Execution Flow
How a Tool Call Works
A customer asks about their order status. The agent uses a tool to retrieve real data instead of generating a generic response.
1
The user asks a concrete question that requires real data.
"Where is my order #ORD-4829? When will it arrive?"
2
The model recognizes it needs external data and emits a structured tool-use request instead of generating text.
{
"tool": "get_order_status",
"input": {
"order_id": "ORD-4829"
}
}
3
The host application intercepts the request, validates parameters, enforces auth, applies rate limits, and executes the call.
✓ Schema valid ✓ Auth OK ✓ Rate limit OK → Execute
4
The fulfillment system returns real-time order data.
{
"status": "in_transit",
"carrier": "FedEx",
"tracking": "7749 2810 3344",
"eta": "2026-02-16"
}
5
The model incorporates the real data into a natural, helpful response.
"Your order #ORD-4829 is in transit via FedEx
(tracking: 7749 2810 3344). Expected delivery:
February 16, 2026."
Core Principle
Model Proposes
The model expresses intent through structured JSON. It never directly calls APIs, queries databases, or writes to filesystems.
- Selects the right tool from available definitions
- Produces schema-conformant parameters
- Can chain multiple tool calls in sequence
- Reasons about results to determine next steps
Infrastructure Disposes
The application layer intercepts, validates, and executes. Full control over what happens — and whether it happens at all.
- Enforces authentication & authorization
- Applies rate limits and quotas
- Logs every interaction for audit
- Implements approval workflows when needed
Tool Categories
Knowledge Tools vs. Action Tools
The distinction between read-only and state-changing tools drives governance requirements.
Read-only retrieval. Provide information without modifying external state. Lower risk, fewer governance requirements.
Query customer history
Search knowledge base
Retrieve product catalog
Look up policy terms
State-changing operations. Modify external systems, create records, send messages. Higher risk, require robust governance.
Process refund
Create support ticket
Update account record
Send notification