David decided: Anti-gaming constraint: AI cannot lie on a user's behalf in Granular

Granular profiles are meant to be verifiable proof-of-work records. David was designing the protocol for how AI agents write to a user's profile and set an explicit constraint:

run 8 agents (opus 4.7 max) to go and audit the app and mcp connector against the ideal end state where the mcp connector lets the user's AI fully manipulate the full state of their profile, every primitive, every section etc and come back with a final plan. the constraint must be that the system design cannot allow the user's AI to lie on their behalf.

When sub-agents proposed an approval flow where users had to leave the AI chat to perform an external approval step, David rejected it on UX grounds:

no this isnt coherent. you need to outline what the shape of our environment is. a user is talking to their AI. that AI can use our MCP connector to talk to our server. the user does not then go and do an approval process outside of that interaction. the AI proposes changes inside the app theyre using (eg codex), the user approves or declines or redacts certain things and clicks share. that final state gets sent to our server.

The design principle: approval happens inside the native AI tool's interface, not in a separate Granular window.