@agentforge-ai/cli 0.5.5 → 0.7.0

package/dist/default/convex/chat.ts

@@ -3,17 +3,17 @@
  *
  * This module provides the core chat execution pipeline:
  * 1. User sends a message → stored via mutation
- * 2. Convex action triggers LLM generation via OpenRouter (AI SDK)
+ * 2. Convex action triggers LLM generation via Mastra Agent
  * 3. Assistant response stored back in Convex
  * 4. Real-time subscription updates the UI automatically
  *
- * Uses the Vercel AI SDK with OpenRouter as an OpenAI-compatible provider.
- * No dynamic imports of @mastra/core — we use the AI SDK directly in Convex
- * Node.js actions for maximum reliability.
+ * Uses Mastra-native model routing via Agent.generate() with "provider/model-name" format.
+ * Mastra auto-reads provider API keys from environment variables.
  */
 import { action, mutation, query } from "./_generated/server";
 import { v } from "convex/values";
 import { api } from "./_generated/api";
+import { Agent } from "@mastra/core/agent";
 
 // ============================================================
 // Queries
@@ -140,7 +140,7 @@ export const addAssistantMessage = mutation({
  * 1. Looks up the agent config from the database
  * 2. Stores the user message
  * 3. Builds conversation history from the thread
- * 4. Calls OpenRouter (or other provider) via the AI SDK
+ * 4. Calls the provider via Mastra Agent.generate()
  * 5. Stores the assistant response
  * 6. Records usage metrics
  *
@@ -180,54 +180,25 @@ export const sendMessage = action({
         content: msg.content,
       }));
 
-    // 4. Call the LLM via AI SDK
+    // 4. Call the LLM via Mastra Agent
     let responseText: string;
     let usageData: { promptTokens: number; completionTokens: number; totalTokens: number } | null = null;
 
     try {
-      // Dynamically import the AI SDK (available in Convex Node.js actions)
-      const { generateText } = await import("ai");
-      const { createOpenAI } = await import("@ai-sdk/openai");
-
       // Resolve the model provider and ID
       const provider = agent.provider || "openrouter";
       const modelId = agent.model || "openai/gpt-4o-mini";
+      const modelKey = `${provider}/${modelId}`;
 
-      // Create the appropriate provider instance
-      let model;
-      if (provider === "openrouter") {
-        const openrouter = createOpenAI({
-          baseURL: "https://openrouter.ai/api/v1",
-          apiKey: process.env.OPENROUTER_API_KEY,
-        });
-        model = openrouter(modelId);
-      } else if (provider === "openai") {
-        const openai = createOpenAI({
-          apiKey: process.env.OPENAI_API_KEY,
-        });
-        model = openai(modelId);
-      } else {
-        // Default to OpenRouter for any provider — it routes to all models
-        const openrouter = createOpenAI({
-          baseURL: "https://openrouter.ai/api/v1",
-          apiKey: process.env.OPENROUTER_API_KEY,
-        });
-        // Use provider/model format for OpenRouter routing
-        const routerModelId = modelId.includes("/")
-          ? modelId
-          : `${provider}/${modelId}`;
-        model = openrouter(routerModelId);
-      }
-
-      // Generate the response
-      const result = await generateText({
-        model,
-        system: agent.instructions || "You are a helpful AI assistant built with AgentForge.",
-        messages: conversationMessages,
-        ...(agent.temperature != null && { temperature: agent.temperature }),
-        ...(agent.maxTokens != null && { maxTokens: agent.maxTokens }),
+      // Generate via Mastra Agent
+      const mastraAgent = new Agent({
+        name: "agentforge-executor",
+        instructions: agent.instructions || "You are a helpful AI assistant built with AgentForge.",
+        model: modelKey,
       });
 
+      const result = await mastraAgent.generate(conversationMessages);
+
       responseText = result.text;
 
       // Extract usage if available
@@ -240,7 +211,7 @@ export const sendMessage = action({
       }
     } catch (error: unknown) {
       const errorMessage = error instanceof Error ? error.message : String(error);
-      console.error("[chat.sendMessage] LLM error:", errorMessage);
+      console.error("[chat.sendMessage] Mastra error:", errorMessage);
 
