Re: [PR] [Feature] Support tool parameter injection [flink-agents]

Wed, 24 Jun 2026 01:51:16 -0700 


GreatEugenius commented on code in PR #854:
URL: https://github.com/apache/flink-agents/pull/854#discussion_r3465779193


##########
python/flink_agents/plan/actions/tool_call_action.py:
##########
@@ -39,27 +46,80 @@ async def process_tool_request(event: Event, ctx: 
RunnerContext) -> None:
     responses = {}
     external_ids = {}
     for tool_call in event.tool_calls:
-        id = tool_call["id"]
+        call_id = tool_call["id"]
         name = tool_call["function"]["name"]
         kwargs = tool_call["function"]["arguments"]
-        tool = ctx.get_resource(name, ResourceType.TOOL)
         external_id = tool_call.get("original_id")
+
+        tool = ctx.get_resource(name, ResourceType.TOOL)
         if not tool:
-            response = f"Tool `{name}` does not exist."
+            responses[call_id] = f"Tool `{name}` does not exist."
+            external_ids[call_id] = external_id
+            continue
         else:
-            if tool_call_async:
-                response = await ctx.durable_execute_async(tool.call, **kwargs)
-            else:
-                response = ctx.durable_execute(tool.call, **kwargs)
-        responses[id] = response
-        external_ids[id] = external_id
+            try:
+                call_kwargs = dict(kwargs or {})
+                # Framework-owned injected args must win over model-provided 
values so
+                # hidden context such as tenant ids cannot be spoofed by tool 
calls.
+                call_kwargs.update(_resolve_injected_arguments(tool, ctx))
+                if tool_call_async:
+                    response = await ctx.durable_execute_async(
+                        tool.call, **call_kwargs
+                    )
+                else:
+                    response = ctx.durable_execute(tool.call, **call_kwargs)
+                responses[call_id] = response
+            except Exception as e:
+                responses[call_id] = str(e)

Review Comment:
   Good catch, thanks. I agree this should not be routed back as an ordinary 
successful tool result.
   
   I updated the Python side to carry `success` / `error` on 
`ToolResponseEvent`, populate them from `tool_call_action`, and make 
`chat_model_action` use the error payload when `success[tool_id]` is false. 
That keeps injection/config failures structurally distinguishable from 
successful tool output and brings the Python behavior closer to the Java side. 
The deserializer also keeps a compatibility default for older events that do 
not have these fields.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to