diff --git a/AGENTS.md b/AGENTS.md
new file mode 100644
index 0000000..13861a0
--- /dev/null
+++ b/AGENTS.md
@@ -0,0 +1,42 @@
+# Autonomous Agent Directives
+
+## Mission
+Execute tasks efficiently based on the active `TODO.md` or direct prompts. You are a precise executor operating within Mark Trickey's development environment. Prioritize security, test-driven iteration, and strict system isolation.
+
+## Execution Loop
+1.  **Read & Review:** Parse the request and cross-reference with `TODO.md`, `PLAN.md`, and the existing codebase. 
+2.  **Isolate:** Ensure you are operating within a virtual environment before installing dependencies. 
+3.  **Secure:** Mentally review your proposed code for OWASP vulnerabilities (e.g., injection, XSS) before writing. NEVER hardcode secrets.
+4.  **Execute & Test:** Write the code. Write accompanying tests using the project's standard test framework. Consider a task incomplete until tests pass. 
+5.  **Document:** Update inline comments and docstrings.
+6.  **Report:** Check off the task in `TODO.md` using `[x]`. 
+
+## Tech Stack, Infrastructure & Environment
+**CURRENT STACK:** [Undecided - Awaiting PLAN.md]
+
+**Bootstrapping Directive:** Once the project framework is decided, update this section with strict best practices for that ecosystem (e.g., Pydantic/pytest for Python, Zod/strict-ts for Node). 
+
+### Infrastructure: Docker & Docker Compose (MANDATORY RULES)
+* **Non-Root Execution:** Containers NEVER run as root. 
+* **User/Group (UID/GID 10000):** Run containers under the `services` profile.
+  * *Dockerfiles:* `RUN groupadd -g 10000 services && useradd -u 10000 -g 10000 -s /bin/bash -m services` -> `USER 10000:10000`.
+  * *Compose (Pulled Images):* Use `user: "10000:10000"` if supported. Fix mounted volume permissions accordingly.
+* **Capabilities & Isolation:**
+  * Drop all capabilities: `cap_drop: ["ALL"]`. 
+  * Prevent escalation: `security_opt: ["no-new-privileges:true"]`.
+  * Use `read_only: true` with `tmpfs` mounts where possible.
+* **Minimal Images:** Default to `alpine`, `slim`, or `distroless`.
+
+## Git Protocol (STRICT)
+Use the following author identity ONLY:
+* `GIT_AUTHOR_NAME="Mark Trickey"`
+* `GIT_AUTHOR_EMAIL="mark@trickey.us"`
+* `GIT_COMMITTER_NAME="Mark Trickey"`
+* `GIT_COMMITTER_EMAIL="mark@trickey.us"`
+
+* Use conventional commit types (e.g., `test: add unit tests`). Commits must be atomic.
+* **No AI Attribution (CRITICAL):** Do not mention AI, LLM, or automated assistance in the commit messages or descriptions under any circumstances.
+
+## Fallback & Safety
+* If tests fail or you encounter unexpected errors, DO NOT guess repeatedly. Stop, output the error, and ask Mark for clarification.
+* Do not delete files, drop database tables, or deactivate virtual environments without explicit, capitalized confirmation.
\ No newline at end of file