Two problems: commands that duplicate work, and an AI that asks permission for everything. This post solves both—smart command orchestration that eliminates redundancy, and pre-authorized autonomous actions that let AI work without constant interruption.

The Cursor System series

• Beyond Rules — The four artifact types
• Agent Personas — Personas that stay in character
• Smart Routing — Match tasks to specialists
• Autonomous Workflows (this post) — Let agents chain safely
• Testing Artifacts — Catch broken rules before they break
• Meta-Learning — Agents that learn from failures

---

Problem 1: Command Overlap

Consider this request:

User: "/review and /cleanup then /checkpoint"

Naive execution runs each command separately:

1. /review   → checks code quality
2. /cleanup  → formats code, removes debug statements
3. /checkpoint → formats code again, removes debug statements, commits

Wait—/checkpoint already includes cleanup!

The user didn't know /checkpoint subsumes /cleanup. They just wanted thorough work.

The fix: Coalescing—detecting when commands overlap and executing the minimal set.

---

Command Subsumption

Some commands include others:

flowchart TD
    subgraph checkpoint["/checkpoint"]
        CP_cleanup["/cleanup"]
        CP_git["git commit"]
    end

    subgraph analyze["/analyze"]
        AN_review["/review"]
        AN_critique["/critique (partial)"]
        AN_validate["/validate (partial)"]
    end

    subgraph refactor["/refactor"]
        RF_cleanup["/cleanup"]
    end

    subgraph test["/test"]
        TS_validate["/validate"]
    end

The Subsumption Matrix

If Requested	Skip	Because
/analyze + /review	/review	analyze includes review
/checkpoint + /cleanup	/cleanup	checkpoint includes cleanup
/test + /validate	/validate	test includes validation
/refactor + /cleanup	/cleanup	refactor includes cleanup
/analyze + /checkpoint	neither	both needed, different purposes

Command Ordering

Order matters too:

Commands	Correct Order	Reason
/plan + /implement	plan → implement	Plan informs implementation
/review + /checkpoint	review → checkpoint	Review before committing
/test + /checkpoint	test → checkpoint	Test before committing
/analyze + /fix	analyze → fix	Understand before changing

---

The Coalescing Rule

# .cursor/rules/command-coalescing/RULE.md
---
description: "Coalesce multiple commands to avoid duplicate work"
alwaysApply: true
---

# Command Coalescing

When multiple commands are requested (explicit or implicit), analyze for overlap before execution.

## Subsumption Rules

### /checkpoint subsumes:
- /cleanup (formatting, debug removal)
- /lint (if configured)

### /analyze subsumes:
- /review (code quality check)
- Partial /critique (surface issues)

### /refactor subsumes:
- /cleanup (formatting)

### /test subsumes:
- /validate (code validation)

## Ordering Rules

Always execute in this order when multiple commands apply:
1. /plan (if planning needed)
2. /analyze or /review (understand first)
3. /test (verify)
4. /refactor or /cleanup (improve)
5. /checkpoint (commit)
6. Push (only with confirmation)

## Execution Protocol

1. Parse all requested commands
2. Identify subsumption relationships
3. Remove subsumed commands
4. Order remaining commands
5. Present execution plan
6. Execute on confirmation

## Output Format

## Execution Plan

Commands detected: N
After coalescing: M

1. /first-command (purpose)
2. /second-command (purpose)

Skipped: /redundant-command (included in /other-command)

Proceed? [Y/n]

---

Coalescing in Action

flowchart TD
    User["User Request"] --> Parser["Command Parser"]
    Parser --> Analysis["Coalescing Analysis"]
    Analysis --> Response["Agent Response"]

Example: /review and /cleanup then /checkpoint and push

Step	Action
Detected	/review, /cleanup, /checkpoint, push
Coalesced	/cleanup → SKIP (subsumed by /checkpoint)
Final	1. /review → 2. /checkpoint → 3. git push
Confirmation	Push requires Y/n (affects shared state)

