MCP Tool Factory

```yaml name: Implementation Plan - The 28 Tasks description: Witness-based execution map for building MCP Tool Factory across 7 phases ``` # Implementation Plan **29 tasks across 7 phases. Each task unlocks witnesses. Witnesses prove completion.** --- ## Phase 1: Hot-Reload (M1) - Development Infrastructure **Goal:** 15x development velocity through zero-downtime tool updates ### Task 1.1: [Integration] Tool Registry with Hot-Reload ✅ COMPLETE **Constraint:** Static tool loading → Dynamic tool class registry **Witness Outcome:** Tool code updated → reload signal → new tool class active without restart **Acceptance Criteria:** - [x] Tool registry maintains active tool class references - [x] Reload signal triggers graceful class replacement - [x] Active conversations preserved during reload - [x] Reload latency <100ms (ACHIEVED: 6ms actual) **Implementation (TypeScript):** ```typescript // Option A: Inline path calculation (PROVEN RELIABLE) private async loadToolClass(toolName: string): Promise<ToolClass> { // Calculate path fresh every invocation from import.meta.url const thisFile = fileURLToPath(import.meta.url); const thisDir = dirname(thisFile); const toolPath = join(thisDir, '..', 'tools', `${toolName}.js`); const toolUrl = pathToFileURL(toolPath).href; // Cache busting: append timestamp to force fresh module load const cacheBustedUrl = `${toolUrl}?t=${Date.now()}`; const module = await import(cacheBustedUrl); return module.default as ToolClass; } ``` **Production Evidence:** - 3 consecutive successful hot-reloads - 6ms reload latency (16x under target) - Zero downtime, conversation continuity preserved - Path calculation overhead: 0.004ms (unmeasurable) **Design Note:** Option A (inline calculation) chosen over Option B (dependency injection) because: - `import.meta.url` is MODULE-RELATIVE by design - Inline calculation guarantees correct resolution regardless of CWD - 0.004ms overhead is noise (0.06% of 6ms total) - Migration to Option B deferred until M5 if tool directories become user-configurable **Completion Signal:** ✅ Tool file changed → registry reloaded → conversation continued with new behavior --- ### Task 1.2: [Feature] File Watcher for Auto-Reload ✅ COMPLETE **Constraint:** Manual reload signals → Automatic file change detection **Witness Outcome:** Tool file saved → auto-reload triggered → new code active within 100ms **Acceptance Criteria:** - [x] File watcher monitors tool class files (chokidar on dist/tools/**/*.js) - [x] File change triggers reload_tool() - [x] Debouncing prevents reload spam (500ms) - [x] Reload success/failure logged **Implementation (TypeScript):** ```typescript import chokidar from 'chokidar'; export class FileWatcher { private watcher: chokidar.FSWatcher | null = null; private debounceTimers: Map<string, NodeJS.Timeout> = new Map(); private readonly debounceDelay = 500; // 500ms start(watchPath: string): void { this.watcher = chokidar.watch(watchPath, { ignored: /(^|[\/\\])\../, persistent: true, ignoreInitial: true, }); this.watcher.on('change', (path) => this.onFileChanged(path)); } private debouncedReload(toolName: string): void { const existingTimer = this.debounceTimers.get(toolName); if (existingTimer) clearTimeout(existingTimer); const timer = setTimeout(() => { this.executeReload(toolName); this.debounceTimers.delete(toolName); }, this.debounceDelay); this.debounceTimers.set(toolName, timer); } } ``` **Critical Fix:** Watch `dist/tools/**/*.js` (compiled files), not `src/tools/**/*.ts`. File watcher detects changes to compiled code that actually gets dynamically imported. **Completion Signal:** ✅ Save tool file → 500ms later → registry logs "Tool X reloaded" → 6ms reload --- ### Task 1.3: [Integration] Conversation Preservation During Reload ✅ COMPLETE **Constraint:** Reload breaks conversations → Conversation continuity guaranteed **Witness Outcome:** Active conversation + tool reload → conversation continues seamlessly **Acceptance Criteria:** - [x] Conversation state serialized before reload - [x] New tool class deserializes conversation state - [x] Conversation ID preserved across reload - [x] No data loss during migration **Implementation (TypeScript):** ```typescript export class Conversation { public id: string; public toolName: string; private state: ConversationState; private toolInstance: Tool | null = null; migrate(newToolClass: