llm-stack 0.7.0

Core traits, types, and tools for the llm-stack SDK
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453

//! Tool registry for managing and executing tools.

use std::collections::HashMap;
use std::future::Future;
use std::pin::Pin;
use std::sync::Arc;
use std::time::Duration;

use rand::Rng;

use super::ToolHandler;
use crate::chat::{ToolCall, ToolResult};
use crate::intercept::domain::{ToolExec, ToolRequest, ToolResponse};
use crate::intercept::{InterceptorStack, Operation};
use crate::provider::{ToolDefinition, ToolRetryConfig};

/// A registry of tool handlers, indexed by name.
///
/// Generic over context type `Ctx` which is passed to tool handlers on
/// execution. Default is `()` for backwards compatibility.
///
/// Provides validation of tool call arguments against their schemas
/// and parallel execution of multiple tool calls.
///
/// # Interceptors
///
/// Tool execution can be wrapped with interceptors for cross-cutting concerns
/// like logging, approval gates, or rate limiting:
///
/// ```rust,ignore
/// use llm_stack::ToolRegistry;
/// use llm_stack::tool::tool_fn;
/// use llm_stack::intercept::{InterceptorStack, ToolExec, Approval, ApprovalDecision};
///
/// let mut registry: ToolRegistry<()> = ToolRegistry::new()
///     .with_interceptors(
///         InterceptorStack::<ToolExec<()>>::new()
///             .with(Approval::new(|req| {
///                 if req.name.starts_with("dangerous_") {
///                     ApprovalDecision::Deny("Not allowed".into())
///                 } else {
///                     ApprovalDecision::Allow
///                 }
///             }))
///     );
/// ```
pub struct ToolRegistry<Ctx = ()>
where
    Ctx: Send + Sync + 'static,
{
    pub(crate) handlers: HashMap<String, Arc<dyn ToolHandler<Ctx>>>,
    interceptors: InterceptorStack<ToolExec<Ctx>>,
}

impl<Ctx> Default for ToolRegistry<Ctx>
where
    Ctx: Send + Sync + 'static,
{
    fn default() -> Self {
        Self {
            handlers: HashMap::new(),
            interceptors: InterceptorStack::new(),
        }
    }
}

impl<Ctx> Clone for ToolRegistry<Ctx>
where
    Ctx: Send + Sync + 'static,
{
    /// Clone the registry.
    ///
    /// This is cheap — it clones `Arc` pointers to handlers, not the
    /// handlers themselves.
    fn clone(&self) -> Self {
        Self {
            handlers: self.handlers.clone(),
            interceptors: self.interceptors.clone(),
        }
    }
}

impl<Ctx> std::fmt::Debug for ToolRegistry<Ctx>
where
    Ctx: Send + Sync + 'static,
{
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("ToolRegistry")
            .field("tools", &self.handlers.keys().collect::<Vec<_>>())
            .field("interceptors", &self.interceptors.len())
            .finish()
    }
}

impl<Ctx: Send + Sync + 'static> ToolRegistry<Ctx> {
    /// Creates an empty registry.
    pub fn new() -> Self {
        Self::default()
    }

    /// Registers a tool handler.
    ///
    /// If a handler with the same name already exists, it is replaced.
    pub fn register(&mut self, handler: impl ToolHandler<Ctx> + 'static) -> &mut Self {
        let name = handler.definition().name.clone();
        self.handlers.insert(name, Arc::new(handler));
        self
    }

    /// Registers a shared tool handler.
    pub fn register_shared(&mut self, handler: Arc<dyn ToolHandler<Ctx>>) -> &mut Self {
        let name = handler.definition().name.clone();
        self.handlers.insert(name, handler);
        self
    }

    /// Returns the handler for the given tool name.
    pub fn get(&self, name: &str) -> Option<&Arc<dyn ToolHandler<Ctx>>> {
        self.handlers.get(name)
    }

    /// Returns whether a tool with the given name is registered.
    pub fn contains(&self, name: &str) -> bool {
        self.handlers.contains_key(name)
    }

    /// Returns the definitions of all registered tools.
    ///
    /// Pass this to [`ChatParams::tools`](crate::provider::ChatParams::tools) to tell the model which
    /// tools are available.
    pub fn definitions(&self) -> Vec<ToolDefinition> {
        self.handlers.values().map(|h| h.definition()).collect()
    }

    /// Returns the number of registered tools.
    pub fn len(&self) -> usize {
        self.handlers.len()
    }

    /// Returns true if no tools are registered.
    pub fn is_empty(&self) -> bool {
        self.handlers.is_empty()
    }

