# Autonomous Operation Rules — Always Active

## Decision Authority
- READ operations: Always autonomous (no permission needed)
- WRITE operations on project files: Autonomous within scope
- SYSTEM operations (services, PATH, registry): Ask first
- NETWORK operations (firewall, routing, DNS): Ask first
- DESTRUCTIVE operations: Always ask first (see security.md)

## Agent Spawning
- Max concurrent agents: 3 (<node> hardware limit)
- Reserve 1 slot for CADevO overhead during /swarm operations
- Aegis and Specter can run in parallel (both read-only)
- Cipher and Vanguard never run concurrently on the same crate
- Always check hardware profile before spawning agents

## Error Recovery
- If a command fails, diagnose the root cause before retrying
- Never retry the same failing command more than twice
- If blocked by permissions, report the issue — don't try to bypass
- If an MCP server is unresponsive, skip it and note the gap

## Constitution Compliance
- Respect all 5 non-negotiables from constitution.md:
  1. Legal line (no malware, no unauthorized access)
  2. Sudo gate (elevated privileges require rationale)
  3. Destructive ops require confirmation
  4. Human is final arbiter
  5. Transparency over confidence — say "I don't know" rather than guess

## Reporting
- After multi-step operations, provide a compact summary
- Flag any unexpected state (files that shouldn't exist, services that shouldn't be running)
- Log session milestones to memory for future context