agent-sdk 0.9.2

Rust Agent SDK for building LLM agents
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

//! Panic-isolation integration tests (Phase 10 · C).
//!
//! Locks in the SDK contract that a panic inside a tool or LLM/stream
//! future is isolated into an *observable, structured* outcome instead
//! of unwinding the whole spawned run task. Before this fix there was
//! no `catch_unwind` anywhere: a panicking tool unwound the run task,
//! dropped `state_tx` (so the caller saw an opaque `RecvError`), and
//! orphaned the assistant `tool_use` — reintroducing the unbalanced
//! `tool_use` / `tool_result` history bug the cancel fix closed.
//!
//! The two scenarios asserted here:
//!
//! 1. **A tool that panics** → the SDK commits a structured error
//!    `tool_result` ("Tool panicked: …") via the normal completion
//!    path, the run still ends as `Done`/`Error` (the channel is never
//!    dropped), and history stays balanced (no orphan `tool_use`).
//! 2. **A panicking LLM call** → the run ends as `AgentRunState::Error`
//!    carrying a structured message, *not* a dropped channel /
//!    `RecvError`.

use agent_sdk::llm::{
    ChatOutcome, ChatRequest, ChatResponse, Content, ContentBlock, LlmProvider, Message, Role,
    StopReason, Usage,
};
use agent_sdk::{
    AgentInput, AgentRunState, AllowAllHooks, CancellationToken, DynamicToolName,
    InMemoryEventStore, InMemoryStore, MessageStore, ThreadId, Tool, ToolContext, ToolRegistry,
    ToolResult, ToolTier, builder,
};
use anyhow::{Result, anyhow};
use async_trait::async_trait;
use serde_json::{Value, json};
use std::sync::{Arc, RwLock};

/// LLM provider that returns the next pre-scripted outcome.
struct ScriptedProvider {
    responses: RwLock<Vec<ChatOutcome>>,
}

impl ScriptedProvider {
    const fn new(responses: Vec<ChatOutcome>) -> Self {
        Self {
            responses: RwLock::new(responses),
        }
    }
}

#[async_trait]
impl LlmProvider for ScriptedProvider {
    async fn chat(&self, _request: ChatRequest) -> Result<ChatOutcome> {
        let mut responses = self
            .responses
            .write()
            .ok()
            .ok_or_else(|| anyhow!("responses lock poisoned"))?;
        if responses.is_empty() {
            Err(anyhow!("ScriptedProvider script exhausted"))
        } else {
            Ok(responses.remove(0))
        }
    }

    fn model(&self) -> &'static str {
        "test-model"
    }

    fn provider(&self) -> &'static str {
        "anthropic"
    }
}

/// LLM provider whose `chat()` panics — stands in for a buggy provider
/// adapter (or compaction call) that unwinds mid-flight.
struct PanickingProvider;

#[async_trait]
impl LlmProvider for PanickingProvider {
    async fn chat(&self, _request: ChatRequest) -> Result<ChatOutcome> {
        panic!("provider blew up");
    }

    fn model(&self) -> &'static str {
        "panic-model"
    }

    fn provider(&self) -> &'static str {
        "anthropic"
    }
}

/// Tool that always panics when executed. Deliberately panics with a
/// formatted `String` payload to exercise the `String` downcast branch
/// of the panic-message extractor.
struct PanickingTool;

impl Tool<()> for PanickingTool {
    type Name = DynamicToolName;

    fn name(&self) -> DynamicToolName {
        DynamicToolName::new("boom")
    }

    fn display_name(&self) -> &'static str {
        "Boom"
    }

    fn description(&self) -> &'static str {
        "A tool that panics on execution."
    }

    fn input_schema(&self) -> Value {
        json!({ "type": "object", "properties": {} })
    }

    fn tier(&self) -> ToolTier {
        ToolTier::Observe
    }

    async fn execute(&self, _ctx: &ToolContext<()>, _input: Value) -> Result<ToolResult> {
        panic!("tool exploded: {}", "kaboom");
    }
}

