Trait Observer 

pub trait Observer: Send + Sync {
    // Provided methods
    fn on_step_start(&self, _ctx: &StepContext) { ... }
    fn on_tool_start(&self, _call: &ToolCall) { ... }
    fn on_tool_end(&self, _call: &ToolCall, _result: &ToolResult) { ... }
    fn on_step_end(&self, _response: &Message) { ... }
    fn on_step_error(&self, _error: &str) { ... }
    fn should_dispatch(&self, _call: &ToolCall) -> Disposition { ... }
}

Lifecycle observer. Every method has a default no-op implementation so implementors override only the hooks they care about.

Provided Methods

fn on_step_start(&self, _ctx: &StepContext)

Called when Agent::step begins.

fn on_tool_start(&self, _call: &ToolCall)

Called before each tool dispatch inside the step loop.

fn on_tool_end(&self, _call: &ToolCall, _result: &ToolResult)

Called after each tool dispatch completes, with the result.

fn on_step_end(&self, _response: &Message)

Called when the step loop terminates with a final assistant message.

fn on_step_error(&self, _error: &str)

Called if the step loop errors out before producing a final message.

fn should_dispatch(&self, _call: &ToolCall) -> Disposition

v0.3 C2 — policy gate fired BEFORE every tool dispatch.

Returning Disposition::Allow (the default) lets the call proceed. Returning Disposition::Refused causes the agent to skip the actual tool call and return the provided message to the model as a synthetic tool result. The loop continues — the model may choose to call a different tool, retry with different arguments, or stop.

This is the canonical extension point for:

• Trust tier enforcement (deny by policy)
• Human-in-the-loop approval (block until a human clicks “allow”)
• Quota accounting layered on top of the built-in Agent::tool_quotas
• Content filtering on tool arguments

Default impl always allows. Existing Observer implementations do not need to change.

Implementors

impl Observer for NoOpObserver