tool-side-effects-tag 0.1.0

Declare what an LLM agent tool actually does (read, write, idempotent, destructive, external, expensive, network) so the scheduler / retry layer can decide what's parallel-safe and retry-safe. Zero runtime deps; serde optional.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298

//! # tool-side-effects-tag
//!
//! Declare what an LLM agent tool actually does so the scheduler / retry
//! layer can make the right decision per-tool.
//!
//! If your scheduler does not know which tools are reads and which are
//! writes, it cannot run them in parallel safely. If your retry layer does
//! not know which tools are idempotent, it cannot retry them safely. This
//! crate gives you a tiny vocabulary of [`SideEffect`] tags plus inspection
//! helpers that classify a tool as parallel-safe, retry-safe, or
//! destructive.
//!
//! The Python sibling uses a function decorator. Rust does not have
//! decorators, so the idiom here is an associated-metadata pattern: tools
//! implement [`HasSideEffects`] (or hold a [`Tag`] / [`SideEffects`]) and
//! the free functions [`is_parallel_safe`], [`is_retry_safe`], and
//! [`is_destructive`] read that set.
//!
//! ## Quick example
//!
//! ```
//! use tool_side_effects_tag::{
//!     HasSideEffects, SideEffect, SideEffects,
//!     is_destructive, is_parallel_safe, is_retry_safe,
//! };
//!
//! struct SearchWeb;
//! impl HasSideEffects for SearchWeb {
//!     fn side_effects(&self) -> SideEffects {
//!         let mut s = SideEffects::new();
//!         s.insert(SideEffect::Read);
//!         s
//!     }
//! }
//!
//! let tool = SearchWeb;
//! assert!(is_parallel_safe(&tool.side_effects()));
//! assert!(is_retry_safe(&tool.side_effects()));
//! assert!(!is_destructive(&tool.side_effects()));
//! ```
//!
//! ## With a [`Tag`] wrapper
//!
//! ```
//! use tool_side_effects_tag::{SideEffect, SideEffects, Tag};
//!
//! let mut effects = SideEffects::new();
//! effects.insert(SideEffect::Write);
//! effects.insert(SideEffect::Idempotent);
//! let upsert = Tag::new("upsert_user", effects);
//!
//! assert_eq!(*upsert.value(), "upsert_user");
//! assert!(upsert.effects().contains(SideEffect::Write));
//! ```
//!
//! ## Feature flags
//!
//! - `serde` — derives `Serialize` / `Deserialize` for [`SideEffect`] and
//!   [`SideEffects`]. Off by default; enable with
//!   `features = ["serde"]`.

#![deny(missing_docs)]

use std::collections::HashSet;
use std::fmt;
use std::str::FromStr;

#[cfg(feature = "serde")]
use serde::{Deserialize, Serialize};

/// Standard side-effect categories for an agent tool.
///
/// String form matches the Python sibling library:
/// `"read"`, `"write"`, `"idempotent"`, `"destructive"`, `"external"`,
/// `"expensive"`, `"network"`.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
#[cfg_attr(feature = "serde", serde(rename_all = "lowercase"))]
pub enum SideEffect {
    /// Reads data. No state mutation. Safe to parallelize and retry.
    Read,
    /// Mutates internal state. Not parallel-safe by default.
    Write,
    /// Repeated calls with the same args produce the same effect. Retry-safe.
    Idempotent,
    /// Removes or invalidates state (delete, drop, purge). Never auto-retry.
    Destructive,
    /// Touches a third-party system (email, payments, webhooks). Not
    /// retry-safe without [`SideEffect::Idempotent`].
    External,
    /// High cost (tokens, money, time). Caller may want extra confirmation.
    Expensive,
    /// Makes a network call. Subject to retryable transient errors.
    Network,
}

impl SideEffect {
    /// Stable string slug used by [`Display`] and [`FromStr`].
    pub fn as_str(&self) -> &'static str {
        match self {
            SideEffect::Read => "read",
            SideEffect::Write => "write",
            SideEffect::Idempotent => "idempotent",
            SideEffect::Destructive => "destructive",
            SideEffect::External => "external",
            SideEffect::Expensive => "expensive",
            SideEffect::Network => "network",
        }
    }
}

impl fmt::Display for SideEffect {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str(self.as_str())
    }
}

/// Error returned by [`SideEffect::from_str`] when the input does not match
/// any known tag.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ParseSideEffectError {
    /// The input that failed to parse.
    pub input: String,
}

impl fmt::Display for ParseSideEffectError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "unknown side-effect tag: {:?}", self.input)
    }
}

impl std::error::Error for ParseSideEffectError {}

impl FromStr for SideEffect {
    type Err = ParseSideEffectError;
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        match s {
            "read" => Ok(SideEffect::Read),
            "write" => Ok(SideEffect::Write),
            "idempotent" => Ok(SideEffect::Idempotent),
            "destructive" => Ok(SideEffect::Destructive),
            "external" => Ok(SideEffect::External),
            "expensive" => Ok(SideEffect::Expensive),
            "network" => Ok(SideEffect::Network),
            other => Err(ParseSideEffectError {
                input: other.to_string(),
            }),
        }
    }
}