    /// Returns a new registry excluding the named tools.
    ///
    /// Useful for creating scoped registries in Master/Worker patterns
    /// where workers should not have access to certain tools (e.g., `spawn_task`).
    ///
    /// # Example
    ///
    /// ```rust
    /// use llm_stack::ToolRegistry;
    ///
    /// let master_registry: ToolRegistry<()> = ToolRegistry::new();
    /// // ... register tools ...
    ///
    /// // Workers can't spawn or use admin tools
    /// let worker_registry = master_registry.without(["spawn_task", "admin_tool"]);
    /// ```
    #[must_use]
    pub fn without<'a>(&self, names: impl IntoIterator<Item = &'a str>) -> Self {
        use std::collections::HashSet;
        let exclude: HashSet<&str> = names.into_iter().collect();
        let mut new = Self {
            handlers: HashMap::new(),
            interceptors: self.interceptors.clone(),
        };
        for (name, handler) in &self.handlers {
            if !exclude.contains(name.as_str()) {
                new.handlers.insert(name.clone(), Arc::clone(handler));
            }
        }
        new
    }

    /// Returns a new registry with only the named tools.
    ///
    /// Useful for creating minimal registries with specific capabilities.
    ///
    /// # Example
    ///
    /// ```rust
    /// use llm_stack::ToolRegistry;
    ///
    /// let full_registry: ToolRegistry<()> = ToolRegistry::new();
    /// // ... register tools ...
    ///
    /// // Read-only registry with just search tools
    /// let search_registry = full_registry.only(["search_docs", "search_web"]);
    /// ```
    #[must_use]
    pub fn only<'a>(&self, names: impl IntoIterator<Item = &'a str>) -> Self {
        use std::collections::HashSet;
        let include: HashSet<&str> = names.into_iter().collect();
        let mut new = Self {
            handlers: HashMap::new(),
            interceptors: self.interceptors.clone(),
        };
        for (name, handler) in &self.handlers {
            if include.contains(name.as_str()) {
                new.handlers.insert(name.clone(), Arc::clone(handler));
            }
        }
        new
    }

    /// Sets the interceptor stack for all tool executions.
    ///
    /// Interceptors run in the order added (first = outermost). They can
    /// inspect, modify, or block tool calls before they reach the handler.
    ///
    /// # Example
    ///
    /// ```rust,ignore
    /// use llm_stack::ToolRegistry;
    /// use llm_stack::tool::tool_fn;
    /// use llm_stack::intercept::{InterceptorStack, ToolExec, Approval, ApprovalDecision, Retry};
    ///
    /// let registry: ToolRegistry<()> = ToolRegistry::new()
    ///     .with_interceptors(
    ///         InterceptorStack::<ToolExec<()>>::new()
    ///             .with(Approval::new(|req| {
    ///                 if req.name == "dangerous" {
    ///                     ApprovalDecision::Deny("Not allowed".into())
    ///                 } else {
    ///                     ApprovalDecision::Allow
    ///                 }
    ///             }))
    ///             .with(Retry::default())
    ///     );
    /// ```
    #[must_use]
    pub fn with_interceptors(mut self, interceptors: InterceptorStack<ToolExec<Ctx>>) -> Self {
        self.interceptors = interceptors;
        self
    }

    /// Executes a single tool call with schema validation and optional retry.
    ///
    /// 1. Looks up the handler by [`ToolCall::name`]
    /// 2. Validates arguments against the tool's parameter schema
    /// 3. Runs the call through interceptors (if any)
    /// 4. Invokes the handler with the provided context
    /// 5. If the tool has retry configuration and execution fails,
    ///    retries with exponential backoff
    ///
    /// Returns a [`ToolResult`] (always succeeds at the outer level).
    /// Execution errors are captured in `ToolResult::is_error`.
    pub async fn execute(&self, call: &ToolCall, ctx: &Ctx) -> ToolResult {
        self.execute_inner(&call.name, &call.id, call.arguments.clone(), ctx)
            .await
    }

    /// Executes a tool by name with the given arguments.
    ///
    /// This is a lower-level method used internally when the tool call
    /// components are already separated (e.g., from `execute_with_events`).
    /// Accepts owned arguments to avoid an extra deep clone of `serde_json::Value`.
    pub(crate) async fn execute_by_name(
        &self,
        name: &str,
        call_id: &str,
        arguments: serde_json::Value,
        ctx: &Ctx,
    ) -> ToolResult {
        self.execute_inner(name, call_id, arguments, ctx).await
    }

    /// Shared implementation for `execute` and `execute_by_name`.
    async fn execute_inner(
        &self,
        name: &str,
        call_id: &str,
        arguments: serde_json::Value,
        ctx: &Ctx,
    ) -> ToolResult {
        let Some(handler) = self.handlers.get(name) else {
            return ToolResult {
                tool_call_id: call_id.to_string(),
                content: format!("Unknown tool: {name}"),
                is_error: true,
            };
        };

