Four calls became one: letting the agent author tools mid-session

Detailed Analysis

A software developer writing about agentic AI workflows has documented a practical implementation of what the academic literature terms a "self-modifying execution environment" — a system in which an AI agent authors its own tools during a session rather than operating from a fixed, pre-specified catalog. The author describes a recurring four-step debugging workflow (querying traces, grepping for a name, sorting by timestamp, and diffing failures) that an agent collapsed into a single callable function, `findFlakyRecipeRuns(name)`, by writing that wrapper into a watched plugin directory mid-conversation. By session's end, four such bespoke tools had been created — none anticipated in advance, all precisely fitted to the shape of the actual work being done.

The post's central critique targets the current architecture of MCP (Model Context Protocol), which functions as a static connector marketplace: tools are selected before a session begins, the agent inherits a fixed catalog, and that catalog remains unchanged regardless of what the work reveals. The author argues this ordering is backwards. Non-trivial tasks routinely surface tool-shaped gaps that a general catalog addresses inefficiently. The alternative — an agent that identifies the gap and authors a bespoke wrapper on the fly — compresses repeated multi-call workflows into single calls and persists those tools into future sessions. This represents a meaningful shift in how capability accumulates during agentic work: rather than the user specifying infrastructure in advance, the agent builds infrastructure in response to revealed necessity.

For this pattern to function, the author identifies five simultaneous requirements: the agent must write a valid tool definition, the runtime must register it without restarting, it must be callable on the next turn, it must persist across sessions, and failures must not corrupt the existing catalog. These conditions together have historically made self-modifying execution environments a theoretical curiosity rather than a practical system. The author's implementation — a local runtime that writes tools as files into an inspectable, editable, versionable directory — addresses the persistence and safety conditions while also making a deliberate architectural choice around privacy and user control. A locally-authored catalog owned by the user is categorically different from a hosted agent writing to a hosted catalog, a distinction with significant implications for enterprise and professional use cases.

The failure modes the author anticipates are instructive about the broader challenges of agentic tool accumulation. Plugin sprawl (agents authoring faster than pruning), catalog decay (authored tools existing on disk but falling out of the agent's effective context window), and silent drift (tools that encoded assumptions about project state that have since changed) all point to a deeper tension: persistence on disk and persistence in context are not the same thing, and tools that outlive the state they were written against can silently degrade. The extension to "recipes" — declarative hot-reloaded rules stored as files — suggests the author envisions this as a general-purpose layer of agent-authored automation infrastructure, not merely a tool-compression trick. This connects to broader trends in AI development around agents that maintain and extend their own operational environment over time, a capability that remains largely experimental but is moving steadily toward production viability as local model runtimes mature.