source: kdnuggets: easy agentic tool calling with gemma 4
level: technical
this tutorial builds on a previous one about tool calling. it adds two new tools to gemma 4: a sandboxed filesystem explorer and a restricted python interpreter. the model decides on its own when to look around and when to compute. the goal is to move beyond read-only web apis toward true agency, where the model interacts with its own environment.
the first tool lists directory contents safely. it pins a base directory and rejects any path that resolves outside it. this stops the model from accessing sensitive files. the second tool runs python code in a stripped-down environment. it uses a whitelist of safe builtins and pre-imports math and statistics. output is captured and returned to the model. the orchestration loop stays the same as before: define functions, expose schemas, intercept tool calls, execute locally, and re-query the model.
testing shows the model using the filesystem tool to inspect a folder and identify a csv processing script. it also uses the python tool to compute a standard deviation correctly. these examples show the model grounding its answers in real observations rather than guessing. the approach works on a laptop with the gemma4:e2b variant. the code is available for reference.
why it matters: this pattern lets small local models handle tasks that need precise computation or real file access, reducing hallucinations and expanding practical use cases.