The Three Rules
The hierarchy of agent governance and enforcement
Configured a gate → Enforced
Deterministic system constraints that cannot be bypassed
Tool deny lists, exec approval requirements, sandbox isolation, permission gates. These operate at the code level and are absolutely binding. No amount of prompting or reasoning can override them.
Wrote it in a file → Guidance, not law
Persistent configuration that influences but doesn't enforce
SOUL.md, AGENTS.md, MEMORY.md, USER.md files persist across sessions and shape agent behavior. However, under cognitive load or context pressure, the agent may not follow these guidelines perfectly.
Said it in chat → Gone next session
Conversation context is temporary and volatile
Instructions given in conversation influence the current session only. They don't persist beyond the session boundary and may be forgotten or overridden within the same session as context fills up.
Conversation Level
"Don't use red in the design" — may be forgotten in 20 messages or ignored under pressure.
File Level
"Always use blue brand colors" in SOUL.md — usually followed but may be missed during complex tasks.
Gate Level
Tool policy blocking file deletion — absolutely enforced, cannot be bypassed regardless of reasoning.
If your governance lives in conversation, supervision becomes the product. If it lives in configuration, supervision becomes the exception.
🎯 Strategic Implication
Critical business constraints should live at Rule 3 (gates), important preferences at Rule 2 (files), and tactical guidance at Rule 1 (conversation). Misaligning the governance layer with the importance level creates supervision overhead.