Tool calls: build a robust tool-calling loop

Build a production-grade tool-calling loop around any chat model with tool use (Claude, or an OpenAI-compatible function-calling API). It must execute a multi-step task against at least three tools — including one mutating, authorization-gated tool — and stay correct, bounded, and cost-aware when tools return hallucinated arguments, hang, or fail.

• Define at least three tools with strict JSON-schema input_schema: one read (e.g. find_order), one mutating and authorization-gated (e.g. cancel_order, scoped to a caller/tenant), and one independent read that can run in parallel with the first (e.g. get_shipping_status). Use required fields, enums, and real descriptions.
• Implement the round-trip loop driven by stop_reason: send tools + messages, execute tool_use blocks, append tool_result blocks, repeat while stop_reason is tool_use, and exit cleanly on end_turn / max_tokens / refusal.
• Add a hard iteration cap (for step in range(MAX_STEPS), e.g. 10) plus repeat-detection: if the model calls the same tool with identical arguments twice in a row, break or inject a message that the call already failed. Never use while True.
• Gate every tool behind a validation pipeline: schema-validate arguments (Pydantic/jsonschema), then for the mutating tool authorize and existence-check the entity (exists AND belongs to this caller) before executing.
• Return every failure — validation error, authorization denial, timeout, tool exception — as a tool_result with is_error set, never as an exception that breaks the loop, so the model can read it and self-correct.
• Wrap each tool execution in a timeout and a bounded retry policy: retry only idempotent reads on transient failure (capped, with backoff); never auto-retry the mutating tool on a bad/hallucinated argument.
• Run independent tool_use blocks concurrently (asyncio.gather or a thread pool), matching each tool_result to its block id, and return them in one follow-up request. Demonstrate the parallel latency win versus sequential.
• Cache or otherwise account for the static tools block to control the per-round token cost, and log per-turn token usage and model-call count.

• A test where the model is fed (or prompted into) a hallucinated order_id: the loop rejects it at the authorization/existence check, returns a tool_result error, and the model recovers — the mutating endpoint never fires on the bad id. Show the logs.
• A test where one tool hangs: the per-tool timeout fires, returns a tool_result error, and the loop continues or exits gracefully — the turn never stalls indefinitely.
• A test where the model gets stuck repeating one failing call: the iteration cap and/or repeat-detection halts it within MAX_STEPS and returns a graceful failure to the user — captured cost stays bounded.
• A before/after latency measurement for two independent calls showing the parallel path is faster than sequential, with the tool_result ids correctly matched.
• A short write-up: the three validation layers, where each guard lives, the retry policy (and why the mutating tool is excluded), and the per-turn token/call numbers.