Expand description
Core abstractions for defining, registering, executing, and governing tools in agentkit.
This crate provides the Tool trait, ToolRegistry,
BasicToolExecutor, and a layered permission system built on
PermissionChecker, PermissionPolicy, and
CompositePermissionChecker. Together these types let you:
- Define tools by implementing
Toolwith aToolSpecand asyncinvokemethod. - Register tools in a
ToolRegistryand hand it to an executor or capability provider. - Check permissions before execution using composable policies
(
PathPolicy,CommandPolicy,McpServerPolicy,CustomKindPolicy). - Handle interruptions (approval prompts) via the
ToolInterruption/ApprovalRequesttypes. - Bridge to the capability layer with
ToolCapabilityProvider, which wraps every registered tool as anInvocable.
Structs§
- Allow
AllPermissions - A
PermissionCheckerthat unconditionally allows every operation. - Approval
Request - A request sent to the host when a tool execution needs human approval.
- Basic
Tool Executor - The default
ToolExecutorthat walks one or moreToolSources, checks permissions viaTool::proposed_requests, and invokes the tool. - Catalog
Reader - Read side of a dynamic tool catalog. Implements
ToolSourceand is the value handed to [agentkit_loop::AgentBuilder::tools]. Cloning subscribes a fresh broadcast receiver, so independent observers don’t compete for catalog events. - Catalog
Writer - Mutating side of a dynamic tool catalog. Owned by subsystems that
discover or refresh tools at runtime (MCP server manager, skill watcher,
plugin loader). Each
upsert,remove, orreplace_allemits aToolCatalogEventthat everyCatalogReaderminted from the samedynamic_catalogcall (or its clones) observes viaToolSource::drain_catalog_events. - Command
Policy - A
PermissionPolicythat governsShellPermissionRequests by checking the executable name, working directory, and environment variables. - Composite
Permission Checker - Chains multiple
PermissionPolicyimplementations into a singlePermissionChecker. - Configurable
Tool Output Truncation Strategy - Configurable truncation strategy with executor-level defaults, per-tool overrides, and optional tool-metadata defaults.
- Custom
Kind Policy - A
PermissionPolicythat matches requests whosePermissionRequest::kindstarts with"custom."and allows or denies them by name. - Filtered
- A
ToolSourcewrapper that hides tools rejected bypredicate. Constructed viaToolSource::filteredor directly. - InMemory
Tool Output Artifact Store - Process-local artifact store for oversized tool results.
- McpServer
Policy - A
PermissionPolicythat governsMcpPermissionRequests by checking whether the target server is trusted and the requested auth scopes are in the allow-list. - Owned
Tool Context - Owned execution context that can outlive a single stack frame.
- Path
Policy - A
PermissionPolicythat governsFileSystemPermissionRequests by checking whether target paths fall within allowed or protected directory trees. - Permission
Denial - Structured denial produced when a
PermissionCheckerrejects an operation. - Prefixed
- A
ToolSourcewrapper that prefixes every advertised tool name with<prefix>_. Constructed viaToolSource::prefixedor directly. - Renamed
- A
ToolSourcewrapper that renames specific tools. Tools whose original name appears in the forward mapping are advertised under the new name and resolved from the new name back to the original. Unmapped names pass through unchanged. - Shell
Permission Request - Permission request for executing a shell command.
- Tool
Annotations - Hints that describe behavioural properties of a tool.
- Tool
Capability Provider - A
CapabilityProviderthat exposes every tool in aToolRegistryas anInvocablein the agentkit capability layer. - Tool
Catalog Event - A change notification for a dynamic tool catalog.
- Tool
Context - Runtime context passed to every
Tool::invokecall. - Tool
Invocable Adapter - Wraps a
Toolas anInvocableso it can be surfaced through the agentkit capability layer. - Tool
Name - Unique name identifying a
Toolwithin aToolRegistry. - Tool
Output Artifact - Stored representation of an oversized tool result.
- Tool
Output Artifact Id - Identifier returned when oversized tool output is stored out-of-band.
- Tool
Output Artifact Slice - Bounded UTF-8 slice of a stored tool-result artifact.
- Tool
Output Limit - Per-tool output limit configuration.
- Tool
Output Truncation Context - Context passed to a tool-output truncation strategy after a tool invocation succeeds and before the result is appended to the transcript.
- Tool
Registry - A name-keyed collection of
Toolimplementations. - Tool
Request - An incoming request to execute a tool.
- Tool
Result - The output produced by a successful tool invocation.
- Tool
Result Read Tool - Read back a bounded slice from an oversized tool result stored by
ConfigurableToolOutputTruncationStrategy. - Tool
Spec - Declarative specification of a tool’s identity, schema, and behavioural hints.
Enums§
- Approval
Decision - The user’s response to an
ApprovalRequest. - Approval
Reason - Why a permission policy is requesting human approval before proceeding.
- Collision
Policy - Policy applied when the same tool name appears in more than one
ToolSourceof aBasicToolExecutor. - File
System Permission Request - Permission request for a filesystem operation.
- McpPermission
Request - Permission request for an MCP (Model Context Protocol) operation.
- Permission
Code - Machine-readable code indicating why a permission was denied.
- Permission
Decision - The verdict from a
PermissionCheckerfor a singlePermissionRequest. - Policy
Match - The result of a single
PermissionPolicyevaluation. - Tool
Error - Errors that can occur during tool lookup, permission checking, or execution.
- Tool
Execution Outcome - The three-way result of a
ToolExecutor::executecall. - Tool
Interruption - A tool execution was paused because it needs external input.
- Tool
Output Overflow Action - What the executor should do when a tool result exceeds its configured model-facing byte budget.
Constants§
- TOOL_
OUTPUT_ LIMIT_ METADATA_ KEY - Metadata key used by tool specs to advertise their preferred output
overflow behaviour. Hosts can respect this through
ConfigurableToolOutputTruncationStrategy, while still overriding individual tools in executor configuration. - TOOL_
RESULT_ READ_ TOOL_ NAME
Traits§
- Permission
Checker - Evaluates a
PermissionRequestand returns a finalPermissionDecision. - Permission
Policy - A single, focused permission rule that contributes to a composite decision.
- Permission
Request - A description of an operation that requires permission before it can proceed.
- Tool
- The central abstraction for an executable tool in an agentkit agent.
- Tool
Executor - Trait for executing tool calls with permission checking and interruption handling.
- Tool
Output Artifact Store - Tool
Output Truncation Strategy - Strategy hook for enforcing model-facing tool-output budgets.
- Tool
Resources - Trait for dependency injection into tool implementations.
- Tool
Source - Read-side contract for a federated tool catalog.
Functions§
- dynamic_
catalog - Constructs a fresh dynamic tool catalog as a writer/reader pair.
- tool_
result_ readback_ registry - Convenience registry for safe tool-output readback.