Lock the design/ folder outside a design session #2

Merged

arne merged 12 commits from design-guardrail into main 2026-04-05 07:40:43 +02:00

Conversation 0 Commits 12 Files changed 7 +1217

arne commented 2026-04-05 07:39:48 +02:00

Owner

Copy link

As orbit grew and design/ became the canonical styleguide the web layer
would be ported from, accidental AI edits to those files during unrelated
feature work became a real risk. One thoughtless rewrite of
design/style.css during a Go refactor would silently desync the
styleguide from the web layer.

This PR installs a PreToolUse hook (.claude/hooks/design-session-guard.sh)
that enforces a two-mode rule: design work and feature work are strictly
separated. In normal mode, Edit, Write, MultiEdit, and Bash
operations under design/ are blocked. To work on the styleguide, the
user creates a session marker file (.claude/design-session-active) from
a separate terminal outside Claude Code. While the marker is present,
design/ is unlocked — and symmetrically, everything else is locked so
feature work can't leak in during a design session.

The hook is deliberately AI-unreachable in every direction: Claude cannot
create, delete, read, or otherwise manipulate the marker file via any
tool, because the whole point of a mode flip is that the human makes it.

Detection

For Edit/Write/MultiEdit, the hook compares the resolved absolute
path against the repo root and classifies writes as in-design or
out-of-design. For Bash, it uses a path-token regex —
(^|[^[:alnum:]_])design/ — that matches design/, ./design/,
/design/ and quoted variants, but deliberately does not match
designs/ (the Go package) or redesign/.

Reads are always allowed

The hook never blocks reading from design/. Claude can reference the
styleguide for context at any time, from any mode.

As orbit grew and `design/` became the canonical styleguide the web layer would be ported from, accidental AI edits to those files during unrelated feature work became a real risk. One thoughtless rewrite of `design/style.css` during a Go refactor would silently desync the styleguide from the web layer. This PR installs a `PreToolUse` hook (`.claude/hooks/design-session-guard.sh`) that enforces a two-mode rule: design work and feature work are strictly separated. In normal mode, `Edit`, `Write`, `MultiEdit`, and `Bash` operations under `design/` are blocked. To work on the styleguide, the user creates a session marker file (`.claude/design-session-active`) from a separate terminal outside Claude Code. While the marker is present, `design/` is unlocked — and symmetrically, everything else is locked so feature work can't leak in during a design session. The hook is deliberately AI-unreachable in every direction: Claude cannot create, delete, read, or otherwise manipulate the marker file via any tool, because the whole point of a mode flip is that the human makes it. ## Detection For `Edit`/`Write`/`MultiEdit`, the hook compares the resolved absolute path against the repo root and classifies writes as in-design or out-of-design. For `Bash`, it uses a path-token regex — `(^|[^[:alnum:]_])design/` — that matches `design/`, `./design/`, `/design/` and quoted variants, but deliberately does not match `designs/` (the Go package) or `redesign/`. ## Reads are always allowed The hook never blocks reading from `design/`. Claude can reference the styleguide for context at any time, from any mode.

arne added 12 commits 2026-04-05 07:39:48 +02:00

docs: spec for design/ folder guardrail ... fdd9ea9f1b

Introduce a guardrail that locks design/ to AI agents during normal
feature work and unlocks it (exclusively) during explicit user-declared
design sessions. Mechanism: CLAUDE.md rule + /design-session slash
command + PreToolUse hook + gitignored marker file.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs: revise design/ guardrail spec for --dangerously-skip-permissions ... 94b56e06e2

User runs CC with permission prompts disabled, so any gate relying on
the permission system provides zero protection. Move state flip out of
CC entirely (user toggles marker from a separate terminal), drop the
slash command, and promote Bash-matcher hook from "known limitation" to
a required component in v1.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

docs: implementation plan for design/ folder guardrail ... 9297786985

Ten tasks, TDD throughout. Tasks 1-6 build the hook script against a
shell-based test harness that uses an isolated CLAUDE_PROJECT_DIR so
the real marker file is never touched. Tasks 7-9 wire it into CC and
land the CLAUDE.md rule. Task 10 is manual verification inside a real
CC session.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

feat(hooks): scaffold design-session-guard hook and tests 122459b160

feat(hooks): block design/ writes outside a session ... 8c4c9fac5a

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(hooks): protect design-session marker from Edit/Write/MultiEdit ... 8ae935db60

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(hooks): symmetric lock on Edit/Write/MultiEdit during design sessions e22bfaf491

feat(hooks): block Bash commands that touch the design-session marker fffc14ad68

feat(hooks): block Bash writes to design/ outside a session 73cdb4125c

feat(hooks): register design-session-guard as a PreToolUse hook eb75795b2a

chore: gitignore design-session marker file f94aee5ce3

docs: add design folder protection rule to CLAUDE.md 076edfb88f

arne merged commit 771604aa62 into main 2026-04-05 07:40:43 +02:00

arne referenced this pull request from a commit 2026-04-05 07:40:45 +02:00

feat: guardrail for the design folder via PreToolUse hook (#2)

arne referenced this pull request from a commit 2026-04-05 22:06:33 +02:00

Lock the design/ folder outside a design session (#2)

arne referenced this pull request from a commit 2026-04-05 22:06:33 +02:00

Auto-archive design specs when PRs finalize them (#11)

arne referenced this pull request 2026-04-05 22:08:31 +02:00

Auto-archive design specs when PRs finalize them #11

arne changed title from feat: guardrail for the design folder via PreToolUse hook to Lock the design/ folder outside a design session 2026-04-05 22:08:49 +02:00

arne referenced this pull request from a commit 2026-04-05 22:50:48 +02:00

Auto-archive design specs when PRs finalize them (#11)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

arne/orbit!2

No description provided.