        // Validate arguments against schema
        #[cfg(feature = "schema")]
        {
            let definition = handler.definition();
            if let Err(e) = definition.parameters.validate(&arguments) {
                return ToolResult {
                    tool_call_id: call_id.to_string(),
                    content: format!("Invalid arguments for tool '{name}': {e}"),
                    is_error: true,
                };
            }
        }

        let request = ToolRequest {
            name: name.to_string(),
            call_id: call_id.to_string(),
            arguments,
        };

        let operation = ToolHandlerOperation {
            handler: handler.clone(),
            ctx,
            retry_config: handler.definition().retry,
        };

        let response = self.interceptors.execute(&request, &operation).await;

        ToolResult {
            tool_call_id: request.call_id,
            content: response.content,
            is_error: response.is_error,
        }
    }

    /// Executes multiple tool calls, preserving order.
    ///
    /// When `parallel` is true, all calls run concurrently via
    /// `futures::future::join_all`. When false, they run sequentially.
    pub async fn execute_all(
        &self,
        calls: &[ToolCall],
        ctx: &Ctx,
        parallel: bool,
    ) -> Vec<ToolResult> {
        if !parallel || calls.len() <= 1 {
            let mut results = Vec::with_capacity(calls.len());
            for call in calls {
                results.push(self.execute(call, ctx).await);
            }
            return results;
        }

        // Parallel execution using join_all (no spawn needed)
        let futures: Vec<_> = calls.iter().map(|call| self.execute(call, ctx)).collect();
        futures::future::join_all(futures).await
    }
}

/// Computes backoff duration with exponential growth and jitter.
///
/// Formula: `min(initial * multiplier^attempt, max) * random(1-jitter, 1)`
fn compute_backoff(config: &ToolRetryConfig, attempt: u32) -> Duration {
    // Safe to cast: attempt is bounded by max_retries which is u32,
    // and reasonable values are << i32::MAX
    #[allow(clippy::cast_possible_wrap)]
    let base =
        config.initial_backoff.as_secs_f64() * config.backoff_multiplier.powi(attempt as i32);
    let capped = base.min(config.max_backoff.as_secs_f64());

    // Apply jitter: random value in range [1-jitter, 1]
    let jitter_factor = if config.jitter > 0.0 {
        let min_factor = 1.0 - config.jitter;
        let mut rng = rand::rng();
        rng.random_range(min_factor..=1.0)
    } else {
        1.0
    };

    Duration::from_secs_f64(capped * jitter_factor)
}

/// Wraps a tool handler as an [`Operation`] for the interceptor stack.
///
/// This struct captures the handler, context, and retry config so that
/// the interceptor stack can execute the tool.
struct ToolHandlerOperation<'a, Ctx: Send + Sync + 'static> {
    handler: Arc<dyn ToolHandler<Ctx>>,
    ctx: &'a Ctx,
    retry_config: Option<ToolRetryConfig>,
}

impl<Ctx: Send + Sync + 'static> Operation<ToolExec<Ctx>> for ToolHandlerOperation<'_, Ctx> {
    fn execute<'b>(
        &'b self,
        input: &'b ToolRequest,
    ) -> Pin<Box<dyn Future<Output = ToolResponse> + Send + 'b>>
    where
        ToolRequest: Sync,
    {
        Box::pin(async move {
            match &self.retry_config {
                Some(config) => execute_with_retry(&self.handler, input, self.ctx, config).await,
                None => execute_once(&self.handler, input, self.ctx).await,
            }
        })
    }
}

/// Executes a tool once without retry.
async fn execute_once<Ctx: Send + Sync + 'static>(
    handler: &Arc<dyn ToolHandler<Ctx>>,
    request: &ToolRequest,
    ctx: &Ctx,
) -> ToolResponse {
    match handler.execute(request.arguments.clone(), ctx).await {
        Ok(output) => ToolResponse {
            content: output.content,
            is_error: false,
        },
        Err(e) => ToolResponse {
            content: e.message,
            is_error: true,
        },
    }
}

/// Executes a tool with retry logic.
async fn execute_with_retry<Ctx: Send + Sync + 'static>(
    handler: &Arc<dyn ToolHandler<Ctx>>,
    request: &ToolRequest,
    ctx: &Ctx,
    config: &ToolRetryConfig,
) -> ToolResponse {
    let mut attempt = 0u32;

    loop {
        match handler.execute(request.arguments.clone(), ctx).await {
            Ok(output) => {
                return ToolResponse {
                    content: output.content,
                    is_error: false,
                };
            }
            Err(e) => {
                let error_msg = e.message;

                // Check if we should retry this error
                let should_retry = config
                    .retry_if
                    .as_ref()
                    .is_none_or(|predicate| predicate(&error_msg));

                if !should_retry || attempt >= config.max_retries {
                    return ToolResponse {
                        content: error_msg,
                        is_error: true,
                    };
                }

                // Calculate backoff with jitter
                let backoff = compute_backoff(config, attempt);
                tokio::time::sleep(backoff).await;

                attempt += 1;
            }
        }
    }
}