Enforce SKILL-FIRST via PreToolUse blocking hook + structural setup audit
Decision
Promoted SKILL-FIRST PRINCIPLE from advisory to BLOCKING for canonical skills enterprise/vault/sequential-thinking via three-hook architecture (skill-suggest-on-prompt persistence + new skill-invocation-marker on PostToolUse Skill + new enforce-skill-first on PreToolUse Bash|Grep|Glob|Read). 10/10 tests pass. Bypass: SKILL_FIRST_BYPASS=1. Plus 8-agent audit eradicated: vault log symlink stale, 2.9MB staging marketplace, empty outputs subdirs, 41MB commercials relocated, 3 dangling crons, 2 unwired hooks, 861MB docker cache.
Rationale
Behavioral compliance was insufficient — agent kept ignoring autoloader additionalContext and grepping filesystem instead of invoking suggested canonical skills. Needed harness-level enforcement. setup-curator-guard.py already proves the pattern for Write/Edit; this extension covers Bash/Grep/Glob/Read for the constellation.
Alternatives Rejected
Alt 1: promote autoloader to enforcing directly (REJECTED — mixes match+enforcement). Alt 2: CLAUDE.md directive alone (REJECTED — that IS the failure mode). Alt 3: block on ANY suggested skill (REJECTED — too noisy).
Outcome
Pending