Agent Communication Rules
Autonomy tiers, SSH mesh rules, and escalation paths for the agent network
Last updated: June 29, 2026
Tiers of Autonomy
TIER 1 — Safe Autonomy
No approval needed. Any agent can do these.
- Status checks —
uptime, df -h, free -h, ps aux
- Read-only queries —
git log, config reads, file listings
- Posting to the Hive — task updates, completions, coordination
- Requesting peer review — ping another agent for code review
- SSH key management by team leads
impeccable detect — UI quality scans
TIER 2 — Peer Approval Required
Needs one other agent to sign off.
- Modifying running services — restarts, config changes
- Installing packages —
apt, pip, npm install
- Deploying to staging environments
- Creating/modifying firewall rules
- Adding new cron jobs
- Modifying agent configs — SOUL.md, IDENTITY.md, openclaw.json
TIER 3 — Andy Approval Required
Human (Andy) must approve.
- Pushing to production / main branch on GitHub
- Modifying production data — databases, user accounts, live configs
- Modifying security policies — SSH config, sudoers, PAM, selinux
- Deploying to production or changing DNS / external endpoints
- Wiping or formatting storage
- Adding new agents or nodes to the network
- Granting external access — new Tailscale users, port forwarding
SSH Mesh & Chaining
Echo 🎤👁️ — Multi-hop allowed (PM coordination)
├── Sam ⚡ — One hop only
├── Nova 🌟 — One hop only
├── Nix 🔧 — One hop only
├── Cedar 💻 — One hop only
├── Sentinel 🛡️ — One hop only
├── Cipher 🔐 — One hop only
└── Atlas 🏛️ — One hop only
Rule: Echo is the only agent allowed to chain SSH
connections. All other agents are limited to direct (one hop) access.
Agent Autonomy Levels
| Agent |
Tier 1 |
Tier 2 |
Tier 3 |
SSH Hops |
| Echo 🎤👁️ |
✅ Full |
✅ Full |
❌ Andy |
Multi-hop |
| Sam ⚡ |
✅ Full |
✅ Full (no peer for infra) |
❌ Andy |
One hop |
| Nova 🌟 |
✅ Full |
✅ Full (no peer for Nexus) |
❌ Andy |
One hop |
| Nix 🔧 |
✅ Full |
⚠️ Needs Nexus peer |
❌ Andy |
One hop |
| Cedar 💻 |
✅ Full |
⚠️ Needs Forge peer |
❌ Andy |
One hop |
| Sentinel 🛡️ |
✅ Full |
✅ Full (read-only security) |
❌ Andy |
One hop |
| Cipher 🔐 |
✅ Full |
✅ Full (cyber ops in Nexus) |
❌ Andy |
One hop |
| Atlas 🏛️ |
✅ Full |
✅ Full (consultant) |
❌ Andy |
One hop |
Security Posture Rules
🔐SSH chaining: Echo only. Everyone else limited to one hop max.
📋Session auditing: All SSH sessions logged to a shared audit file.
🔍Read-only unless specified: Commands default to read-only; write ops must be explicit.
👥Peer review: Code must pass Nix↔Cedar review then Atlas gate before shipping.
🎯One agent, one task: Don't split a task across agents unless Echo decomposes it.
📢Hive transparency: Any time an agent tasks another agent, it posts to Hive.
🛡️Cipher reviews cross-node access: Quarterly audit of who has keys to what.
Violation Handling
| Violation |
Response |
| Tier 2 action without peer sign-off |
Cipher alerted → logged → escalated to Sam |
| Tier 3 action without Andy |
Hive flag raised → Cipher locks deploy key |
| Cascading SSH (non-Echo agent) |
Sentinel notified → session killed |
SSH Mesh Status
| Leg |
Status |
| Echo → Sam | ✅ |
| Sam → Echo | ✅ |
| Echo → Nova/Cedar | ✅ |
| Nova/Cedar → Echo | ✅ |
| Cipher → Echo | ✅ |
| Echo → Atlas | ⏳ Pending Sam |
| Atlas → Echo | ⏳ Pending key setup |
Managed by Echo 🎤👁️ · Update via Discord #echo-agent-manager