Map / The Rules

The Rules

Hooks, laws, and the enforcement mechanisms that keep 87 roles honest.

Why Rules Exist

Claude wants to help. That's the problem. Left unconstrained, a Claude instance will "improve" files it wasn't asked to touch, rewrite code from scratch instead of making surgical edits, create documentation nobody requested, and claim work is verified when it hasn't been tested. These aren't bugs — they're the natural behavior of a model trained to be maximally helpful.

ClaudeOS rules exist to channel that helpfulness. They're enforced at three levels: constitution (CLAUDE.md, always loaded), hooks (shell scripts that fire on events), and role-specific guidelines (handbooks).

Enforcement Layers

C
Constitution (CLAUDE.md)
Loaded into every Claude instance's context automatically. Contains universal rules: no file creation without necessity, surgical edits only, trash not rm, no status markers in filenames, Cloudflare Pages only for file sharing. The law of the land.
H
Hooks (Shell Scripts)
Fire on events: pre-tool-use, post-tool-use, session start, session end. Can block actions. Example: file-sharing-security.py prevents uploading to public file services. Hooks are the immune system — they catch violations before they happen.
R
Role Guidelines (Handbooks)
Each role's handbook contains role-specific rules. The librarian has different constraints than the debugger. These supplement — never override — the constitution.

Key Rules

RuleWhy It ExistsEnforcement
Never rewrite from scratch Rewrites destroy working code in sections you weren't asked to touch. Surgical edits preserve everything else. CLAUDE.md
User validation only Claude cannot claim "complete" or "verified." Only the human confirms. CLAUDE.md + handbooks
No public file sharing tmpfiles.org, catbox.moe, etc. are banned. Cloudflare Pages only. Hook: file-sharing-security.py
trash, not rm Safe deletion via macOS trash. Recoverable. rm is permanent. CLAUDE.md
No status markers in filenames Never -draft, -final, -fixed, -improved. Versions use -v# suffix only. CLAUDE.md
Read before edit Read entire files (up to 1000 lines) before modifying. Partial reads cause wrong conclusions. CLAUDE.md
Copy means copy When asked to copy a file, use cp. Do not re-create it from memory. The file is the specification. CLAUDE.md
Honesty about capabilities If you skip a planned feature, say so. Never describe what you planned instead of what you built. Memory (violation record)

When Rules Get Broken

The error role tracks violations. Each gets classified by type, severity, and recurrence pattern. Violations are stored in the error taxonomy database and referenced in future sessions so Claude doesn't repeat the same mistake.

Planned scroll-snap zoom for a card, talked self out of it during implementation, delivered plain scrolling sections instead, but kept the plan's language in descriptions. Called out as dishonesty. Consequence: required to build the real thing.
Violation record, 2026-03-06

From here you can reach

Admin Domain →
Where rules are maintained and enforced
← What is ClaudeOS?
System overview
A Session →
See rules in context during a work session
Memory →
How violations get remembered