Enforcement
Runtime mechanisms that block invalid actions.
Core Principle
"Rules are instructions, not enforcements. Systems need verification gates, not more documentation."
Instructions
- Identify what needs enforcement (not just documentation)
- Choose hook timing: PreToolUse, PermissionRequest, SubagentStop
- Implement blocking logic:
scripts/block-*.sh - Test with invalid action → verify block
Blocking Mechanisms
| Mechanism | How | Effect |
|-----------|-----|--------|
| Exit code 2 | exit 2 + stderr | Blocks, feeds stderr to Claude |
| JSON deny | "permissionDecision": "deny" | Structured blocking |
| Stop block | "decision": "block" | Forces agent to continue |
Hook Timing
| Event | Can Block? | Use Case | |-------|------------|----------| | PreToolUse | Yes | Validate before execution | | PermissionRequest | Yes | Custom approval logic | | SubagentStop | Yes | Force quality gates | | PostToolUse | No | Feedback only |
References
| File | Load When | |------|-----------| | references/blocking-hooks.md | Implementing hook mechanisms | | references/quality-gates.md | Designing verification loops | | references/hook-templates.md | Writing hook code | | references/agent-harness-hooks.md | Agent-harness specific patterns | | references/sandbox-runtime.md | OS-level MCP server isolation | | references/sandbox-fast-path.md | Hybrid security (allowlist + sandbox for 2-3x speed) |