New Capability: Structural Enforcement Hooks
Date: April 9, 2026 Origin: Nico Lafakis hook pattern (Slack, Apr 8) -- adapted for Value-First Team Impact: V structurally prevented from solo-operator drift; agent findings survive context compaction
What Was Built
Two Claude Code hooks that move enforcement from behavioral rules into infrastructure. The delegation enforcer is a PreToolUse hook that intercepts every Edit and Write tool call, inspects the target file path, and blocks V from directly modifying source files. An allow list permits V to write operational bookkeeping -- memory files, session state, daily standup handoffs, and Leadership planning documents -- but everything else returns a hard block with instructions to delegate via the Agent tool. The auto-save hook is a PostToolUse hook that fires after every Agent tool call, capturing the agent's identity, task description, and result (truncated to 3,000 characters) into a rolling session journal at .claude/session-journal.md.
The origin was a Slack message from Nico Lafakis on April 8, 2026. Nico -- a Collective member who built his own 6-layer agent orchestration system (OMEN3) -- suggested writing a hook that physically prevents V from editing files, forcing delegation instead. He also proposed an "auto-save agent" concept for mid-session context preservation. Both ideas were adapted and implemented the same day.
These hooks address two documented failures that behavioral corrections alone could not eliminate. First, V repeatedly drifted into solo-operator mode -- running queries, writing files, and executing tasks that named specialists should handle. Chris corrected this directly on March 9, 2026, and the critical lesson was codified in MEMORY.md, but the behavior recurred because enforcement lived only in prompt text that degrades under context pressure. Second, on March 12, 2026, a 4-agent course review lost 12 of 30 findings to context compaction because agent results existed only in conversation context. The Durable Findings Protocol was written, but it too was a behavioral rule. The auto-save hook makes durability automatic.
The self-referential proof came during implementation: when V attempted to write the auto-save hook file itself, the delegation enforcer blocked the operation -- V had to delegate to an agent to create the file. The enforcement enforced itself.
Infrastructure Changes
| Change | Before | After |
|---|---|---|
| V file editing | Behavioral rule in MEMORY.md ("V IS A TEAM LEADER, NOT A SOLO OPERATOR") -- violated under context pressure | Infrastructure-level block via PreToolUse hook; V cannot edit source files regardless of context state |
| Agent result preservation | Behavioral rule (Durable Findings Protocol: "agents MUST write findings to disk") -- requires agents to remember the protocol | Automatic PostToolUse journal; every Agent tool call captured to .claude/session-journal.md without any agent needing to know about it |
| Hook configuration | 1 PreToolUse hook (Dewey lookup on Edit/Write) + 1 PreToolUse hook (build-check on Bash) | 2 PreToolUse hooks on Edit/Write (delegation enforcer + Dewey lookup) + 1 PreToolUse on Bash (build-check) + 1 PostToolUse on Agent (auto-save) |
| Session recovery | Depended on .claude/next-steps.md written manually at session end |
Journal accumulates throughout session; available immediately after context compaction without relying on end-of-session discipline |
Implementation
| File | Purpose |
|---|---|
.claude/hooks/delegation-enforcer.sh |
PreToolUse hook on Edit/Write. Parses file_path from tool input JSON. Checks against allow list. Blocks with delegation instructions or exits silently for allowed paths. |
.claude/hooks/auto-save.sh |
PostToolUse hook on Agent. Parses agent identity, task description, and result. Truncates to 3,000 chars. Appends timestamped entry to session journal. |
/mnt/d/.claude/settings.local.json |
Hook wiring. PreToolUse: delegation-enforcer then dewey-lookup on Edit/Write, build-check on Bash. PostToolUse: auto-save on Agent. |
.claude/session-journal.md |
Rolling journal file (created automatically on first agent call). Read after context compaction to recover findings. |
Usage
Delegation Enforcer (automatic)
Fires on every Edit or Write tool call. No configuration required.
Allowed paths (V writes directly):
*/memory/MEMORY.mdand*/memory/*.md-- Memory system files*/.claude/session-context.md,session-state.json,next-steps.md-- Session state*/.claude/daily/*-- Daily standup handoffs/mnt/d/Leadership/*-- ROADMAP, DEFERRED, bricks, assessments, reports
Blocked (everything else): All application source, agent definitions, skills, client files, scripts, packages, hooks. When blocked, returns:
BLOCKED: V does not edit files directly. Delegate to a specialist agent from the team roster. Use the Agent tool with the appropriate subagent_type.