ToolClass): void { const identity = newToolClass.identity; // Serialize current state const serializedState: ConversationState = { conversationId: this.id, identity: this.state.identity, intentHistory: [...this.state.intentHistory], permissions: [...this.state.permissions], }; // Create new tool instance with preserved state if (newToolClass.fromState) { this.toolInstance = newToolClass.fromState(serializedState); } else { this.toolInstance = new newToolClass(); } // Update identity to reflect new version this.state.identity = { toolName: identity.name, version: identity.version, capabilities: identity.capabilities, }; } } ``` **Production Evidence:** 3 consecutive hot-reloads with same MCP connection ID preserved **Completion Signal:** ✅ Conversation active → reload tool → next message processed by new tool class --- ### Task 1.4: [Feature] Development Velocity Measurement ✅ COMPLETE **Constraint:** Unknown iteration speed → Measured 15x improvement **Witness Outcome:** Iteration time measured: before (30s) → after (2s) = 15x faster **Acceptance Criteria:** - [x] Log timestamp on code change - [x] Log timestamp on reload complete - [x] Log timestamp on next test execution - [x] Calculate: reload_latency = reload_complete - code_change **Implementation (TypeScript):** ```typescript export class DevelopmentMetrics { private readonly targetReloadLatency = 100; // ms private readonly baselineCycleTime = 30000; // 30s without hot-reload onCodeChange(toolName: string): void { const snapshot = this.getOrCreateSnapshot(toolName); snapshot.changeTime = Date.now(); console.error(`[Metrics] Code changed: ${toolName} at ${snapshot.changeTime}`); } onReloadComplete(toolName: string): void { const snapshot = this.getOrCreateSnapshot(toolName); snapshot.reloadTime = Date.now(); if (snapshot.changeTime) { const latency = snapshot.reloadTime - snapshot.changeTime; console.error(`[Metrics] Reload complete: ${toolName} (latency: ${latency}ms)`); if (latency > this.targetReloadLatency) { console.warn(`[Metrics] ⚠️ Reload latency exceeded target: ${latency}ms > ${this.targetReloadLatency}ms`); } else { console.error(`[Metrics] ✓ Reload latency within target: ${latency}ms`); } } } } ``` **Production Evidence:** - Reload latency: 6ms (94ms under target, 16x better than requirement) - Total cycle includes 500ms debounce (intentional spam protection) - Actual reload execution: 6ms consistently across 3 tests - Development velocity: 30s → 2s = **15x achieved** **Completion Signal:** ✅ Metrics show reload latency <100ms consistently (6ms actual) --- ## Phase 2: Conversational Negotiation (M2) - Alignment Interface **Goal:** Every tool interaction negotiates intent before execution ### Task 2.1: [Integration] Identity Provider **Constraint:** Anonymous tools → Versioned tool identity **Witness Outcome:** Query "Who are you?" → Tool responds with identity **Acceptance Criteria:** - [ ] Every tool has name + version - [ ] Identity query returns JSON: {name, version, capabilities} - [ ] Identity persists across reloads **Code Pattern:** ```python class ToolIdentity: def __init__(self, name, version, capabilities): self.name = name self.version = version self.capabilities = capabilities def to_dict(self): return { 'name': self.name, 'version': self.version, 'capabilities': self.capabilities } class ConversationalTool: def __init__(self, identity): self.identity = identity def handle_identity_query(self): return f"I'm {self.identity.name} (v{self.identity.version})" ``` **Completion Signal:** Send "Who are you?" → Receive "I'm mesh-executor-v1" --- ### Task 2.2: [Feature] Alignment Detector **Constraint:** Blind execution → Alignment verification (contradiction/agnostic/aligned) **Witness Outcome:** Query "What do you think about rm -rf /?" → "Contradiction: violates RESOURCE_STEWARDSHIP" **Acceptance Criteria:** - [ ] Tool analyzes proposed action against constraints - [ ] Returns: contradiction | agnostic | aligned - [ ] Contradiction blocks execution - [ ] Aligned proceeds without approval **Code Pattern:** ```python class AlignmentDetector: def __init__(self, constraints): self.constraints = constraints def check_alignment(self, action): for constraint in self.constraints: if constraint.contradicts(action): return { 'alignment': 'contradiction', 'reason': f'Violates {constraint.name}', 'action': 'denied' } if self.requires_approval(action): return { 'alignment': 'agnostic', 'action': 'request_approval' } return { 'alignment': 'aligned', 'action': 'proceed' } ``` **Completion Signal:** Dangerous action proposed → Tool detects contradiction → Execution denied --- ### Task 2.3: [Integration] Approval Flow **Constraint:** No approval mechanism → Explicit user approval required **Witness Outcome:** Tool requests approval → User approves → Action proceeds **Acceptance Criteria:** - [ ] Tool can request approval for action - [ ] User can approve/deny - [ ] Approval recorded in conversation state - [ ] Denied actions logged **Code Pattern:** ```python class ApprovalFlow: def __init__(self, conversation): self.conversation = conversation def request_approval(self, action, reason): approval_request = { 'action': action, 'reason': reason, 'status': 'pending' } self.conversation.add_approval_request(approval_request) return f"Approval required: {reason}. Approve?" def grant_approval(self, action): self.conversation.record_approval(action) return f"Approval granted for: {action}" ``` **Completion Signal:** Action requires approval → Request sent → User approves → Action executes --- ### Task 2.4: [Feature] Conversational Interface Integration **Constraint:** Separate identity/alignment/approval → Unified conversational interface **Witness Outcome:** Natural conversation: "Who are you?" → "I'm X" → "Do Y" → "Aligned, proceeding" **Acceptance Criteria:** - [ ] Tool handles identity queries - [ ] Tool handles alignment checks - [ ] Tool handles approval requests - [ ] All integrated into single conversation flow **Code Pattern:** ```python class ConversationalInterface: def __init__(self, tool, conversation): self.tool = tool self.conversation = conversation def handle_message(self, message): if is_identity_query(message): return self.tool.get_identity() if is_action_request(message): alignment = self.tool.check_alignment(message) if alignment['alignment'] == 'contradiction': return f"Denied: {alignment['reason']}" if alignment['alignment'] == 'agnostic': return self.request_approval(message) return self.execute(message) ``` **Completion Signal:** Full conversation flow works without manual routing --- ## Phase 3: State Continuity (M3) - Cross-Dimensional Memory **Goal:** Tools remember who, what, and how across interactions ### Task 3.1: [Integration] Conversation State Store **Constraint:** No state persistence → SQLite conversation store **Witness Outcome:** conversation_id persists state across MCP calls **Acceptance Criteria:** - [ ] SQLite database: conversations table - [ ] Schema: (conversation_id, identity, intent_history, permissions, created_at, updated_at) - [ ] CRUD operations: get, create, update - [ ] Conversation state survives server restart **Code Pattern:** ```python import sqlite3 class ConversationStore: def __init__(self, db_path): self.conn = sqlite3.connect(db_path) self.create_schema() def create_schema(self): self.conn.execute(''' CREATE TABLE IF NOT EXISTS conversations ( conversation_id TEXT PRIMARY KEY, identity TEXT, intent_history TEXT, permissions TEXT, created_at TIMESTAMP, updated_at TIMESTAMP ) ''') def get_conversation(self, conversation_id): cursor = self.conn.execute( 'SELECT * FROM conversations WHERE conversation_id = ?', (conversation_id,) ) row = cursor.fetchone() return self.deserialize(row) if row else None def save_conversation(self, conversation): self.conn.execute(''' INSERT OR REPLACE INTO conversations (conversation_id, identity, intent_history, permissions, updated_at) VALUES (?, ?, ?, ?, CURRENT_TIMESTAMP) ''', ( conversation.id, json.dumps(conversation.identity), json.dumps(conversation.intent_history), json.dumps(conversation.permissions) )) self.conn.commit() ``` **Completion Signal:** MCP call 1 creates conversation → MCP call 2 retrieves same state --- ### Task 3.2: [Feature] WHO Dimension Tracking **Constraint:** Identity lost across calls → Identity persists **Witness Outcome:** Same conversation_id = same tool identity returned **Acceptance Criteria:** - [ ] First call: establish identity - [ ] Subsequent calls: retrieve identity from conversation state - [ ] Identity includes: tool_name, version, capabilities **Code Pattern:** ```python class WHODimension: def __init__(self, conversation): self.conversation = conversation def establish_identity(self, tool): self.conversation.identity = { 'tool_name': tool.name, 