docs(adr): ADR-0030 agent tool surface granularity and naming #328
No reviewers
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol!328
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "50-adr-tool-surface"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Shapes the agent tool surface for epic #47 before the domain-tool-surface ticket (#50). Design only — no code, per the acceptance criteria. Linked from
docs/adr/README.md. Extends ADR-0029.Decisions (one per scope bullet)
list/get/create/update/delete_<entity>) as the default; domain-shaped tools (find_people_at_org,link_person_to_org,add_note_to_person,merge_people) added only where they earn it (collapse a multi-step flow, encode an invariant, or make a destructive op safe/atomic). Both in one registry.verb_nounsnake_case, uniform across CRUD and domain tools; singular nouns for single-item ops, plural for collections.ProposedChange(proposal_id,action,tool,entity, agent-authoredsummary, structureddiff) persisted as ADR-0029'spending_action. Confirmed by id, not a re-sent payload (server holds the authoritative proposal → tamper-proof); re-validated at apply time → stale proposals conflict and re-propose.safe_create | safe_update | destructive_update | destructive_deleteon every write tool's definition + proposal. PWA escalates confirmation proportionately (inline forsafe_*, danger-styled naming-what's-lost fordestructive_*); MCP clients get the tag too.tools/listat handshake (clients list once + cache); cursor pagination kept as the later lever; no categorised/search layer.user_id, making cross-user access unrepresentable in the schema; enforcement at the single repository chokepoint (ADR-0027), 404 on cross-user ids.Consequences (CRUD pushes planning onto the model where no domain tool exists; the "earns its place" bar needs discipline;
tools/listtoken cost grows with the surface; re-validation adds a conflict path) and six rejected alternatives (domain-first, CRUD-only,noun.verb, categorised discovery, client-re-sends-payload,user_id-with-validation) are documented.Closes #50
🤖 Generated with Claude Code
📊 Test coverage
Patch coverage: no testable lines changed.
Overall (
app/,lib/,db/, excluding UI per ADR-0019):Soft thresholds per ADR-0019. Coverage is informational and does not block merge.