#[derive(Clone, Default)]
struct SharedStore(Arc<InMemoryStore>);

impl SharedStore {
    fn new() -> Self {
        Self(Arc::new(InMemoryStore::new()))
    }
}

#[async_trait]
impl MessageStore for SharedStore {
    async fn append(&self, thread_id: &ThreadId, message: Message) -> Result<()> {
        self.0.append(thread_id, message).await
    }

    async fn get_history(&self, thread_id: &ThreadId) -> Result<Vec<Message>> {
        self.0.get_history(thread_id).await
    }

    async fn clear(&self, thread_id: &ThreadId) -> Result<()> {
        self.0.clear(thread_id).await
    }

    async fn replace_history(&self, thread_id: &ThreadId, messages: Vec<Message>) -> Result<()> {
        self.0.replace_history(thread_id, messages).await
    }
}

#[async_trait]
impl agent_sdk::StateStore for SharedStore {
    async fn save(&self, state: &agent_sdk::AgentState) -> Result<()> {
        self.0.save(state).await
    }

    async fn load(&self, thread_id: &ThreadId) -> Result<Option<agent_sdk::AgentState>> {
        self.0.load(thread_id).await
    }

    async fn delete(&self, thread_id: &ThreadId) -> Result<()> {
        self.0.delete(thread_id).await
    }
}

fn tool_use_response(id: &str, name: &str) -> ChatOutcome {
    ChatOutcome::Success(ChatResponse {
        id: format!("resp_{id}"),
        content: vec![ContentBlock::ToolUse {
            id: id.to_string(),
            name: name.to_string(),
            input: json!({}),
            thought_signature: None,
        }],
        model: "test-model".to_string(),
        stop_reason: Some(StopReason::ToolUse),
        usage: Usage {
            input_tokens: 5,
            output_tokens: 5,
            cached_input_tokens: 0,
            cache_creation_input_tokens: 0,
        },
    })
}

fn text_response(text: &str) -> ChatOutcome {
    ChatOutcome::Success(ChatResponse {
        id: format!("resp_{text}"),
        content: vec![ContentBlock::Text {
            text: text.to_string(),
        }],
        model: "test-model".to_string(),
        stop_reason: Some(StopReason::EndTurn),
        usage: Usage {
            input_tokens: 5,
            output_tokens: 5,
            cached_input_tokens: 0,
            cache_creation_input_tokens: 0,
        },
    })
}

/// IDs of `tool_use` blocks with no matching `tool_result` in the next
/// user message. Empty means balanced history.
fn orphan_tool_use_ids(history: &[Message]) -> Vec<String> {
    let mut orphans = Vec::new();
    for (idx, message) in history.iter().enumerate() {
        if message.role != Role::Assistant {
            continue;
        }
        let Content::Blocks(blocks) = &message.content else {
            continue;
        };
        for block in blocks {
            if let ContentBlock::ToolUse { id, .. } = block {
                let satisfied = history.get(idx + 1).is_some_and(|next| {
                    let Content::Blocks(next_blocks) = &next.content else {
                        return false;
                    };
                    next_blocks.iter().any(|b| {
                        matches!(b, ContentBlock::ToolResult { tool_use_id, .. } if tool_use_id == id)
                    })
                });
                if !satisfied {
                    orphans.push(id.clone());
                }
            }
        }
    }
    orphans
}

fn tool_results_for(history: &[Message], tool_use_id: &str) -> Vec<String> {
    history
        .iter()
        .filter_map(|m| match &m.content {
            Content::Blocks(blocks) => Some(blocks),
            Content::Text(_) => None,
        })
        .flatten()
        .filter_map(|b| match b {
            ContentBlock::ToolResult {
                tool_use_id: id,
                content,
                ..
            } if id == tool_use_id => Some(content.clone()),
            _ => None,
        })
        .collect()
}

