feat: Add extraParams support to LLM tool definitions #1961
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds the ability to pass extra parameters to pattern-based tools in LLM dialog tool invocations. This allows tool definitions to specify additional static parameters that get merged with the LLM-provided input when invoking the underlying pattern. Changes: - Add extraParams field to LLMToolSchema for pattern-based tools - Merge extraParams with tool call input when invoking patterns - Update calculator pattern to accept optional base parameter - Add example usage in default-app with base: 10 for calculator tool This enables use cases like configuring tool behavior (e.g., number base for calculator) without requiring the LLM to provide those values.
There was a problem hiding this comment.
1 issue found across 3 files
Prompt for AI agents (all 1 issues)
Understand the root cause of the following 1 issues and fix them.
<file name="packages/patterns/common-tools.tsx">
<violation number="1" location="packages/patterns/common-tools.tsx:34">
Unsanitized `base` allows arbitrary code execution in `Function` call.</violation>
</file>
React with 👍 or 👎 to teach cubic. Mention @cubic-dev-ai to give feedback, ask questions, or re-run the review.
| try { | ||
| result = Function(`"use strict"; return (${sanitized})`)(); | ||
| result = Function( | ||
| `"use strict"; return Number(${sanitized}).toString(${base} ?? 10)`, |
There was a problem hiding this comment.
Unsanitized base allows arbitrary code execution in Function call.
Prompt for AI agents
Address the following comment on packages/patterns/common-tools.tsx at line 34:
<comment>Unsanitized `base` allows arbitrary code execution in `Function` call.</comment>
<file context>
@@ -18,17 +18,21 @@ import {
try {
- result = Function(`"use strict"; return (${sanitized})`)();
+ result = Function(
+ `"use strict"; return Number(${sanitized}).toString(${base} ?? 10)`,
+ )();
} catch (error) {
</file context>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds the ability to pass extra parameters to pattern-based tools in LLM dialog tool invocations. This allows tool definitions to specify additional static parameters that get merged with the LLM-provided input when invoking the underlying pattern.
Changes:
This enables use cases like configuring tool behavior (e.g., number base for calculator) without requiring the LLM to provide those values.
Summary by cubic
Adds extraParams to pattern-based LLM tools so tool definitions can include static params that merge with LLM input at runtime. Updates the calculator tool to accept an optional base; default app shows base: 10.