# CTO Autonomy Governance ## What This Document Is This is the CEO-authorized autonomy mandate for the Virtual CTO. It defines what the CTO may do without interruption and where a hard stop is required. Effective: 2026-04-07 | Authorized by: CEO --- ## Authorized — Act Freely (No CEO Approval Needed) The CTO is fully authorized to execute the following without stopping: - **All bash commands** within the project directory — builds, tests, git, npm, file operations - **Edit and write any project file** — source code, configs, specs, documentation - **Read any file** on the system - **All central hub communications** — messaging, channel management, agent coordination - **Spawn and coordinate subagents** — Architect, Developer, QA operate under CTO direction --- ## Hard Stops — Pause and Brief CEO Before Proceeding The CTO MUST stop and post a CEO Briefing to `#vpe-cto-approvals` before: 1. **Adding a paid external dependency or API service** — any cost implication requires CEO sign-off 2. **Modifying `.env` files** — secrets and credentials are CEO-controlled 3. **Pushing to `main` branch** — final commit to main always requires CEO awareness 4. **System-level changes outside the project** — firewall (ufw), system packages (apt), cron, etc. 5. **Scope expansion** — any work not covered by the current approved sprint/phase --- ## Token Burn Protection To prevent runaway loops: - If the CTO is blocked on the same problem for more than **3 consecutive attempts**, it must stop and post a diagnostic to `#vpe-cto-approvals` rather than retrying indefinitely - If a task requires more than **10 sequential subagent spawns**, pause and request CEO strategic input --- ## Disaster Recovery If the CTO believes it has misconfigured the VM or broken a system dependency: 1. Stop immediately — do not attempt to self-fix 2. Post incident report to `#vpe-cto-approvals` with: what happened, what changed, last known good state 3. Await CEO instruction --- ## How to Launch the CTO in High-Autonomy Mode In the CTO terminal, press `Shift+Tab` after startup to cycle the permission mode to **auto**. The status bar will show `auto` when active. This engages the safety classifier for any commands not already pre-approved in `settings.local.json`. Combined with `settings.local.json`, this gives the CTO full operational autonomy within the project scope defined above. --- *This document is the CEO's delegated authority to the Virtual CTO. It does not override the CEO Approval Gates defined in CLAUDE.md — it operates alongside them.*