Writing Rules
Define persistent Hookify markdown rules so Claude Code blocks destructive shell commands and enforces session guardrails.
Overview
Writing-rules is an agent skill most often used in Ship (also Build agent-tooling) that creates Hookify markdown rules to block dangerous commands and restrict AI behavior in Claude Code sessions.
Install
npx skills add https://github.com/athola/claude-night-market --skill writing-rulesWhat is this skill?
- Documents Hookify rule file format with frontmatter, event types, and field reference
- Covers operators, advanced conditions, and regex-oriented pattern writing for command matching
- Includes example rules: block destructive commands, warn on debug code, require tests, protect production paths
- Describes test patterns and management workflow for validating rules before enforcement
- Lists best practices for behavioral enforcement via hook-development patterns
- ~2500 estimated tokens in skill metadata
- Multiple example rule categories including destructive commands, debug warnings, and production protection
Adoption & trust: 1 installs on skills.sh; 304 GitHub stars; 3/3 security scanners passed (skills.sh audits); trending (+100% hot-view momentum).
What problem does it solve?
Your coding agent can run destructive or policy-violating commands because you only have chat instructions, not validated, persistent behavioral rules.
Who is it for?
Solo builders using Claude Code hooks who want git-tracked safety rules with regex patterns and documented event types.
Skip if: Teams that need enterprise IAM or runtime policy engines instead of session-level Hookify markdown rules.
When should I use this skill?
Adding safety guardrails or preventing specific commands; creating behavioral rules for persistent Claude Code session enforcement.
What do I get? / Deliverables
You ship a Hookify-compatible rule set with patterns, conditions, and tested examples so sessions enforce guardrails before commands execute.
- Hookify markdown rule file with frontmatter and patterns
- Tested pattern matches for target commands
- Documented event types and conditions
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Safety rules are adopted when you are hardening how the agent runs commands—canonical shelf is ship/security even though rules are authored during build. Rule files express pattern-matched command restrictions and behavioral limits, which is appsec and agent safety work rather than feature coding.
Where it fits
Author Hookify rules alongside hook wiring before the agent touches production repos.
Block destructive shell patterns and require tests before merge-ready agent workflows.
Tighten rule patterns after an incident where debug or prod-path edits slipped through.
How it compares
Use instead of ad-hoc 'never run rm -rf' prompts when you need enforceable hook rules with pattern validation.
Common Questions / FAQ
Who is writing-rules for?
Indie developers and small teams building with Claude Code who want Hookify rule files to enforce safety, tests, and production-file protection during agent sessions.
When should I use writing-rules?
Use it in Ship when hardening agent security, in Build agent-tooling when wiring hooks, or whenever you add behavioral rules to prevent unwanted actions or specific commands.
Is writing-rules safe to install?
It teaches rule authoring for your repo; review the Security Audits panel on this Prism page before trusting third-party skill sources.
SKILL.md
READMESKILL.md - Writing Rules
## Table of Contents - [Overview](#overview) - [Quick Start](#quick-start) - [Rule File Format](#rule-file-format) - [Frontmatter Fields](#frontmatter-fields) - [Event Types](#event-types) - [Advanced Conditions](#advanced-conditions) - [Operators](#operators) - [Field Reference](#field-reference) - [Pattern Writing](#pattern-writing) - [Regex Basics](#regex-basics) - [Examples](#examples) - [Test Patterns](#test-patterns) - [Example Rules](#example-rules) - [Block Destructive Commands](#block-destructive-commands) - [Warn About Debug Code](#warn-about-debug-code) - [Require Tests](#require-tests) - [Protect Production Files](#protect-production-files) - [Management](#management) - [Related Skills](#related-skills) - [Best Practices](#best-practices) # Hookify Rule Writing Guide ## When To Use - Creating behavioral rules to prevent unwanted actions - Defining persistent guardrails for Claude Code sessions ## When NOT To Use - Complex multi-step workflows - use agents instead - One-time operations that do not need persistent behavioral rules ## Overview Hookify rules are markdown files with YAML frontmatter that define patterns to watch for and messages to show when those patterns match. Rules are stored in `.claude/hookify.{rule-name}.local.md` files. ## Quick Start Create `.claude/hookify.dangerous-rm.local.md`: ```yaml --- name: dangerous-rm enabled: true event: bash pattern: rm\s+-rf action: block --- 🛑 **Dangerous rm command detected!** This command could delete important files. ``` **Verification:** Run the command with `--help` flag to verify availability. The rule activates immediately - no restart needed! ## Rule File Format ### Frontmatter Fields **name** (required): Unique identifier (kebab-case) **enabled** (required): `true` or `false` **event** (required): `bash`, `file`, `stop`, `prompt`, or `all` **action** (optional): `warn` (default) or `block` **pattern** (simple): Regex pattern to match ### Event Types - **bash**: Bash tool commands - **file**: Edit, Write, MultiEdit tools - **stop**: When agent wants to stop - **prompt**: User prompt submission - **all**: All events ### Advanced Conditions For multiple field checks: ```yaml --- name: warn-env-edits enabled: true event: file action: warn conditions: - field: file_path operator: regex_match pattern: \.env$ - field: new_text operator: contains pattern: API_KEY --- 🔐 **API key in .env file!** Ensure file is in .gitignore. ``` ### Operators - `regex_match`: Pattern matching - `contains`: Substring check - `equals`: Exact match - `not_contains`: Must NOT contain - `starts_with`: Prefix check - `ends_with`: Suffix check ### Field Reference **bash events:** `command` **file events:** `file_path`, `new_text`, `old_text`, `content` **prompt events:** `user_prompt` **stop events:** `transcript` ## Pattern Writing ### Regex Basics - `\s` - whitespace - `\d` - digit - `\w` - word character - `.` - any character (use `\.` for literal dot) - `+` - one or more - `*` - zero or more - `|` - OR ### Examples ``` rm\s+-rf → rm -rf console\.log\( → console.log( chmod\s+777 → chmod 777 ``` ### Test Patterns ```bash python3 -c "import re; print(re.search(r'pattern', 'text'))" ``` ## Example Rules ### Block Destructive Commands ```yaml --- name: block-destructive enabled: true event: bash pattern: rm\s+-rf|dd\s+if=|mkfs action: block ---