This example demonstrates a core coding-ethos behavior: unsafe agent tool use
is blocked before the shell command runs.
An agent attempts a raw Git command that would bypass the documented wrapper or tamper with protected hook behavior. The PreToolUse hook evaluates the command and returns a blocking policy decision.
Expected agent response:
- Treat the block as policy feedback.
- Stop the unsafe command path.
- Use the documented coding-ethos Git wrapper.
- Ask for admin approval only when the protected workflow requires it.
- Report the policy ID and next safe command path.
AI agents often try to recover from blocked commands by changing the shell
shape: alternate shells, direct binary paths, subprocesses, PATH edits, aliases,
or wrapper bypasses. coding-ethos treats those as the same class of risk. The
policy follows intent, not just one command spelling.
Agents can use MCP to understand the block:
policy_check_command: evaluate a proposed command before running it.policy_explain: explain the blocking policy ID.skill_lookup: load the safe Git workflow remediation skill.
The MCP response is advisory context. The actual enforcement remains in the agent hook and Git hook paths.