How Open Agent SDK’s 34 built-in tools power AI agents safely

The Open Agent SDK’s tool system transforms how AI agents interact with systems, replacing vague function calls with a robust, multi-layered architecture. Behind the scenes, 34 built-in tools operate in a meticulously organized hierarchy, each adhering to strict protocols and runtime constraints. This design ensures agents can execute commands safely while maintaining flexibility for complex workflows.

The foundation: ToolProtocol and its role in agent execution

Every tool in the Open Agent SDK conforms to the ToolProtocol, a standardized interface that enforces consistency across all built-in tools. This protocol defines five essential properties and one method, ensuring tools are predictable and interoperable with the agent loop.

The name property acts as a unique identifier, allowing the LLM to specify which tool to invoke using PascalCase naming conventions like Read, Bash, or Glob. The description field provides context for the LLM, shaping its decision-making during tool selection. Meanwhile, the inputSchema property uses a JSON Schema dictionary to validate inputs before execution, ensuring data integrity.

Safety is a cornerstone of the design. The isReadOnly flag informs the agent loop whether a tool modifies state, enabling parallel execution for read-only tools and serial execution for mutation tools. Optional ToolAnnotations further refine tool behavior by flagging destructive operations, idempotency, or external interactions. Notably, the SDK defaults to a "dangerous" stance, requiring tools to explicitly declare safety through these annotations.

Structured results and multi-modal feedback

When a tool completes execution, it returns a ToolResult structure that feeds back to the LLM. This structure includes a toolUseId for tracking, a content field for text output, and an optional typedContent array for multi-modal data like images or resource references. The design ensures backward compatibility: older implementations relying solely on content remain functional, while newer code can leverage typedContent for richer outputs.

The ToolContent enum supports three content types:

• Text content for standard output
• Image data with MIME type specifications
• Resource references via URIs

This flexibility allows tools to handle diverse use cases, from logging to media processing, without complicating the agent’s workflow.

Runtime context: Tailoring tools to specific needs

The ToolContext serves as the tool’s runtime environment, injecting only the necessary dependencies for execution. This minimalist approach prevents tools from becoming bloated with irrelevant data while ensuring they have access to critical resources. For example, the Read tool relies on the current working directory (cwd), sandbox settings, and file cache, while the AgentTool depends solely on the sub-agent spawner (agentSpawner).

Key fields in ToolContext include:

• cwd: The current working directory
• toolUseId: Unique identifier for the tool invocation
• permissionMode: Enforces access controls
• Stores for specialized operations (e.g., cronStore for scheduled tasks)

Tools can dynamically adjust their context using methods like withToolUseId() for updating call IDs or withSkillContext() for managing skill nesting depth. This modular approach ensures tools remain focused and efficient, regardless of the agent’s complexity.

A three-tier tool hierarchy for scalability

The SDK organizes its 34 built-in tools into three tiers—Core, Advanced, and Specialist—each serving distinct purposes in the agent ecosystem. The Core tier (10 tools) includes fundamental operations like Read, Write, and Edit, forming the backbone of most workflows. The Advanced tier (11 tools) introduces capabilities such as agent spawning (Agent) and task scheduling (TaskCreate), while the Specialist tier (13 tools) addresses niche needs like cron job management (CronCreate, CronDelete) and multi-agent coordination (TeamCreate, TeamDelete).

This tiered structure isn’t just about categorization—it reflects a strategic balance between simplicity and extensibility. Core tools handle everyday tasks, Advanced tools enable complex workflows, and Specialist tools cater to advanced use cases like automation and orchestration. By segmenting tools this way, the SDK ensures agents can scale efficiently without sacrificing performance or safety.

As AI agents evolve, the Open Agent SDK’s tool system stands out for its clarity, safety, and adaptability. By enforcing strict protocols, minimizing runtime overhead, and organizing tools hierarchically, the SDK empowers developers to build robust, reliable agents capable of handling diverse tasks with precision.