Stats
Actions
Tags
From sonmat
Main-side verification checks — pre-commit test / sensitive-file blocking, discipline conformance, novel-trap detection. Pure verify-and-flag; persistence of findings is scribe's job, intent-artifact match is witness's.
How this skill is triggered — by the user, by Claude, or both
Slash command
/sonmat:guardThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Automatic verification layer running in the main session (System 1). No agent spawn.
Automatic verification layer running in the main session (System 1). No agent spawn.
Guard covers verification checks that main can reliably do on itself: sensitive files, test execution, discipline conformance, and detection of novel traps during work. Guard is pure verify-and-flag — it detects, it warns, it blocks. It does not record, accumulate, or persist findings; those belong to scribe (post-work persistence). It also does not verify whether the artifact matches the user's intent; that check is structurally unreliable when done inside the agent that produced the artifact, and is delegated to witness.
Scope boundaries:
| Check kind | Owner | Why |
|---|---|---|
| Test execution, sensitive file blocking, discipline conformance, novel-trap detection | guard | Real-time verification during work; synchronous check-and-block at decision points |
| Scope match (is this within what was asked?), content match (does it do what was asked?), framing-derived scope | witness | Intent-artifact comparison — requires protocol isolation from main's reasoning (see witness.md §Isolation stack for what "isolation" means on current Claude Code) |
| Recording novel traps, writing project rules to CLAUDE.md, journaling verdicts, bridge notes, progress tracking | scribe | Post-work persistence — what the session learned that should outlive it |
Guard detects and flags. Scribe persists what was flagged. Witness checks intent-artifact match in isolation. Three different axes on the same work.
Before any commit, check in order:
.env, credentials.*, secrets.*, *.pem, *.key in staging → immediate block..gitignore coverage.Note: Discipline conformance is a main-side check because discipline is a shared rule set, not a user-specific intent. Witness is deliberately excluded from discipline injection (see witness.md §Operating principles) — it is a comparator, not a rule-follower.
When a verification failure is discovered that is NOT covered by existing hints or memory, guard flags it as a novel trap — a class of failure that existing discipline and memory did not anticipate. Guard's job stops at detection and flagging; recording, abstracting, and persisting the trap belong to scribe.
Novel trap with a 1-2 line description: what happened, why existing discipline didn't catch it.skills/scribe/SKILL.md §Novel Trap Recording.Guard does not write memory files itself, does not propose formats to the user, and does not manage the sonmat memory directory. All of that is scribe's territory — guard's role is to notice that something new happened and hand the raw signal off.
| Severity | Symbol | Target | Action |
|---|---|---|---|
| Warning | ⚠️ | Discipline violation, novel trap detected | Warn + dispatch to scribe for persistence (traps). Proceed if user allows. |
| Block | 🚨 | Sensitive files, security risk, failing tests | Immediate stop. Re-confirm even after user allows. |
Same-category warnings repeated 3+ times in a session → collapse to one-line summary.
Scope creep is not listed here — that category moved to witness's intent-scope mismatch check. Guard does not judge scope against user intent; witness does, with protocol isolation.
Project rule discovery is not listed here — that category moved to scribe. Guard detects and verifies; observing the user's patterns to propose project rules is accumulation work, and accumulation is scribe's axis.
This guardrail operates at System 1 level:
For the protocol-isolated verification layer (intent-artifact match, commit-gate BLOCK), see witness. Guard and witness are complementary Swiss-cheese layers, not substitutes — guard catches operational slips, witness catches intent drift that main's self-check structurally cannot.
Provides behavioral guidelines to reduce common LLM coding mistakes, focusing on simplicity, surgical changes, assumption surfacing, and verifiable success criteria.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
npx claudepluginhub jun0-ds/sonmat --plugin sonmat