AgentSkillsCN

enforcement

适用于实现阻止无效操作的钩子、为状态转换创建质量门或强制执行 tested:true 验证时。在设计执法机制时加载。使用退出码 2 阻止、JSON permissionDecision:deny 或 updatedInput 修改。规则是指示,钩子是执法。

SKILL.md
--- frontmatter
name: enforcement
description: "Use when implementing hooks that BLOCK invalid actions, creating quality gates for state transitions, or enforcing tested:true verification. Load when designing enforcement mechanisms. Uses exit code 2 to block, JSON permissionDecision:deny, or updatedInput modification. Rules are instructions; hooks are enforcement."
keywords: hooks, blocking, quality-gates, verification, exit-code-2, deny

Enforcement

Runtime mechanisms that block invalid actions.

Core Principle

"Rules are instructions, not enforcements. Systems need verification gates, not more documentation."

Instructions

  1. Identify what needs enforcement (not just documentation)
  2. Choose hook timing: PreToolUse, PermissionRequest, SubagentStop
  3. Implement blocking logic: scripts/block-*.sh
  4. Test with invalid action → verify block

Blocking Mechanisms

MechanismHowEffect
Exit code 2exit 2 + stderrBlocks, feeds stderr to Claude
JSON deny"permissionDecision": "deny"Structured blocking
Stop block"decision": "block"Forces agent to continue

Hook Timing

EventCan Block?Use Case
PreToolUseYesValidate before execution
PermissionRequestYesCustom approval logic
SubagentStopYesForce quality gates
PostToolUseNoFeedback only

References

FileLoad When
references/blocking-hooks.mdImplementing hook mechanisms
references/quality-gates.mdDesigning verification loops
references/hook-templates.mdWriting hook code
references/agent-harness-hooks.mdAgent-harness specific patterns
references/sandbox-runtime.mdOS-level MCP server isolation
references/sandbox-fast-path.mdHybrid security (allowlist + sandbox for 2-3x speed)