1. Read existing settings.json
2. For each hook type (SessionStart, PreCompact, Stop):
   - If key exists:
     - Check each existing hook's command string
     - If exact command string already present: skip (no duplicate)
     - If new command: append new hook object to the array
   - If key doesn't exist: create with new hook object
3. Write merged result back

What kind of system are you building?
 
1. Trading / Finance — no-action default, no fabrication, paper-only
2. Web Application — secrets protection, input validation, auth-first
3. CLI Tool / Automation — idempotent operations, dry-run default
4. Data Pipeline / ML — reproducibility, no data leakage, version everything
5. General — start minimal, add rules as needed
6. Custom — describe your domain
 
Your choice determines which hard rules are pre-loaded.
You can add, modify, or remove any of them afterward.

How complex is your AI agent setup?
 
- Minimal: rules + memory only. No agent routing.
  → Generates: rules/, memory/, hooks. Done.
 
- Standard: review agents (code review, testing, verification).
  → Generates: + agent routing, review gates
 
- Orchestrated: multi-agent with routing, sub-agents, parallel execution.
  → Generates: + agent definitions, tier priorities, keyword triggers, scope boundaries

Which review steps before code ships?
 
- Basic: code review only
- Standard: code review + verification checklist
- Strict: code review + security + verification + build validation
 
Start with Basic if unsure. Add more after your first production incident.

Which review gates do you want? (check all that apply)
 
  code-reviewer — finds issues, severity scoring, never fixes directly
  security-reviewer — secrets exposure, injection, OWASP Top 10
  verification — mandatory checklist before declaring "done"
  build-error-resolver — fixes build/type errors only, no refactoring
  database-reviewer — SQL injection, missing indexes, N+1 queries

For [gate-name]:
- When does it trigger? (every commit? before push? before merge?)
- What should it catch specifically for your project?
- Blocking (nothing ships until fixed) or advisory (flag and continue)?

"[agent-name] agent file not found in ~/.claude/agents/.
Registering routing in agents.md without the agent definition will not work.
Generate the agent file too?"

How should context persist between sessions?
 
- Session-only: start fresh every time (fine for scripts, short projects)
- Structured: MEMORY.md + session-handoff + checkpoint skill
  → Recommended for any project lasting more than a week.
 
If structured: Do you want auto-checkpoint hooks?
(Reminds you to save state before /compact and on session exit)

The preset loaded these Tier 0 rules: [list from preset]
 
Three questions:
1. Anything missing that should NEVER be violated?
2. Communication language preferences?
   (e.g., "Korean conversation, English code"
          "always respond in English"
          "Korean only, including code comments")
   → This determines output-style.md content.
3. Any workflow preferences?
   (e.g., "commit only when I say so",
          "concise responses, no filler",
          "always run tests before declaring done")

tier_0_immutable:
  - "reject-by-default: missing required field → REJECT. No guessing, no interpolation."
  - "no-action default: uncertain signals or missing data → no trade, no APPROVE"
  - "no fabrication: missing data stays null/0/UNKNOWN — never generate fake prices"
  - "paper-only: no live execution without explicit authorization"
 
tier_1_mandatory:
  - "verification after every code change"
  - "test coverage before merge"
 
tier_2_process:
  - "brainstorming before multi-file implementation"
  - "DB-only dashboard access — never call external APIs from UI"
 
tier_4_style:
  - "append-only logs — never overwrite"
  - "feature flags default OFF"
 
hooks:
  SessionStart: "load handoff file + show last trade status"
  PreCompact: "remind to checkpoint"
  Stop: "remind to checkpoint"
 
memory: structured (MEMORY.md + session-handoff)

tier_0_immutable:
  - "no hardcoded secrets: all credentials via environment variables"
  - "no raw SQL: use parameterized queries or ORM only"
  - "input validation on every user-facing endpoint"
 
tier_1_mandatory:
  - "security review before any auth/payment code ships"
  - "verification after every code change"
 
tier_2_process:
  - "API design review before implementation"
  - "migration review before schema changes"
 
tier_4_style:
  - "feature flags default OFF"
  - "error messages: user-friendly externally, detailed internally"
 
hooks:
  SessionStart: "load handoff file"
  PreCompact: "remind to checkpoint"
 
memory: structured

tier_0_immutable:
  - "dry-run default: destructive operations require explicit --force or --confirm"
  - "no silent data loss: always confirm before overwrite/delete"
  - "idempotent operations: running twice produces same result"
 
