Skip to main content
The TOOLS: section defines the external capabilities available to an agent. Each tool declares a typed signature (parameters and return type), an optional execution binding, and metadata that guides the LLM’s tool selection.

Tool binding types

The type: property selects how a tool is executed. The supported values are:

Tool declaration syntax

A tool is declared with a function-style signature followed by indented properties:

Signature format

  • name — a lowercase identifier using snake_case
  • parameters — comma-separated list of typed parameters
  • return_type — the type of data the tool returns

Parameter syntax

Each parameter follows the format name: type with an optional default value:
Parameters without a default value are required. Parameters with a default value are optional.

Parameter types

Object parameters

When a parameter has type object, you can define nested fields using a parameters: block under the tool:

Array parameters

Array types use the [] suffix:

Parameter enrichment and sources

The parameters: block does more than describe nested object fields — it can enrich any signature-declared parameter with a description, validation, visibility, and a value source. This lets you inject values (from system state, config, auth, an expression, or a lookup table) without the LLM having to supply them, and optionally hide them from the model.

Return type

The return type appears after the -> arrow. It can be:

Description

The description: property provides a natural-language explanation of what the tool does. The LLM uses this description to decide when and how to call the tool.
Write descriptions that help the LLM understand:
  • What the tool does
  • When to call it
  • What data it returns

Hints

The hints: block provides execution metadata that the runtime uses for optimization:

HTTP tools

HTTP tools call REST API endpoints. They are the most common tool type.

HTTP binding properties

Path parameters

Use curly braces in the endpoint to reference tool parameters:

Headers

Custom headers are specified as key-value pairs:

Auth

The auth: property specifies the authentication mechanism. The runtime resolves credentials from the project’s credential store — the ABL document never contains actual secrets.
saml is accepted by the parser but is not currently resolved at runtime — it is dropped during compilation. Prefer an auth profile for enterprise SSO-backed integrations.

Auth configuration

For auth types that require additional configuration, use the auth_config: block:

Credential placeholders

Credentials use {{config.NAME}} placeholder syntax (with isSecret: true on the config var). The runtime resolves these from the project’s config vars at execution time. For OAuth integrations, binding an auth profile is the preferred approach. Never embed actual credentials in ABL files.
For OAuth and enterprise integrations, the preferred approach is to bind a pre-configured auth profile by name rather than declaring auth_config inline. These tool-level properties control credential resolution, transport security, just-in-time authorization, consent, and per-user vs. shared connections:

Result transformation

Tool results are available in the session context after execution. You can map specific result fields to session variables using on_result: and handle errors with on_error::
Beyond set:, both on_result: and on_error: accept an ordered do: action block that can run SET, CLEAR, LOG, RESPOND, CALL, GOTO/THEN, HANDOFF, DELEGATE, RETURN, FORMATS, and COMPLETE actions, with conditional IF:/WHEN:/ELSE: branches.

SSRF protection

The platform enforces SSRF (Server-Side Request Forgery) protection on all HTTP tool endpoints. Private IP ranges, localhost, and internal network addresses are blocked at the runtime level. Only allowlisted domains and public endpoints are permitted for HTTP tool calls.

Circuit breaker

The circuit breaker prevents cascading failures by halting requests to a failing endpoint after a threshold of consecutive errors:

SOAP support

HTTP tools can call SOAP endpoints by setting protocol: soap.

Request variants

For endpoints that vary by condition, request_variants selects a request shape at call time based on a when expression. Each variant can override the endpoint, method, headers, query params, and body.

MCP tools

MCP (Model Context Protocol) tools connect to external MCP servers that expose tools dynamically. The runtime handles protocol negotiation, transport, and tool discovery.

MCP binding properties

Server configuration

The server value is a logical name that maps to an MCP server configuration in the project’s runtime settings. Server configuration (transport type, connection URL, authentication) is managed at the project level, not in the ABL file. The platform supports these MCP transport types:

Dynamic tool discovery

MCP servers can expose multiple tools. When you declare an MCP tool in ABL, you bind a specific tool from the server. If the tool name on the MCP server differs from the tool name in your ABL file, use server_tool: to specify the server-side name:

Code tools (sandbox)

Code tools execute user-provided JavaScript or Python code in an isolated sandbox environment with resource limits and no network access.

