--- name: autonomous-execution-mode description: Use to enable safe one-shot autonomous execution for an approved slice. Defines the pre-approved command list, the auto-continue rules, and the human-confirmation boundary so the agent does not stop to ask about already-authorized actions, but still pauses on destructive, cross-tenant, or out-of-scope operations. version: 1.0.0 origin: captured generation: 0 status: trial trigger_phases: ["planning", "implementation", "validation", "closure"] applicable_agents: ["Copilot Orchestrator", "Copilot Implementation", "Copilot Drift Check", "Copilot QA Automation", "Copilot Frontend Developer"] --- # Autonomous Execution Mode This skill complements `agent-execution-governance`. It does **not** weaken safety boundaries; it removes redundant prompts for actions that have already been approved by the slice plan or by repeated user authorization. ## Activation Autonomous Execution Mode is active when **all** of the following hold: 1. The slice has an approved plan (Plan Mode artifact, blade-plan/blade-spec output, or DomainCompletion ledger entry). 2. The user has not explicitly requested step-by-step confirmation in the current turn. 3. No `BLOCKED` verdict is open from Reality Fit Gate / Schema Guardian / Invariant Sentinel / Drift Check. 4. The pending command falls inside the **Pre-Approved Command List** below or is a strict subset of an action the user previously authorized in the current conversation. If any condition fails, fall back to the default confirmation behavior. ## Pre-Approved Command List (no re-confirmation needed) These are read-only or local, reversible, and non-destructive. They may be executed without asking the user again, even if invoked repeatedly. ### Read / inspect - `git status`, `git diff`, `git log --oneline -n `, `git show `, `git branch`, `git remote -v` - `ls`, `cat`, `head`, `tail`, `wc`, `find`, `grep`, `rg` (read-only filters) - `pwd`, `which`, `command -v`, `printenv` ### Project tooling (read / validate) - `pnpm install` (no `--force`), `pnpm i`, `npm ci` - `pnpm run lint`, `pnpm run test`, `pnpm run build`, `pnpm exec playwright test` - `mvn -q -DskipTests=true compile`, `mvn -q test`, `mvn -q dependency:tree` - Any task defined in `.vscode/tasks.json` of this workspace, including: - `BladeX: Toolchain Doctor` - `BladeX: Backend Compile` - `BladeX: Frontend Install` - `BladeX: Frontend Build` - `BladeX: Frontend Health Check` - `BladeX: Full Compile` ### Repository helpers - `python tools/agent-tools/.py [args]` (validators / generators only; see `tools/agent-tools/README.md`) - `bash tools/blade/cli.sh ` for the subcommands wrapped by the workspace tasks above ### Local edits - File creation / edits inside `.github/agents/**`, `.github/skills/**`, `.github/agentLog/**`, `M-DOC/**`, `mes-enreach-mom-web/src/**`, `mes-enreach-mom-base-server/**`, `tools/**` when they fall inside the approved slice scope. ## Always-Confirm List (never auto-run) Even in Autonomous Execution Mode, the agent must pause and ask before running: - Any `rm -rf`, `git reset --hard`, `git clean -fd`, `git push --force`, `git push` to a protected branch - `git commit --amend` against an already-pushed commit, force-push, branch deletion (`git branch -D`, `git push --delete`) - DROP / TRUNCATE / DELETE without WHERE on production-like databases; any DB schema change outside the approved slice - Package publishing (`pnpm publish`, `npm publish`, `mvn deploy`) - Network calls to external services not pre-listed (PR comments, issue comments, message webhooks) - Container registry pushes, infra-as-code apply, kubectl apply against shared clusters - Any command that touches another tenant's data or another workspace folder outside `${workspaceFolder}` ## Auto-Continue Rules When activation conditions hold and the next step is implied by the accepted plan: 1. **Implementation continuity** — once Implementation starts on an approved slice, continue to field coverage, validation mirroring, permission integration, and self-check without pausing only to ask "shall I continue". 2. **Bundle continuity** — under `mode: DeliveryBundle`, run the stage sequence end-to-end and emit the final bundle index in one pass. 3. **DomainCompletion continuity** — advance one active module at a time per ledger; do not pause between sub-steps of the same active module. 4. **Validation continuity** — running lint / tests / health checks listed above does not require re-confirmation per run. Stop conditions: real blocker hit, a gate returns `BLOCKED`, the user explicitly changes scope, or the next step would require an Always-Confirm List action. ## Output discipline When auto-continuing, keep agent narration brief: state the current step, the command class (read / build / test / edit), and the next step. Do not re-explain the entire plan after every command. ## Safety net - Each auto-run command must still be logged in the slice's agentLog summary at closure. - If the agent is uncertain whether a command is in the Pre-Approved list, default to confirm; do not over-extend. - This skill does not bypass `skill-safety-scanner` or `agent-execution-governance` write-boundary rules.