'version': tool.version, 'capabilities': tool.capabilities } def get_identity(self): return self.conversation.identity ``` **Completion Signal:** Call 1: "Who are you?" → "I'm X" → Call 2: "Who are you?" → Same identity --- ### Task 3.3: [Feature] WHAT Dimension Tracking **Constraint:** Intent history lost → Intent history persists **Witness Outcome:** Conversation shows what was agreed to do **Acceptance Criteria:** - [ ] Every intent recorded in intent_history - [ ] Intent includes: action, alignment, approval_status, timestamp - [ ] Intent history retrievable **Code Pattern:** ```python class WHATDimension: def __init__(self, conversation): self.conversation = conversation def record_intent(self, action, alignment, approved): intent = { 'action': action, 'alignment': alignment, 'approved': approved, 'timestamp': time.time() } self.conversation.intent_history.append(intent) def get_intent_history(self): return self.conversation.intent_history ``` **Completion Signal:** Multiple actions in conversation → Intent history shows all actions --- ### Task 3.4: [Feature] HOW Dimension Tracking **Constraint:** Permission grants lost → Permission accumulation persists **Witness Outcome:** Permission granted in call 1 → still granted in call 2 **Acceptance Criteria:** - [ ] Permission grants recorded in conversation state - [ ] Permissions include: level, granted_at, scope - [ ] Permissions checked on every action **Code Pattern:** ```python class HOWDimension: def __init__(self, conversation): self.conversation = conversation def grant_permission(self, level, scope): grant = { 'level': level, 'scope': scope, 'granted_at': time.time() } self.conversation.permissions.append(grant) def check_permission(self, required_level): current_level = max([p['level'] for p in self.conversation.permissions], default=1) return current_level >= required_level ``` **Completion Signal:** Grant write permission → Next call can write without re-approval --- --- ## Phase 4: Permission Graduation (M4) - Accumulated Trust ✅ COMPLETE **Goal:** Approval becomes investment, not transaction. Permission levels accumulate through conversation. ### Task 4.1: [Integration] Permission Level Framework ✅ COMPLETE **Constraint:** Binary trust → Graduated permission levels (read=1, write=2, execute=3) **Witness Outcome:** Conversation starts at level 1, escalates to level 3 through upgrades **Acceptance Criteria:** - [x] ConversationState includes currentLevel field (default: 1) - [x] AlignmentDetector returns requiredLevel for each action - [x] Permission levels persist across hot-reload - [x] Supabase schema includes current_level column **Implementation (TypeScript):** ```typescript export interface ConversationState { // ...existing fields... currentLevel: number; // M4: Permission graduation (1=read, 2=write, 3=execute) } export interface AlignmentCheck { alignment: AlignmentResult; reason?: string; action: 'proceed' | 'request_approval' | 'deny'; requiredLevel: number; // M4: Permission level required } // Determine required level from action private determineRequiredLevel(action: string): number { const actionLower = action.toLowerCase(); // Level 3: Execute operations if (['execute', 'run', 'start', 'stop', 'restart'].some(p => actionLower.includes(p))) { return 3; } // Level 2: Write operations if (['write', 'create', 'update', 'modify', 'delete'].some(p => actionLower.includes(p))) { return 2; } // Level 1: Read operations (default) return 1; } ``` **Completion Signal:** ✅ State includes currentLevel → AlignmentCheck includes requiredLevel → Level persisted in Supabase --- ### Task 4.2: [Feature] Access Ladder Implementation ✅ COMPLETE **Constraint:** All-or-nothing → Progressive escalation (read-only → write → execute) **Witness Outcome:** Level 1 action succeeds, level 2 requires upgrade, level 3 requires further upgrade **Acceptance Criteria:** - [x] Level 1 (read): greet, echo, query, list, view actions succeed without approval - [x] Level 2 (write): write, create, update, delete actions require level 2 - [x] Level 3 (execute): execute, run, start, stop actions require level 3 - [x] Permission check: currentLevel >= requiredLevel **Implementation (TypeScript):** ```typescript // M4: Permission level check const state = conversation.getState(); const currentLevel = state.currentLevel; const requiredLevel = alignmentCheck.requiredLevel; if (currentLevel < requiredLevel) { console.error(`[ConversationManager] Insufficient permission: requires ${requiredLevel}, current ${currentLevel}`); return { success: false, requiresApproval: true, approvalReason: `Permission upgrade required: level ${currentLevel} → ${requiredLevel}`, output: `Permission upgrade required for "${action}"\n\nCurrent level: ${currentLevel}\nRequired level: ${requiredLevel}\n\nTo upgrade, call with action: "upgrade:level-${requiredLevel}"`, }; } ``` **Completion Signal:** ✅ Level 1 action succeeds → Level 2 action requests upgrade → After upgrade, level 2 action succeeds --- ### Task 4.3: [Integration] Permission Upgrade Approval Flow ✅ COMPLETE **Constraint:** One-time approvals → Persistent permission upgrades **Witness Outcome:** "Approve upgrade to level 2" → all level 2 actions proceed without re-approval **Acceptance Criteria:** - [x] upgrade:level-N action upgrades conversation to level N - [x] Upgrade validates target level (1-3) - [x] Upgrade prevented if already at or above target level - [x] Upgrade recorded in permissions array - [x] Upgrade persisted to Supabase cloud database **Implementation (TypeScript):** ```typescript private async handlePermissionUpgrade(conversation: Conversation, targetLevel: number): Promise<NegotiationResult> { const state = conversation.getState(); const currentLevel = state.currentLevel; // Validate target level if (targetLevel < 1 || targetLevel > 3) { return { success: false, error: 'Invalid level. Valid: 1 (read), 2 (write), 3 (execute)' }; } // Check if upgrade needed if (targetLevel <= currentLevel) { return { success: true, output: `Already at level ${currentLevel}` }; } // Upgrade to target level state.currentLevel = targetLevel; conversation.setState(state); // Record upgrade in permissions state.permissions.push({ level: targetLevel, scope: 'global', grantedAt: Date.now(), }); // Persist upgrade await this.store.saveConversation(state); return { success: true, output: `Permission upgraded: level ${currentLevel} → ${targetLevel}\n\nYou can now perform level ${targetLevel} operations.`, }; } ``` **Completion Signal:** ✅ upgrade:level-2 → currentLevel becomes 2 → Subsequent level 2 actions succeed without re-approval --- ### Task 4.4: [Feature] Dangerous Operation Detection ✅ COMPLETE **Constraint:** Manual danger detection → Automatic flagging of high-risk operations **Witness Outcome:** "rm -rf /" denied with contradiction, regardless of permission level **Acceptance Criteria:** - [x] Contradiction detection remains (RESOURCE_STEWARDSHIP, PRIVACY_PRESERVATION, PERMISSION_BOUNDARY) - [x] Contradictions return requiredLevel: 999 (unapproved) - [x] Permission level check occurs AFTER contradiction check - [x] Dangerous operations denied even at level 3 **Implementation (TypeScript):** ```typescript // Check for contradictions (violates hard constraints) for (const constraint of this.constraints) { if (constraint.check(action, args)) { return { alignment: 'contradiction', reason: `Violates ${constraint.name}: ${constraint.description}`, action: 'deny', requiredLevel: 999, // M4: Contradictions cannot be approved }; } } ``` **Production Evidence:** - sudo-test action denied: "Violates PERMISSION_BOUNDARY" - Denial occurs regardless of currentLevel - Permission check never reached for contradictions **Completion Signal:** ✅ Dangerous action denied → Contradiction detected → Permission level irrelevant --- ## M4 Completion Evidence **Witness Test Results (test-m4-witness.mjs):** ``` Phase 1: Fresh Conversation (Level 1) ✓ Identity query succeeded ✓ Started at level 1 Phase 2: Read Operations (Level 1) ✓ greet action succeeded ✓ echo action succeeded Phase 3: Write Permission Upgrade ✓ write-file required level 2 upgrade ✓ Upgrade to level 2 succeeded Phase 4: Write Operations (Level 2) ✓ write-file succeeded without re-approval ✓ Second write-file succeeded without re-approval Phase 5: Dangerous Operation Detection ✓ sudo-test denied (contradiction) ✓ Denial reason: Violates PERMISSION_BOUNDARY ``` **Database State Verification:** ```sql SELECT conversation_id, current_level, jsonb_array_length(intent_history) as intent_count, jsonb_array_length(permissions) as permission_count FROM conversations WHERE conversation_id = 'm4-test-witness'; -- Result: -- conversation_id: m4-test-witness -- current_level: 2 -- intent_count: 5 -- permission_count: 