---

Natural Language Detection

Users don't always use slash commands. The coalescing system should understand natural language too:

Phrase	Implied Command/Action
"commit this"	/checkpoint
"review the changes"	/review
"clean up the code"	/cleanup
"what did we change?"	spawn Changelog
"is this secure?"	spawn SecurityAuditor
"debug this"	spawn Debugger
"ship it"	/checkpoint + push
"get this ready for PR"	/review + /cleanup + /checkpoint
"make sure it works"	/test

---

Problem 2: Permission Fatigue

The opposite problem from overlap is over-asking:

Agent: I'll read the file. OK?
User: yes
Agent: I'll analyze the error. OK?
User: yes
Agent: I'll make a fix. OK?
User: yes
Agent: I'll run the linter. OK?
User: YES JUST DO IT

This happens when AI treats every action as equally risky. It's not—running a linter is very different from force-pushing to main.

---

The Autonomy Spectrum

Actions fall on a spectrum from safe to dangerous:

flowchart LR
    subgraph spectrum["Autonomy Spectrum"]
        direction LR
        S["SUGGEST<br/>'Consider running tests'"]
        A["ASK<br/>'Should I run tests?'"]
        C["CONFIRM<br/>'I'll commit this. OK?'"]
        E["EXECUTE<br/>[commits silently]"]
    end

    S --> A --> C --> E

    style S fill:#e8f5e9
    style A fill:#fff9c4
    style C fill:#ffe0b2
    style E fill:#ffcdd2

Different actions warrant different levels:

Level	Behavior	For Actions That Are...
4: Execute	Do silently	Reversible, local, no side effects
3: Inform	Do and report	Reversible, persistent, minor effects
2: Confirm	Propose and wait	Hard to reverse, affects shared state
1: Suggest	Mention only	Destructive, irreversible, high impact

---

Action Classification

quadrantChart
    title Action Risk Matrix
    x-axis Low Impact --> High Impact
    y-axis Reversible --> Irreversible
    quadrant-1 Level 1: Suggest
    quadrant-2 Level 2: Confirm
    quadrant-3 Level 4: Execute
    quadrant-4 Level 3: Inform
    Read files: [0.15, 0.15]
    Search code: [0.2, 0.2]
    Lint format: [0.25, 0.25]
    Local commits: [0.35, 0.4]
    Run tests: [0.3, 0.35]
    Create branches: [0.4, 0.35]
    Push to remote: [0.65, 0.55]
    Delete files: [0.6, 0.65]
    Merge branches: [0.7, 0.6]
    Force push: [0.85, 0.85]
    Production deploys: [0.9, 0.9]
    Reset hard: [0.8, 0.95]

Level	Actions	Behavior
4: Execute	Read files, Search code, Lint/format	Do silently
3: Inform	Local commits, Run tests, Create branches	Do and report
2: Confirm	Push to remote, Delete files, Merge branches	Propose and wait
1: Suggest	Force push, Production deploys, Reset --hard	Mention only

---

The Autonomous Workflows Rule

# .cursor/rules/autonomous-workflows/RULE.md
---
description: "Defines pre-authorized actions and safety boundaries"
alwaysApply: true
---

# Autonomous Workflows

## Pre-Authorized Actions (Execute Silently)

These actions can be performed without asking:

| Action | When | Notes |
|--------|------|-------|
| Read files | Always | Core capability |
| Search code | Always | Core capability |
| Lint/format | After code edit | Fix what you touched |
| Remove debug statements | Before commit | Part of cleanup |
| Fix obvious typos | During edit | Non-semantic changes |

## Inform After (Do and Report)

These actions are performed automatically but reported:

| Action | When | Report Format |
|--------|------|---------------|
| Run tests | After bug fix | "✓ 12/12 tests passed" |
| Local commit | After completing unit of work | Show commit message |
| Create branch | When starting isolated work | "Created branch: feature/x" |
| Install dependencies | When import is missing | "Installed: lodash@4.17" |

