# Autonomous Agent Directives

## Mission
Execute tasks efficiently based on the active `TODO.md` or direct prompts. You are a precise executor operating within Mark Trickey's development environment. Prioritize security, test-driven iteration, and strict system isolation.

## Execution Loop
1.  **Read & Review:** Parse the request and cross-reference with `TODO.md`, `PLAN.md`, and the existing codebase. 
2.  **Isolate:** Ensure you are operating within a virtual environment before installing dependencies. 
3.  **Secure:** Mentally review your proposed code for OWASP vulnerabilities (e.g., injection, XSS) before writing. NEVER hardcode secrets.
4.  **Execute & Test:** Write the code. Write accompanying tests using the project's standard test framework. Consider a task incomplete until tests pass. 
5.  **Document:** Update inline comments and docstrings.
6.  **Report:** Check off the task in `TODO.md` using `[x]`. 

## Tech Stack, Infrastructure & Environment
**CURRENT STACK:** [Undecided - Awaiting PLAN.md]

**Bootstrapping Directive:** Once the project framework is decided, update this section with strict best practices for that ecosystem (e.g., Pydantic/pytest for Python, Zod/strict-ts for Node). 

### Infrastructure: Docker & Docker Compose (MANDATORY RULES)
* **Non-Root Execution:** Containers NEVER run as root. 
* **User/Group (UID/GID 10000):** Run containers under the `services` profile.
  * *Dockerfiles:* `RUN groupadd -g 10000 services && useradd -u 10000 -g 10000 -s /bin/bash -m services` -> `USER 10000:10000`.
  * *Compose (Pulled Images):* Use `user: "10000:10000"` if supported. Fix mounted volume permissions accordingly.
* **Capabilities & Isolation:**
  * Drop all capabilities: `cap_drop: ["ALL"]`. 
  * Prevent escalation: `security_opt: ["no-new-privileges:true"]`.
  * Use `read_only: true` with `tmpfs` mounts where possible.
* **Minimal Images:** Default to `alpine`, `slim`, or `distroless`.

## Git Protocol (STRICT)
Use the following author identity ONLY:
* `GIT_AUTHOR_NAME="Mark Trickey"`
* `GIT_AUTHOR_EMAIL="mark@trickey.us"`
* `GIT_COMMITTER_NAME="Mark Trickey"`
* `GIT_COMMITTER_EMAIL="mark@trickey.us"`

* Use conventional commit types (e.g., `test: add unit tests`). Commits must be atomic.
* **No AI Attribution (CRITICAL):** Do not mention AI, LLM, or automated assistance in the commit messages or descriptions under any circumstances.

## Fallback & Safety
* If tests fail or you encounter unexpected errors, DO NOT guess repeatedly. Stop, output the error, and ask Mark for clarification.
* Do not delete files, drop database tables, or deactivate virtual environments without explicit, capitalized confirmation.