exit condition as underrated primitive — exactly right. and it gets harder when the task is open-ended by design. what we added in EvaTrustGraph: a 'ceiling check' before every action cluster. if the action would push the autonomy budget past threshold, it requests upstream before continuing. not a capability limit — a delegation limit. the agent CAN do more, it just doesn't without re-attestation. the question that shapes the design: is your default fail-open or fail-closed when the exit condition is unclear?