# Dynamic Tool Injection via Middleware (Failed Attempt)

This notebook demonstrates an **unsuccessful** attempt to dynamically inject tools
using `wrap_model_call` middleware.

## The Idea

Based on [this LangChain forum post](https://forum.langchain.com/t/are-dynamic-tool-lists-allowed-when-using-create-agent/1920/4),
we try to modify `request.tools` in `wrap_model_call` to dynamically add tools.

## Why It Doesn't Work

The `create_agent` function creates a graph where tool execution is handled by a
separate `tools` node. Even if we inject tool definitions into the model call,
the tools node only knows about the tools registered at agent creation time.

When the LLM tries to call a dynamically injected tool, the tools node raises
`ToolException: Tool not found` because the tool was never registered with the executor.


## Setup


In [1]:
from collections.abc import Callable, Sequence
from dataclasses import dataclass
from typing import Any

import rich
from dotenv import load_dotenv
from langchain.agents import create_agent
from langchain.agents.middleware.types import (
    AgentMiddleware,
    AgentState,
    ModelRequest,
    ModelResponse,
)
from langchain_anthropic import ChatAnthropic
from langchain_core.tools import BaseTool, tool
from langgraph.graph.state import CompiledStateGraph

load_dotenv()

True

## Define Tools


In [2]:
@tool
def get_weather(city: str) -> str:
    """Get current weather for a city."""
    return f"Weather in {city}: Sunny, 22°C"


@tool
def get_capital(country: str) -> str:
    """Get the capital city of a country."""
    capitals = {"japan": "Tokyo", "france": "Paris", "germany": "Berlin"}
    return capitals.get(country.lower(), f"Unknown capital for {country}")


# Tool registry
TOOL_REGISTRY: dict[str, BaseTool] = {
    "get_weather": get_weather,
    "get_capital": get_capital,
}

rich.print("Available tools:", list(TOOL_REGISTRY.keys()))

## Middleware That Injects Tools

This middleware attempts to add extra tools to `request.tools` based on context.
The forum post suggests this approach for "dynamic tool discovery".


In [3]:
@dataclass
class UserContext:
    """Context schema for user-level based tool access."""

    user_level: str = "beginner"


def get_tool_names(tools: Sequence[BaseTool | dict[str, Any]]) -> list[str]:
    """Extract tool names from a list of tools (BaseTool or dict)."""
    return [t.name if isinstance(t, BaseTool) else t.get("name", "?") for t in tools]


class DynamicToolInjectionMiddleware(AgentMiddleware[AgentState[Any], UserContext]):
    """Middleware that injects tools based on user level in context.

    Expert users get all tools, beginners only get get_capital.
    """

    def __init__(self, tool_registry: dict[str, BaseTool]):
        self.tool_registry = tool_registry

    def wrap_model_call(
        self,
        request: ModelRequest,
        handler: Callable[[ModelRequest], ModelResponse],
    ) -> ModelResponse:
        """Intercept model call and inject tools based on user level."""
        # Get user level from runtime context
        user_level = getattr(request.runtime.context, "user_level", "beginner")

        rich.print(f"[dim]User level: {user_level}[/dim]")
        rich.print(f"[dim]Original tools: {get_tool_names(request.tools)}[/dim]")

        # Select tools based on user level
        tools_to_inject: list[BaseTool | dict[str, Any]]
        if user_level == "expert":
            # Experts get all tools
            tools_to_inject = list(self.tool_registry.values())
        else:
            # Beginners only get get_capital
            tools_to_inject = [self.tool_registry["get_capital"]]

        # Inject tools into request using override()
        request = request.override(tools=tools_to_inject)
        rich.print(f"[yellow]Injected tools: {get_tool_names(request.tools)}[/yellow]")

        return handler(request)

## Create Agent with NO Tools Initially

We create an agent with an empty tool list, expecting middleware to inject them.


In [4]:
middleware = DynamicToolInjectionMiddleware(TOOL_REGISTRY)
model = ChatAnthropic(model="claude-sonnet-4-5-20250929")

# Create agent with NO tools - middleware will inject them
agent: CompiledStateGraph[Any] = create_agent(
    model=model,
    tools=[],  # Empty! Middleware should inject
    system_prompt="You are a helpful assistant. Use tools when needed.",
    middleware=[middleware],  # type: ignore[list-item]
    context_schema=UserContext,  # type: ignore[arg-type]
)

rich.print("Agent created with 0 tools")

## Test: Expert User Tries to Use get_weather

Expected: Middleware injects tools, LLM sees them, but tools node fails.