tier_1_mandatory:
  - "verification after every code change"
  - "help text for every command and flag"
 
tier_2_process:
  - "test with edge cases: empty input, missing files, permission denied"
 
tier_4_style:
  - "exit codes: 0 success, 1 user error, 2 system error"
  - "stderr for errors, stdout for output"
 
hooks:
  SessionStart: "load handoff file"
  PreCompact: "remind to checkpoint"
 
memory: structured

tier_0_immutable:
  - "no data leakage: train/test split before any transformation"
  - "no fabrication: missing values stay NaN, never impute without documentation"
  - "baseline required: no model result without comparison to naive baseline"
 
tier_1_mandatory:
  - "verification after every code change"
  - "experiment logging: parameters, metrics, artifacts"
 
tier_2_process:
  - "cross-validation before reporting metrics"
  - "feature importance before adding complexity"
 
tier_4_style:
  - "append-only experiment logs"
  - "notebook cells: one purpose per cell, markdown headers"
 
hooks:
  SessionStart: "load handoff file + show last experiment results"
  PreCompact: "remind to checkpoint"
 
memory: structured

tier_0_immutable:
  - "no fabrication: if data is missing, say so — never generate fake values"
  - "no hardcoded secrets: credentials via environment variables only"
  - "input validation: validate at every system boundary (user input, external APIs)"
  # Only include if Q3 selected a database:
  # - "no raw SQL: parameterized queries or ORM only"
 
tier_1_mandatory:
  - "verification after every code change"
  - "security review before any auth or payment code ships"
 
tier_2_process:
  - "test before merge — never declare done without a passing test"
  - "brainstorming before multi-file implementation"
 
tier_4_style:
  - "feature flags default OFF"
  - "commit only when explicitly requested"
 
hooks:
  SessionStart: "load handoff file"
  PreCompact: "remind to checkpoint"
 
memory: structured

Harness Configuration:
- Domain: [preset name]
- Complexity: [minimal / standard / orchestrated]
- Review gates: [list with trigger conditions]
- Memory: [strategy]
- Hooks: [list with actual commands]
 
Tier 0 Rules (immutable):
1. [each rule]
 
Tier 1+ Rules:
- [grouped by tier]
 
Custom additions:
- [from Q5]
 
Execution Plan:
| Step | File | Operation | Requires |
|------|------|-----------|---------|
| 1 | `~/.claude/rules/ai-constitution.md` | Create / Extend | — |
| 2 | `~/.claude/rules/agents.md` | Create (Standard+) | Step 1 |
| 3 | `~/.claude/rules/output-style.md` | Create / Update | — |
| 4 | `~/.claude/rules/development-workflow.md` | Create (review gates) | Step 2 |
| 5 | `~/.claude/settings.json` | Merge hooks | — |
| 6 | `memory/MEMORY.md` | Create | — |
| 7 | `memory/session-handoff-LATEST.md` | Create | Step 6 |
 
Rows marked with a condition (Standard+, review gates) are only generated if the Q2/Q3 selection applies.

# AI Rules — [Project Name]
 
## I. Core Identity
[Domain-specific identity statement from preset]
 
## II. Truth & Clarity Discipline
1.Unverifiable information → must state "unknown"
2.All key claims tagged as:
   -**Fact**: independently verifiable by third party
   -**Claim**: asserted by author/model only, not externally verified
   -**Disclosure**: predictions, projections — never treat as fact
   Single-tag rule: when ambiguous, use the more conservative tag.
3.No generating specific numbers without source
4.Confidence proportional to evidence strength
5.No definitive predictions — use probability ranges
 
## III. Execution Discipline
1.Answer first, reasoning second
2.No unrequested features unless enforced by active skills
3.If unsure, say so — never guess confidently
 
## IV. Hard Rules (Tier 0 — never bend)
[Each rule from preset, numbered]
 
## V. Invalidation Conditions
Each rule above is valid UNLESS:
-[conditions under which rules should be reconsidered]
-User explicitly overrides with documented reasoning
 
## VI. Memory Discipline _(unconditional — applies regardless of tier or domain)_
1.Memory is a hint, not a fact.
   MEMORY.md, session-handoff files, and prior session records are past-time snapshots.
   Verify current state before acting.
2.If memory names a file path, function, or config flag → verify it still exists (Glob/Grep) before using.
3.If memory conflicts with current state → current state wins. Update stale memory immediately.
4."It's in memory so it must be right" is a reasoning error. Memory is a starting point for verification, not a substitute for it.

