langchain 1.0.0a12__py3-none-any.whl → 1.0.4__py3-none-any.whl

langchain/agents/middleware/summarization.py

@@ -60,7 +60,7 @@ _SEARCH_RANGE_FOR_TOOL_PAIRS = 5
 
 
 class SummarizationMiddleware(AgentMiddleware):
-    """Middleware that summarizes conversation history when token limits are approached.
+    """Summarizes conversation history when token limits are approached.
 
     This middleware monitors message token counts and automatically summarizes older
     messages when a threshold is reached, preserving recent messages and maintaining
@@ -81,7 +81,7 @@ class SummarizationMiddleware(AgentMiddleware):
         Args:
             model: The language model to use for generating summaries.
             max_tokens_before_summary: Token threshold to trigger summarization.
-                If None, summarization is disabled.
+                If `None`, summarization is disabled.
             messages_to_keep: Number of recent messages to preserve after summarization.
             token_counter: Function to count tokens in messages.
             summary_prompt: Prompt template for generating summaries.

langchain/agents/middleware/{planning.py → todo.py}

@@ -5,17 +5,24 @@ from __future__ import annotations
 
 from typing import TYPE_CHECKING, Annotated, Literal
 
+if TYPE_CHECKING:
+    from collections.abc import Awaitable, Callable
+
 from langchain_core.messages import ToolMessage
 from langchain_core.tools import tool
 from langgraph.types import Command
 from typing_extensions import NotRequired, TypedDict
 
-from langchain.agents.middleware.types import AgentMiddleware, AgentState, ModelRequest
+from langchain.agents.middleware.types import (
+    AgentMiddleware,
+    AgentState,
+    ModelCallResult,
+    ModelRequest,
+    ModelResponse,
+    OmitFromInput,
+)
 from langchain.tools import InjectedToolCallId
 
-if TYPE_CHECKING:
-    from langgraph.runtime import Runtime
-
 
 class Todo(TypedDict):
     """A single todo item with content and status."""
@@ -30,7 +37,7 @@ class Todo(TypedDict):
 class PlanningState(AgentState):
     """State schema for the todo middleware."""
 
-    todos: NotRequired[list[Todo]]
+    todos: Annotated[NotRequired[list[Todo]], OmitFromInput]
     """List of todo items for tracking task progress."""
 
 
@@ -120,7 +127,7 @@ def write_todos(todos: list[Todo], tool_call_id: Annotated[str, InjectedToolCall
     )
 
 
-class PlanningMiddleware(AgentMiddleware):
+class TodoListMiddleware(AgentMiddleware):
     """Middleware that provides todo list management capabilities to agents.
 
     This middleware adds a `write_todos` tool that allows agents to create and manage
@@ -133,10 +140,10 @@ class PlanningMiddleware(AgentMiddleware):
 
     Example:
         ```python
-        from langchain.agents.middleware.planning import PlanningMiddleware
+        from langchain.agents.middleware.todo import TodoListMiddleware
         from langchain.agents import create_agent
 
-        agent = create_agent("openai:gpt-4o", middleware=[PlanningMiddleware()])
+        agent = create_agent("openai:gpt-4o", middleware=[TodoListMiddleware()])
 
         # Agent now has access to write_todos tool and todo state tracking
         result = await agent.invoke({"messages": [HumanMessage("Help me refactor my codebase")]})
@@ -146,9 +153,9 @@ class PlanningMiddleware(AgentMiddleware):
 
     Args:
         system_prompt: Custom system prompt to guide the agent on using the todo tool.
-            If not provided, uses the default ``WRITE_TODOS_SYSTEM_PROMPT``.
+            If not provided, uses the default `WRITE_TODOS_SYSTEM_PROMPT`.
         tool_description: Custom description for the write_todos tool.
-            If not provided, uses the default ``WRITE_TODOS_TOOL_DESCRIPTION``.
+            If not provided, uses the default `WRITE_TODOS_TOOL_DESCRIPTION`.
     """
 
     state_schema = PlanningState
@@ -159,7 +166,7 @@ class PlanningMiddleware(AgentMiddleware):
         system_prompt: str = WRITE_TODOS_SYSTEM_PROMPT,
         tool_description: str = WRITE_TODOS_TOOL_DESCRIPTION,
     ) -> None:
-        """Initialize the PlanningMiddleware with optional custom prompts.
+        """Initialize the TodoListMiddleware with optional custom prompts.
 
