Change Request boundary
Code-changing automation always creates a new branch and Change Request.
Security
Automation should be auditable before it is autonomous.
xmode keeps risky work visible through explicit approval points, isolated execution, and reviewable Change Requests.
Approval pauses
Manual approvals can stop or revise plans before risky steps execute.
Runner isolation
Local shell actions run in isolated worktrees and capture logs, artifacts, and structured output.
Provider abstraction
Agent providers are isolated behind typed adapter interfaces and mocked in tests.
Review posture
Control points stay visible to the team.
xmode is designed around evidence, not invisible autonomy. Plans, approvals, logs, artifacts, run snapshots, and Change Requests remain attached to the work so teams can inspect what happened before accepting changes.