hooks-enforcerlisted

# Hooks Enforcer ## Overview Hostile audit of a project's *hook coverage*. It assumes every recurring failure is unguarded until a hook is proven to fire on it. It mines the project's own evidence base — current hook wiring, every `docs/audit/*-findings.md` pass, git history, and project memory — to find failure classes that recur and that a hook could have caught, then specifies the exact hook (event, matcher, command, fail-closed shape) in the host harness's correct format and, on approval, wires it and fires it on the evidence input to prove it now binds. It additionally enforces context-discipline: where a context-saving tool (e.g. context-mode's `ctx_*` tools) can do read/gather/process work off-context, raw `Bash`/`Read` that bloats the context window must be routed through it; only operations on the must-run-direct allowlist stay on `Bash`. Single-shot: re-validate existing findings, detect the harness, inventory current enforcement, mine the evidence base, file findings, optionally wire and prove, re-validate. This is not `loophole-hunter`. That skill audits the *existing* enforcement surface for *evasion* — a constraint that can be bypassed. This skill audits the *evidence base* for *absence* — a recurring failure that has no hook at all, a hook shaped for the wrong harness, or large-output work that should be routed through a context-saving tool and is not. loophole-hunter asks "can this constraint be evaded?"; hooks-enforcer asks "what should be a hook and is no