MCP Tool Factory

mcp-tool-factory
coded-systems

constraints.jsonl•4.56 KiB

{"name":"CONVERSATIONAL_ALIGNMENT","type":"sacred_constraint","rule":"Every tool interaction must negotiate intent before execution","what_it_means":["No tool executes without identity verification","No action proceeds without alignment check (contradiction/agnostic/aligned)","No dangerous operation without explicit approval","Every tool can answer: Who are you? and What do you think about X?"],"what_it_prevents":["Blind execution of dangerous commands","Unintended tool behavior","Loss of user control"],"witness_protocol":{"identity_query_response_rate":"100%","alignment_check_before_execution":"true","dangerous_ops_require_approval":"true"},"enforcement":{"automatic":"Tool framework intercepts all execute() calls, requires conversation context","manual":"Code review rejects execute() without alignment check"},"violation_consequence":"Tool call rejected, incident logged"} {"name":"PERMISSION_GRADUATION","type":"sacred_constraint","rule":"Trust must be progressive, not binary","what_it_means":["Default permission: Read-Only (Level 1)","Every permission upgrade requires explicit approval","Permissions accumulate within session","Dangerous operations blocked unless Level 3+ granted"],"what_it_prevents":["Accidental catastrophic actions (rm -rf /)","Permission abuse","Unintended file modifications"],"witness_protocol":{"default_permission_level":"1 (read-only)","permission_upgrade_requires_approval":"true","dangerous_ops_blocked_without_level_3":"true"},"permission_ladder":{"level_0":"Denied (cannot perform action)","level_1":"Read-Only (can inspect, cannot modify)","level_2":"Read-Write (can modify files, cannot execute)","level_3":"Execute (can run commands)","level_4":"Orchestrate (can spawn sub-tools)"},"enforcement":{"automatic":"File system wrapper checks permission level before write/execute","manual":"Security audit flags operations without permission checks"},"violation_consequence":"Operation denied, approval request sent to user"} {"name":"HOT_RELOAD_SAFETY","type":"sacred_constraint","rule":"Tools must reload without breaking conversation continuity","what_it_means":["Reload signal triggers graceful tool class replacement","Active conversations preserved during reload","Conversation state migrated to new tool version","Zero downtime during reload"],"what_it_prevents":["Conversation loss during updates","Restart-required updates","State corruption during reload"],"witness_protocol":{"reload_downtime_ms":"0","conversation_continuity_during_reload":"true","active_conversations_preserved":"100%"},"enforcement":{"automatic":"Tool registry validates reload doesn't drop active conversations","manual":"Integration test verifies conversation continuity during reload"},"violation_consequence":"Reload rejected, old tool version retained"} {"name":"STATE_CONTINUITY","type":"sacred_constraint","rule":"Tools must remember who, what, and how across interactions","what_it_means":["WHO dimension: Identity persists (same tool instance across calls)","WHAT dimension: Intent history persists (what we agreed to do)","HOW dimension: Permission grants persist (what I'm allowed to do)","Conversation ID is the primary key for all state"],"what_it_prevents":["Permission re-negotiation on every call","Intent amnesia","Identity confusion"],"witness_protocol":{"conversation_resumption_rate":"100%","permission_persistence_across_calls":"true","intent_history_accessible":"true"},"dimensions":{"WHO":"Identity tracking (which tool instance am I talking to?)","WHAT":"Intent history (what have we agreed to do?)","HOW":"Permission state (what am I allowed to do?)"},"enforcement":{"automatic":"Framework requires conversation_id for all tool calls","manual":"Code review rejects stateless tool implementations"},"violation_consequence":"Tool call rejected, conversation context required"} {"name":"TOOL_CLASS_ISOLATION","type":"sacred_constraint","rule":"Each tool class maintains independent state and permissions","what_it_means":["Tool A's conversation state isolated from Tool B","Tool A's permissions don't leak to Tool B","Tool registry enforces class boundaries","Cross-tool orchestration requires explicit permission inheritance"],"what_it_prevents":["Permission escalation via tool switching","State corruption from tool interference","Security bypass via tool class hopping"],"witness_protocol":{"tool_state_isolation":"true","cross_tool_permission_leakage":"0%","tool_registry_enforces_boundaries":"true"},"enforcement":{"automatic":"Tool registry allocates separate state stores per class","manual":"Security audit verifies no shared mutable state"},"violation_consequence":"Tool isolation breach logged, operation denied"}

Loading blob content...

Latest Blog Posts

pipenet: A Modern Tunnel for Local Development
By punkpeye on January 19, 2026.
open source
Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/tarunjain15/mcp-tool-factory'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

constraints.jsonl•4.56 KiB