From 5c63eacbd079fd8c5ce5c0d5a2ecfc736ed9d7f7 Mon Sep 17 00:00:00 2001
From: Keith Smith <keithsmith@darksingularity.org>
Date: Sat, 23 May 2026 15:38:53 -0600
Subject: [PATCH] Document commit approval guardrail

---
 AGENTS.md             | 1 +
 docs/agent-handoff.md | 1 +
 2 files changed, 2 insertions(+)

diff --git a/AGENTS.md b/AGENTS.md
index 0cb87be..c61c43d 100644
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -12,6 +12,7 @@ OrbitalWard should be built incrementally. Keep the first release focused on a s
 
 ## Engineering Guardrails
 
+- Never commit or push changes without explicit user approval for that specific commit/push.
 - Python backend: FastAPI, SQLAlchemy, Alembic, Pydantic.
 - Frontend: React, TypeScript, Vite, Tailwind.
 - Deployment: Docker Compose first.
diff --git a/docs/agent-handoff.md b/docs/agent-handoff.md
index 99f2399..92ad2b4 100644
--- a/docs/agent-handoff.md
+++ b/docs/agent-handoff.md
@@ -79,6 +79,7 @@ Current completed items include TLS expiry monitor support, HTTP/website checks,
 
 ## Guardrails
 
+- Never commit or push changes without explicit user approval for that specific commit/push.
 - Keep monitoring separate from alerting.
 - Do not expose raw SNMP OIDs in the normal UI.
 - Use friendly names, profiles, and guided setup instead of raw configuration.