Usage (LLM Search)
Tool Search can be used either as a Runner plugin or as a per-agent callback.
Option A: Runner Plugin
Option B: Per-Agent BeforeModel Callback
Register Tool Search as a BeforeModel callback. It will mutate req.Tools
before the main model call:
Basic Usage (Knowledge Search)
Create a ToolKnowledge (embedder + vector store) and enable it via toolsearch.WithToolKnowledge(...):
Token Usage (Optional)
Tool Search stores usage in context.Context, which you can use for metrics/cost analysis:
Basic Usage
1. Exclude Specific Tools (Exclude Filter)
Use blacklist approach to exclude unwanted tools:
2. Include Only Specific Tools (Include Filter)
Use whitelist approach to allow only specified tools:
3. Custom Filtering Logic (Custom FilterFunc)
Implement custom filter function for complex filtering logic:
4. Per-Agent Filtering
Use agent.InvocationFromContext to implement different tool sets for different Agents:
Complete Example: See examples/toolfilter/ directory
Smart Filtering Mechanism
The framework automatically distinguishes user tools from framework tools, filtering only user tools:
| Tool Category | Includes | Filtered? |
|---|---|---|
| User Tools | Tools registered via WithToolsTools registered via WithToolSets |
✅ Subject to filtering |
| Framework Tools | transfer_to_agent (multi-Agent coordination)knowledge_search (knowledge base retrieval)agentic_knowledge_searchawait_user_reply (one-shot follow-up routing, when enabled) |
❌ Never filtered, auto-preserved |
Example:
await_user_reply for Follow-Up Turns
await_user_reply is an optional framework tool. Enable it with
llmagent.WithAwaitUserReplyTool(true) when an Agent may ask the user for
missing information and you want the next user message to resume at that same
Agent.
Use it together with runner.WithAwaitUserReplyRouting(true):
The route is one-shot: Runner consumes it on the next user turn and then clears it automatically.
Important Notes
⚠️ Security Notice: Per-run tool filtering is a "soft constraint" primarily for optimization and user experience. Tools must still implement their own authorization logic:
Manual Tool Execution (Interrupt Tool Calls)
By default, when the model returns tool_calls, the framework executes those
tools automatically, then sends the tool results back to the model.
In some systems, you may want the caller (for example, a client, an upstream
service, or an external tool runtime such as Model Context Protocol (MCP)) to
execute tools instead. You can interrupt tool execution with
agent.WithToolExecutionFilter(...).
Key idea:
agent.WithToolFilter(...)controls tool visibility (what the model can see and call).agent.WithToolExecutionFilter(...)controls tool execution (what the framework will auto-run after the model requests it).
Basic Flow
- Run the agent with
WithToolExecutionFilterso the framework does not execute selected tools. - Read
tool_callsfrom the model response. - Execute the tool externally.
- Send a
role=toolmessage back so the model can continue.
Complete example: examples/toolinterrupt/
Reason: LLMs may know about tool existence and usage from context or memory and attempt to call them. Tool filtering reduces this possibility but cannot completely prevent it.
Parallel Tool Execution
Graph workflows can also enable parallelism for a Tools node:
Parallel execution effect:
Dynamic ToolSet Management (Runtime)
WithToolSets is a static configuration: it wires ToolSets when constructing the Agent. In many real‑world scenarios you also need to add, remove, or replace ToolSets at runtime without recreating the Agent.
LLMAgent exposes three methods for this:
AddToolSet(toolSet tool.ToolSet)— add or replace a ToolSet byToolSet.Name().RemoveToolSet(name string) bool— remove all ToolSets whoseName()matchesname.SetToolSets(toolSets []tool.ToolSet)— replace all ToolSets with the provided slice.
These methods are concurrency‑safe and automatically recompute:
- Aggregated tools (direct tools + ToolSets + knowledge tools + skill tools)
- User tool tracking (used by the smart filtering logic above)
One important lifecycle detail:
AddToolSetdoes not automatically close a replaced ToolSet.RemoveToolSetdoes not automatically close a removed ToolSet.SetToolSetsdoes not automatically close ToolSets from the previous slice.
If you created those ToolSet instances, you still need to close them explicitly at the right time.
Typical usage pattern:
Runtime ToolSet updates integrate seamlessly with the tool filtering logic described earlier:
- Tools coming from
WithToolsor any ToolSet (including dynamically added ones) are treated as user tools and are subject toWithToolFilterand per‑run filters. - Framework tools such as
transfer_to_agent,knowledge_search,agentic_knowledge_search, and optionalawait_user_replyremain never filtered and are always available.
Tool Call Arguments Auto Repair
Some models may emit non-strict JSON arguments for tool_calls (for example, unquoted object keys or trailing commas), which can break tool execution or external parsing.
Tool call arguments auto repair is useful when the caller needs to parse toolCall.Function.Arguments outside the framework, or when tools require strictly valid JSON input.
When agent.WithToolCallArgumentsJSONRepairEnabled(true) is enabled in runner.Run, the framework will attempt to repair toolCall.Function.Arguments on a best-effort basis.
Quick Start
Environment Setup
Simple Example
Run the Examples
Summary
The Tool system provides rich extensibility for tRPC-Agent-Go, supporting Function Tools, the DuckDuckGo Search Tool, and MCP protocol tools.