You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Public design documentation for Agent Toolkit — how skills, hooks, gates, and reports fit together. Start with system overview, then drill into the topic you care about.
Structural over prompt — On Claude Code, hooks run as subprocesses the agent cannot disable. Other tools get the same rules via AGENTS.md, but enforcement is prompt-based.
Hook-owned artifacts — With default gate_protect and report_protect, only finalize_report.py writes .gates/ and reports/. Skills produce findings; hooks produce proof.
Same bar in auto mode — Auto-chaining removes wait time between steps, not quality gates.
Escalation, not holes — Rare options like enforcement: warn exist for migration; first violation auto-escalates to block.
Signed mode is additive — Legacy finalize flow stays; JWT attestation adds cryptographic binding for teams and CI.
Repo map (design-relevant paths)
skills/ Workflow definitions (13 skills)
hooks/ Structural enforcement (gate_hook, finalize_report, session_monitor, …)
gate/ JWT attest/verify (copied to .agent-toolkit/gate/ on install)
shared/ Guardrails, gate-unlock, orchestrator, report-format
requirements/ Product requirements (intent before code)
architecture/ Implementation architecture notes
docs/ This index + system overview
templates/ gates.json defaults, signed example, GitHub workflow