Module 0 · The AI Substrate

Tool Use: The Propose & Execute Pattern

A language model never directly calls an API or writes to a database. It expresses intent in a structured format, and the host application decides how — and whether — to fulfill that intent. The model proposes; the infrastructure disposes.

Execution Flow
How a Tool Call Works
A customer asks about their order status. The agent uses a tool to retrieve real data instead of generating a generic response.
User
LLM
Infrastructure
External System
1
User sends query
User
The user asks a concrete question that requires real data.
"Where is my order #ORD-4829? When will it arrive?"
2
Model emits tool request
LLM
The model recognizes it needs external data and emits a structured tool-use request instead of generating text.
{ "tool": "get_order_status", "input": { "order_id": "ORD-4829" } }
3
Infrastructure validates & executes
Infrastructure
The host application intercepts the request, validates parameters, enforces auth, applies rate limits, and executes the call.
✓ Schema valid ✓ Auth OK ✓ Rate limit OK → Execute
4
External system returns data
External System
The fulfillment system returns real-time order data.
{ "status": "in_transit", "carrier": "FedEx", "tracking": "7749 2810 3344", "eta": "2026-02-16" }
5
Model generates informed response
LLM
The model incorporates the real data into a natural, helpful response.
"Your order #ORD-4829 is in transit via FedEx (tracking: 7749 2810 3344). Expected delivery: February 16, 2026."
Core Principle

Model Proposes

The model expresses intent through structured JSON. It never directly calls APIs, queries databases, or writes to filesystems.

  • Selects the right tool from available definitions
  • Produces schema-conformant parameters
  • Can chain multiple tool calls in sequence
  • Reasons about results to determine next steps

Infrastructure Disposes

The application layer intercepts, validates, and executes. Full control over what happens — and whether it happens at all.

  • Enforces authentication & authorization
  • Applies rate limits and quotas
  • Logs every interaction for audit
  • Implements approval workflows when needed
Tool Categories
Knowledge Tools vs. Action Tools
The distinction between read-only and state-changing tools drives governance requirements.

Knowledge Tools

Read-only retrieval. Provide information without modifying external state. Lower risk, fewer governance requirements.

Query customer history Search knowledge base Retrieve product catalog Look up policy terms
Governance overhead
Lower

Action Tools

State-changing operations. Modify external systems, create records, send messages. Higher risk, require robust governance.

Process refund Create support ticket Update account record Send notification
Governance overhead
Higher