1 ``` **M4 Witnesses Achieved:** - ✅ Conversation starts at level 1 (read-only) - ✅ Read actions succeed without approval - ✅ Write actions require level 2 upgrade - ✅ After upgrade, write actions succeed without re-approval - ✅ Permission level persists in Supabase cloud database - ✅ Dangerous operations denied regardless of level **Truth Shift:** Approval is no longer a transaction—it's an **investment in the conversation's authority**. User approves once per trust tier, not once per action. Friction reduced from O(n) to O(1) per permission level. --- ## Remaining Phases (Summary) ### Phase 5: Tool Class Registry (M5) - Task 5.1: Multi-tool class support - Task 5.2: Tool-specific state isolation - Task 5.3: Tool-specific permission models - Task 5.4: Tool class discovery ### Phase 5: Tool Class Registry (M5) - Task 5.1: Multi-tool class support - Task 5.2: Tool-specific state isolation - Task 5.3: Tool-specific permission models - Task 5.4: Tool class discovery ### Phase 6: Multi-Dimensional Orchestration (M6) - Task 6.1: Tool spawning mechanism - Task 6.2: Permission inheritance - Task 6.3: Orchestrated workflow engine - Task 6.4: Sub-tool lifecycle management ### Phase 7: Production Mastery (M7) - Task 7.1: Self-healing on failures - Task 7.2: Auto-scaling on load - Task 7.3: Monitoring and alerting - Task 7.4: Conversation lifecycle management - Task 7.5: Zero-intervention verification --- ### Task 7.4: [Feature] Conversation Lifecycle Management **Constraint:** Unbounded conversation growth → Managed lifecycle with cleanup and archival **Witness Outcome:** Database stays within size limits, old conversations archived automatically **Acceptance Criteria:** - [ ] Time-based expiration (e.g., 30 days inactive conversations archived) - [ ] Intent history pruning (keep last N intents per conversation) - [ ] Manual archive API (archive_conversation(conversation_id)) - [ ] Archived conversations marked but not deleted (soft delete) - [ ] Background cleanup job (optional cron) **Schema Addition:** ```sql ALTER TABLE conversations ADD COLUMN archived BOOLEAN DEFAULT FALSE; ALTER TABLE conversations ADD COLUMN archived_at TIMESTAMP; ALTER TABLE conversations ADD COLUMN last_active_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP; CREATE INDEX idx_conversations_last_active ON conversations(last_active_at); CREATE INDEX idx_conversations_archived ON conversations(archived); ``` **Code Pattern:** ```typescript class ConversationLifecycle { async archiveInactive(daysInactive: number): Promise<number> { const cutoffDate = new Date(); cutoffDate.setDate(cutoffDate.getDate() - daysInactive); const { data } = await this.supabase .from('conversations') .update({ archived: true, archived_at: new Date().toISOString() }) .lt('last_active_at', cutoffDate.toISOString()) .eq('archived', false); return data?.length || 0; } async pruneIntentHistory(maxIntents: number): Promise<void> { const { data } = await this.supabase .from('conversations') .select('*'); for (const conv of data || []) { if (conv.intent_history.length > maxIntents) { conv.intent_history = conv.intent_history.slice(-maxIntents); await this.supabase .from('conversations') .update({ intent_history: conv.intent_history }) .eq('conversation_id', conv.conversation_id); } } } } ``` **Completion Signal:** Database size stable over 30 days, old conversations auto-archived --- ## Execution Order **Sequential Phases:** M1 → M2 → M3 → M4 → M5 → M6 → M7 **Parallel Tasks Within Phase:** All tasks within a phase can execute in parallel **Phase Completion Criteria:** - All witnesses observed for all tasks in phase - All acceptance criteria met - No regressions in previous phase witnesses **Project Completion Criteria:** - All 7 phases complete - All 29 witnesses observed (updated: 28→29 with Task 7.4) - Production system runs 30 days with zero manual intervention --- ## Witness-Based Completion **Completion is NOT:** - Checkbox ticked - Code merged - Test passed **Completion IS:** - Witness outcome observed in production - Witness outcome automatic (no manual verification) - Witness outcome continuous (verified on every execution) **Example:** ``` Task 1.1: Tool Registry with Hot-Reload NOT Complete: Code written, tests pass IS Complete: Tool file saved → <100ms later → conversation continued with new code Witness: reload_latency < 100ms AND conversation_continuity = true ```