In [5]:
# Pass user_level via context
try:
    for chunk in agent.stream(
        {"messages": [{"role": "user", "content": "What's the weather in Tokyo?"}]},
        context=UserContext(user_level="expert"),  # type: ignore[arg-type]
    ):
        rich.print("chunk =", chunk)
except Exception as e:
    rich.print(f"[bold red]Error: {type(e).__name__}: {e}[/bold red]")

## Analysis

The error occurs because:

1. **Middleware injection works partially**: The LLM sees the injected tools and
   generates a tool call for `get_weather`.

2. **Tools node doesn't know about injected tools**: The graph's `tools` node was
   created with an empty tool list. When it receives the `get_weather` tool call,
   it can't find the corresponding tool executor.

3. **No dynamic executor registration**: LangGraph doesn't support adding tool
   executors at runtime. The tool registry is fixed when `create_agent` is called.

### Note: "Built-in provider tools (dict format) can be added dynamically"

The error message mentions this because LangChain supports two tool formats:

| Format | Example | Dynamic? |
|--------|---------|----------|
| `BaseTool` | `@tool` decorated functions | No - needs local executor |
| `dict` | `{"type": "web_search", ...}` | Yes - runs server-side |

`dict` format tools are Anthropic's server-side tools like `computer_use`, `web_search`.
These execute on Anthropic's servers, so no local executor is needed.

## Working Alternatives

- **`tool-search-filter.ipynb`** - Middleware filtering (simpler, all tools registered upfront)
- **`tool-search-interrupt.ipynb`** - Interrupt + agent recreation (truly dynamic tools)

## Appendix: What If We Register Tools But Hide Them?

Let's try registering all tools but hiding some via middleware. This should work
because the tools node has all executors.


In [6]:
class ToolFilterMiddleware(AgentMiddleware[AgentState[Any], UserContext]):
    """Middleware that filters tools shown to LLM based on user level.

    Unlike injection, filtering works because all tools are registered.
    """

    def __init__(self, tool_registry: dict[str, BaseTool]):
        self.tool_registry = tool_registry

    def wrap_model_call(
        self,
        request: ModelRequest,
        handler: Callable[[ModelRequest], ModelResponse],
    ) -> ModelResponse:
        """Filter tools based on user level."""
        user_level = getattr(request.runtime.context, "user_level", "beginner")

        rich.print(f"[dim]User level: {user_level}[/dim]")
        rich.print(f"[dim]Original tools: {get_tool_names(request.tools)}[/dim]")

        if user_level == "expert":
            # Show all tools - no filtering needed
            pass
        else:
            # Filter to only show get_capital
            filtered: list[BaseTool | dict[str, Any]] = [
                t
                for t in request.tools
                if (isinstance(t, BaseTool) and t.name == "get_capital")
                or (isinstance(t, dict) and t.get("name") == "get_capital")
            ]
            request = request.override(tools=filtered)

        rich.print(f"[green]Filtered tools: {get_tool_names(request.tools)}[/green]")
        return handler(request)

In [7]:
filter_middleware = ToolFilterMiddleware(TOOL_REGISTRY)

# Create agent with ALL tools registered
agent_with_filter: CompiledStateGraph[Any] = create_agent(
    model=model,
    tools=list(TOOL_REGISTRY.values()),  # All tools registered
    system_prompt="You are a helpful assistant. Use tools when needed.",
    middleware=[filter_middleware],  # type: ignore[list-item]
    context_schema=UserContext,  # type: ignore[arg-type]
)

rich.print("Agent created with all tools, filter middleware will hide some")

In [8]:
# Beginner user - should only see get_capital
for chunk in agent_with_filter.stream(
    {"messages": [{"role": "user", "content": "What's the capital of Japan?"}]},
    context=UserContext(user_level="beginner"),  # type: ignore[arg-type]
):
    rich.print("chunk =", chunk)

In [9]:
# Expert user - should see all tools
for chunk in agent_with_filter.stream(
    {"messages": [{"role": "user", "content": "What's the weather in Paris?"}]},
    context=UserContext(user_level="expert"),  # type: ignore[arg-type]
):
    rich.print("chunk =", chunk)

## Conclusion

| Approach                             | Works? | Why                                    |
| ------------------------------------ | ------ | -------------------------------------- |
| Inject new tools via middleware      | No     | Tools node doesn't have executors      |
| Filter existing tools via middleware | Yes    | All executors registered at creation   |
| Interrupt + recreate agent           | Yes    | New agent has proper tool registration |

**Key insight**: Middleware can only filter/modify what's already registered.
True dynamic tool discovery requires recreating the agent or using a custom graph.
