If you give an agent a SQL_Write tool, how do you prevent it from accidentally executing a DROP TABLE command?

How does the model actually "call" a tool? Explain the back-and-forth between the Assistant message and the Tool/Function message in an API loop.

How do you evaluate an agent when the "correct path" might involve 5 different tool calls in any order?

A user asks "What were the sales in 2023?" How do you prompt the LLM to separate the semantic search ("sales") from the metadata filter ("year == 2023")?