Skip to content

Tool schema

The exact TypeScript shapes for tools, projections, and contexts.

MatrixToolProjection

runtime/AgentEnvironmentSpec.ts:4-11:

ts
interface MatrixToolProjection {
  readonly name: string;
  readonly description: string;
  readonly inputSchema: Record<string, unknown>;  // JSON Schema
  readonly target: string;
  readonly op: string;
  readonly resultMode?: 'json' | 'text' | 'summary';
}

ResolvedToolContext

runtime/AgentEnvironmentSpec.ts:13-17:

ts
interface ResolvedToolContext {
  readonly matrixTools: readonly MatrixToolProjection[];
  readonly timeoutMs?: number;
  readonly instructions?: string;
}

This is what an AgentEnvironmentSpec.toolContext carries.

ToolContextSpec

tools/ToolContextSpec.ts:3-26:

ts
interface ToolContextSpec {
  readonly key: string;
  readonly title: string;
  readonly description: string;
  readonly instructions?: string;
  readonly matrixTools?: readonly MatrixToolProjection[];
  readonly permissions: {
    readonly allowedTargets?: readonly string[];
    readonly allowedOps?: readonly string[];
    readonly allowedFactDomains?: readonly string[];
    readonly approvalRequiredFor?: readonly string[];
    readonly deny?: readonly string[];
  };
  readonly environmentRequirements?: {
    readonly cwd?: string;
    readonly repoRoot?: string;
    readonly container?: string;
    readonly credentials?: readonly string[];
  };
  readonly verification?: {
    readonly requiredChecks?: readonly string[];
    readonly successCriteria?: readonly string[];
  };
}

BUILT_IN_TOOL_CONTEXTS

Four entries in tools/ToolContextSpec.ts:28-110:

keytools (name → target.op)permissions notes
actor-readonlymatrix_introspect → system.agents.$introspect, session_state_read → system.agents.session_state.readallowedOps: ['$introspect', 'session_state.read']
actor-editmatrix_invoke → system.tools.mcpBridge.tool.invokeapprovalRequiredFor: ['matrix_invoke']
repo-codingtrace_query → system.agents.$traceQuery, package_validate → system.registry.package.validateallowedTargets: ['system.agents', 'system.registry', 'system.tools.mcpBridge']; approvalRequiredFor: ['package_validate']; environmentRequirements.cwd = 'repo'
test-runnertrace_query → system.agents.$traceQueryallowedTargets: ['system.agents'], allowedOps: ['$traceQuery']

IToolDelegate and ISecurityDelegate

oracle/interfaces.ts:29-48:

ts
interface IToolDelegate {
  buildTools(runId: string): NativeToolDef[];
  wrapToolsWithSink?(tools: NativeToolDef[], sink: OracleSink): NativeToolDef[];
}

interface ISecurityDelegate {
  isInSubtree(target: string): boolean;
  isCommandAllowed(op: string): boolean;
}

AgentActor implements both. Other actors that want to run an oracle loop (e.g. headless tools) must supply both.

OracleResult

oracle/interfaces.ts:13-20:

ts
interface OracleResult {
  ok: boolean;
  text: string;
  rawText: string;
  toolCallCount: number;
  toolCalls: ToolCallRecord[];
  error?: { code: string; message: string };
}

See also

Source: projects/matrix-3/packages/agents/src/runtime/AgentEnvironmentSpec.ts:4-17, projects/matrix-3/packages/agents/src/tools/ToolContextSpec.ts:3-110, projects/matrix-3/packages/agents/src/oracle/interfaces.ts:13-48.