/// An unordered set of [`SideEffect`] tags attached to a tool.
///
/// Backed by [`HashSet`]; insertion order is not preserved. Use
/// [`SideEffects::iter`] to read out the contents.
#[derive(Debug, Clone, Default, PartialEq, Eq)]
#[cfg_attr(feature = "serde", derive(Serialize, Deserialize))]
#[cfg_attr(feature = "serde", serde(transparent))]
pub struct SideEffects {
    inner: HashSet<SideEffect>,
}

impl SideEffects {
    /// Construct an empty set.
    pub fn new() -> Self {
        Self {
            inner: HashSet::new(),
        }
    }

    /// Insert a tag. Returns `true` if the tag was newly added.
    pub fn insert(&mut self, effect: SideEffect) -> bool {
        self.inner.insert(effect)
    }

    /// Remove a tag. Returns `true` if the tag was present.
    pub fn remove(&mut self, effect: SideEffect) -> bool {
        self.inner.remove(&effect)
    }

    /// Returns `true` iff the set contains `effect`.
    pub fn contains(&self, effect: SideEffect) -> bool {
        self.inner.contains(&effect)
    }

    /// Iterate over the tags in arbitrary order.
    pub fn iter(&self) -> impl Iterator<Item = &SideEffect> {
        self.inner.iter()
    }

    /// Number of tags in the set.
    pub fn len(&self) -> usize {
        self.inner.len()
    }

    /// `true` iff the set is empty.
    pub fn is_empty(&self) -> bool {
        self.inner.is_empty()
    }
}

impl FromIterator<SideEffect> for SideEffects {
    fn from_iter<I: IntoIterator<Item = SideEffect>>(iter: I) -> Self {
        Self {
            inner: iter.into_iter().collect(),
        }
    }
}

/// Implement on a tool type to declare its side-effect surface.
///
/// The dispatch / retry layer can then call [`is_parallel_safe`],
/// [`is_retry_safe`], or [`is_destructive`] on the returned set without
/// caring what the concrete tool type is.
pub trait HasSideEffects {
    /// Return the side-effect set for this tool.
    fn side_effects(&self) -> SideEffects;
}

/// Pairs any value with a [`SideEffects`] set. Lets you tag tool handles,
/// closures, command structs, anything.
#[derive(Debug, Clone)]
pub struct Tag<T> {
    value: T,
    effects: SideEffects,
}

impl<T> Tag<T> {
    /// Wrap `value` with the given `effects` set.
    pub fn new(value: T, effects: SideEffects) -> Self {
        Self { value, effects }
    }

    /// Borrow the inner value.
    pub fn value(&self) -> &T {
        &self.value
    }

    /// Borrow the attached side-effect set.
    pub fn effects(&self) -> &SideEffects {
        &self.effects
    }

    /// Consume the [`Tag`] and return the inner value, dropping the tags.
    pub fn into_inner(self) -> T {
        self.value
    }
}

impl<T> HasSideEffects for Tag<T> {
    fn side_effects(&self) -> SideEffects {
        self.effects.clone()
    }
}

/// Safe to run alongside other tools.
///
/// Rules:
/// - [`SideEffect::Read`]-only with no [`SideEffect::Write`] / [`SideEffect::Destructive`] -> safe.
/// - [`SideEffect::Write`] / [`SideEffect::Destructive`] present -> not safe.
/// - Empty / untagged -> not safe (conservative default).
pub fn is_parallel_safe(effects: &SideEffects) -> bool {
    if effects.is_empty() {
        return false;
    }
    if effects.contains(SideEffect::Write) || effects.contains(SideEffect::Destructive) {
        return false;
    }
    effects.contains(SideEffect::Read)
}

/// Safe to auto-retry on transient error.
///
/// Rules:
/// - [`SideEffect::Destructive`] -> never (caller must opt in per-call).
/// - [`SideEffect::Idempotent`] explicitly tagged -> safe.
/// - [`SideEffect::Read`]-only with no [`SideEffect::Write`] -> safe.
/// - Otherwise -> not safe.
pub fn is_retry_safe(effects: &SideEffects) -> bool {
    if effects.is_empty() {
        return false;
    }
    if effects.contains(SideEffect::Destructive) {
        return false;
    }
    if effects.contains(SideEffect::Idempotent) {
        return true;
    }
    if effects.contains(SideEffect::Read) && !effects.contains(SideEffect::Write) {
        return true;
    }
    false
}

/// `true` iff the set contains [`SideEffect::Destructive`].
pub fn is_destructive(effects: &SideEffects) -> bool {
    effects.contains(SideEffect::Destructive)
}