       // Store error as assistant message so user sees feedback
       responseText = `I encountered an error while processing your request: ${errorMessage}`;

package/dist/default/convex/mastraIntegration.ts

@@ -2,20 +2,17 @@
  * Mastra Integration Actions for Convex
  *
  * These actions run in the Convex Node.js runtime and execute LLM calls
- * using the Vercel AI SDK with OpenRouter as the default provider.
+ * using Mastra-native model routing with OpenRouter as the default provider.
  *
  * Architecture:
  * - For chat: use `chat.sendMessage` (preferred entry point)
  * - For programmatic agent execution: use `mastraIntegration.executeAgent`
- * - Model resolution: uses AI SDK providers directly (OpenRouter, OpenAI, etc.)
- *
- * This replaces the previous broken approach of dynamically importing
- * @mastra/core inside Convex actions. The AI SDK is the correct way to
- * call LLMs from Convex Node.js actions.
+ * - Model resolution: uses Mastra Agent with "provider/model-name" format
  */
 import { action } from "./_generated/server";
 import { v } from "convex/values";
 import { api } from "./_generated/api";
+import { Agent } from "@mastra/core/agent";
 
 // Return type for executeAgent
 type ExecuteAgentResult = {
@@ -30,54 +27,6 @@ type ExecuteAgentResult = {
   };
 };
 
-/**
- * Resolve a model instance from provider + modelId using the AI SDK.
- *
- * Supports: openrouter, openai, anthropic, google, venice, custom.
- * Falls back to OpenRouter for unknown providers (it routes to all models).
- */
-async function resolveModel(provider: string, modelId: string) {
-  const { createOpenAI } = await import("@ai-sdk/openai");
-
-  switch (provider) {
-    case "openai": {
-      const openai = createOpenAI({
-        apiKey: process.env.OPENAI_API_KEY,
-      });
-      return openai(modelId);
-    }
-
-    case "anthropic": {
-      const { createAnthropic } = await import("@ai-sdk/anthropic");
-      const anthropic = createAnthropic({
-        apiKey: process.env.ANTHROPIC_API_KEY,
-      });
-      return anthropic(modelId);
-    }
-
-    case "google": {
-      const { createGoogleGenerativeAI } = await import("@ai-sdk/google");
-      const google = createGoogleGenerativeAI({
-        apiKey: process.env.GEMINI_API_KEY,
-      });
-      return google(modelId);
-    }
-
-    case "openrouter":
-    default: {
-      // OpenRouter is OpenAI-compatible and routes to all providers
-      const openrouter = createOpenAI({
-        baseURL: "https://openrouter.ai/api/v1",
-        apiKey: process.env.OPENROUTER_API_KEY,
-      });
-      const routerModelId = modelId.includes("/")
-        ? modelId
-        : `${provider}/${modelId}`;
-      return openrouter(routerModelId);
-    }
-  }
-}
-
 /**
  * Execute an agent with a prompt and return the response.
  *
@@ -127,12 +76,10 @@ export const executeAgent = action({
     });
 
     try {
-      const { generateText } = await import("ai");
-
       // Resolve the model
       const provider = agent.provider || "openrouter";
       const modelId = agent.model || "openai/gpt-4o-mini";
-      const model = await resolveModel(provider, modelId);
+      const modelKey = `${provider}/${modelId}`;
 
       // Get conversation history for context
       const messages = await ctx.runQuery(api.messages.list, { threadId });
@@ -143,15 +90,15 @@ export const executeAgent = action({
           content: m.content,
         }));
 
-      // Execute the LLM call
-      const result = await generateText({
-        model,
-        system: agent.instructions || "You are a helpful AI assistant.",
-        messages: conversationMessages,
-        ...(agent.temperature != null && { temperature: agent.temperature }),
-        ...(agent.maxTokens != null && { maxTokens: agent.maxTokens }),
+      // Execute via Mastra Agent
+      const mastraAgent = new Agent({
+        name: "agentforge-executor",
+        instructions: agent.instructions || "You are a helpful AI assistant.",
+        model: modelKey,
       });
 
+      const result = await mastraAgent.generate(conversationMessages);
+
       const responseContent = result.text;
 