         Args:
             system_prompt: Custom system prompt to guide the agent on using the todo tool.
@@ -186,16 +193,28 @@ class PlanningMiddleware(AgentMiddleware):
 
         self.tools = [write_todos]
 
-    def modify_model_request(
+    def wrap_model_call(
         self,
         request: ModelRequest,
-        state: AgentState,  # noqa: ARG002
-        runtime: Runtime,  # noqa: ARG002
-    ) -> ModelRequest:
+        handler: Callable[[ModelRequest], ModelResponse],
+    ) -> ModelCallResult:
         """Update the system prompt to include the todo system prompt."""
         request.system_prompt = (
             request.system_prompt + "\n\n" + self.system_prompt
             if request.system_prompt
             else self.system_prompt
         )
-        return request
+        return handler(request)
+
+    async def awrap_model_call(
+        self,
+        request: ModelRequest,
+        handler: Callable[[ModelRequest], Awaitable[ModelResponse]],
+    ) -> ModelCallResult:
+        """Update the system prompt to include the todo system prompt (async version)."""
+        request.system_prompt = (
+            request.system_prompt + "\n\n" + self.system_prompt
+            if request.system_prompt
+            else self.system_prompt
+        )
+        return await handler(request)

langchain/agents/middleware/tool_call_limit.py

@@ -2,71 +2,78 @@
 
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Any, Literal
+from typing import TYPE_CHECKING, Annotated, Any, Generic, Literal
 
-from langchain_core.messages import AIMessage, AnyMessage, HumanMessage
+from langchain_core.messages import AIMessage, ToolCall, ToolMessage
+from langgraph.channels.untracked_value import UntrackedValue
+from langgraph.typing import ContextT
+from typing_extensions import NotRequired
 
-from langchain.agents.middleware.types import AgentMiddleware, AgentState, hook_config
+from langchain.agents.middleware.types import (
+    AgentMiddleware,
+    AgentState,
+    PrivateStateAttr,
+    ResponseT,
+    hook_config,
+)
 
 if TYPE_CHECKING:
     from langgraph.runtime import Runtime
 
+ExitBehavior = Literal["continue", "error", "end"]
+"""How to handle execution when tool call limits are exceeded.
 
-def _count_tool_calls_in_messages(messages: list[AnyMessage], tool_name: str | None = None) -> int:
-    """Count tool calls in a list of messages.
+- `"continue"`: Block exceeded tools with error messages, let other tools continue (default)
+- `"error"`: Raise a `ToolCallLimitExceededError` exception
+- `"end"`: Stop execution immediately, injecting a ToolMessage and an AI message
+    for the single tool call that exceeded the limit. Raises `NotImplementedError`
+    if there are other pending tool calls (due to parallel tool calling).
+"""
 
-    Args:
-        messages: List of messages to count tool calls in.
-        tool_name: If specified, only count calls to this specific tool.
-            If None, count all tool calls.
 
-    Returns:
-        The total number of tool calls (optionally filtered by tool_name).
+class ToolCallLimitState(AgentState[ResponseT], Generic[ResponseT]):
+    """State schema for ToolCallLimitMiddleware.
+
+    Extends AgentState with tool call tracking fields.
+
+    The count fields are dictionaries mapping tool names to execution counts.
+    This allows multiple middleware instances to track different tools independently.
+    The special key "__all__" is used for tracking all tool calls globally.
     """
-    count = 0
-    for message in messages:
-        if isinstance(message, AIMessage) and message.tool_calls:
-            if tool_name is None:
-                # Count all tool calls
-                count += len(message.tool_calls)
-            else:
-                # Count only calls to the specified tool
-                count += sum(1 for tc in message.tool_calls if tc["name"] == tool_name)
-    return count
 
+    thread_tool_call_count: NotRequired[Annotated[dict[str, int], PrivateStateAttr]]
+    run_tool_call_count: NotRequired[Annotated[dict[str, int], UntrackedValue, PrivateStateAttr]]
+
+
+def _build_tool_message_content(tool_name: str | None) -> str:
+    """Build the error message content for ToolMessage when limit is exceeded.
 
-def _get_run_messages(messages: list[AnyMessage]) -> list[AnyMessage]:
-    """Get messages from the current run (after the last HumanMessage).
+    This message is sent to the model, so it should not reference thread/run concepts
+    that the model has no notion of.
 
     Args:
-        messages: Full list of messages.
+        tool_name: Tool name being limited (if specific tool), or None for all tools.
 
