Build an agent that writes its own tools

2026-06-02 · Source: Blog | DataRobot · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Software Development & Engineering, Robotics & Autonomous Systems · Depth: Advanced, medium

Summary

A new "Natural Language (NL) agent" pattern inverts the traditional agent-tool registry model, enabling agents to write their own tools on the fly using raw API specifications within a secure sandbox. Luke Shulman from DataRobot demonstrated this by building an agent in an hour with a modest 35B-parameter model to address `CODEOWNERS` hygiene in a monorepo. The agent operated within a Deno-based JavaScript VM with restricted directory, network, and environment access, starting with basic tools like `cat` and `execute_code`. It then authored specific JavaScript functions against the GitHub OpenAPI spec, persisting successful tools. This approach emphasizes the sandbox's role in safe tool-authoring and the critical importance of well-structured API documentation over complex agent orchestration.

Key takeaway

For AI Engineers or MLOps teams building agents that interact with external systems, consider adopting the "agent plus secure sandbox plus raw API specs" pattern. This approach reduces the burden of maintaining custom tool wrappers by enabling agents to author their own tools on demand. Focus your engineering effort on robust sandbox security and providing comprehensive API documentation, rather than complex agent orchestration, to ensure deployable and governed agent solutions.

Key insights

Agents can safely author their own tools from raw API specs within a secure sandbox, eliminating manual tool wrapper maintenance.

Principles

• Agent frameworks should prioritize safe tool-authoring environments.
• Well-structured API specs and documentation outperform pre-built tool wrappers.
• Sandbox security is paramount for agent code execution.

Method

Set up a restricted Deno-based JavaScript VM sandbox. Provide raw OpenAPI specs and fine-grained API tokens. Give the agent a scoped task, allowing it to author and test JavaScript tools. Implement scope discipline via system prompts. Lock the agent into read-only mode for production.

In practice

• Publish OpenAPI specs and "copy as markdown" documentation.
• Configure Deno with restricted file types, network egress, and prefixed env vars.
• Use fine-grained access tokens with minimum required scope.

Topics

• Natural Language Agents
• Agent Tooling
• Secure Sandboxing
• OpenAPI Specification
• Deno Runtime
• Monorepo Management

Code references

• kindofluke/context-agent
• OAI/OpenAPI-Specification
• amberb617/recipe-context-agent
• datarobot-oss/datarobot-agent-skills

Best for: AI Engineer, MLOps Engineer, AI Architect

Related on AIssential

• Mastering OpenClaw: How This Autonomous Agent Framework Actually Works — OpenClaw transforms LLMs into secure, goal-driven autonomous agents through modular tool and skill orchestration.
• AI Agent Sandboxing for SaaS: How Builders Let Agents Work Without Letting Them Roam — AI agent sandboxing enables safe, controlled automation by enforcing strict boundaries around agent actions and resources.
• Every Agent Needs a Box — Aaron Levie, Box — Secure, sandboxed environments are crucial for AI agents to operate effectively and safely within enterprise data systems.
• [D] We scanned 18,000 exposed OpenClaw instances and found 15% of community skills contain malicious instructions — Autonomous agents like OpenClaw present a novel and multiplicative attack surface due to broad permission inheritance and natural language exploit vectors.
• Securing AI agents with agent governance — Applying operating system and distributed systems security principles is crucial for governing autonomous AI agents.
• Ex-GitHub CEO is Building Git, But for AI Agents — New platforms and tools are emerging to manage AI agent development, collaboration, and secure execution.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Blog | DataRobot.