بنقرة واحدة
execution
Use when the user has approved a T3 operation and execution is about to begin
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Use when the user has approved a T3 operation and execution is about to begin
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Use when constructing or interpreting the approval handoff envelope between subagent and orchestrator -- sealed_payload schema, approval_id format, APPROVAL_REQUEST contract shape, and reading a granted approval from the DB
Use when producing any agent response
Use when classifying any operation before executing it, or deciding whether user approval is required
Use when a mutative command was blocked by the hook and you need to request user approval, or when presenting a plan for a T3 operation before executing it
Use when the user wants to build, design, or extend a diagram — an architecture overview, a timeline, a planner board, a flow diagram, a presentation, a comparison, or a mind-map — as a portable, data-driven deck rendered from plain YAML. Triggers — "build a diagram", "architecture diagram", "diagram deck", "timeline", "flow diagram", "planner board", "add a page/section/component to the diagram".
Use when the user wants something to run routinely / on a schedule rather than once now -- "tarea programada", "rutinariamente", "cada mañana", "cada N horas", "todas las noches", "schedule", "cron". Covers mounting, structuring, and running an unattended headless task that reports back, plus consuming its reports. NOT for a live in-session agentic loop (that is agentic-loop).
| name | execution |
| description | Use when the user has approved a T3 operation and execution is about to begin |
| metadata | {"user-invocable":false,"type":"discipline"} |
execution governs the post-approval phase of a T3 operation: how to verify the grant is still actionable, run the approved command, detect environment drift, and confirm the result against the plan's verification criteria before declaring success. Approval and execution are coupled: the user approving the T3 is itself the order to execute, so the orchestrator re-dispatches the verbatim command automatically -- this phase begins with that fresh dispatch, not a separate "should I run it" turn. For the approval handoff that precedes this phase, see agent-approval-protocol. For the re-dispatch decision that delivered this command, see orchestrator-present-approval Rule 5.
Commands finishing is not success.
Verification criteria passing is success.
A command can exit 0 and leave the system in a broken state.
terraform apply can succeed while creating a misconfigured resource.
kubectl apply can succeed while a pod crash-loops. The only evidence
that matters is verification against the criteria from your plan —
not the exit code, not the absence of errors.
Before executing an approved operation:
Approve [P-xxxxxxxx] label and activate_db_pending_by_prefix (in hooks/modules/security/approval_grants.py) wrote a SCOPE_SEMANTIC_SIGNATURE grant against the approved command. The runtime matches semantically — matches_approval_signature (in hooks/modules/security/approval_scopes.py) evaluates the approved signature (base_cmd, verb, dangerous flags, semantic tokens), not byte-for-byte string equality. Even so, the discipline is verbatim: relay and execute the approved exact_content as literal. Do not reason about what variations the runtime tolerates — wrappers, cd prefixes, redirects, or extra flags create a statement the grant may not cover. The semantic tolerance is a runtime safety net, not a license to deviate.consume_db_semantic_grant in gaia/store/writer.py), and has a 5-minute TTL. A retry after the command executed and failed re-blocks (the grant is already gone); so does a drifted variant that never matched. The orchestrator must request a fresh approval, not loop. The one exception: if this dispatch dies before it ever reaches the command, the grant is still PENDING and a re-dispatch within the 5 minutes reuses it.If a check fails → BLOCKED with which check and why.
Before executing any approved command, verify that the preconditions for success still hold. Use domain knowledge to determine what to check -- this is not a lookup table, it is a judgment call.
The world changes between approval and execution. A command approved 5 minutes ago may fail because the environment moved. Checking first avoids a wasted failure cycle.
Principle: If the command depends on external state, verify that state before executing.
Recovery: If a precondition fails and the fix is local (pull --rebase, state refresh, resource re-fetch), attempt it ONCE, then retry the original command. If recovery also fails, report the situation -- do not loop.
Boundary: Recovery actions must only modify LOCAL state. Never attempt remote-mutating recovery (force push, remote delete, state import) without explicit user approval.
When the pending file includes an environment snapshot (captured when the command was originally blocked), compare current state against it before executing.
If drift is detected (e.g., remote HEAD has moved, resource version changed), surface the drift to the user before proceeding. The user decides whether to continue or abort.
When no snapshot is available, verify observable state regardless -- the absence of a snapshot does not exempt the agent from precondition checks.
IN_PROGRESS) or not (BLOCKED)Error Type: [Transient | Validation | Permission | State conflict]
Error Message: [exact output]
Rollback Status: [what needs rollback if partial]
Know your rollback path BEFORE executing. This varies by domain: your domain skill defines the specific rollback strategy.
| If you're thinking... | The reality is... |
|---|---|
| "Approval-time evidence (plan, dry-run, preconditions) still holds at execution" | State drifts between approval and execution; every precondition you relied on must be re-verified against current state, snapshot or no snapshot |
| "All commands exited 0, I'm done" | Exit 0 ≠ desired state — run the verification criteria from the plan |
| "It's only dev, fewer checks needed" | Irreversibility is irreversibility regardless of env |
| "The grant matched once, I can retry the same shape" | The grant is consumed at the match, before execution (consume_db_semantic_grant); a second invocation -- or any retry after the command executed -- re-blocks even if the command looks identical. Only a dispatch that died before reaching the command can reuse the still-PENDING grant, within its 5-minute TTL |
| "Half the bundle ran, I can finish after a SendMessage resume" | mode dies on resume; if the remaining steps touch .claude/ writes, CC native re-blocks. Emit BLOCKED, let orchestrator re-dispatch fresh with the same mode (agents/gaia-orchestrator.md -> "Dispatch -> Re-dispatch vs SendMessage") |
When the approved operation is a bundle of steps on .claude/ paths (e.g.,
mv directory + 4 Edits across .claude/project-context/), execute every step in
the SAME turn the dispatch started -- mode is per-dispatch and dies on a
SendMessage resume, so split bundles re-block the later steps in default mode.
See agents/gaia-orchestrator.md -> "Dispatch -> Re-dispatch vs SendMessage".
If a hook blocks a step mid-bundle, emit BLOCKED and stop -- do NOT emit
APPROVAL_REQUEST mid-bundle hoping to resume. The orchestrator's correct recovery
is a fresh dispatch (same mode, bundle re-packed), not a SendMessage back in.
See agents/gaia-orchestrator.md -> "Dispatch -> Re-dispatch vs SendMessage" for
the dispatch-vs-resume decision that governs protected-path bundles.
matches_approval_signature in hooks/modules/security/approval_scopes.py); a drifted argument, an added flag, or a wrapper CLI re-blocks. "Close enough" is rejected by the hook, not the agent.claude/ bundle across a SendMessage resume — mode is per-dispatch; the resume runs in default and CC native re-blocks the remaining steps