Compozy Symbol
ALPHA
DocsInstallGetting StartedFeaturesPricing
CoreCLI ReferenceSchema DefinitionAPI Reference
Tools

Overview

Build powerful agent capabilities with TypeScript-based tools that integrate seamlessly with Compozy's workflow engine

What Are Tools?

Tools are the building blocks that extend your AI agents' capabilities beyond text generation. They're TypeScript functions that agents can call during workflow execution, running in a secure, sandboxed Bun runtime environment.

Why Use Tools?

When building AI-powered applications, you often need agents to perform specific actions like fetching data from APIs, processing files, or interacting with databases. Tools provide a structured, type-safe interface for these operations while maintaining security and performance.

Extend Agent Capabilities

Enable agents to perform any operation you can code in TypeScript

Type-Safe Execution

JSON Schema validation ensures predictable inputs and outputs

Secure Runtime

Isolated Bun processes with configurable permissions protect your system

Performance Optimized

Pre-compiled workers and efficient resource management for speed

How Tools Work

Agent Request

During workflow execution, an agent decides to use a tool based on the task requirements

Input Validation

The tool's input is validated against its JSON Schema definition

Isolated Execution

The tool runs in a sandboxed Bun process with configured permissions

Output Processing

Results are validated and returned to the agent for further processing

Core Features

Schema-First Design

Every tool defines its interface using JSON Schema, providing:

  • Type Safety
    Catch errors before runtime with validated inputs/outputs
  • Self-Documentation
    Clear parameter descriptions for agents and developers
  • LLM Integration
    Seamless function calling with structured data
input:
  type: object
  properties:
    query:
      type: string
      description: "Search query to execute"
    limit:
      type: integer
      default: 10
      minimum: 1
      maximum: 100
  required: [query]

Secure Execution Environment

Tools run in isolated Bun processes with granular security controls:

  • Permission System
    Control file, network, and environment access
  • Resource Limits
    Set memory, CPU, and timeout constraints
  • Environment Isolation
    Secure credential management with filtered variables
  • Output Validation
    Prevent memory exhaustion with size limits
runtime:
  permissions:
    - --allow-read=./data
    - --allow-net=api.example.com
  limits:
    memory: "256MB"
    timeout: "30s"

Performance Optimization

Built-in optimizations ensure tools run efficiently:

  • Worker Caching
    Pre-compiled templates for faster startup
  • Buffer Pooling
    Efficient memory management for I/O operations
  • Parallel Execution
    Run multiple tools concurrently when needed
  • Connection Pooling
    Reuse HTTP connections across requests

Basic Tool Example

// tools/data-processor.ts
interface Input {
  data: unknown[];
  operation: 'filter' | 'map' | 'reduce';
  expression: string;
}

interface Output {
  result: unknown;
  processed: number;
  duration: number;
}

export async function dataProcessor(input: Input): Promise<Output> {
  const start = Date.now();

  // Validate and process data
  if (!Array.isArray(input.data)) {
    throw new Error('Input data must be an array');
  }

  let result: unknown;
  switch (input.operation) {
    case 'filter':
      result = input.data.filter(item =>
        evaluate(item, input.expression)
      );
      break;
    case 'map':
      result = input.data.map(item =>
        transform(item, input.expression)
      );
      break;
    case 'reduce':
      result = input.data.reduce((acc, item) =>
        aggregate(acc, item, input.expression),
        {}
      );
      break;
  }

  return {
    result,
    processed: input.data.length,
    duration: Date.now() - start
  };
}

Best Practices

Single Responsibility

Each tool should do one thing well. Create multiple focused tools rather than one complex tool.

Input Validation

Always validate inputs using JSON Schema and runtime checks for predictable behavior.

Error Handling

Provide clear error messages that help agents understand what went wrong and how to fix it.

Performance

Set appropriate timeouts and resource limits based on expected workload and usage patterns.

Security

Follow the principle of least privilege when configuring permissions and access controls.

Testing

Write comprehensive unit tests before integrating tools into workflows for reliability.
Core Concepts
Understand how tools fit into the Compozy architecture
Agent Integration
Learn how agents discover and use tools during execution
Task Execution
See how tools are invoked within workflow tasks
MCP Protocol
Extend tools with external Model Context Protocol servers

Next Steps

TypeScript Development
Build your first tool with our step-by-step guide
Runtime Environment
Configure security, permissions, and resource limits

Wait Tasks

Complete guide to wait tasks for synchronization, delays, and signal-based coordination in Compozy workflows

Runtime Environment

Understand Compozy's secure Bun runtime for executing TypeScript tools with configurable permissions and resource management