Flows category icon
Harness Engineering
Advanced

Pair Every Prompt Rule with a Code Backstop

Prompts guide, code enforces: inventory your agent's soft rules, back each critical one with an independent deterministic check, and define the allow/ask/deny escalation.

4 steps12 verify checks120-180 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My agent's safety currently lives entirely in prompt wording, and the model ignores it just often enough to be scary. Claude Code's answer is two independent layers: prompts make the model want to do the right thing, code makes the wrong thing impossible - and when they conflict, code wins.

GOAL:
Build the dual-defense architecture: map prompt rules to enforcement needs, implement code checks independent of prompt wording, and route violations through allow/ask/deny.

REQUIREMENTS:
- An inventory of every behavioral rule currently expressed only in prompts
- Each rule classified: guidance-only, or requires code enforcement
- Code checks that work even if the prompt is deleted entirely
- A three-way outcome for checks: allow, ask (user confirms), deny (clear malice only)
- Failure-mode analysis covering all four prompt/code success-failure combinations

CONSTRAINTS:
- The code layer must never import or parse prompt text - full independence
- Prefer ask over deny: keep the user in control except for unambiguous danger

DEFINITION OF DONE:
- Every destructive-class prompt rule has a matching code check
- Deleting the prompt rule leaves the code check fully functional (tested)
- A prompted-but-violated action triggers ask or deny, never silent execution
- The four failure combinations are documented with mitigations

COMMON FAILURES TO AVOID:
- Prompt-only safety: one bad sample away from a destructive action
- Code-only safety: the model floods the gate with denied attempts because nothing guides it
- Code checks keyed to prompt phrasing, breaking when the prompt is reworded
- Everything denied outright, training users to bypass the agent entirely

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Harness Engineering flows that share ground with this one.

Flows category icon
Harness Engineering

Design Layered Tool Prompts with Preference Chains

Structure your tool prompts the way the leading harness does: preference chains up front, usage constraints in the middle, NEVER-guarded safety protocols at the end.

01Audit the current tool prompt
02Write the preference chain
03Write usage constraints and safety protocols

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Harness Engineering

Assemble Tool Prompts Dynamically per Environment

Stop shipping one static mega-prompt: generate tool prompts from environment conditions, inject blocks only when features are on, and dedupe config to save tokens.

01Identify conditional blocks
02Build the prompt generator
03Dedupe and budget every block

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps90-120 minutesAdvanced
Flows category icon
Harness Engineering

Hook a Permission Layer onto Dangerous Tools

Intercept dangerous tool calls with a hook layer: pattern rules, approval gates, and blocks that the model cannot talk its way past.

01Define the danger rule set
02Implement the hook point
03Harden the patterns against evasion

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate

Made with Emergent