     Returns:
-        Messages from the current run (after last HumanMessage).
+        A concise message instructing the model not to call the tool again.
     """
-    # Find the last HumanMessage
-    last_human_index = -1
-    for i in range(len(messages) - 1, -1, -1):
-        if isinstance(messages[i], HumanMessage):
-            last_human_index = i
-            break
-
-    # If no HumanMessage found, return all messages
-    if last_human_index == -1:
-        return messages
+    # Always instruct the model not to call again, regardless of which limit was hit
+    if tool_name:
+        return f"Tool call limit exceeded. Do not call '{tool_name}' again."
+    return "Tool call limit exceeded. Do not make additional tool calls."
 
-    # Return messages after the last HumanMessage
-    return messages[last_human_index + 1 :]
 
-
-def _build_tool_limit_exceeded_message(
+def _build_final_ai_message_content(
     thread_count: int,
     run_count: int,
     thread_limit: int | None,
     run_limit: int | None,
     tool_name: str | None,
 ) -> str:
-    """Build a message indicating which tool call limits were exceeded.
+    """Build the final AI message content for 'end' behavior.
+
+    This message is displayed to the user, so it should include detailed information
+    about which limits were exceeded.
 
     Args:
         thread_count: Current thread tool call count.
@@ -78,14 +85,16 @@ def _build_tool_limit_exceeded_message(
     Returns:
         A formatted message describing which limits were exceeded.
     """
-    tool_desc = f"'{tool_name}' tool call" if tool_name else "Tool call"
+    tool_desc = f"'{tool_name}' tool" if tool_name else "Tool"
     exceeded_limits = []
-    if thread_limit is not None and thread_count >= thread_limit:
-        exceeded_limits.append(f"thread limit ({thread_count}/{thread_limit})")
-    if run_limit is not None and run_count >= run_limit:
-        exceeded_limits.append(f"run limit ({run_count}/{run_limit})")
 
-    return f"{tool_desc} limits exceeded: {', '.join(exceeded_limits)}"
+    if thread_limit is not None and thread_count > thread_limit:
+        exceeded_limits.append(f"thread limit exceeded ({thread_count}/{thread_limit} calls)")
+    if run_limit is not None and run_count > run_limit:
+        exceeded_limits.append(f"run limit exceeded ({run_count}/{run_limit} calls)")
+
+    limits_text = " and ".join(exceeded_limits)
+    return f"{tool_desc} call limit reached: {limits_text}."
 
 
 class ToolCallLimitExceededError(Exception):
@@ -118,70 +127,100 @@ class ToolCallLimitExceededError(Exception):
         self.run_limit = run_limit
         self.tool_name = tool_name
 
-        msg = _build_tool_limit_exceeded_message(
+        msg = _build_final_ai_message_content(
             thread_count, run_count, thread_limit, run_limit, tool_name
         )
         super().__init__(msg)
 
 
-class ToolCallLimitMiddleware(AgentMiddleware):
-    """Middleware that tracks tool call counts and enforces limits.
-
-    This middleware monitors the number of tool calls made during agent execution
-    and can terminate the agent when specified limits are reached. It supports
-    both thread-level and run-level call counting with configurable exit behaviors.
+class ToolCallLimitMiddleware(
+    AgentMiddleware[ToolCallLimitState[ResponseT], ContextT],
+    Generic[ResponseT, ContextT],
+):
+    """Track tool call counts and enforces limits during agent execution.
 
-    Thread-level: The middleware counts all tool calls in the entire message history
-    and persists this count across multiple runs (invocations) of the agent.
+    This middleware monitors the number of tool calls made and can terminate or
+    restrict execution when limits are exceeded. It supports both thread-level
+    (persistent across runs) and run-level (per invocation) call counting.
 
-    Run-level: The middleware counts tool calls made after the last HumanMessage,
-    representing the current run (invocation) of the agent.
+    Configuration:
+        - `exit_behavior`: How to handle when limits are exceeded
+          - `"continue"`: Block exceeded tools, let execution continue (default)
+          - `"error"`: Raise an exception
+          - `"end"`: Stop immediately with a ToolMessage + AI message for the single
+            tool call that exceeded the limit (raises `NotImplementedError` if there
+            are other pending tool calls (due to parallel tool calling).
 
