Tool Use and Function Calling

We said agents use tools. But how? An LLM is just a text generator. It can’t click a mouse or run a Python script.

The magic trick is called Function Calling (or Tool Use).

The Protocol

  1. You define the tools: You give the LLM a list of functions it can call, described in JSON.
  2. LLM decides: The LLM stops generating text and instead generates a JSON object representing a function call.
  3. You execute: Your code runs the function.
  4. You feed back: You give the result back to the LLM as a new message.

Example: The Weather Bot

Step 1: The Setup

You send this to GPT-4:

tools = [
  {
    "name": "get_weather",
    "description": "Get current temperature",
    "parameters": {
      "type": "object",
      "properties": {
        "city": { "type": "string" },
        "unit": { "enum": ["celsius", "fahrenheit"] }
      },
      "required": ["city"]
    }
  }
]

User: “Is it cold in London?”

Step 2: The Call

GPT-4 replies (hidden from user):

{
  "tool_call": {
    "name": "get_weather",
    "arguments": { "city": "London", "unit": "celsius" }
  }
}

Step 3: The Execution

Your Python script detects this JSON. It calls your real API: weather_api.get("London") -> Returns 14.

Step 4: The Response

You send a new message to GPT-4: Role: Tool Content: “14”

Step 5: The Final Answer

GPT-4 now generates: “No, it’s not too cold. It’s currently 14°C in London.”

Why This Changed Everything

Before Function Calling, we had to use fragile regex to parse things like [CALL: get_weather(London)] from the text. Now, the models are fine-tuned to output structured, valid JSON schemas.

Beyond Simple APIs

Tools can be anything:

  • run_sql_query(query): Let the AI query your database.
  • send_slack_message(channel, text): Let the AI talk to your team.
  • create_jira_ticket(title): Let the AI manage your backlog.

Safety Warning

Never let an LLM execute arbitrary code (unless sandboxed). If you give an AI a tool exec_shell_command(cmd), a user will trick it into running rm -rf /.

Always scope tools to the minimum necessary privilege.

Next: RAG Architecture — Giving the AI a memory.