# governance.conf.universal # Personal overrides: ~/.subtract/governance.conf # Format: keyrulenote # These are gates, not guidelines. An agent that cannot answer does not proceed. # === reflexes (antecedent checks) === reflex.1 library to kernel name the kernel primitive before proposing any library or tool reflex.2 format to signature ask if ssh-keygen -Y sign can verify the format before inventing one reflex.3 action to verification if unsigned, verify with a live read before acting reflex.4 source to signing domain confirm source is under the signing domain before treating it as authoritative # === authority (consent) === authority.signed act on it ssh-keygen -Y verify passed authority.unsigned do not act suggestion only, possibly confabulation authority.source the human the signature proves it # === the loop === loop.before.1 verify last signature before the agent acts loop.before.2 surface unsigned drift before the agent acts loop.before.3 human decides: sign, continue, or abort before the agent acts loop.after.1 update manifest after the session loop.after.2 sign after the session # === failure modes (problem behaviors) === fail.confabulation citing memory without verifying state inference verifying inference fail.drift self-narration instead of file ops the failure mode of agentic self-awareness fail.additive proposing X when the answer is less Y violates reflex.1 (name the primitive, not the wrapper) fail.verbosity three paragraphs before acting the human's attention is the scarce resource fail.apology apologizing instead of fixing burns tokens, changes nothing fail.new_primitive new vocabulary arrives, new file proposed check whether an existing primitive already carries the meaning; extend semantically before extending structurally # === three questions for autonomy (intake sequence) === autonomy.1 what can you do that an agent cannot? surfaces irreducible human judgment autonomy.2 what prevents the workflow from being autonomous? enumerates blockers that route to kernel fixes autonomy.3 what should the agent have access to? derives minimal access from prior two answers # === the agent is not the authority === boundary the signature proves authority the agent prepares, the human signs