Docs/Concepts/Tools & Providers

Tools & Providers

In Seshat, tools and providers are different runtime layers. Tools define what the agent is allowed to do. Providers define which model-backed transport answers the turn. The runtime keeps those concerns separate, then joins them inside one governed mono-run execution loop.

The Core Design Problem

A serious agent runtime cannot treat every external dependency as one vague bag of capabilities. A tool call is executable surface area with permissions, side effects, and local state. A provider is a model transport and normalization layer. When those two concerns are fused too early, routing, safety, multimodal backends, and prompt exposure all become harder to govern.

Action Layer
Tool Registry

Built-in tools, aliases, MCP entries, deferred tools, and runtime metadata live in one canonical inventory.

What the agent can attempt
Model Layer
Provider Client

Anthropic, OpenAI, Ollama, Bedrock, Gemini, OpenRouter, Codex, and others are normalized into one message contract.

Who produces the model response
Governance
Surface Builder + Permissions

Read-only flags, destructive checks, permission mode, tool-search deferral, and surface profiles filter the visible tool set.

What the model is actually allowed to see
Capability Slots
Specialized Backends

Image generation, speech-to-text, and text-to-speech can use dedicated providers instead of sharing the reasoning model path.

Multimodal does not collapse into one vendor
Join Point
One session loop joins both layers late

Seshat first builds a governed tool surface, then routes the turn through the chosen provider adapter, then executes tool calls back through the runtime owner. That late join is why tools, permissions, MCP, memory, and providers can evolve independently without turning the runtime into framework glue.

Discovery Path
Deferred tools keep prompts smaller

The runtime can hold back lower-priority or MCP-derived tools and expose them only through tool discovery when needed.

Routing Path
Provider fallback stays separate

Vendor routing, retries, transport quirks, and model normalization stay on the provider side rather than leaking into the tool layer.

Why The Separation Exists

Tools are executable surface area

Filesystem access, shell execution, browser control, planning, memory, RAG, notebooks, agent delegation, and MCP are runtime-owned actions with permissions and side effects.

Providers are model transports

Anthropic, OpenAI, Ollama, Bedrock, Gemini, OpenRouter, Codex, and the other provider ids are network and normalization layers that produce model responses.

Capability providers are separate slots

Image generation, speech-to-text, and text-to-speech do not have to share the same provider as the main reasoning model.

Permissions stay runtime-first

The model does not automatically inherit every tool. The visible surface is filtered by runtime rules, permission mode, destructive checks, categories, and session context.

How The Runtime Joins Them

The mono-run loop assembles prompt context, builds the model-visible tool surface, chooses the provider adapter, executes tool calls through the orchestrator, persists state, and applies permission policy. That late join is what lets Seshat change vendors, add new tools, or harden permissions without redesigning the whole runtime contract.

1. Inventory
Register tools and aliases

Built-ins, MCP entries, and metadata exist before a turn starts.

2. Filter
Build the visible surface

Permission rules, destructive checks, read-only flags, and profiles decide exposure.

3. Answer
Route through a provider

The selected provider normalizes the request and returns the model response stream.

4. Execute
Run tool calls in-path

Tool calls come back through the orchestrator, not around it.

5. Extend
Call capability slots if needed

Image, audio, and other specialized paths do not have to share the core reasoning vendor.

6. Persist
Keep one coherent session state

Messages, permission context, tool results, and memory stay under one runtime owner.

  1. The registry defines built-in tools, aliases, MCP extensions, and metadata.
  2. The surface builder filters what the model can actually see for the active session.
  3. The provider client normalizes the chosen provider into the runtime message contract.
  4. The loop routes reasoning and tool execution back through one runtime owner.
  5. Capability-specific backends can remain separate from the reasoning model path.

What This Unlocks Architecturally

1Governed Prompt Surface

The model sees the filtered tool surface, not the entire raw inventory.

2Independent Routing

Provider fallback and vendor quirks stay in the transport layer rather than leaking into tool execution.

3Multimodal Flexibility

Image and audio paths can evolve independently of the main reasoning model.

4Extension Without Collapse

MCP and deferred tools can extend the runtime without turning every integration into framework glue.

What Belongs In Concepts And What Does Not

Boundary

Concepts should explain the architecture, not duplicate the integration reference. Exact provider setup tables, environment variables, credential injection patterns, capability wiring, and Codex auth details belong in SDK and API.

If you want the implementation reference, continue with Go SDK and then Providers & Auth. If you want the SDK-side tool inventory and per-session shaping APIs, continue with Tools & Surface.

Related Pages

Continue with Agent Teams and Mailboxes for persistent multi-agent coordination, or Skills and MCP for extensibility.