Claude-skill-registry enforcement

Use when implementing hooks that BLOCK invalid actions, creating quality gates for state transitions, or enforcing tested:true verification. Load when designing enforcement mechanisms. Uses exit code 2 to block, JSON permissionDecision:deny, or updatedInput modification. Rules are instructions; hooks are enforcement.

install

source · Clone the upstream repo

git clone https://github.com/majiayu000/claude-skill-registry

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/enforcement" ~/.claude/skills/majiayu000-claude-skill-registry-enforcement && rm -rf "$T"

manifest: skills/data/enforcement/SKILL.md

source content

Enforcement

Runtime mechanisms that block invalid actions.

Core Principle

"Rules are instructions, not enforcements. Systems need verification gates, not more documentation."

Instructions

Identify what needs enforcement (not just documentation)
Choose hook timing: PreToolUse, PermissionRequest, SubagentStop
Implement blocking logic:
```
scripts/block-*.sh
```
Test with invalid action → verify block

Blocking Mechanisms

Mechanism	How	Effect
Exit code 2	`exit 2` + stderr	Blocks, feeds stderr to Claude
JSON deny	`"permissionDecision": "deny"`	Structured blocking
Stop block	`"decision": "block"`	Forces agent to continue

Hook Timing

Event	Can Block?	Use Case
PreToolUse	Yes	Validate before execution
PermissionRequest	Yes	Custom approval logic
SubagentStop	Yes	Force quality gates
PostToolUse	No	Feedback only

References

File	Load When
references/blocking-hooks.md	Implementing hook mechanisms
references/quality-gates.md	Designing verification loops
references/hook-templates.md	Writing hook code
references/agent-harness-hooks.md	Agent-harness specific patterns
references/sandbox-runtime.md	OS-level MCP server isolation
references/sandbox-fast-path.md	Hybrid security (allowlist + sandbox for 2-3x speed)