VerticalAI docs

Tools

How the agent does real work on a call, with builtin and webhook tools, prerequisites, mocks, and fillers.

Tools are how the agent does real work during a call instead of only talking. A tool can look up an order, search your knowledge base, text the caller a link, transfer to a person, or hang up. Without tools the agent can only say what is in its prompt and knowledge base. With them it can act.

The agent is one language model reading a flat list of tools. There is no diagram and no visual builder. On every turn the model reads each tool's description and decides, in the moment, whether to call one. So a description is not a label, it is the instruction the model follows. Most of your work on tools is writing those descriptions well.

You manage tools on the Tools page of the agent editor. The left side lists the agent's tools; clicking one opens its editor on the right. On a phone you drill into a tool and back out again.

The two kinds of tool

Every tool is one of two kinds.

  • Builtin tools run inside Vertical AI. They have a fixed handler written and maintained by us, so you do not configure a URL, headers, or parameters. You pick one from a fixed set, then tune its description. Transferring a call, ending a call, searching the knowledge base, and texting the caller are all builtins.
  • Webhook tools call your own HTTPS endpoint. You give the agent a URL, a method, headers, and the parameters the model should fill in. When the model calls the tool, the runtime sends the request to your system and hands the response back to the model. This is how the agent reaches your CRM, your ordering system, or any API you run.

You can mix both on the same agent. A support agent might use the builtin search_knowledge_base and transfer_to_human alongside a webhook lookup_order that hits your order system.

The description is the lever

The model decides when to call a tool by reading its description, nothing else. If the agent calls a tool at the wrong moment, or never calls one it should, fix the tool's description before you touch the system prompt. Tool descriptions are the highest-leverage text in the whole agent. A precise description ("call this first, before revealing any order details") shapes behaviour more reliably than a paragraph buried in the prompt.

Builtin tools

You add a builtin from a fixed set. Each one ships with a default description already written to the quality bar, which you can keep or sharpen for your business. Here is the set and when the agent uses each one.

ToolWhat it doesWhen the agent uses it
transfer_to_humanHands the call off to a person. On a live phone call with a transfer destination configured, it dials the destination, either a straight hand-off or a screened warm transfer that announces the caller first.The caller asks for a person, policy requires escalation, or nothing else can resolve the request. With no destination configured the agent honestly says it cannot connect them and keeps helping. See phone numbers.
book_meetingCaptures a name, email, and preferred time to book a meeting (Cal.com).The caller wants to schedule something. The agent gathers the details first, then calls the tool.
take_a_messageTakes a message when the person or team the caller needs is not available: it gathers the caller's name, a callback number, and a short summary, then emails it to the inbox the operator configured.The caller wants a callback, leaves an enquiry, or asks for someone who cannot take the call. The agent confirms the message has been passed on.
end_callEnds the call after a warm closing line.The caller has clearly signed off and there is nothing left to handle. The runtime refuses to hang up mid-task or on an ambiguous "that's okay", so the agent does not cut a caller off early.
search_knowledge_baseRuns a search over the agent's knowledge base and returns the matching passages.The caller asks a factual question about the business: pricing, hours, policies, products. The agent searches first, answers from what it found, and cites the source by name.
get_current_timeReturns the current date and time in the agent's timezone, and the caller's when known.To ground the greeting in the time of day and to resolve relative times like "tomorrow" or "next Tuesday" before booking. A model cannot read a clock, so this gives it a real one.
escalate_emergencySpeaks one fixed "hang up and call triple zero" line and routes to a person. It never triages or advises.The caller indicates a genuine emergency: injury, medical crisis, fire, a safety threat. The guidance biases hard toward escalating, because failing to escalate a real emergency is the worst outcome.
send_text_messageTexts the caller, on the number they are calling from, a link or a short piece of info.The caller asks for a link, or reading a long URL aloud would be awkward. If texting is unavailable the tool tells the agent to read the link aloud instead.
send_order_verification_codeTexts the caller a one-time six-digit code to prove they own an order.First, before revealing any order details. The agent then asks the caller to read the code back.
verify_order_codeChecks the code the caller reads back.Right after the caller reads the code. A match unlocks the order tools for the rest of the call; a wrong, expired, or missing code keeps them locked and tells the agent what to do next.

send_order_verification_code and verify_order_code work as a pair: the first sends, the second checks, and only a correct read-back opens the order tools. See prerequisites below for how that gate is wired.

Webhook tools

A webhook tool is a description of one HTTP request the agent can make. You build it from a small set of cards in the tool editor.

Identity

The tool's name and description. The name is a snake_case identifier the model sees, like lookup_order. The description is the instruction that tells the model when to call the tool and what it does. Write it for the model, not for a human reader.

Request

The URL, the method, and the parameters.

  • GET sends the model's parameters as query-string values on the URL. Use it for lookups that read data.
  • POST sends the model's parameters as a JSON body. Use it for actions that change something.

