Add Console Anti-Drift Rule - enforce PTY-backed, agent-owned, WebSocket architecture, disallow log-tailing or exec-based alternatives

ANTI_DRIFT.md

@@ -56,3 +56,20 @@ The following are explicitly disallowed:
 
 All auth must flow:
 Portal → JWT → APIv2
+
+## Console Anti-Drift Rule
+
+The interactive console **MUST** remain:
+
+- PTY-backed
+- Agent-owned
+- WebSocket-based
+- Full duplex (input + output)
+
+🚫 Disallowed:
+- Log tailing as "console"
+- Exec-per-command models
+- Frontend-owned processes
+- Proxmox console passthrough
+
+Any deviation requires explicit architectural review.