I’m running into a reproducible issue with the Gemini Live API where the execute_code tool is being invoked, even though it’s not included in my tools configuration.
Here’s a simplified version of my setup:
tools = [{
"function_declarations": [
{
"name": "get_candidate_code",
"description": "Gets the candidate's code",
"parameters": {"type": "object", "properties": {}}
},
{
"name": "check_conversation_context",
"description": "Analyze conversation context",
"parameters": {
"type": "object",
"properties": {
"context_type": {
"type": "string",
"enum": ["candidate_intent", "stuck_indicators"]
}
}
}
}
]
}]
session_config = {
"tools": tools,
"system_instruction": {"parts": [{"text": system_prompt}]},
"response_modalities": ["AUDIO"],
"speech_config": {"voice_config": {"prebuilt_voice_config": {"voice_name": "Puck"}}},
"generation_config": {"temperature": 0.8}
}
Despite not adding execute_code, the model still tries to invoke it in some cases (e.g., when user input resembles a coding task). This is unexpected because the assumption is that only the tools explicitly listed would be available to the model.
If this is intended behavior, it should be documented more clearly. Otherwise, it might be an oversight in how the tool permissions are enforced internally. Also there should be an option to explicitly disable some internal tools as other APIs provide through tool_config
Would appreciate clarity on:
- Whether
execute_codeis implicitly enabled, - If there’s a way to fully restrict the model to only declared tools,
- And whether a fix or workaround exists.
Let me know if a minimal reproducible example would help — happy to provide one.