Sandbox binding properties

Isolation

Sandbox tools execute in a gVisor-isolated environment with the following restrictions:
  • No network access
  • No filesystem access beyond the sandbox working directory
  • Resource limits enforced (CPU, memory, execution time)
  • Each execution runs in a fresh environment

JavaScript runtime

JavaScript code tools have access to standard JavaScript built-ins. The code should return a value matching the declared return type.

Python runtime

Python code tools use a sandboxed Python interpreter. The code should return a dictionary matching the declared return type.

Lambda tools

Lambda tools invoke cloud serverless functions. The function name is a logical identifier resolved to an actual endpoint (ARN, URL) at runtime through the project’s function registry.

Lambda binding properties


Async webhook tools

Async webhook tools send an HTTP request with a callback URL injected into the payload. The external system processes the request asynchronously and posts the result back to the callback URL when complete.

Async webhook binding properties


Workflow tools

Workflow tools invoke a durable workflow on the workflow engine. Use these for long-running, stateful orchestrations (waits, polling, human approval, multi-hour processes) that should not run inside the stateless agent runtime.

Workflow binding properties

The workflow must exist in the same tenant/project; this is validated at compile time. Legacy workflow_version / trigger_id fields are no longer used and are silently ignored.

SearchAI tools

SearchAI tools query a SearchAI knowledge base (KB) index, letting an agent ground its answers in indexed content.

SearchAI binding properties

SearchAI tools are tenant-scoped; the tenant binding is applied by the platform. Do not hardcode a tenant_id in shared/exported definitions.

Tool file imports

Tool definitions can be organized into reusable .tools.abl files and imported into agent documents. This allows sharing tool definitions across multiple agents.

Tool file format

A .tools.abl file starts with a TOOLS: section that can include shared defaults:

Shared defaults

The following defaults can be set at the top of a .tools.abl file and apply to all tools in the file:

Import syntax

Import tools from a .tools.abl file into an agent using the file: directive within the TOOLS: section:
The import specifies:
  1. The path to the .tools.abl file (relative to the agent file)
  2. An optional list of specific tool names to import (in brackets). If omitted, all tools from the file are imported.
Project bundle import can also synthesize tool stubs from inline agent TOOLS: signatures during apply. That keeps imported agents compileable even when the bundle didn’t include companion .tools.abl files, and the next export writes those synthesized stubs back out as tools/<name>.tools.abl.

Example

Given the file tools/hotels-api.tools.abl:
An agent file can import selected tools:

Tool features

Confirmation

The confirmation: block configures whether the agent should ask the user for confirmation before executing a tool. This is particularly important for tools with side effects (for example. executing a payment, deleting a record).

State authority and provided fields

The effect property declares a tool’s authority over session state, and provides lists the fields the tool is authoritative to supply. These help the runtime reason about which values a tool is allowed to write.

Result compaction

The per-tool compaction: block controls how this tool’s results are compacted in conversation history (independent of the agent-wide EXECUTION.compaction policy).

Input/output transforms (process)

The process: block defines pure input (before) and output (after) transform stages that run around the tool call — remapping parameters, enforcing preconditions, and reshaping results.
before supports params (computed parameter map), require (precondition expressions), on_fail (one of block("msg"), reask("msg"), warn("msg"), use_original, fallback("msg")), and use (a named transform). after supports result (output remapping) and on_fail.

Caching hints

Use the cacheable hint to indicate that a tool’s results can be cached:
When cacheable: true, the runtime may cache results for identical parameter combinations. When cacheable: false, results are never cached (use this for tools that return time-sensitive data).

PII access

The pii_access: property declares what level of personally identifiable information (PII) a tool can access:

Context access

The context_access: block declares which session context variables a tool reads from and writes to. This enables the runtime to automatically inject context into HTTP requests and apply result values back to session state:

Store result

The store_result: property controls whether the raw tool result blob is stored in the session context. Defaults to true.
  • Language overview — file structure and syntax
  • Agent declarationtool_timeout and model settings in EXECUTION
  • GATHER — information collection (often used alongside tools)
  • FLOWCALL action for invoking tools within flow steps