Expand description
Core abstractions for defining, registering, executing, and governing tools in agentkit.
This crate provides the Tool trait, ToolRegistry,
BasicToolExecutor, and a layered permission system built on
PermissionChecker, PermissionPolicy, and
CompositePermissionChecker. Together these types let you:
- Define tools by implementing
Toolwith aToolSpecand asyncinvokemethod. - Register tools in a
ToolRegistryand hand it to an executor or capability provider. - Check permissions before execution using composable policies
(
PathPolicy,CommandPolicy,McpServerPolicy,CustomKindPolicy). - Handle interruptions (approval prompts, OAuth flows) via the
ToolInterruption/ApprovalRequest/AuthRequesttypes. - Bridge to the capability layer with
ToolCapabilityProvider, which wraps every registered tool as anInvocable.
Structs§
- Approval
Request - A request sent to the host when a tool execution needs human approval.
- Auth
Request - A request for authentication credentials before a tool can proceed.
- Basic
Tool Executor - The default
ToolExecutorthat looks up tools in aToolRegistry, checks permissions viaTool::proposed_requests, and invokes the tool. - Command
Policy - A
PermissionPolicythat governsShellPermissionRequests by checking the executable name, working directory, and environment variables. - Composite
Permission Checker - Chains multiple
PermissionPolicyimplementations into a singlePermissionChecker. - Custom
Kind Policy - A
PermissionPolicythat matches requests whosePermissionRequest::kindstarts with"custom."and allows or denies them by name. - McpServer
Policy - A
PermissionPolicythat governsMcpPermissionRequests by checking whether the target server is trusted and the requested auth scopes are in the allow-list. - Owned
Tool Context - Owned execution context that can outlive a single stack frame.
- Path
Policy - A
PermissionPolicythat governsFileSystemPermissionRequests by checking whether target paths fall within allowed or protected directory trees. - Permission
Denial - Structured denial produced when a
PermissionCheckerrejects an operation. - Shell
Permission Request - Permission request for executing a shell command.
- Tool
Annotations - Hints that describe behavioural properties of a tool.
- Tool
Capability Provider - A
CapabilityProviderthat exposes every tool in aToolRegistryas anInvocablein the agentkit capability layer. - Tool
Context - Runtime context passed to every
Tool::invokecall. - Tool
Invocable Adapter - Wraps a
Toolas anInvocableso it can be surfaced through the agentkit capability layer. - Tool
Name - Unique name identifying a
Toolwithin aToolRegistry. - Tool
Registry - A name-keyed collection of
Toolimplementations. - Tool
Request - An incoming request to execute a tool.
- Tool
Result - The output produced by a successful tool invocation.
- Tool
Spec - Declarative specification of a tool’s identity, schema, and behavioural hints.
Enums§
- Approval
Decision - The user’s response to an
ApprovalRequest. - Approval
Reason - Why a permission policy is requesting human approval before proceeding.
- Auth
Operation - Describes the operation that triggered an
AuthRequest. - Auth
Resolution - The outcome of an
AuthRequestafter the user interacts with the auth flow. - File
System Permission Request - Permission request for a filesystem operation.
- McpPermission
Request - Permission request for an MCP (Model Context Protocol) operation.
- Permission
Code - Machine-readable code indicating why a permission was denied.
- Permission
Decision - The verdict from a
PermissionCheckerfor a singlePermissionRequest. - Policy
Match - The result of a single
PermissionPolicyevaluation. - Tool
Error - Errors that can occur during tool lookup, permission checking, or execution.
- Tool
Execution Outcome - The three-way result of a
ToolExecutor::executecall. - Tool
Interruption - A tool execution was paused because it needs external input.
Traits§
- Permission
Checker - Evaluates a
PermissionRequestand returns a finalPermissionDecision. - Permission
Policy - A single, focused permission rule that contributes to a composite decision.
- Permission
Request - A description of an operation that requires permission before it can proceed.
- Tool
- The central abstraction for an executable tool in an agentkit agent.
- Tool
Executor - Trait for executing tool calls with permission checking and interruption handling.
- Tool
Resources - Trait for dependency injection into tool implementations.