full agent-discipline harness built on Claude Code primitives
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Sharing a system I've built using Claude Code's primitives (hooks, settings.json env, custom slash commands, auto-memory) that may
be of interest as a usage pattern. ~470 GitHub repos, ~1000 hours/month, scientific meta-analysis tooling.
The pieces, with public links:
- Sentinel — pre-push fail-closed rule engine. 23 rules (6 YAML + 17 plugin). Each rule cites a past-incident commit. SARIF emitter
for GitHub code-scanning UI integration. https://github.com/mahmood726-cyber/Sentinel
- Overmind — nightly portfolio verifier. 5 witness types: test_suite, smoke, semgrep, numerical, numerical_continuity. HMAC-signed
verdict bundles. UNVERIFIED verdict distinct from PASS to avoid "almost-pass" false certifications.
https://github.com/mahmood726-cyber/overmind
- home-config — AGENTS.md hierarchy + .claude/rules/ + auto-memory + hash-verified mirror at agent-rules-export/.
https://github.com/mahmood726-cyber/home-config
Proposed Solution
.
Alternative Solutions
.
Priority
Critical - Blocking my work
Feature Category
CLI commands and flags
Use Case Example
_No response_
Additional Context
Patterns that aren't in any OSS solo-dev tool I know:
- Hash-verified memory mirror across providers — Anthropic auto-memory is opaque to Gemini/Codex/external agents; mirroring
critical files into a tracked dir with sha256 manifest.json + --verify CI flag gives non-Claude agents the same context Claude has.
- Recursive drift checking — Sentinel audits projects → Overmind audits Sentinel via JSONL ingest → reconcile_counts.py audits the
registry Overmind reads → drift_check_post_sweep.py audits all of the above. Each layer detects drift in the layer below.
- Self-tuning from your usage analytics — your "Claude insights" report flagged 132 buggy_code events + token-cap blackouts;
same-day commit added settings.json env var (CLAUDE_CODE_MAX_OUTPUT_TOKENS=32000), SessionStart env-grounding hook, PostToolUse
smart-pytest hook with cooldown/timeout, lessons.md rules for idempotency / codemod safety / git-init guard.
- Paired remote+local scheduling — Anthropic routine for cloud-side checks (arXiv search, GitHub-visible drift) + Windows Task
Scheduler entry for local-only checks (reconcile_counts.py, on-disk Sentinel rule count). Explicit task split avoids each side
reaching across the boundary.
What worked well from Claude Code that I want to highlight:
- Hooks system is genuinely powerful. Smart PostToolUse pytest with file-extension gating + per-repo cooldown + 60s subprocess
timeout is exactly the right shape for fast feedback without grinding sessions to halt. The naive "run pytest after every edit"
suggestion in the insights report would have been actively harmful given suite times of 113-240s.
- effortLevel: xhigh + Opus 4.7 (1M context) lets sessions span 1000+ lines of multi-file diffs without losing coherence.
- The Skill tool + the official plugins (code-review, superpowers, frontend-design) compose well with custom workflow.
Possible gaps worth knowing about:
- Multiple sessions today went opaque from a 500-output-token cap. Raising via CLAUDE_CODE_MAX_OUTPUT_TOKENS env is the fix; might
be worth defaulting higher.
- pip-installing tools system-wide can silently downgrade dependencies (semgrep 1.161.0 strict-pinned mcp==1.23.3, downgrading my
MCP servers from 1.27.0). Suggested: a default warning when pip install from agent code crosses package boundaries.
- The 500-finding tool-error-output truncation can hide diagnostic detail when iterating on edits.
Happy to walk through any of this. The patterns are MIT-licensed if useful.
BW
Mahmood
mahmood.ahmad2@nhs.net
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