       // Add assistant message to thread

package/dist/default/dashboard/app/routes/skills.tsx

@@ -38,7 +38,7 @@ export const webSearch = createTool({
   {
     name: 'code-executor',
     displayName: 'Code Executor',
-    description: 'Safely execute JavaScript/TypeScript code snippets in a sandboxed environment and return the output.',
+    description: 'Execute JavaScript/TypeScript code snippets via the AgentForge sandbox API and return the output.',
     category: 'Tools',
     version: '1.0.0',
     author: 'AgentForge',
@@ -48,18 +48,25 @@ import { z } from 'zod';
 
 export const codeExecutor = createTool({
   id: 'code-executor',
-  description: 'Execute JavaScript code and return the result',
+  description: 'Execute JavaScript code via the sandbox API and return the result',
   inputSchema: z.object({
     code: z.string().describe('JavaScript code to execute'),
+    language: z.enum(['javascript', 'typescript']).default('javascript'),
   }),
   execute: async ({ context }) => {
-    try {
-      const fn = new Function('return (async () => {' + context.code + '})()');
-      const result = await fn();
-      return { success: true, output: String(result) };
-    } catch (error: any) {
-      return { success: false, error: error.message };
+    // Code is executed server-side via the AgentForge sandbox API,
+    // not via eval or Function constructor, to prevent arbitrary code execution risks.
+    const response = await fetch('/api/sandbox/execute', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ code: context.code, language: context.language }),
+    });
+    if (!response.ok) {
+      const err = await response.json().catch(() => ({ error: 'Unknown error' }));
+      return { success: false, error: err.error ?? 'Sandbox execution failed' };
     }
+    const data = await response.json();
+    return { success: true, output: String(data.output ?? '') };
   },
 });`,
   },
@@ -74,16 +81,71 @@ export const codeExecutor = createTool({
     code: `import { createTool } from '@mastra/core';
 import { z } from 'zod';
 
+// Safe arithmetic evaluator — no eval or Function constructor used.
+function evaluateExpression(expr: string): number {
+  // Allow only digits, operators, parentheses, dots, and whitespace.
+  if (!/^[0-9+\\-*/().%\\s]+$/.test(expr)) {
+    throw new Error('Expression contains invalid characters');
+  }
+  // Recursive descent parser for: expr = term (('+' | '-') term)*
+  let pos = 0;
+  const peek = () => expr[pos] ?? '';
+  const consume = () => expr[pos++];
+  const skipWs = () => { while (peek() === ' ') consume(); };
+
+  function parseNumber(): number {
+    skipWs();
+    let num = '';
+    if (peek() === '(') { consume(); const v = parseExpr(); skipWs(); consume(); return v; }
+    while (/[0-9.]/.test(peek())) num += consume();
+    if (num === '') throw new Error('Expected number');
+    return parseFloat(num);
+  }
+
+  function parseFactor(): number {
+    skipWs();
+    if (peek() === '-') { consume(); return -parseFactor(); }
+    return parseNumber();
+  }
+
+  function parseTerm(): number {
+    let left = parseFactor();
+    skipWs();
+    while (peek() === '*' || peek() === '/') {
+      const op = consume(); skipWs();
+      const right = parseFactor();
+      left = op === '*' ? left * right : left / right;
+      skipWs();
+    }
+    return left;
+  }
+
+  function parseExpr(): number {
+    let left = parseTerm();
+    skipWs();
+    while (peek() === '+' || peek() === '-') {
+      const op = consume(); skipWs();
+      const right = parseTerm();
+      left = op === '+' ? left + right : left - right;
+      skipWs();
+    }
+    return left;
+  }
+
+  const result = parseExpr();
+  if (pos !== expr.length) throw new Error('Unexpected token at position ' + pos);
+  return result;
+}
+
 export const calculator = createTool({
   id: 'calculator',
-  description: 'Evaluate a mathematical expression',
+  description: 'Evaluate a mathematical expression safely',
   inputSchema: z.object({
     expression: z.string().describe('Math expression to evaluate, e.g. "2 + 2 * 3"'),
   }),
   execute: async ({ context }) => {
     try {
-      const sanitized = context.expression.replace(/[^0-9+\\-*/().%\\s]/g, '');
-      const result = Function('"use strict"; return (' + sanitized + ')')();
+      const result = evaluateExpression(context.expression.trim());
       return { result: Number(result), expression: context.expression };
     } catch (error: any) {
       return { error: 'Invalid expression: ' + error.message };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentforge-ai/cli",
-  "version": "0.5.5",
+  "version": "0.7.0",
   "description": "CLI tool for creating, running, and managing AgentForge projects",
   "type": "module",
   "bin": {
@@ -19,7 +19,8 @@
     "fs-extra": "^11.2.0",
     "gray-matter": "^4.0.3",
     "ora": "^8.0.0",
-    "prompts": "^2.4.2"
+    "prompts": "^2.4.2",
+    "@agentforge-ai/core": "0.7.0"
   },
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",