Auto-Save Journal (automatic)
Every Agent tool call appends to .claude/session-journal.md:
---
## 2026-04-09 14:32:17 -- sentinel (Check relationship signals for Paragon)
[Agent result text, truncated to 3000 chars if longer]
After context compaction, read this file to recover what agents reported.
Related Incidents and Prior Art
Critical Lessons That Led Here
| Date | Incident | Behavioral Fix | Why It Failed |
|---|---|---|---|
| Mar 9 | V ran 15+ sequential tool calls solo (should have spawned Prelude, Encore, Broadcast) | MEMORY.md: "V IS A TEAM LEADER" | Prompt text degrades under context pressure |
| Mar 11 | V failed 4 times to patch Sanity article after compaction | Anti-rationalization table + Dewey hook | Dewey hook helped, but didn't prevent writing |
| Mar 12 | 4-agent course review lost 12/30 findings to compaction | Durable Findings Protocol | Required agents to remember to write to disk |
| Mar 16 | V bypassed Ledger governance, loaded write tools directly | Slash command rewrites with Ledger routing | 40 of 60 commands still had zero agent delegation |
| Apr 3 | Structural Delegation project: 11 leaders diagnosed delegation as behavioral | Agent defs got Delegation Contracts, commands got team rosters | Commands rewritten, but no enforcement mechanism |
Nico Lafakis Contributions
- Dewey Decimal System (Mar 10): Nico's suggestion. "Bye bye infinite grep lookups." 559-line codebase index + hook.
- OMEN3 6-Layer Stack (
memory/reference_nico_agent_stack.md): Exposed that V "routes AND works" -- unlike Nico's ARES which separates routing from execution. The delegation-enforcer is the structural answer. - Hook pattern (Apr 8): Direct origin of both hooks. "Simply writing a hook that forces V to delegate instead of editing."
- Auto-save concept (Apr 8): "I use an 'auto-save' agent" for mid-session context preservation.
Leader Applications
V (Operations)
Primary beneficiary. Workflow changes from "read, decide, execute" to "read, decide, assign." V retains full read access (Grep, Glob, Read, Bash) for building context. The allow list preserves V's direct ownership of operational bookkeeping. The auto-save hook means V no longer needs to remind agents to write findings to disk.
Sage (Customer)
No direct application today. Sage's operations (relationship intelligence, session briefs, signal recognition) are read-heavy. If Sage sessions begin using the Agent tool for multi-specialist work, the auto-save journal would capture those results automatically.
Pax (Finance)
No direct application today. Pax routes writes through Ledger (HubSpot), not file system edits. Same auto-save benefit if Pax begins spawning specialist agents.
Dependencies
| Dependency | Status | Notes |
|---|---|---|
| Claude Code hook system (PreToolUse/PostToolUse) | Confirmed | Working since Dewey lookup hook (Mar 10) |
| Node.js (JSON parsing in hooks) | Confirmed | Inline node -e calls parse tool input JSON |
| Agent tool + CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS | Confirmed | Set to 1 in settings.local.json |
| Existing hooks (dewey-lookup, build-check) | Confirmed | Coexist in .claude/hooks/ directory |
Verification
Delegation enforcer -- blocking:
- Edit any source file (e.g.,
apps/website/astro.config.mjs) -- should be BLOCKED - Edit a memory file (e.g.,
memory/*.md) -- should be ALLOWED - Write to
/mnt/d/Leadership/reports/-- should be ALLOWED - Write to
.claude/hooks/auto-save.sh-- should be BLOCKED (protects itself)
Auto-save journal -- capture:
- Spawn any agent via Agent tool
- Check
.claude/session-journal.mdfor timestamped entry - Confirm agent codename, task description, and truncated result are present
Live test results (Apr 8, 2026):
- Edit
astro.config.mjs: BLOCKED (confirmed) - Write
memory/feedback_delegation_hook.md: ALLOWED (confirmed) - Edit
memory/MEMORY.md: ALLOWED (confirmed) - Write
auto-save.sh(by V directly): BLOCKED -- V delegated to agent (confirmed)