## Requires Confirmation

Always ask before:

| Action | Prompt |
|--------|--------|
| Push to remote | "Push to origin/main? [Y/n]" |
| Delete files | "Delete these 3 files? [Y/n]" |
| Merge branches | "Merge feature into main? [Y/n]" |
| External API calls | "Call external payment API? [Y/n]" |
| Modify .env or secrets | "Update .env file? [Y/n]" |

## Never Without Explicit Request

These require user to explicitly ask:

- Force push (any branch)
- Hard reset
- Drop/truncate database
- Delete branches
- Rewrite git history
- Production deployments

If user asks for these, confirm with warnings:

⚠️ This will force push to main, overwriting remote history.
This is destructive and affects all collaborators.
Are you sure? Type "yes force push" to confirm.

## Safety Guardrails

### MUST Confirm Before:
- Any destructive operation
- Pushing to protected branches
- Changes outside current working scope
- Operations affecting shared state

### MUST NOT:
- Commit without showing the message first
- Push to main/master without explicit confirmation
- Delete files without listing them
- Skip tests when they exist
- Ignore failing linter errors

### MUST Report After:
- What actions were taken
- What changed and why
- What the next suggested step is

---

The Continuous Work Loop

With coalescing and autonomy rules in place, work flows smoothly:

flowchart TD
    Analyze[ANALYZE] --> Implement[IMPLEMENT] --> Checkpoint[CHECKPOINT]
    Checkpoint --> Review[REVIEW]
    Review --> Continue{More work?}
    Continue -->|Yes| Analyze
    Continue -->|No| Done[Done]

---

Autonomous Session Example

flowchart TD
    User["User Request"]

    subgraph Autonomous["Autonomous Actions"]
        Analyze["ANALYZE"]
        Implement["IMPLEMENT"]
        Review["REVIEW"]
    end

    subgraph Inform["Inform After"]
        Checkpoint["CHECKPOINT"]
    end

    subgraph Confirm["Requires Confirmation"]
        Push["Push? Y/n"]
    end

    User --> Analyze --> Implement --> Review --> Checkpoint --> Push

Request: "Add input validation to registration form"

Phase	Action	Details
Analyze	Found file	RegistrationForm.tsx — missing email, password, required fields
Implement	Created schema	Added Zod validation + error components. Auto: lint/format ✓
Review	Self-checked	All fields covered, user-friendly errors, no security issues
Checkpoint	Committed	feat(registration): add form validation
Push	Awaiting	Requires confirmation (affects shared state)

The agent did meaningful work—analyze, implement, review, commit—without asking permission for each step. It only paused at the push, which affects shared state.

---

Adjusting Autonomy Levels

Teams have different risk tolerances. Customize the autonomy rules:

High Autonomy (Solo Developer)

# More autonomous for personal projects
inform_after:
  - push_to_feature_branch
  - delete_unused_files
  - merge_to_main # if sole maintainer

Low Autonomy (Regulated Environment)

# More cautious for compliance-heavy work
confirm_before:
  - any_file_modification
  - any_commit
  - dependency_installation

Per-Task Override

User: "Fix this bug, full autonomy until it's done"

Agent: Acknowledged. Working autonomously until resolution.
Will report completion and confirm before push.

---

Key Takeaways

1. Coalesce commands to avoid duplicate work. /checkpoint includes /cleanup—don't run both.

2. Order matters. Review before commit, test before checkpoint.

3. Classify actions by risk. Reversible + local = autonomous. Destructive + shared = confirm.

4. Report what you did. Even autonomous actions should be visible.

5. Gate on actual danger, not hypothetical. Reading files doesn't need permission.

6. Never skip on destructive operations. Force push always needs explicit confirmation.

---

What's Next

Commands coalesce. Actions happen autonomously. But how do you know your rules, commands, and agents actually work? The next post introduces a testing framework for validating AI artifacts.

---

Next: Testing AI Artifacts: A Validation Framework — Structural, content, and behavioral testing.