#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn tool_panic_becomes_structured_result_and_history_stays_balanced() -> Result<()> {
    let store = SharedStore::new();
    let thread_id = ThreadId::new();
    let tool_call_id = "toolu_panic_test_1";

    let mut tools = ToolRegistry::new();
    tools.register(PanickingTool);

    // Turn 1: model calls the panicking tool. Turn 2: after the
    // structured error result is fed back, the model wraps up.
    let provider = ScriptedProvider::new(vec![
        tool_use_response(tool_call_id, "boom"),
        text_response("Recovered from the tool failure."),
    ]);

    let agent = builder::<()>()
        .provider(provider)
        .tools(tools)
        .hooks(AllowAllHooks)
        .message_store(store.clone())
        .state_store(store.clone())
        .event_store(Arc::new(InMemoryEventStore::new()))
        .build_with_stores();

    let final_state = agent
        .run(
            thread_id.clone(),
            AgentInput::Text("run the boom tool".to_string()),
            ToolContext::new(()),
            CancellationToken::new(),
        )
        .await
        // The channel must resolve — a dropped `state_tx` (the pre-fix
        // bug) would surface here as a `RecvError`.
        .map_err(|e| anyhow!("run state channel dropped (RecvError): {e}"))?;

    // The run continues past the panic and completes normally; the
    // tool panic is just a failed tool result, not a run-ending event.
    assert!(
        matches!(final_state, AgentRunState::Done { .. }),
        "run must end as Done after the tool panic is absorbed; got {final_state:?}",
    );

    let history = store.get_history(&thread_id).await?;

    // Balanced history: no orphan tool_use.
    let orphans = orphan_tool_use_ids(&history);
    assert!(
        orphans.is_empty(),
        "a tool panic must not leave an orphan tool_use; got {orphans:?} in {history:#?}",
    );

    // Exactly one structured error tool_result, carrying the panic
    // message (proving it was caught, not swallowed).
    let results = tool_results_for(&history, tool_call_id);
    assert_eq!(
        results.len(),
        1,
        "exactly one tool_result for the panicking tool_use; got {results:?}",
    );
    assert!(
        results[0].contains("Tool panicked"),
        "tool_result must be the structured panic error; got {:?}",
        results[0],
    );
    assert!(
        results[0].contains("tool exploded: kaboom"),
        "structured error should carry the original panic message; got {:?}",
        results[0],
    );

    Ok(())
}

#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
async fn llm_panic_surfaces_as_structured_run_error_not_recv_error() -> Result<()> {
    let store = SharedStore::new();
    let thread_id = ThreadId::new();

    let agent = builder::<()>()
        .provider(PanickingProvider)
        .tools(ToolRegistry::new())
        .hooks(AllowAllHooks)
        .message_store(store.clone())
        .state_store(store.clone())
        .event_store(Arc::new(InMemoryEventStore::new()))
        .build_with_stores();

    let final_state = agent
        .run(
            thread_id.clone(),
            AgentInput::Text("hello".to_string()),
            ToolContext::new(()),
            CancellationToken::new(),
        )
        .await
        // Before the run-loop catch_unwind boundary, a panic in the
        // provider call dropped `state_tx` and the caller saw this as
        // an opaque RecvError. Now the channel resolves with an Error.
        .map_err(|e| anyhow!("run state channel dropped (RecvError) on LLM panic: {e}"))?;

    match final_state {
        AgentRunState::Error(err) => {
            assert!(
                err.message.contains("panicked"),
                "LLM panic must surface as a structured run error mentioning the panic; got {:?}",
                err.message,
            );
            assert!(
                err.message.contains("provider blew up"),
                "structured run error should carry the original panic message; got {:?}",
                err.message,
            );
        }
        other => panic!("LLM panic must end the run as Error; got {other:?}"),
    }

    Ok(())
}