tool-governance

What problem does it solve?

This Skill prevents agents from repeating failing tool calls, bypassing permission denials, or executing destructive shell commands without safeguards, reducing data loss and wasted retries.

Core Features & Use Cases

• Retry Escalation: Tracks consecutive tool failures by tool+input hash and escalates interventions at configurable thresholds (soft at 3, hard at 5).
• Denial Circuit Breaker: Records policy/permission denials and blocks session-level repeated rephrasing attempts that try to bypass a rejection.
• Bash Safety & Checkpointing: Detects destructive Bash patterns, creates git-based checkpoints before execution, and applies automatic rollback on failures.
• Graduated Permissions & Input Guard: PreToolUse risk matrix and specialized Bash input validation (path boundary, pipe-to-shell, system-write checks).
• Use Case: Prevents an agent from repeatedly running a failing 'cargo build' or accidentally executing rm -rf on system paths by injecting advice, modifying input, or denying execution.

Quick Start

Ask the agent to run the pre-tool governance hooks to validate Bash inputs, enforce retry thresholds, and create git checkpoints before executing destructive commands.