Function Calling
Quick Answer
Function calling is the serialization protocol by which a large language model emits a structured tool invocation — a tool name and a JSON argument object drawn from a developer-declared schema — instead of free-form text. It guarantees that the model's output is parseable as a tool call against a known vocabulary. It does not guarantee that the chosen tool, the arguments, or the resulting action match user intent or are safe to execute.
Function Calling
Function calling is the serialization protocol by which a large language model emits a structured tool invocation — a tool name and a JSON argument object drawn from a developer-declared tool set — instead of free-form text. Also known as tool calling, it converts natural-language ambiguity into a software boundary the runtime can dispatch on. It is a transport-layer feature: it guarantees that the output parses, that the named tool is one of the declared options, and — with schema-constrained decoding — that the arguments conform to the schema. It does not guarantee that the chosen tool is the right tool, that the arguments reflect user intent, that the returned result is safe, or that the call was authorized. Reliability and safety properties live above this layer.
See also
- Tool hijacking — the failure mode where a malicious input redirects a function-calling agent to the wrong tool.
- Excessive agency — the broader authorization problem function calling does not address.
- What is tool hijacking — longer treatment of how function-calling agents misroute under attacker influence.