Skip to main content
Tools are functions that agents can invoke during execution. They are defined with a simple decorator and automatically registered in the global tool registry.

Defining a Tool

from framework.decorators import tool

@tool(
    name="calculator",
    description="Perform basic arithmetic",
    agent="MainAgent",
)
async def calculator(x: int, y: int, operation: str) -> int:
    ops = {"+": x + y, "-": x - y, "*": x * y, "/": x // y}
    return ops[operation]
The decorator inspects the function signature to generate the JSON schema that the LLM uses for tool calling.

Tool Parameters

ParameterTypeDefaultDescription
namestrrequiredUnique tool name
descriptionstrrequiredWhat the tool does (shown to the LLM)
agentstrNoneAgent to auto-register with
max_retriesint3Retry count on failure
retry_delayfloat1.0Seconds between retries
backoff_factorfloat2.0Exponential backoff multiplier
timeoutint300Execution timeout in seconds

How Tools Work

  1. The LLM decides to call a tool and provides arguments
  2. AgentFlow validates the arguments against the tool’s schema
  3. The tool function is executed (with retry logic on failure)
  4. The result is serialized and fed back into the LLM’s context
  5. The LLM continues its response with the tool result

Tool Sharing

Tools are deduplicated by name in the global registry. A single tool instance can be shared across multiple agents: 
@tool(name="web_search", description="Search the web", agent="ResearchAgent")
async def web_search(query: str) -> str: ...

# Later, also assign to MainAgent
# POST /agents/MainAgent/tools  { "tool_id": "<web_search_uuid>" }

Secure Execution

For user-supplied or dynamic code, AgentFlow supports sandboxed execution via:
  • WASM sandboxing — isolated execution environment
  • RestrictedPython — AST-level code restrictions

Approval Gating

Tools can require human approval before execution. See Approval Workflows.