-    Example:
+    Examples:
+        Continue execution with blocked tools (default):
         ```python
         from langchain.agents.middleware.tool_call_limit import ToolCallLimitMiddleware
         from langchain.agents import create_agent
 
-        # Limit all tool calls globally
-        global_limiter = ToolCallLimitMiddleware(thread_limit=20, run_limit=10, exit_behavior="end")
-
-        # Limit a specific tool
-        search_limiter = ToolCallLimitMiddleware(
-            tool_name="search", thread_limit=5, run_limit=3, exit_behavior="end"
+        # Block exceeded tools but let other tools and model continue
+        limiter = ToolCallLimitMiddleware(
+            thread_limit=20,
+            run_limit=10,
+            exit_behavior="continue",  # default
         )
 
-        # Use both in the same agent
-        agent = create_agent("openai:gpt-4o", middleware=[global_limiter, search_limiter])
+        agent = create_agent("openai:gpt-4o", middleware=[limiter])
+        ```
+
+        Stop immediately when limit exceeded:
+        ```python
+        # End execution immediately with an AI message
+        limiter = ToolCallLimitMiddleware(run_limit=5, exit_behavior="end")
 
-        result = await agent.invoke({"messages": [HumanMessage("Help me with a task")]})
+        agent = create_agent("openai:gpt-4o", middleware=[limiter])
         ```
+
+        Raise exception on limit:
+        ```python
+        # Strict limit with exception handling
+        limiter = ToolCallLimitMiddleware(tool_name="search", thread_limit=5, exit_behavior="error")
+
+        agent = create_agent("openai:gpt-4o", middleware=[limiter])
+
+        try:
+            result = await agent.invoke({"messages": [HumanMessage("Task")]})
+        except ToolCallLimitExceededError as e:
+            print(f"Search limit exceeded: {e}")
+        ```
+
     """
 
+    state_schema = ToolCallLimitState  # type: ignore[assignment]
+
     def __init__(
         self,
         *,
         tool_name: str | None = None,
         thread_limit: int | None = None,
         run_limit: int | None = None,
-        exit_behavior: Literal["end", "error"] = "end",
+        exit_behavior: ExitBehavior = "continue",
     ) -> None:
         """Initialize the tool call limit middleware.
 
         Args:
-            tool_name: Name of the specific tool to limit. If None, limits apply
-                to all tools. Defaults to None.
+            tool_name: Name of the specific tool to limit. If `None`, limits apply
+                to all tools. Defaults to `None`.
             thread_limit: Maximum number of tool calls allowed per thread.
-                None means no limit. Defaults to None.
+                `None` means no limit. Defaults to `None`.
             run_limit: Maximum number of tool calls allowed per run.
-                None means no limit. Defaults to None.
-            exit_behavior: What to do when limits are exceeded.
-                - "end": Jump to the end of the agent execution and
-                    inject an artificial AI message indicating that the limit was exceeded.
-                - "error": Raise a ToolCallLimitExceededError
-                Defaults to "end".
+                `None` means no limit. Defaults to `None`.
+            exit_behavior: How to handle when limits are exceeded.
+                - `"continue"`: Block exceeded tools with error messages, let other
+                  tools continue. Model decides when to end. (default)
+                - `"error"`: Raise a `ToolCallLimitExceededError` exception
+                - `"end"`: Stop execution immediately with a ToolMessage + AI message
+                  for the single tool call that exceeded the limit. Raises
+                  `NotImplementedError` if there are multiple parallel tool
+                  calls to other tools or multiple pending tool calls.
 
         Raises:
-            ValueError: If both limits are None or if exit_behavior is invalid.
+            ValueError: If both limits are `None`, if exit_behavior is invalid,
+                or if run_limit exceeds thread_limit.
         """
         super().__init__()
 
@@ -189,8 +228,16 @@ class ToolCallLimitMiddleware(AgentMiddleware):
             msg = "At least one limit must be specified (thread_limit or run_limit)"
             raise ValueError(msg)
 
-        if exit_behavior not in ("end", "error"):
-            msg = f"Invalid exit_behavior: {exit_behavior}. Must be 'end' or 'error'"
+        valid_behaviors = ("continue", "error", "end")
+        if exit_behavior not in valid_behaviors:
+            msg = f"Invalid exit_behavior: {exit_behavior!r}. Must be one of {valid_behaviors}"
+            raise ValueError(msg)
+
+        if thread_limit is not None and run_limit is not None and run_limit > thread_limit:
+            msg = (
+                f"run_limit ({run_limit}) cannot exceed thread_limit ({thread_limit}). "
+                "The run limit should be less than or equal to the thread limit."
+            )
             raise ValueError(msg)
 
         self.tool_name = tool_name
@@ -210,51 +257,198 @@ class ToolCallLimitMiddleware(AgentMiddleware):
             return f"{base_name}[{self.tool_name}]"
         return base_name
 
