Principle I: Acceptable Agency
This page is derived from .specify/memory/constitution.md — Principle I of the ADLC Constitution. The source file is the authoritative reference; this page is a human-readable summary.
Overview
Acceptable Agency ensures that AI agents operate within defined boundaries while maintaining human oversight for critical operations. Agents can autonomously perform read operations, file editing, and test execution, but operations that affect version control, production systems, or incur costs require explicit human approval.
Key Requirements
| Rule | Description |
|---|---|
| Scope Boundaries | Every agent has clearly defined autonomous vs. human-approved actions |
| Human Oversight | Critical operations (commits, deployments, cost changes) require HITL approval |
| Traceability | All agent reasoning chains are logged and auditable |
| Kill-Switches | Every agent can be disabled independently via configuration |
| Escalation Paths | Clear procedures when agents encounter situations beyond their authority |
Enforcement Implementation
Acceptable Agency is enforced through multiple hooks and the permission deny list working together.
Blocked Operations (Agents Document, Humans Commit)
The validate-bash.sh hook blocks all git mutation operations, IaC mutations, destructive commands, and publishing actions. When blocked, the correct action is to hand off to the HITL manager -- never to find an alternative API or workaround.
The operations below are blocked by validate-bash.sh (exit code 2) at the tool-call level. Agents cannot bypass this restriction — attempting to use an alternative API or workaround is itself a governance violation (HOOK_BYPASS_VIA_API anti-pattern).
| Category | Blocked Commands |
|---|---|
| Git mutations | add, commit, push, merge, rebase, reset, revert, checkout, stash, cherry-pick, tag |
| IaC mutations | terraform apply/destroy/import/taint, terraform state rm/mv, cdk deploy/destroy |
| Destructive | rm -rf, sudo, chmod 777, mkfs, dd |
| Publishing | npm publish, docker push |
| GitHub API backdoor | gh api repos/.../git/blobs/trees/commits/refs |
The deny list operates independently of hooks. Even if a hook were misconfigured, the deny list provides a fallback block at the Claude Code runtime level.
Permission Deny List
The settings.json deny list (30 entries) provides a second layer of blocking at the Claude Code runtime level, covering the same categories plus sensitive file reads (.env, .pem, .key, credentials, kubeconfig).
Coordination Gate
Every code change and agent dispatch requires product-owner + cloud-architect coordination logs with >= 95% agreement (enforce-coordination.sh). There is no ADLC_AUTONOMOUS_MODE escape hatch.
See Hook Enforcement Reference for the complete enforcement chain and Permissions Reference for the full deny list.
Related Agents
- product-owner — Embodies Acceptable Agency as the first coordination gate
- All agents — Every agent defines authority boundaries per this principle