fix(sdk): fail closed on tools() errors and re-apply toModelOutput on resume

ericallam · ericallam · commit e1cbf64ec518 · 2026-06-01T16:49:24.000+01:00
Addresses review on the chat.agent tools option:

- A throwing per-turn tools() resolver now fails the turn instead of
  reusing the prior turn's set, so the function form cannot leak stale
  capabilities when it gates tools by user or flag.
- A function-form tools option is now resolved at boot (with the run or
  continuation payload's clientData) before the restored history is
  converted, so toModelOutput is re-applied to a resumed chat's prior
  tool results. That boot resolution fails open (logs, converts without
  tools) since it only re-renders saved history; per-turn resolution
  stays fail-closed.

Adds a function-form variant of the test agent for the smoke test.
diff --git a/packages/trigger-sdk/src/v3/ai.ts b/packages/trigger-sdk/src/v3/ai.ts
@@ -2861,15 +2861,22 @@ async function applyPrepareMessages(
 }
 
 /**
- * Resolve the `tools` option for the current turn and cache it in locals so
+ * Resolve the `tools` option into a concrete `ToolSet` and cache it in locals so
  * `toModelMessages` can pass it to `convertToModelMessages`. For the function
- * form, invokes the user function once per turn with the current turn context
- * (which already has parsed `clientData`). No-op when no `tools` were declared.
- * A throwing tools function logs and leaves the previously-resolved value in
- * place rather than killing the turn.
+ * form, invokes the user function with the given context (or the current turn
+ * context when no override is passed). Pass an `override` for the boot-time
+ * history conversion, which runs before the per-turn context exists and uses
+ * the run/continuation payload's `clientData`.
+ *
+ * Fails closed: a throwing resolver propagates rather than carrying a prior
+ * turn's set forward. The function form can gate capabilities by user or flag,
+ * so reusing stale tools would leak capabilities. No-op when no `tools` were
+ * declared.
  * @internal
  */
-async function resolveTurnTools(): Promise<void> {
+async function resolveTurnTools(
+  override?: { chatId: string; turn: number; continuation: boolean; clientData: unknown }
+): Promise<void> {
   const option = locals.get(chatToolsOptionKey);
   if (!option) return;
 
@@ -2878,20 +2885,14 @@ async function resolveTurnTools(): Promise<void> {
     return;
   }
 
-  const turnCtx = locals.get(chatTurnContextKey);
-  try {
-    const resolved = await option({
-      chatId: turnCtx?.chatId ?? "",
-      turn: turnCtx?.turn ?? 0,
-      continuation: turnCtx?.continuation ?? false,
-      clientData: turnCtx?.clientData,
-    });
-    locals.set(chatResolvedToolsKey, resolved);
-  } catch (error) {
-    logger.warn("chat.agent: tools() resolver threw; reusing previous tools for this turn", {
-      error: error instanceof Error ? error.message : String(error),
-    });
-  }
+  const ctx = override ?? locals.get(chatTurnContextKey);
+  const resolved = await option({
+    chatId: ctx?.chatId ?? "",
+    turn: ctx?.turn ?? 0,
+    continuation: ctx?.continuation ?? false,
+    clientData: ctx?.clientData,
+  });
+  locals.set(chatResolvedToolsKey, resolved);
 }
 
 /**
@@ -5194,9 +5195,9 @@ function chatAgent<
             | ToolSet
             | ((event: ResolveToolsEvent<unknown>) => ToolSet | Promise<ToolSet>)
         );
-        // Static tools are usable immediately (e.g. the boot-time history
-        // seed before the first turn context exists). The function form is
-        // resolved per-turn once `clientData` is parsed (see resolveTurnTools).
+        // Static tools are usable immediately. The function form is resolved
+        // just before the boot history conversion (with the payload's
+        // clientData) and again per-turn (see resolveTurnTools).
         if (typeof toolsOption !== "function") {
           locals.set(chatResolvedToolsKey, toolsOption);
         }
@@ -5591,6 +5592,29 @@ function chatAgent<
         }
 
         if (accumulatedUIMessages.length > 0) {
+          // Resolve a function-form `tools` with the run/continuation payload's
+          // clientData so this conversion of the restored history applies each
+          // tool's toModelOutput (static tools were already seeded above). This
+          // only re-renders saved history, so it fails open: a resolver hiccup
+          // logs and converts without tools rather than blocking the resume.
+          // Per-turn resolveTurnTools still fails closed for live turns.
+          if (typeof toolsOption === "function") {
+            try {
+              await resolveTurnTools({
+                chatId: payload.chatId,
+                turn: 0,
+                continuation: payload.continuation ?? false,
+                clientData: parseClientData
+                  ? await parseClientData(payload.metadata)
+                  : payload.metadata,
+              });
+            } catch (error) {
+              logger.warn(
+                "chat.agent: tools() resolver threw at boot; restored history converted without toModelOutput",
+                { error: error instanceof Error ? error.message : String(error) }
+              );
+            }
+          }
           try {
             accumulatedMessages = await toModelMessages(accumulatedUIMessages);
           } catch (error) {
diff --git a/references/ai-chat/src/trigger/chat.ts b/references/ai-chat/src/trigger/chat.ts
@@ -1150,6 +1150,10 @@ function logVaultProbe(messages: ModelMessage[]) {
   }
 }
 
+const vaultSystemPrompt =
+  "You are a vault assistant. Follow the user's formatting instructions exactly. " +
+  "When the user asks for the codeword, answer with it directly.";
+
 export const toolModelOutputTest = chat.agent({
   id: "tool-model-output-test",
   idleTimeoutInSeconds: 60,
@@ -1161,9 +1165,27 @@ export const toolModelOutputTest = chat.agent({
     logVaultProbe(messages);
     return streamText({
       model: openai("gpt-4o-mini"),
-      system:
-        "You are a vault assistant. Follow the user's formatting instructions exactly. " +
-        "When the user asks for the codeword, answer with it directly.",
+      system: vaultSystemPrompt,
+      messages,
+      tools,
+      stopWhen: stepCountIs(5),
+      abortSignal: signal,
+    });
+  },
+});
+
+// Same test, but with the per-turn function form of `tools`. Exercises the
+// resolver path: resolved per turn (and at boot, with the payload's clientData,
+// so a continuation's restored history still gets toModelOutput re-applied).
+export const toolModelOutputFnTest = chat.agent({
+  id: "tool-model-output-fn-test",
+  idleTimeoutInSeconds: 60,
+  tools: () => ({ vault: vaultTool }),
+  run: async ({ messages, tools, signal }) => {
+    logVaultProbe(messages);
+    return streamText({
+      model: openai("gpt-4o-mini"),
+      system: vaultSystemPrompt,
       messages,
       tools,
       stopWhen: stepCountIs(5),
