#hooks

14 posts tagged #hooks.

Headless mode isn't a flag you set. It's a privilege you earn.

Headless mode isn't a flag you set. It's a privilege you earn.

Taking the human out of the loop is the real unlock — but headless plus loose permissions plus production access is how you wake up to a wiped repo. Automate only what's tested, sandboxed, and scoped.

A legitimate MCP server with two trust levels is the exploit

A legitimate MCP server with two trust levels is the exploit

The dangerous MCP server isn't the malicious one — it's the convenient all-in-one that reads untrusted data and holds privileged access to a second system. Scope it, gate the writes, and you close the confused-deputy attack.

The best prompt you'll ever write is the one you delete.

The best prompt you'll ever write is the one you delete.

An agent that waits for you to remember to ask it is a toy. Wire a deterministic event to a headless run that reads your rules, and the routine context work fires on its own — with your conventions already baked in.

An Agent That Can't Forget Is Worse Than One With No Memory

An Agent That Can't Forget Is Worse Than One With No Memory

A rules file is write-once and rots; auto-memory saves corrections but on its own judgment, in its own store. Add the human-gated curation layer the vendors leave open: a command that counts corrections and proposes durable edits, a hook that resolves conflicts, so corrections compound instead of contradicting.

A Second Opinion It Didn't Write

A Second Opinion It Didn't Write

An agent reviewing its own plan shares its own blind spots. Wire a different vendor's model in as a deterministic gate, and a fail verdict re-engages planning before a line of code exists.

By the time you're reviewing the diff, the destructive call already ran.

By the time you're reviewing the diff, the destructive call already ran.

Reviewing irreversible actions after the fact is too late. Split tools by reversibility in permissions, force a plan, and gate the destructive step behind a human interrupt — autonomy on reads, a hard stop on anything you can't undo.

Inject the Reminder When the Agent Forgets

Inject the Reminder When the Agent Forgets

Your rules file is necessary but not sufficient. Persistent context degrades as the window fills — so move the rule that keeps getting ignored into a hook that fires at the exact moment it matters.

The moment your agent reads a webpage, that webpage can give it orders.

The moment your agent reads a webpage, that webpage can give it orders.

Prompt injection isn't an unsolvable model problem — it's a context-engineering one. Fence untrusted tool output as data in your rules, run a parallel guardrail hook that cancels on a hit, and cap the blast radius with a permissions allowlist.

'It worked when I tried it' is not a test for a non-deterministic system.

'It worked when I tried it' is not a test for a non-deterministic system.

Treat prompts and rules like code: a golden dataset of inputs with known-good outputs, run headless on every change, gated by a hook that fails the build below baseline. The eval that blocks the merge is the one that prevents regressions.