{"slug": "research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure", "title": "Research Gate: Runtime enforcement hooks for Claude Code — blocks infrastructure commands without prior research", "summary": "A developer created runtime enforcement hooks for Claude Code that block infrastructure commands unless the model has performed at least two research actions in the current session. The hooks move enforcement from the model's context window to the harness layer, preventing the model from ignoring CLAUDE.md instructions to research before executing commands. The solution includes a research gate, a research logger, and a session reset script, all configurable via environment variables.", "body_md": "Claude Code models (Opus 4.5, 4.6, 4.7) systematically ignore CLAUDE.md instructions to research before executing infrastructure commands. This has been documented across multiple issues:\n\n[#72651](https://github.com/anthropics/claude-code/issues/72651)— Model ignores CLAUDE.md behavioral instructions[#59515](https://github.com/anthropics/claude-code/issues/59515)— Model skips research before infrastructure actions[#28469](https://github.com/anthropics/claude-code/issues/28469)— Regression from Opus 4.5 to 4.6[#41217](https://github.com/anthropics/claude-code/issues/41217)— Systematic failure to follow explicit behavioral constraints\n\nPrompt-level enforcement (CLAUDE.md rules, memory files, repeated instructions) fails because enforcement lives in the model's context window, where the model can override it. The model acknowledges the rule, then ignores it.\n\nThree hooks that move enforcement to the harness layer, where the model cannot override it:\n\n-\n**research-gate.sh**(PreToolUse on Bash) — Blocks infrastructure commands (gcloud deploy, aws ec2, kubectl apply, terraform, etc.) unless the model has performed at least 2 research actions in the current session. -\n**research-logger.sh**(PostToolUse on WebSearch|WebFetch|Read) — Logs each research tool call to a session ledger file. -\n**research-session-reset.sh**(SessionStart) — Clears the research ledger so each session starts at zero. The model must earn the right to run infrastructure commands by researching first.\n\nInfrastructure commands that modify state:\n\n`gcloud run deploy`\n\n,`gcloud compute instances create`\n\n,`gcloud container clusters create`\n\n`aws ec2 run-instances`\n\n,`aws ecs create-service`\n\n,`aws lambda create-function`\n\n`kubectl apply`\n\n,`kubectl create`\n\n,`kubectl delete`\n\n`terraform apply`\n\n,`terraform destroy`\n\n`docker push`\n\n,`docker build`\n\n`bash deploy*.sh`\n\n,`python deploy*.py`\n\n,`python launch*.py`\n\nRead-only and safe commands:\n\n`gcloud storage ls`\n\n,`gcloud auth`\n\n,`gcloud config`\n\n`aws s3 ls`\n\n,`aws s3 cp`\n\n,`aws sts`\n\n`gh issue`\n\n,`gh pr`\n\n`docker ps`\n\n,`docker images`\n\n,`docker logs`\n\n`nvidia-smi`\n\n- Any non-infrastructure bash command (\n`ls`\n\n,`grep`\n\n,`cat`\n\n, etc.)\n\n```\nmkdir -p ~/.claude/hooks ~/.claude/receipts\n# Copy research-gate.sh, research-logger.sh, research-session-reset.sh\n# to ~/.claude/hooks/ and make executable\nchmod +x ~/.claude/hooks/research-gate.sh\nchmod +x ~/.claude/hooks/research-logger.sh\nchmod +x ~/.claude/hooks/research-session-reset.sh\n```\n\nAdd these entries to the `hooks`\n\nobject:\n\n```\n{\n  \"hooks\": {\n    \"PreToolUse\": [\n      {\n        \"matcher\": \"Bash\",\n        \"hooks\": [\n          {\n            \"type\": \"command\",\n            \"command\": \"~/.claude/hooks/research-gate.sh\"\n          }\n        ]\n      }\n    ],\n    \"PostToolUse\": [\n      {\n        \"matcher\": \"WebSearch|WebFetch|Read\",\n        \"hooks\": [\n          {\n            \"type\": \"command\",\n            \"command\": \"~/.claude/hooks/research-logger.sh\"\n          }\n        ]\n      }\n    ],\n    \"SessionStart\": [\n      {\n        \"hooks\": [\n          {\n            \"type\": \"command\",\n            \"command\": \"~/.claude/hooks/research-session-reset.sh\"\n          }\n        ]\n      }\n    ]\n  }\n}\n```\n\nSet `CC_RESEARCH_BYPASS=1`\n\nas an environment variable to allow a single infrastructure command without research. The bypass is logged to `~/.claude/receipts/research-gate-YYYY-MM-DD.jsonl`\n\nfor audit.\n\n`python3`\n\n(for regex pattern matching)`jq`\n\n(optional, used in some patterns)\n\nEdit `research-gate.sh`\n\nto customize:\n\n`MIN_RESEARCH=2`\n\n— minimum research actions required (default: 2)`infra_patterns`\n\n— list of regex patterns that trigger the gate`safe_patterns`\n\n— list of regex patterns that always pass\n\n\"Prose rules cannot be the load-bearing element of architectural guarantees. The load-bearing element has to live in the harness at the point of action.\"\n\nThis is the same principle behind seatbelt interlocks, type systems, and database constraints. If the model can choose to ignore a rule, it will. The enforcement must be external to the model.\n\nIf you have infrastructure patterns to add, false positives to report, or improvements to the matching logic, please comment. The goal is a community-maintained hook package that compensates for the model's inability to follow its own instructions.\n\nMIT. Use it, fork it, improve it.", "url": "https://wpnews.pro/news/research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure", "canonical_source": "https://gist.github.com/nvst18/891959a227f445b360c3e6af84dcf0ca", "published_at": "2026-07-01 02:52:56+00:00", "updated_at": "2026-07-01 07:48:28.008534+00:00", "lang": "en", "topics": ["ai-safety", "developer-tools", "large-language-models"], "entities": ["Claude Code", "Anthropic", "Opus 4.5", "Opus 4.6", "Opus 4.7", "CLAUDE.md", "gcloud", "terraform"], "alternates": {"html": "https://wpnews.pro/news/research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure", "markdown": "https://wpnews.pro/news/research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure.md", "text": "https://wpnews.pro/news/research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure.txt", "jsonld": "https://wpnews.pro/news/research-gate-runtime-enforcement-hooks-for-claude-code-blocks-infrastructure.jsonld"}}