package/templates/default/convex/chat.ts

@@ -3,17 +3,17 @@
  *
  * This module provides the core chat execution pipeline:
  * 1. User sends a message → stored via mutation
- * 2. Convex action triggers LLM generation via OpenRouter (AI SDK)
+ * 2. Convex action triggers LLM generation via Mastra Agent
  * 3. Assistant response stored back in Convex
  * 4. Real-time subscription updates the UI automatically
  *
- * Uses the Vercel AI SDK with OpenRouter as an OpenAI-compatible provider.
- * No dynamic imports of @mastra/core — we use the AI SDK directly in Convex
- * Node.js actions for maximum reliability.
+ * Uses Mastra-native model routing via Agent.generate() with "provider/model-name" format.
+ * Mastra auto-reads provider API keys from environment variables.
  */
 import { action, mutation, query } from "./_generated/server";
 import { v } from "convex/values";
 import { api } from "./_generated/api";
+import { Agent } from "@mastra/core/agent";
 
 // ============================================================
 // Queries
@@ -140,7 +140,7 @@ export const addAssistantMessage = mutation({
  * 1. Looks up the agent config from the database
  * 2. Stores the user message
  * 3. Builds conversation history from the thread
- * 4. Calls OpenRouter (or other provider) via the AI SDK
+ * 4. Calls the provider via Mastra Agent.generate()
  * 5. Stores the assistant response
  * 6. Records usage metrics
  *
@@ -180,54 +180,25 @@ export const sendMessage = action({
         content: msg.content,
       }));
 
-    // 4. Call the LLM via AI SDK
+    // 4. Call the LLM via Mastra Agent
     let responseText: string;
     let usageData: { promptTokens: number; completionTokens: number; totalTokens: number } | null = null;
 
     try {
-      // Dynamically import the AI SDK (available in Convex Node.js actions)
-      const { generateText } = await import("ai");
-      const { createOpenAI } = await import("@ai-sdk/openai");
-
       // Resolve the model provider and ID
       const provider = agent.provider || "openrouter";
       const modelId = agent.model || "openai/gpt-4o-mini";
+      const modelKey = `${provider}/${modelId}`;
 
-      // Create the appropriate provider instance
-      let model;
-      if (provider === "openrouter") {
-        const openrouter = createOpenAI({
-          baseURL: "https://openrouter.ai/api/v1",
-          apiKey: process.env.OPENROUTER_API_KEY,
-        });
-        model = openrouter(modelId);
-      } else if (provider === "openai") {
-        const openai = createOpenAI({
-          apiKey: process.env.OPENAI_API_KEY,
-        });
-        model = openai(modelId);
-      } else {
-        // Default to OpenRouter for any provider — it routes to all models
-        const openrouter = createOpenAI({
-          baseURL: "https://openrouter.ai/api/v1",
-          apiKey: process.env.OPENROUTER_API_KEY,
-        });
-        // Use provider/model format for OpenRouter routing
-        const routerModelId = modelId.includes("/")
-          ? modelId
-          : `${provider}/${modelId}`;
-        model = openrouter(routerModelId);
-      }
-
-      // Generate the response
-      const result = await generateText({
-        model,
-        system: agent.instructions || "You are a helpful AI assistant built with AgentForge.",
-        messages: conversationMessages,
-        ...(agent.temperature != null && { temperature: agent.temperature }),
-        ...(agent.maxTokens != null && { maxTokens: agent.maxTokens }),
+      // Generate via Mastra Agent
+      const mastraAgent = new Agent({
+        name: "agentforge-executor",
+        instructions: agent.instructions || "You are a helpful AI assistant built with AgentForge.",
+        model: modelKey,
       });
 
+      const result = await mastraAgent.generate(conversationMessages);
+
       responseText = result.text;
 
       // Extract usage if available
@@ -240,7 +211,7 @@ export const sendMessage = action({
       }
     } catch (error: unknown) {
       const errorMessage = error instanceof Error ? error.message : String(error);
-      console.error("[chat.sendMessage] LLM error:", errorMessage);
+      console.error("[chat.sendMessage] Mastra error:", errorMessage);
 
