diff --git a/src/resources/extensions/sf/auto/run-unit.js b/src/resources/extensions/sf/auto/run-unit.js
index 57590fb17..7af6d4165 100644
--- a/src/resources/extensions/sf/auto/run-unit.js
+++ b/src/resources/extensions/sf/auto/run-unit.js
@@ -241,15 +241,34 @@ function deriveWorkMode(unitType) {
  * Consumer: runUnitViaSwarm dispatch envelopes.
  */
 function legacyPermissionLevelForProfile(profile) {
+	// #wiggums: SF orchestrator runs autonomous work that requires running
+	// tsc / git diff / npm test for self-verification. Default "low" was
+	// too restrictive — executors couldn't verify their own deliverables.
+	// Per operator intent (2026-05-17): "SF should have permission even
+	// if it can limit its agents and only allow orchestrator or whatever."
+	// The parent SF process running the autonomous loop deserves enough
+	// permission to verify its work; sub-agents can still be further
+	// restricted via explicit envelope.executorPermissionLevel.
 	switch (profile) {
 		case "restricted":
 			return "minimal";
+		case "normal":
+			// DEFAULT autonomous session profile (auto/session.js:377).
+			// Witnessed M010/S04/T01: "TypeScript compilation and git diff
+			// blocked by low permission level" even though autonomous was
+			// running with the normal profile. "medium" allows common
+			// verification shell commands.
+			return "medium";
 		case "trusted":
 			return "medium";
 		case "unrestricted":
 			return "bypassed";
 		default:
-			return "low";
+			// Unknown profile: default to "medium" (was "low"). Autonomous
+			// work needs to run verification commands; an undefined profile
+			// shouldn't cripple the executor. Operators who want a
+			// restricted setup can set profile: "restricted" explicitly.
+			return "medium";
 	}
 }