1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
use std::sync::Arc;
use futures::StreamExt;
use tokio::sync::mpsc;
use crate::approval::{AllowAllApprover, ApprovalDecision, ToolApprover};
use crate::error::{Error, Result};
use crate::llm::{LlmClient, LlmRequest, LlmStreamEvent, Usage};
use crate::message::{Message, Role, ToolCall, ToolResult};
use crate::tool::ToolRegistry;
#[derive(Debug, Clone)]
pub struct AgentOptions {
pub model: String,
pub temperature: Option<f32>,
pub max_tokens: Option<u32>,
/// Hard cap on assistant ↔ tool round-trips inside a single
/// [`Agent::run`] call. Hermes calls this the iteration budget; matching
/// that vocabulary makes the port read like the original.
pub max_iterations: u32,
/// Cap on tool-result `content` length in characters. Anything longer is
/// truncated with a `…[truncated tool output]` suffix before being fed
/// back to the model. Individual tools may further restrict themselves;
/// this is a backstop. `0` disables truncation.
pub max_tool_result_chars: usize,
}
impl Default for AgentOptions {
fn default() -> Self {
Self {
model: "gpt-4o-mini".into(),
temperature: None,
max_tokens: None,
max_iterations: 32,
max_tool_result_chars: 16 * 1024,
}
}
}
/// Events emitted while the agent runs — consumed by the CLI to render
/// streaming output and tool activity.
#[derive(Debug, Clone)]
pub enum AgentEvent {
AssistantDelta(String),
AssistantMessage(Message),
ToolCallStart {
id: String,
name: String,
arguments: serde_json::Value,
},
ToolCallFinish {
id: String,
name: String,
content: String,
is_error: bool,
},
Usage(Usage),
IterationBudgetExhausted,
Done,
}
/// Drives the assistant ↔ tool loop. One [`Agent`] is reusable across many
/// `run` calls; the conversation lives in the caller-owned `messages` Vec.
pub struct Agent {
llm: Arc<dyn LlmClient>,
tools: ToolRegistry,
options: AgentOptions,
approver: Arc<dyn ToolApprover>,
}
impl Agent {
pub fn new(llm: Arc<dyn LlmClient>, tools: ToolRegistry, options: AgentOptions) -> Self {
Self {
llm,
tools,
options,
approver: Arc::new(AllowAllApprover),
}
}
/// Install a tool approver. Defaults to [`AllowAllApprover`] — replace
/// with a real implementation (e.g. the CLI's console prompter) to gate
/// sensitive tools.
pub fn with_approver(mut self, approver: Arc<dyn ToolApprover>) -> Self {
self.approver = approver;
self
}
pub fn options(&self) -> &AgentOptions {
&self.options
}
pub fn options_mut(&mut self) -> &mut AgentOptions {
&mut self.options
}
pub fn tools(&self) -> &ToolRegistry {
&self.tools
}
/// Run the agent until the model returns a turn with no tool calls or the
/// iteration budget is exhausted. `messages` is mutated in place to
/// reflect the new turns. Streaming events are pushed to `events`.
pub async fn run(
&self,
messages: &mut Vec<Message>,
events: mpsc::Sender<AgentEvent>,
) -> Result<()> {
for _ in 0..self.options.max_iterations {
let req = LlmRequest {
model: self.options.model.clone(),
messages: messages.clone(),
tools: self.tools.schemas(),
temperature: self.options.temperature,
max_tokens: self.options.max_tokens,
};
let mut stream = self.llm.stream(req).await?;
let mut text_buf = String::new();
let mut tool_calls: Vec<ToolCall> = Vec::new();
while let Some(ev) = stream.next().await {
match ev? {
LlmStreamEvent::Delta(s) => {
text_buf.push_str(&s);
let _ = events.send(AgentEvent::AssistantDelta(s)).await;
}
LlmStreamEvent::ToolCalls(calls) => {
tool_calls = calls;
}
LlmStreamEvent::Usage(u) => {
let _ = events.send(AgentEvent::Usage(u)).await;
}
LlmStreamEvent::Done(_) => break,
}
}
let assistant_msg = if tool_calls.is_empty() {
Message::assistant_text(text_buf.clone())
} else if text_buf.is_empty() {
Message::assistant_tool_calls(tool_calls.clone())
} else {
// Both content and tool calls — OpenAI allows this; keep both.
Message {
role: Role::Assistant,
content: Some(text_buf.clone()),
tool_calls: tool_calls.clone(),
tool_call_id: None,
name: None,
}
};
messages.push(assistant_msg.clone());
let _ = events
.send(AgentEvent::AssistantMessage(assistant_msg))
.await;
if tool_calls.is_empty() {
let _ = events.send(AgentEvent::Done).await;
return Ok(());
}
for call in tool_calls {
let decision = self.approver.approve(&call.name, &call.arguments).await;
// Emit Start *after* approval so the CLI's render output and
// the approver's stdin prompt don't fight for the terminal.
let _ = events
.send(AgentEvent::ToolCallStart {
id: call.id.clone(),
name: call.name.clone(),
arguments: call.arguments.clone(),
})
.await;
let mut result = match decision {
ApprovalDecision::Deny { reason } => ToolResult {
tool_call_id: call.id.clone(),
name: call.name.clone(),
content: format!("tool rejected by user: {reason}"),
is_error: true,
},
ApprovalDecision::Allow => match self.tools.get(&call.name) {
Ok(tool) => tool.call(&call.id, call.arguments.clone()).await,
Err(e) => ToolResult {
tool_call_id: call.id.clone(),
name: call.name.clone(),
content: format!("error: {e}"),
is_error: true,
},
},
};
if self.options.max_tool_result_chars > 0
&& result.content.len() > self.options.max_tool_result_chars
{
result.content.truncate(self.options.max_tool_result_chars);
result.content.push_str("\n…[truncated tool output]");
}
let _ = events
.send(AgentEvent::ToolCallFinish {
id: result.tool_call_id.clone(),
name: result.name.clone(),
content: result.content.clone(),
is_error: result.is_error,
})
.await;
messages.push(Message::tool_response(result));
}
}
let _ = events.send(AgentEvent::IterationBudgetExhausted).await;
Err(Error::BudgetExhausted)
}
}