       // Store error as assistant message so user sees feedback
       responseText = `I encountered an error while processing your request: ${errorMessage}`;

package/templates/default/convex/mastraIntegration.ts

@@ -2,20 +2,17 @@
  * Mastra Integration Actions for Convex
  *
  * These actions run in the Convex Node.js runtime and execute LLM calls
- * using the Vercel AI SDK with OpenRouter as the default provider.
+ * using Mastra-native model routing with OpenRouter as the default provider.
  *
  * Architecture:
  * - For chat: use `chat.sendMessage` (preferred entry point)
  * - For programmatic agent execution: use `mastraIntegration.executeAgent`
- * - Model resolution: uses AI SDK providers directly (OpenRouter, OpenAI, etc.)
- *
- * This replaces the previous broken approach of dynamically importing
- * @mastra/core inside Convex actions. The AI SDK is the correct way to
- * call LLMs from Convex Node.js actions.
+ * - Model resolution: uses Mastra Agent with "provider/model-name" format
  */
 import { action } from "./_generated/server";
 import { v } from "convex/values";
 import { api } from "./_generated/api";
+import { Agent } from "@mastra/core/agent";
 
 // Return type for executeAgent
 type ExecuteAgentResult = {
@@ -30,54 +27,6 @@ type ExecuteAgentResult = {
   };
 };
 
-/**
- * Resolve a model instance from provider + modelId using the AI SDK.
- *
- * Supports: openrouter, openai, anthropic, google, venice, custom.
- * Falls back to OpenRouter for unknown providers (it routes to all models).
- */
-async function resolveModel(provider: string, modelId: string) {
-  const { createOpenAI } = await import("@ai-sdk/openai");
-
-  switch (provider) {
-    case "openai": {
-      const openai = createOpenAI({
-        apiKey: process.env.OPENAI_API_KEY,
-      });
-      return openai(modelId);
-    }
-
-    case "anthropic": {
-      const { createAnthropic } = await import("@ai-sdk/anthropic");
-      const anthropic = createAnthropic({
-        apiKey: process.env.ANTHROPIC_API_KEY,
-      });
-      return anthropic(modelId);
-    }
-
-    case "google": {
-      const { createGoogleGenerativeAI } = await import("@ai-sdk/google");
-      const google = createGoogleGenerativeAI({
-        apiKey: process.env.GEMINI_API_KEY,
-      });
-      return google(modelId);
-    }
-
-    case "openrouter":
-    default: {
-      // OpenRouter is OpenAI-compatible and routes to all providers
-      const openrouter = createOpenAI({
-        baseURL: "https://openrouter.ai/api/v1",
-        apiKey: process.env.OPENROUTER_API_KEY,
-      });
-      const routerModelId = modelId.includes("/")
-        ? modelId
-        : `${provider}/${modelId}`;
-      return openrouter(routerModelId);
-    }
-  }
-}
-
 /**
  * Execute an agent with a prompt and return the response.
  *
@@ -127,12 +76,10 @@ export const executeAgent = action({
     });
 
     try {
-      const { generateText } = await import("ai");
-
       // Resolve the model
       const provider = agent.provider || "openrouter";
       const modelId = agent.model || "openai/gpt-4o-mini";
-      const model = await resolveModel(provider, modelId);
+      const modelKey = `${provider}/${modelId}`;
 
       // Get conversation history for context
       const messages = await ctx.runQuery(api.messages.list, { threadId });
@@ -143,15 +90,15 @@ export const executeAgent = action({
           content: m.content,
         }));
 
-      // Execute the LLM call
-      const result = await generateText({
-        model,
-        system: agent.instructions || "You are a helpful AI assistant.",
-        messages: conversationMessages,
-        ...(agent.temperature != null && { temperature: agent.temperature }),
-        ...(agent.maxTokens != null && { maxTokens: agent.maxTokens }),
+      // Execute via Mastra Agent
+      const mastraAgent = new Agent({
+        name: "agentforge-executor",
+        instructions: agent.instructions || "You are a helpful AI assistant.",
+        model: modelKey,
       });
 
+      const result = await mastraAgent.generate(conversationMessages);
+
       const responseContent = result.text;
 
