Execution hooks for programmatic tool invocations #135
Description
What would you like to be added?
Context
When using ElcAgent programmatically (e.g., in automated pipelines), the LLM controls the execution loop. The calling application has no visibility into the intended execution path, and no way to review or approve the plan before tools start running.
Why this matters
In non-interactive contexts (CI/CD, backend services, scheduled jobs):
- Tool calls are initiated by the model
- Parameters are model-generated
- Execution happens immediately once a tool call is emitted
The execution path is implicit and non-previewable, making it harder to reason about
intent, correctness, and side effects.
Proposal
An execution layer between user intent and tool execution.
Rather than letting the LLM drive execution directly, the system would:
- Receive user intent
- Generate a deterministic execution plan (potentially multi-step)
- Allow the calling application to review/approve before any execution
- Control workflow execution externally to the LLM
Key concepts:
- Execution Plan — user intent produces a deterministic, reviewable plan before
execution. Plans can be multi-step and are validated before any tool runs. - Guardrails — declarative rules (parameter bounds, allowed operations, environment
restrictions) enforced before execution. - Preview → Approve → Execute — the calling application controls when execution
happens, not just whether it's allowed.
Core principle: the LLM proposes, infrastructure enforces.
Integration
I've been working on this pattern in a separate project (IAMY in my profile). Happy to:
- Share it for discussion
- Submit a PR if there's interest
- Collaborate on what pattern fits best (config option, wrapper, event emitter)
Is this direction interesting for the project?