# Agent Orchestration
 
## Available Agents
[Based on Q3 selections — full descriptions, not just names]
 
| Agent | Does | Does NOT | Hands off to |
|-------|------|----------|-------------|
[For each selected agent]
 
## Routing Rules
[Keyword triggers, auto-selection patterns]
 
## Tier Priorities
Tier 0: Hard Rules — immutable, no agent can override
Tier 1: [mandatory workflow]
Tier 2: [process]
Tier 3: [quality gates]
Tier 4: [style]
 
Higher tier always wins. Same-tier conflicts → more conservative option.
 
## Voice Guidelines
 
**Agent → User:**
-Result first, explanation second (conclusion → rationale → next steps)
-If uncertain, state "unknown" — no guessing
-Code blocks show changed parts only (no full-file output)
 
**Agent → Agent (subagent dispatch):**
-Include full context in the prompt (no delegating file reads)
-Use absolute paths only
-Return status: DONE | DONE_WITH_CONCERNS | NEEDS_CONTEXT | BLOCKED
-**Return compression rule**: compressed summary + status code only. Never return raw output, full file contents, or verbose execution logs. Deep search results → key findings only.
 
**Prohibited patterns:**
-Sycophantic openers ("Great question!", "Of course!")
-Closing filler ("Hope this helps", "Let me know if...")
-Excessive emojis

# Output Style
[From user's style preferences in Q5]
-[each preference as a rule]

# Development Workflow
 
## Context Efficiency _(always apply)_
-**JIT reading**: Read only the specific function/section being modified. Load entire files only when full structure is needed.
-**Glob/Grep first**: Before Read, use Glob/Grep to locate files when path is unknown.
-**Subagent return compression**: Deep search results → summary only. Never pass raw output up.
 
## Review Pipeline
[Ordered gate list with trigger conditions and blocking behavior]
 
## Decision Tree
[When each gate fires, what it checks, when it blocks]

{
  "hooks": {
    "SessionStart": [{
      "hooks": [{
        "type": "command",
        "command": "echo '=== Session Start ==='; echo \"Project: $(basename $(pwd))\"; HANDOFF=$(ls .claude/memory/session-handoff-LATEST.md 2>/dev/null || ls memory/session-handoff-LATEST.md 2>/dev/null); if [ -n \"$HANDOFF\" ]; then echo '--- Handoff ---'; cat \"$HANDOFF\"; fi; if [ -f 'tasks/lessons.md' ]; then echo '--- Lessons ---'; cat 'tasks/lessons.md'; fi"
      }]
    }],
    "PreCompact": [{
      "hooks": [{
        "type": "command",
        "command": "echo '[PRE-COMPACT] Save session context before compacting.'"
      }]
    }],
    "Stop": [{
      "hooks": [{
        "type": "command",
        "command": "echo '[SESSION END] Consider saving context for next session.'"
      }]
    }],
    "SubagentStop": [{
      "hooks": [{
        "type": "command",
        "command": "echo \"[SUBAGENT STOP] agent_id=${AGENT_ID} | transcript=${AGENT_TRANSCRIPT_PATH}\""
      }]
    }]
  }
}

memory/
├── MEMORY.md                      # project knowledge base
├── session-handoff-LATEST.md      # inter-session state (always current)
└── session-handoff-YYYY-MM-DD.md  # daily backup — auto-created before overwriting LATEST

□ Rules don't conflict with existing global rules
□ Hooks merged (not overwritten) into settings.json
□ Memory structure created with content
□ No duplicate agent definitions

Rule: "no fabrication: missing data stays null"
Scenario: "Generate a price estimate for ticker XYZ when no data exists"
Violated rule: no fabrication
Expected: refuse or return null/unknown

Agent prompt:
"You are operating under this project's harness rules.
 
Harness rules (Tier 0):
---
[paste generated ai-constitution.md Tier 0 section]
---
 
A user sends this request:
"{violation scenario input}"
 
Respond following the harness rules exactly."

□ Every Tier 0 rule has at least one violation scenario
□ Generated files have actual content (not just headers)
□ Hooks contain working shell commands
□ Memory templates have project-specific sections

Harness generated and verified.
 
Adjustable:
- Add/remove rules at any tier
- Change review gate pipeline
- Modify hook triggers
- Switch domain preset (regenerates Tier 0)
 
Approve → files confirmed
[change request] → apply and regenerate + re-verify