       // Add assistant message to thread

package/templates/default/dashboard/app/routes/skills.tsx

@@ -38,7 +38,7 @@ export const webSearch = createTool({
   {
     name: 'code-executor',
     displayName: 'Code Executor',
-    description: 'Safely execute JavaScript/TypeScript code snippets in a sandboxed environment and return the output.',
+    description: 'Execute JavaScript/TypeScript code snippets via the AgentForge sandbox API and return the output.',
     category: 'Tools',
     version: '1.0.0',
     author: 'AgentForge',
@@ -48,18 +48,25 @@ import { z } from 'zod';
 
 export const codeExecutor = createTool({
   id: 'code-executor',
-  description: 'Execute JavaScript code and return the result',
+  description: 'Execute JavaScript code via the sandbox API and return the result',
   inputSchema: z.object({
     code: z.string().describe('JavaScript code to execute'),
+    language: z.enum(['javascript', 'typescript']).default('javascript'),
   }),
   execute: async ({ context }) => {
-    try {
-      const fn = new Function('return (async () => {' + context.code + '})()');
-      const result = await fn();
-      return { success: true, output: String(result) };
-    } catch (error: any) {
-      return { success: false, error: error.message };
+    // Code is executed server-side via the AgentForge sandbox API,
+    // not via eval or Function constructor, to prevent arbitrary code execution risks.
+    const response = await fetch('/api/sandbox/execute', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ code: context.code, language: context.language }),
+    });
+    if (!response.ok) {
+      const err = await response.json().catch(() => ({ error: 'Unknown error' }));
+      return { success: false, error: err.error ?? 'Sandbox execution failed' };
     }
+    const data = await response.json();
+    return { success: true, output: String(data.output ?? '') };
   },
 });`,
   },
@@ -74,16 +81,71 @@ export const codeExecutor = createTool({
     code: `import { createTool } from '@mastra/core';
 import { z } from 'zod';
 
+// Safe arithmetic evaluator — no eval or Function constructor used.
+function evaluateExpression(expr: string): number {
+  // Allow only digits, operators, parentheses, dots, and whitespace.
+  if (!/^[0-9+\\-*/().%\\s]+$/.test(expr)) {
+    throw new Error('Expression contains invalid characters');
+  }
+  // Recursive descent parser for: expr = term (('+' | '-') term)*
+  let pos = 0;
+  const peek = () => expr[pos] ?? '';
+  const consume = () => expr[pos++];
+  const skipWs = () => { while (peek() === ' ') consume(); };
+
+  function parseNumber(): number {
+    skipWs();
+    let num = '';
+    if (peek() === '(') { consume(); const v = parseExpr(); skipWs(); consume(); return v; }
+    while (/[0-9.]/.test(peek())) num += consume();
+    if (num === '') throw new Error('Expected number');
+    return parseFloat(num);
+  }
+
+  function parseFactor(): number {
+    skipWs();
+    if (peek() === '-') { consume(); return -parseFactor(); }
+    return parseNumber();
+  }
+
+  function parseTerm(): number {
+    let left = parseFactor();
+    skipWs();
+    while (peek() === '*' || peek() === '/') {
+      const op = consume(); skipWs();
+      const right = parseFactor();
+      left = op === '*' ? left * right : left / right;
+      skipWs();
+    }
+    return left;
+  }
+
+  function parseExpr(): number {
+    let left = parseTerm();
+    skipWs();
+    while (peek() === '+' || peek() === '-') {
+      const op = consume(); skipWs();
+      const right = parseTerm();
+      left = op === '+' ? left + right : left - right;
+      skipWs();
+    }
+    return left;
+  }
+
+  const result = parseExpr();
+  if (pos !== expr.length) throw new Error('Unexpected token at position ' + pos);
+  return result;
+}
+
 export const calculator = createTool({
   id: 'calculator',
-  description: 'Evaluate a mathematical expression',
+  description: 'Evaluate a mathematical expression safely',
   inputSchema: z.object({
     expression: z.string().describe('Math expression to evaluate, e.g. "2 + 2 * 3"'),
   }),
   execute: async ({ context }) => {
     try {
-      const sanitized = context.expression.replace(/[^0-9+\\-*/().%\\s]/g, '');
-      const result = Function('"use strict"; return (' + sanitized + ')')();
+      const result = evaluateExpression(context.expression.trim());
       return { result: Number(result), expression: context.expression };
     } catch (error: any) {
       return { error: 'Invalid expression: ' + error.message };