Gateguard
Install a Claude Code PreToolUse gate that blocks Edit/Write/Bash until the agent gathers concrete facts (importers, schemas, user instructions) and retries.
Overview
GateGuard is an agent skill most often used in Ship (also Build integrations and Ship security) that blocks Claude Code edits until mandatory fact-gathering runs, improving measured output quality versus ungated agents.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill gateguardWhat is this skill?
- Three-stage PreToolUse gate: DENY first edit, FORCE specific investigations, ALLOW retry with cited facts
- Targets Edit, Write, Bash, and MultiEdit—blocking guesswork before filesystem changes
- Demands concrete evidence (importers via search, data schemas, explicit user instruction) instead of self-evaluation pro
- Community origin hook pattern for Claude Code workflows on multi-module codebases
- Documented independent A/B uplift of +2.25 output quality points versus ungated agents on identical tasks
- +2.25 output quality points vs ungated agents in reported A/B tests
- Three-stage gate: deny, force investigation, allow retry
Adoption & trust: 2.6k installs on skills.sh; 210k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your coding agent edits and runs shell commands after shallow self-checks, breaking importers, schemas, or team conventions you never asked it to verify.
Who is it for?
Claude Code users on multi-module repos, schema-heavy data files, or teams that need investigate-first discipline before AI touches code.
Skip if: Read-only research sessions, greenfield files with zero dependents, or workflows where investigation facts are already supplied and you need zero edit latency.
When should I use this skill?
Claude is about to Edit, Write, Bash, or MultiEdit on a codebase where guesses about importers, schemas, or instructions have burned you before.
What do I get? / Deliverables
First Edit/Write/Bash attempts are denied until Grep/Read-style investigation outputs concrete facts, then a grounded retry proceeds with richer context.
- Investigation checklist enforced before edits
- Allowed retry only after cited facts in context
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
GateGuard is a ship-phase quality control mechanism—it intervenes at the moment of mutation, before bad edits land, which is why review is the canonical shelf. review covers pre-merge and pre-edit discipline; this hook is fact-forcing review, not post-hoc lint.
Where it fits
Wire the GateGuard PreToolUse hook into your Claude Code project before enabling agent edits on a monorepo.
Deny the first MultiEdit on a shared utility until the agent lists every importer file from ripgrep output.
Force reading data-file schema conventions before Bash or Write touches production-shaped fixtures.
Keep the gate enabled during incident fixes so drive-by patches re-verify dependents before retry.
How it compares
Use instead of honor-system “are you sure?” prompts—this is a hard PreToolUse deny/allow gate, not soft reflection.
Common Questions / FAQ
Who is gateguard for?
Solo and indie builders using Claude Code on real codebases where AI edits must match existing module boundaries and data formats.
When should I use gateguard?
During Build when wiring agent hooks, during Ship before risky refactors or data edits, and whenever Claude tends to guess importers or schemas instead of searching the repo first.
Is gateguard safe to install?
It changes tool-use behavior via hooks rather than granting new credentials; review the Security Audits panel on this page and test deny/allow flow on a scratch branch first.
SKILL.md
READMESKILL.md - Gateguard
# GateGuard — Fact-Forcing Pre-Action Gate A PreToolUse hook that forces Claude to investigate before editing. Instead of self-evaluation ("are you sure?"), it demands concrete facts. The act of investigation creates awareness that self-evaluation never did. ## When to Activate - Working on any codebase where file edits affect multiple modules - Projects with data files that have specific schemas or date formats - Teams where AI-generated code must match existing patterns - Any workflow where Claude tends to guess instead of investigating ## Core Concept LLM self-evaluation doesn't work. Ask "did you violate any policies?" and the answer is always "no." This is verified experimentally. But asking "list every file that imports this module" forces the LLM to run Grep and Read. The investigation itself creates context that changes the output. **Three-stage gate:** ``` 1. DENY — block the first Edit/Write/Bash attempt 2. FORCE — tell the model exactly which facts to gather 3. ALLOW — permit retry after facts are presented ``` No competitor does all three. Most stop at deny. ## Evidence Two independent A/B tests, identical agents, same task: | Task | Gated | Ungated | Gap | | --- | --- | --- | --- | | Analytics module | 8.0/10 | 6.5/10 | +1.5 | | Webhook validator | 10.0/10 | 7.0/10 | +3.0 | | **Average** | **9.0** | **6.75** | **+2.25** | Both agents produce code that runs and passes tests. The difference is design depth. ## Gate Types ### Edit / MultiEdit Gate (first edit per file) MultiEdit is handled identically — each file in the batch is gated individually. ``` Before editing {file_path}, present these facts: 1. List ALL files that import/require this file (use Grep) 2. List the public functions/classes affected by this change 3. If this file reads/writes data files, show field names, structure, and date format (use redacted or synthetic values, not raw production data) 4. Quote the user's current instruction verbatim ``` ### Write Gate (first new file creation) ``` Before creating {file_path}, present these facts: 1. Name the file(s) and line(s) that will call this new file 2. Confirm no existing file serves the same purpose (use Glob) 3. If this file reads/writes data files, show field names, structure, and date format (use redacted or synthetic values, not raw production data) 4. Quote the user's current instruction verbatim ``` ### Destructive Bash Gate (every destructive command) Triggers on: `rm -rf`, `git reset --hard`, `git push --force`, `drop table`, etc. ``` 1. List all files/data this command will modify or delete 2. Write a one-line rollback procedure 3. Quote the user's current instruction verbatim ``` ### Routine Bash Gate (once per session) ``` 1. The current user request in one sentence 2. What this specific command verifies or produces ``` ## Quick Start ### Option A: Use the ECC hook (zero install) The hook at `scripts/hooks/gateguard-fact-force.js` is included in this plugin. Enable it via hooks.json. If GateGuard blocks setup or repair work, start the session with `ECC_GATEGUARD=off`. For hook-level control, keep using `ECC_DISABLED_HOOKS` with the GateGuard hook ID. ### Option B: Full package with config ```bash pip install gateguard-ai gateguard init ``` This adds `.gateguard.yml` for per-project configuration (custom messages, ignore paths, gate toggles). ## Anti-Patterns - **Don't use self-evaluation instead.** "Are you sure?" always gets "yes." This is experimentally verified. - **Don't skip the data schema check.** Both A/B test agents assumed ISO-8601 dates when real data used `%Y/%m/%d %H:%M`. Checking data structure (with redacted values) prevents this entire