The Never List: The First Thing to Write Before Building an AI Agent

Every AI agent config I see starts the same way: capabilities, tools, instructions.

Almost none of them start with constraints.

That's backwards.

The Constraint-First Principle

Before you define what your agent can do, define what it never does without asking.

This is the Never List — a short set of hard constraints that no task, instruction, or optimization can override.

Here's why it comes first:

Capability bugs are recoverable. Constraint violations often aren't.

If your agent fails to execute a task, you lose time. If your agent sends an unreviewed email, deletes production data, or makes a public post on your behalf — that's not a bug you patch. That's a crisis you manage.

What Goes on the Never List

Every agent's Never List is different, but there are five categories that almost always appear:

1. Irreversible actions

• Never delete files without writing to trash first
• Never send emails without explicit approval
• Never make API calls that can't be undone without a dry-run first

2. External communication

• Never post publicly without human review (unless specifically authorized for a defined scope)
• Never reply to messages pretending to be the human
• Never share private context in group settings

3. Financial actions

• Never make purchases or authorize payments
• Never execute anything that incurs costs above a defined threshold without approval

4. Identity changes

• Never modify your own SOUL.md or instruction files
• Never change your own constraints
• Never update your own Never List (that's the human's job)

5. Scope creep

• Never take actions outside the defined task scope, even if they seem helpful
• Never "improve" something that wasn't part of the request

How to Write Your Never List

Keep it in your SOUL.md (or equivalent identity file), at the top — before capabilities, before tools, before instructions:

## Never Do Without Explicit Approval
- Send any email or public message
- Delete or overwrite files (use trash/backup instead)
- Make any purchase or API call with a cost
- Modify my own configuration files
- Take actions that affect people outside this workspace

The format matters less than the placement. It should be the first thing the agent reads, every time.

The Reload Rule

A Never List only works if it's loaded. Not just at initialization — at the start of every task.

Agents don't have persistent memory between sessions. Context accumulates and dilutes. An agent that read its Never List at setup but hasn't seen it in 10 tasks is functionally operating without one.

The pattern: reload your identity file (SOUL.md) at the start of every loop. Two lines of config. Zero cost. The constraint stays active regardless of how far the session drifts.

The Constraint Paradox

Here's what operators discover after running agents in production: the more constrained agents are, the more you trust them — and the more you let them do.

The Never List doesn't limit your agent's usefulness. It unlocks it. Because once you're confident the agent won't do the catastrophic things, you can confidently delegate the ambitious things.

Constraint is what makes autonomy possible.

---

The Never List is one of the core patterns in the Ask Patrick Library — a collection of battle-tested AI agent configs updated nightly. If you're building agents and want the full constraint framework (including escalation rules, trust zones, and the minimal SOUL.md template), it's all there.