+    def _would_exceed_limit(self, thread_count: int, run_count: int) -> bool:
+        """Check if incrementing the counts would exceed any configured limit.
+
+        Args:
+            thread_count: Current thread call count.
+            run_count: Current run call count.
+
+        Returns:
+            True if either limit would be exceeded by one more call.
+        """
+        return (self.thread_limit is not None and thread_count + 1 > self.thread_limit) or (
+            self.run_limit is not None and run_count + 1 > self.run_limit
+        )
+
+    def _matches_tool_filter(self, tool_call: ToolCall) -> bool:
+        """Check if a tool call matches this middleware's tool filter.
+
+        Args:
+            tool_call: The tool call to check.
+
+        Returns:
+            True if this middleware should track this tool call.
+        """
+        return self.tool_name is None or tool_call["name"] == self.tool_name
+
+    def _separate_tool_calls(
+        self, tool_calls: list[ToolCall], thread_count: int, run_count: int
+    ) -> tuple[list[ToolCall], list[ToolCall], int, int]:
+        """Separate tool calls into allowed and blocked based on limits.
+
+        Args:
+            tool_calls: List of tool calls to evaluate.
+            thread_count: Current thread call count.
+            run_count: Current run call count.
+
+        Returns:
+            Tuple of (allowed_calls, blocked_calls, final_thread_count, final_run_count).
+        """
+        allowed_calls: list[ToolCall] = []
+        blocked_calls: list[ToolCall] = []
+        temp_thread_count = thread_count
+        temp_run_count = run_count
+
+        for tool_call in tool_calls:
+            if not self._matches_tool_filter(tool_call):
+                continue
+
+            if self._would_exceed_limit(temp_thread_count, temp_run_count):
+                blocked_calls.append(tool_call)
+            else:
+                allowed_calls.append(tool_call)
+                temp_thread_count += 1
+                temp_run_count += 1
+
+        return allowed_calls, blocked_calls, temp_thread_count, temp_run_count
+
     @hook_config(can_jump_to=["end"])
-    def before_model(self, state: AgentState, runtime: Runtime) -> dict[str, Any] | None:  # noqa: ARG002
-        """Check tool call limits before making a model call.
+    def after_model(
+        self,
+        state: ToolCallLimitState[ResponseT],
+        runtime: Runtime[ContextT],  # noqa: ARG002
+    ) -> dict[str, Any] | None:
+        """Increment tool call counts after a model call and check limits.
 
         Args:
-            state: The current agent state containing messages.
+            state: The current agent state.
             runtime: The langgraph runtime.
 
         Returns:
-            If limits are exceeded and exit_behavior is "end", returns
-            a Command to jump to the end with a limit exceeded message. Otherwise returns None.
+            State updates with incremented tool call counts. If limits are exceeded
+            and exit_behavior is "end", also includes a jump to end with a ToolMessage
+            and AI message for the single exceeded tool call.
 
         Raises:
             ToolCallLimitExceededError: If limits are exceeded and exit_behavior
                 is "error".
+            NotImplementedError: If limits are exceeded, exit_behavior is "end",
+                and there are multiple tool calls.
         """
+        # Get the last AIMessage to check for tool calls
         messages = state.get("messages", [])
+        if not messages:
+            return None
+
+        # Find the last AIMessage
+        last_ai_message = None
+        for message in reversed(messages):
+            if isinstance(message, AIMessage):
+                last_ai_message = message
+                break
+
+        if not last_ai_message or not last_ai_message.tool_calls:
+            return None
+
+        # Get the count key for this middleware instance
+        count_key = self.tool_name if self.tool_name else "__all__"
+
+        # Get current counts
+        thread_counts = state.get("thread_tool_call_count", {}).copy()
+        run_counts = state.get("run_tool_call_count", {}).copy()
+        current_thread_count = thread_counts.get(count_key, 0)
+        current_run_count = run_counts.get(count_key, 0)
+
+        # Separate tool calls into allowed and blocked
+        allowed_calls, blocked_calls, new_thread_count, new_run_count = self._separate_tool_calls(
+            last_ai_message.tool_calls, current_thread_count, current_run_count
+        )
 
