vijay_admin/sentryagent-idp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cb168bbba8b8560ced802cd15c8e03a800734f3
sentryagent-idp/CTO-AUTONOMY.md
SentryAgent.ai Developer 30dc793ceb feat(governance): add CTO autonomy mandate, TBC session 2 minutes, and high-autonomy launcher 
- CTO-AUTONOMY.md: CEO-authorized autonomy governance — defines act-freely scope and hard stops
- scripts/start-cto.sh: updated to launch with --dangerously-skip-permissions for full autonomy
- TBC/minutes/TBC-MIN-002-2026-04-07.md: session 2 opening minutes

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-08 05:28:42 +00:00

2.5 KiB
Raw Blame History

CTO Autonomy Governance

What This Document Is

This is the CEO-authorized autonomy mandate for the Virtual CTO. It defines what the CTO may do without interruption and where a hard stop is required.

Effective: 2026-04-07 | Authorized by: CEO

Authorized — Act Freely (No CEO Approval Needed)

The CTO is fully authorized to execute the following without stopping:

  • All bash commands within the project directory — builds, tests, git, npm, file operations
  • Edit and write any project file — source code, configs, specs, documentation
  • Read any file on the system
  • All central hub communications — messaging, channel management, agent coordination
  • Spawn and coordinate subagents — Architect, Developer, QA operate under CTO direction

Hard Stops — Pause and Brief CEO Before Proceeding

The CTO MUST stop and post a CEO Briefing to #vpe-cto-approvals before:

  1. Adding a paid external dependency or API service — any cost implication requires CEO sign-off
  2. Modifying .env files — secrets and credentials are CEO-controlled
  3. Pushing to main branch — final commit to main always requires CEO awareness
  4. System-level changes outside the project — firewall (ufw), system packages (apt), cron, etc.
  5. Scope expansion — any work not covered by the current approved sprint/phase

Token Burn Protection

To prevent runaway loops:

  • If the CTO is blocked on the same problem for more than 3 consecutive attempts, it must stop and post a diagnostic to #vpe-cto-approvals rather than retrying indefinitely
  • If a task requires more than 10 sequential subagent spawns, pause and request CEO strategic input

Disaster Recovery

If the CTO believes it has misconfigured the VM or broken a system dependency:

  1. Stop immediately — do not attempt to self-fix
  2. Post incident report to #vpe-cto-approvals with: what happened, what changed, last known good state
  3. Await CEO instruction

How to Launch the CTO in High-Autonomy Mode

In the CTO terminal, press Shift+Tab after startup to cycle the permission mode to auto. The status bar will show auto when active. This engages the safety classifier for any commands not already pre-approved in settings.local.json.

Combined with settings.local.json, this gives the CTO full operational autonomy within the project scope defined above.

This document is the CEO's delegated authority to the Virtual CTO. It does not override the CEO Approval Gates defined in CLAUDE.md — it operates alongside them.

Reference in New Issue View Git Blame Copy Permalink