Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/core / / ToolReturn
Interface: ToolReturn<TOutput>
Defined in: packages/core/src/contracts/tool.ts:242
Optional return envelope: pairs a typed output (passed to the model) with extra contentParts that are appended verbatim to the conversation (images, files, audio, …).
Stable
Type Parameters
| Type Parameter | Default type |
|---|---|
TOutput | unknown |
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
[TOOL_RETURN_BRAND]? | readonly | true | W-115: envelope brand set by the toolReturn factory. Symbol.for, so duplicate package copies agree. Prefer branding: the structural fallback in the executor is deliberately narrow (own keys within {output, contentParts, taint}), and plain data that happens to be exactly { output: X } is ambiguous by construction - brand it (or rename the field) to disambiguate. | packages/core/src/contracts/tool.ts:251 |
contentParts? | readonly | readonly MessageContent[] | - | packages/core/src/contracts/tool.ts:253 |
output | readonly | TOutput | - | packages/core/src/contracts/tool.ts:252 |
taint? | readonly | { sensitive?: boolean; sourceKind?: string; untrusted?: boolean; } | C6: per-result taint override the data-flow ledger honours when recording this output. Lets a FIRST-PARTY tool whose CONTENT is not first-party (e.g. memory recall returning quarantined / foreign-provenance facts) re-arm the taint ledger, closing the cross-session poisoning leg. Flags only ever WIDEN the derived label (they cannot launder an untrusted tool's output into trusted). | packages/core/src/contracts/tool.ts:262 |
taint.sensitive? | readonly | boolean | - | packages/core/src/contracts/tool.ts:264 |
taint.sourceKind? | readonly | string | - | packages/core/src/contracts/tool.ts:265 |
taint.untrusted? | readonly | boolean | - | packages/core/src/contracts/tool.ts:263 |