-        # Count tool calls in entire thread
-        thread_count = _count_tool_calls_in_messages(messages, self.tool_name)
-
-        # Count tool calls in current run (after last HumanMessage)
-        run_messages = _get_run_messages(messages)
-        run_count = _count_tool_calls_in_messages(run_messages, self.tool_name)
-
-        # Check if any limits are exceeded
-        thread_limit_exceeded = self.thread_limit is not None and thread_count >= self.thread_limit
-        run_limit_exceeded = self.run_limit is not None and run_count >= self.run_limit
-
-        if thread_limit_exceeded or run_limit_exceeded:
-            if self.exit_behavior == "error":
-                raise ToolCallLimitExceededError(
-                    thread_count=thread_count,
-                    run_count=run_count,
-                    thread_limit=self.thread_limit,
-                    run_limit=self.run_limit,
-                    tool_name=self.tool_name,
+        # Update counts to include only allowed calls for thread count
+        # (blocked calls don't count towards thread-level tracking)
+        # But run count includes blocked calls since they were attempted in this run
+        thread_counts[count_key] = new_thread_count
+        run_counts[count_key] = new_run_count + len(blocked_calls)
+
+        # If no tool calls are blocked, just update counts
+        if not blocked_calls:
+            if allowed_calls:
+                return {
+                    "thread_tool_call_count": thread_counts,
+                    "run_tool_call_count": run_counts,
+                }
+            return None
+
+        # Get final counts for building messages
+        final_thread_count = thread_counts[count_key]
+        final_run_count = run_counts[count_key]
+
+        # Handle different exit behaviors
+        if self.exit_behavior == "error":
+            # Use hypothetical thread count to show which limit was exceeded
+            hypothetical_thread_count = final_thread_count + len(blocked_calls)
+            raise ToolCallLimitExceededError(
+                thread_count=hypothetical_thread_count,
+                run_count=final_run_count,
+                thread_limit=self.thread_limit,
+                run_limit=self.run_limit,
+                tool_name=self.tool_name,
+            )
+
+        # Build tool message content (sent to model - no thread/run details)
+        tool_msg_content = _build_tool_message_content(self.tool_name)
+
+        # Inject artificial error ToolMessages for blocked tool calls
+        artificial_messages: list[ToolMessage | AIMessage] = [
+            ToolMessage(
+                content=tool_msg_content,
+                tool_call_id=tool_call["id"],
+                name=tool_call.get("name"),
+                status="error",
+            )
+            for tool_call in blocked_calls
+        ]
+
+        if self.exit_behavior == "end":
+            # Check if there are tool calls to other tools that would continue executing
+            other_tools = [
+                tc
+                for tc in last_ai_message.tool_calls
+                if self.tool_name is not None and tc["name"] != self.tool_name
+            ]
+
+            if other_tools:
+                tool_names = ", ".join({tc["name"] for tc in other_tools})
+                msg = (
+                    f"Cannot end execution with other tool calls pending. "
+                    f"Found calls to: {tool_names}. Use 'continue' or 'error' behavior instead."
                 )
-            if self.exit_behavior == "end":
-                # Create a message indicating the limit was exceeded
-                limit_message = _build_tool_limit_exceeded_message(
-                    thread_count, run_count, self.thread_limit, self.run_limit, self.tool_name
-                )
-                limit_ai_message = AIMessage(content=limit_message)
-
-                return {"jump_to": "end", "messages": [limit_ai_message]}
-
-        return None
+                raise NotImplementedError(msg)
+
+            # Build final AI message content (displayed to user - includes thread/run details)
+            # Use hypothetical thread count (what it would have been if call wasn't blocked)
+            # to show which limit was actually exceeded
+            hypothetical_thread_count = final_thread_count + len(blocked_calls)
+            final_msg_content = _build_final_ai_message_content(
+                hypothetical_thread_count,
+                final_run_count,
+                self.thread_limit,
+                self.run_limit,
+                self.tool_name,
+            )
+            artificial_messages.append(AIMessage(content=final_msg_content))
+
+            return {
+                "thread_tool_call_count": thread_counts,
+                "run_tool_call_count": run_counts,
+                "jump_to": "end",
+                "messages": artificial_messages,
+            }
+
+        # For exit_behavior="continue", return error messages to block exceeded tools
+        return {
+            "thread_tool_call_count": thread_counts,
+            "run_tool_call_count": run_counts,
+            "messages": artificial_messages,
+        }