Each parameter you declare has a name, a type, and a description, and can be marked required. The model fills these in from the conversation. The parameter description matters as much as the tool description: it tells the model exactly what to put there. If the model omits a required parameter, the runtime returns an error naming the missing input instead of sending a broken request, and the model supplies it on the next turn.

GET   https://api.example.com/orders?order_id=...
POST  https://api.example.com/returns      (parameters go in the JSON body)

Headers

Static headers sent with every request, most often authentication. You typically put a credential here as a variable, for example an Authorization header set to Bearer {{api_key}}.

Variables and secrets

Anywhere in the URL, a header, or the body you can write a {{token}} and the runtime substitutes the variable's value at call time. Use a plain variable for a base URL or an account ID, and a secret variable for an API key. Secret values are stored encrypted and only the runtime ever reads them, so a key never appears in the model's context. Define a token once and reuse it across tools. See variables and secrets.

URL:    {{crm_base_url}}/customers
Header: Authorization: Bearer {{crm_api_key}}

Mock response

Before your real endpoint is built or wired up, turn on a mock response and the tool returns a canned body instead of making a real request. The model sees the mock exactly as it would see a real result, with no "this is fake" marker, so you can test the agent's behaviour end to end before the API exists. A mock can add a delay so the agent's filler and waiting behaviour matches a real call, and it still enforces required parameters, so a verification tool you mock still rejects a missing input. See testing a tool with a mock.

Prerequisites

Some tools should only run after another tool has run. The classic case: do not reveal order details until the caller has passed verify_order_code. You express this with a tool's prerequisites, a flat list of the tool names that must run first.

This is a list, not a diagram and not a sequence the agent steps through. There is no graph, no branching, no visual builder. You name the prerequisite tools and the runtime enforces them.

If the model calls a tool before its prerequisites have run, the tool does not fire. The runtime returns a short precondition_unmet message naming the tools that still need to run, and the model self-corrects on its next turn, usually by calling the missing tool first. The gate is success-aware: a prerequisite counts as met only if it actually succeeded, so a failed verification does not unlock the tools it guards.

lookup_order        requires: verify_order_code
get_order_status    requires: verify_order_code
start_return        requires: verify_order_code

Tool errors are instructions

When a tool cannot do its job, it does not crash the call and it does not invent a result. It returns a short message written for the model, telling it what happened and what to do next. A timeout tells the model to apologise and offer to transfer or try again. An endpoint's own error body is handed back so the model can read the real reason and recover in the conversation. A missing required input names the input so the model can supply it and call the tool again.

This is deliberate. Every error is phrased as an instruction the model can act on, which is why a webhook tool that fails usually leads to a graceful recovery rather than a dead end.

Writing great tool descriptions

The description is the single most important thing you write for a tool. A few rules that hold up on real calls:

  • Say when to call it, not just what it is. "Search the knowledge base before answering a factual question about pricing, hours, or policies" beats "searches the knowledge base".
  • State the order when order matters. "Call this first, before revealing any order details" is what makes a verification tool actually run first.
  • Name the recovery. If the tool can fail or return nothing, say what the agent should do then, for example offer to take a message or transfer.
  • Describe every parameter. The parameter descriptions tell the model what to put in each field. Vague parameters produce wrong calls.
  • Fix the description before the prompt. If the agent calls a tool at the wrong time, the lever is the description, not the system prompt.

Per-tool fillers

A filler is a short natural line the agent speaks while a tool runs, so the caller does not sit in silence during a lookup. You can set fillers per tool, so the line matches what the tool is doing ("let me pull that up" before an order lookup). If a tool returns instantly, no filler is needed; on a slow lookup the right filler is the difference between a call that feels responsive and one that feels broken.

A tool can also be marked background-safe when it is a read-only lookup with no side effects. A background-safe tool lets the agent keep the conversation moving while the lookup runs, and on a genuinely slow lookup the agent voices a brief, natural "still working on it" line so the call never goes quiet. Tools that change something, like a booking or a return, are not background-safe: the agent waits for them to finish before moving on.

Testing a tool with a mock

You do not need a finished endpoint to test an agent. The workflow:

  1. Build the tool's identity, request, and parameters as if the endpoint existed.
  2. Turn on the mock response and paste a realistic body the endpoint would return. You can reference {{variables}} in it the same way you would in a real request.
  3. Add a delay if you want to feel the agent's filler and waiting behaviour on a slow call.
  4. Test the agent. The model treats the mock as a real result, so you can confirm the agent calls the tool at the right moment, handles the response, and recovers when a required input is missing, all before any real request is ever sent.
  5. When your endpoint is ready, turn the mock off and the same tool now calls the real URL.

Because a mock still enforces required parameters and can reject a non-matching input, you can test identity checks and verification gates honestly, not just the happy path.

Tool edits are saved explicitly: make your changes and save the tool. Like every other change, they land in a draft and reach live callers only when you publish.

On this page