Tools & Function Calling

January 30, 2026

LLMs predict text. Tools let them do things. Function calling is the mechanism that bridges language understanding and real-world action — the difference between an AI that talks about the weather and one that actually checks it.

The Core Mechanism

Function calling works in a loop:

1. User: "What's the weather in Tokyo?"
2. LLM: decides to call get_weather(city="Tokyo")
3. System: executes function, returns {"temp": 72, "condition": "sunny"}
4. LLM: "It's 72°F and sunny in Tokyo!"

The LLM doesn't execute code — it generates structured output (typically JSON) that describes which function to call and with what arguments. The host system executes the function and feeds results back.

Why Tools Matter

As one developer put it:

Want your LLM to act, not just chat? Use function calling to let AI trigger external tools or code.

Tools transform agents from conversational interfaces into autonomous systems that can:

• Query databases
• Call APIs
• Execute code
• Control browsers
• Send messages
• Modify files

Defining Tools

Tools are defined with schemas that tell the model what's available:

const tools = [
  {
    name: "get_weather",
    description: "Get current weather for a city",
    parameters: {
      type: "object",
      properties: {
        city: { type: "string", description: "City name" },
        units: { type: "string", enum: ["celsius", "fahrenheit"] }
      },
      required: ["city"]
    }
  }
];

Good tool definitions include:

• Clear names: get_weather not tool_1
• Detailed descriptions: When to use it, what it returns
• Typed parameters: Explicit schemas prevent errors
• Examples: Help the model understand usage

Function Calling Flow

┌──────────┐    ┌─────────┐    ┌──────────┐    ┌──────────┐
│   User   │───►│   LLM   │───►│  System  │───►│   Tool   │
│  Query   │    │ Decides │    │ Executes │    │  Runs    │
└──────────┘    └─────────┘    └──────────┘    └──────────┘
                     ▲                              │
                     │         Results              │
                     └──────────────────────────────┘

The model may call multiple tools in sequence, or in parallel if the runtime supports it. Advanced agents loop until they've gathered enough information or completed the task.

Tools vs Skills vs MCP

These three concepts are related but distinct:

• Tools — Functions the agent can call (e.g., get_weather())
• Skills — Instructions for how to do things (e.g., "How to deploy to Vercel")
• MCP — Protocol for connecting to tools (e.g., server exposing get_weather)

As explained on Twitter:

Tools are just functions under the hood. Skills are markdown files with instructions instead. Both get interpreted into prompts.

Agentic Patterns

Common patterns for tool use:

ReAct (Reason + Act)

The model reasons about what to do, takes an action, observes the result, and repeats.

Thought: I need to check the weather first
Action: get_weather(city="Tokyo")
Observation: {"temp": 72, "condition": "sunny"}
Thought: Now I can answer the user
Answer: It's 72°F and sunny in Tokyo!

Parallel Tool Calls

When tools are independent, call them simultaneously:

User: "Compare weather in Tokyo and New York"
→ Parallel: get_weather("Tokyo"), get_weather("New York")
→ Results: [{temp: 72}, {temp: 45}]
→ Response: "Tokyo is 72°F, New York is 45°F"

Tool Chaining

Output of one tool feeds into another:

search_web("best restaurants in Tokyo")
→ [results]
get_details(restaurant_id=results[0].id)
→ {name, address, hours}
get_weather("Tokyo")
→ {temp, condition}
→ "Try Sushi Dai — it's open now and the weather is perfect for the walk!"

Built-in Tools

Modern AI providers offer built-in tools:

OpenAI:

• Web search
• File search
• Code interpreter
• Image generation
• Computer use

Anthropic:

• Code execution
• Computer use (beta)
• MCP server integration

Cloudflare Agents:

• Web browsing
• Database queries
• Workflow orchestration

Security Considerations

Tools grant agents real-world capabilities. Security matters:

• Sandboxing: Run tool code in containers
• Permissions: Limit what tools can access
• Validation: Verify tool inputs before execution
• Auditing: Log all tool invocations
• Rate limiting: Prevent runaway tool loops

As one tweet warned:

an agent is just an LLM with function calling

Simple but profound: the tools you give define what your agent can do.

The Future: Runtime Tool Creation

Emerging research explores agents that create their own tools:

Anthropic advocates: don't build agents, build skills where the LLM creates the skill or tool required for the task. The ideal remains for the AI Agent to write tools (integrations) as required on demand.

This points toward agents that synthesize, verify, and refine executable tools during inference — moving from static tool definitions to dynamic capability generation.

Sources

• New tools for building agents — OpenAI
• Function calling — OpenAI docs
• MCP Servers — Model Context Protocol

See also: MCP Servers · Agent Skills · Orchestration